BBC: Internet Explorer Security Alert
Users of the world’s most common web browser have been advised to switch to another browser until a serious security flaw has been fixed.
The flaw in Microsoft’s Internet Explorer could allow criminals to take control of people’s computers and steal their passwords, internet experts say.
So, apart from being a crap browser at actually rendering web pages according to the standards, it also opens up your computer to a “serious security flaw” (as if we didn’t know that already).
Here’s my recommendation for curing this ailment. Permanently:
- Get Firefox for your Windows computer right now!
- Get Thunderbird for your Windows computer today and get away from Outlook/Outlook Express.
- Get OpenOffice.org for your Windows computer and marvel at the free office application suite and ponder why you have been paying so much for M$’s bloatware in the past.
- Then, once happy with the above, Get Ubuntu (which has all of these wonderful applications and much more)and then get rid of that malware masquerading as an operating system called Windows.
- Enjoy trouble-free Free computing for evermore.
Simple.
Thanks to oly on the #ubuntu-uk irc channel for pointing this story out.
Wolfie get’s his Glorious Day
Fantastic. Mozilla have clearly been listening…
Welcome to Firefox - proposed replacement for the EULA
Alternative proposal
These are just mock-ups but I doubt that they’d be showing something far from what will transpire. It looks nice, requires no consent, and certainly wouldn’t aggravate me.
Update, now you can also see some mock-ups of how the license gets shown too.
Proposal for opening page of terms of use
And here is the Website Services Agreement:
Proposed text and display for the agreement itself
No SHOUTING, and they look to have removed most of the cruft which made it utterly pointless. I’m not convinced it is still necessary to actually do all this, and I would prefer if the “services” which cause all this grief (the anti-phishing and scam detection) were disabled by default.
But, this is definitely a massive improvement over where we were a couple of days ago…
Power to the People! [on Mozilla’s Firefox EULA]
Is anyone reading this old enough to remember that line from the BBC TV Sitcom “Citizen Smith“? I think I have just seen it in action.
In just a couple of short days there has been a massive expression of discontent with the imposition of an EULA on Ubuntu‘s users of the Mozilla Firefox web browser. And it seems that the voice of the community is being listened to:
We’ve come to understand that anything EULA-like is disturbing, even if the content is FLOSS based. So we’re eliminating that.
Mitchell Baker, the chairman of the Mozilla Foundation, has just posted an update on her blog “The Lizard Wrangler”. The main thrust of her comments make it sound like Mozilla has listened carefully to the concerns so fervently expressed. Although the proof will be in the pudding so to speak:
We still feel that something about the web services integrated into the browser is needed; these services can be turned off and not interrupt the flow of using the browser. We also want to tell people about the FLOSS license — as a notice, not as as EULA or use restriction. Again, this won’t block the flow or provide the unwelcoming feeling that one comment to my previous post described so eloquently.
Apart from a few rather vitriolic comments towards individuals, the majority of the comments made on “that bug report” (which will probably become quite infamous in it’s own right and get it’s own page on Wikipedia) were lucid and expressed a deep concern about the direction this might lead FOSS in general. A snowball effect of pop-ups and EULAs appearing for Free Software applications would be our a nightmare for the FOSS movement and lead to many people simply saying “so what’s the difference between this an Windows then?”. The snowball that is FOSS would probably melt rather spectacularly.
A user’s ability to choose to install a product from a massive software library without being told how they must use it is one of the great and liberating freedoms of using FOSS. Take that away and you are simply creating a carbon copy of the proprietary software experience.
If it becomes clear after Mozilla release their updated plans that there is still some requirement for the user to positively acknowledge (or accept) some form of usage restriction, then unfortunately Firefox can no longer be classed as Free Software and undoubtedly removes itself from compliance with Freedom 0 “The freedom to run the program, for any purpose“.
If this transpires to be the case, then I personally think that Ubuntu must move Firefox from the “main” repository and replace their default browser with, either the unbranded (and Free) version of Firefox, or another alternative. Firefox can and almost certainly should still be available, but it surely must be moved to the “multiverse” repository which contains: Software restricted by copyright or legal issues.
If I understand the core problem correctly, it seems to me that the best solution is to, by default, disable the phising detection and other services which require end user consent, and to make the positive user acknowledgement simply part of the process of enabling these features, e.g. when you click the check box to turn on phising protection you must acknowledge the use terms at that stage. Not when you just start browsing the web. And, of course, for Linux users these “protection services” are of little or no benefit anyway.
Just perhaps; Wolfie’s goal of “The Glorious Day” is about to make a comeback…
Is Mozilla losing the plot? [Updated x2]
The creators and owners of the Open Source Firefox web browser seem to have ignited a bit of a war in the last few days.
In Ubuntu’s next development version (Intrepid Ibex) due for release next Month, Mozilla have demanded that for Ubuntu to continue to distribute Firefox, they must display an EULA.
This is the ONLY EULA I believe that is currently present in the “main” repository of Ubuntu and certainly the only one that a user would be required to accept in the default Ubuntu Desktop configuration as is currently supplied.
I like Firefox. It is a good browser. But I do not like having to accept an EULA that potentially restricts what I decide to do with this Free and Open Source software. And, if I am not mistaken, I think that this is actually a violation of the terms of the GPL under which most of the main Ubuntu distribution is supplied.
Ubuntu/Canonical does have a choice. It can compile it’s own version of Firefox and simply turn off the ac_add_options --enable-official-branding option. OK, it won’t be called Firefox any more but I suggest that users will either know and not care or not know and not care about the name change.
There is a rather long [and growing] set of comments associated to a BUG report on Launchpad. I’d recommend any and all Ubuntu Users to read and have their say – whatever that may be.
My personal opinion is that Ubuntu Ibex should ship with the Debian branded version of Firefox (called Iceweasel) for now and then take stock for future releases. They can always include true “Firefox” in their restricted repositories – but there is NO-WAY a peice of software requiring an EULA should be included in the default main repo.
Here is the EULA in all it’s gory detail [coloured emphasis mine]:
MOZILLA FIREFOX END-USER SOFTWARE LICENSE AGREEMENT
July 2008
A SOURCE CODE VERSION OF CERTAIN FIREFOX BROWSER FUNCTIONALITY THAT YOU MAY USE, MODIFY AND DISTRIBUTE IS AVAILABLE TO YOU FREE-OF-CHARGE FROM WWW.MOZILLA.ORG UNDER THE MOZILLA PUBLIC LICENSE and other open source software licenses.
The accompanying executable code version of Mozilla Firefox and related documentation (the “Productâ€) is made available to you under the terms of this MOZILLA FIREFOX END-USER SOFTWARE LICENSE AGREEMENT (THE “AGREEMENTâ€). BY USING THE MOZILLA FIREFOX BROWSER, YOU ARE CONSENTING TO BE BOUND BY THE AGREEMENT. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT, DO NOT USE THE MOZILLA FIREFOX BROWSER.
DURING THE MOZILLA FIREFOX INSTALLATION PROCESS, AND AT LATER TIMES, YOU MAY BE GIVEN THE OPTION OF INSTALLING ADDITIONAL COMPONENTS FROM THIRD-PARTY SOFTWARE PROVIDERS. THE INSTALLATION AND USE OF THOSE THIRD-PARTY COMPONENTS MAY BE GOVERNED BY ADDITIONAL LICENSE AGREEMENTS.
1. LICENSE GRANT. The Mozilla Corporation grants you a non-exclusive license to use the executable code version of the Product. This Agreement will also govern any software upgrades provided by Mozilla that replace and/or supplement the original Product, unless such upgrades are accompanied by a separate license, in which case the terms of that license will govern.
2. TERMINATION. If you breach this Agreement your right to use the Product will terminate immediately and without notice, but all provisions of this Agreement except the License Grant (Paragraph 1) will survive termination and continue in effect.
3. PROPRIETARY RIGHTS. Portions of the Product are available in source code form under the terms of the Mozilla Public License and other open source licenses (collectively, “Open Source Licensesâ€) at http://www.mozilla.org/MPL. Nothing in this Agreement will be construed to limit any rights granted under the Open Source Licenses. Subject to the foregoing, Mozilla, for itself and on behalf of its licensors, hereby reserves all intellectual property rights in the Product, except for the rights expressly granted in this Agreement. You may not remove or alter any trademark, logo, copyright or other proprietary notice in or on the Product. This license does not grant you any right to use the trademarks, service marks or logos of Mozilla or its licensors.
4. PRIVACY POLICY. The Mozilla Firefox Privacy Policy is made available online at http://www.mozilla.com/legal/privacy/, as that policy may be changed from time to time. When Mozilla changes the policy in a material way a notice will be posted on the website at www.mozilla.com and the updated policy will be posted at the above link.
5. WEBSITE INFORMATION SERVICES. Mozilla and its contributors, licensors and partners work to provide the most accurate and up-to-date phishing and malware information. However, they cannot guarantee that this information is comprehensive and error-free: some risky sites may not be identified, and some safe sites may be identified in error.
6. DISCLAIMER OF WARRANTY. THE PRODUCT IS PROVIDED “AS IS†WITH ALL FAULTS. TO THE EXTENT PERMITTED BY LAW, MOZILLA AND MOZILLA’S DISTRIBUTORS, AND LICENSORS HEREBY DISCLAIM ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES THAT THE PRODUCT IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE AND NON-INFRINGING. YOU BEAR THE ENTIRE RISK AS TO SELECTING THE PRODUCT FOR YOUR PURPOSES AND AS TO THE QUALITY AND PERFORMANCE OF THE PRODUCT. THIS LIMITATION WILL APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES, SO THIS DISCLAIMER MAY NOT APPLY TO YOU.
7. LIMITATION OF LIABILITY. EXCEPT AS REQUIRED BY LAW, MOZILLA AND ITS DISTRIBUTORS, DIRECTORS, LICENSORS, CONTRIBUTORS AND AGENTS (COLLECTIVELY, THE “MOZILLA GROUPâ€) WILL NOT BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES ARISING OUT OF OR IN ANY WAY RELATING TO THIS AGREEMENT OR THE USE OF OR INABILITY TO USE THE PRODUCT, INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, LOST PROFITS, LOSS OF DATA, AND COMPUTER FAILURE OR MALFUNCTION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND REGARDLESS OF THE THEORY (CONTRACT, TORT OR OTHERWISE) UPON WHICH SUCH CLAIM IS BASED. THE MOZILLA GROUP’S COLLECTIVE LIABILITY UNDER THIS AGREEMENT WILL NOT EXCEED THE GREATER OF $500 (FIVE HUNDRED DOLLARS) AND THE FEES PAID BY YOU UNDER THE LICENSE (IF ANY). SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL, CONSEQUENTIAL OR SPECIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU.
8. EXPORT CONTROLS. This license is subject to all applicable export restrictions. You must comply with all export and import laws and restrictions and regulations of any United States or foreign agency or authority relating to the Product and its use.
9. U.S. GOVERNMENT END-USERS. This Product is a “commercial item,†as that term is defined in 48 C.F.R. 2.101, consisting of “commercial computer software†and “commercial computer software documentation,†as such terms are used in 48 C.F.R. 12.212 (Sept. 1995) and 48 C.F.R. 227.7202 (June 1995). Consistent with 48 C.F.R. 12.212, 48 C.F.R. 27.405(b)(2) (June 1998) and 48 C.F.R. 227.7202, all U.S. Government End Users acquire the Product with only those rights as set forth therein.
10. MISCELLANEOUS. (a)This Agreement constitutes the entire agreement between Mozilla and you concerning the subject matter hereof, and it may only be modified by a written amendment signed by an authorized executive of Mozilla. (b) Except to the extent applicable law, if any, provides otherwise, this Agreement will be governed by the laws of the state of California, U.S.A., excluding its conflict of law provisions. (c) This Agreement will not be governed by the United Nations Convention on Contracts for the International Sale of Goods. (d) If any part of this Agreement is held invalid or unenforceable, that part will be construed to reflect the parties’ original intent, and the remaining portions will remain in full force and effect. (e) A waiver by either party of any term or condition of this Agreement or any breach thereof, in any one instance, will not waive such term or condition or any subsequent breach thereof. (f) Except as required by law, the controlling language of this Agreement is English. (g) You may assign your rights under this Agreement to any party that consents to, and agrees to be bound by, its terms; the Mozilla Corporation may assign its rights under this Agreement without condition. (h) This Agreement will be binding upon and inure to the benefit of the parties, their successors and permitted assigns.
What a mouthful. I’m sure that even the legal team at Microshaft would be proud of it!
I highlighted a couple of areas that I think I understand…
BY USING THE MOZILLA FIREFOX BROWSER, YOU ARE CONSENTING TO BE BOUND BY THE AGREEMENT.
When I read this EULA after a routine update to Ibex on Saturday, it just appeared to me in a tab of Firefox next time I restarted. If you are using Ibex and you missed it last time round, just start Firefox from a terminal thus: firefox -ProfileManager, create a new profile, and you should get it again. My understanding of the quote above is that as I am now reading the contents of the EULA in Firefox I have, without my express consent, actually agreed to this garbage.
You must comply with all export and import laws and restrictions and regulations of any United States or foreign agency or authority relating to the Product and its use.
Hang on. I’m an end user. WTF have export and import laws got to do with me? And how on earth am I supposed to be aware of and understand “all export and import laws and restrictions and regulations of any United States or foreign agency or authority“. That’s a pretty bloody tall order by my understanding.
I’m sorry Mozilla, but this just stinks!
And OH YES. WHY DO YOU HAVE TO SHOUT IT ALL TOO?
Update 2: Mitch Baker has just posted a blog entry. Basically it sounds like they fscked up but haven’t worked out a fix – yet.
Building your own PC…
My regular desktop computer, Twoflower*, that I use for work and play is dying… 🙁
Twoflower is pretty old now by PC terms and is becoming quite unreliable. I built it about 4 or 5 years ago I guess, although I can’t remember exactly when, and it has been a good workhorse until quite recently. But the time has finally come to move on.
I like building my own PCs and find it can also be a very cost effective way to get exactly the PC you want and, of course, you don’t have to pay the Microsoft Tax either. So, after planning and reading for a couple of months or so, I have just ordered the new bits which will come together to create Lobsang*.
I’m not a “gamer” so I don’t need a heavy duty graphics card or excessive cooling, but I do tend to run a lot of apps at the same time and some of them are quite “hungry”: Eclipse, VirtualBox Virtual Machines, Inkscape, Gimp, OpenOffice.org, Thunderbird & Lightning with as many email accounts and CalDAV calendars as I have, and Firefox with usually a dozen or so tabs open at one time and perhaps further instances of Firefox running too. I’ve also often got a remote X sessions running to a development server as well.
So, it was important to me that I built a PC that is pretty quick, can be expanded easily and will – again – hopefully last me for a good few years.
Here is my shopping list:
| Antec Three Hundred Case w/o PSU |
| 520W Corsair HX Series Modular PSU, ATX, EPS12V, whisper quiet, 5 year warranty |
| Asrock P43R1600Twins, iP43, S 775, PCI-E 2.0 (x16), DDR2/DDR3 1066/1333/800, SATA II, SATA RAID, ATX |
| Intel Core 2 Duo, E8400, Wolfdale Core, S775, 3.0 GHz, 1333MHz, 6MB Cache, Retail |
| Arctic Cooling Freezer 7 Pro |
| 2GB (2x1GB) Corsair TwinX DDR2 XMS2 Dominator, PC2-8500 (1066), 240 Pin, Non-ECC Unbuffered, CAS 5 |
| 256MB Palit 9500GT, PCI-E 2.0(x16), 1600MHz GDDR3, GPU 550MHz, 32 Cores, HDTV/ D-Sub/ DL DVI-I |
| 320 GB Samsung HD322HJ Spinpoint F1, SATA 300, 7200 rpm, 16MB Cache, 8.9 ms |
| Samsung TS-H653B/DEBH 20x DVD±R, 8x DVD±DL, DVD+RW x8/-RW x6, x12 DVD-RAM SATA Black OEM |
The notable items on here I would say are:
- Power Supply – It is a really important part of your system. A cheap “no-name” PSU gives you unstable voltages that will lead to operational and reliability problems, crap cabling which restricts airflow, inefficiency so you just waste money making heat and they can be surprisingly noisy. The reviews I read lead me to choose either this Corsair model or a 450W unit from “Be Quiet”.
- The Asrock Motherboard – This was probably the hardest component to choose. I don’t need a top-end mobo that will overclock like a wild thing, but I did want one that would provide me with a decent platform and will allow some level of growth. This board looked to be just about right and very well priced for an Intel LGA775 board. It supports DDR3 (up to 4GB) as well as DDR2 (up to 8GB) memory and will run any of the latest generation Core2 dual and quad core processors including the most recent 45nm designs.
- The Processor – I was, until quite recently, going to go for the outstanding Q6600 65nm Quad core chip but having read some more recent reviews it seems as though the newer 45nm designs are much more efficient and yet more powerful. In most review tests, this dual core E8400 outperforms the Q6600 device and has about half the power consumption. There are certain times when 4 cores are better, but seeing as I’ve happily lived with just one up until now I think two will be just fine!
- No Operating System – I will, of course, be installing a Free and Open Source OS and that will almost certainly be Ubuntu Hardy Heron 8.04.1. In fact I am planning to have a spare partition or two so I can install other OS’s too.
The rest of the items are nothing too special. I am very fond of Samsung drives and have used them for many years now. They are usually very quiet, fast, reliable and are excellent value. The graphics card is a passively cooled device that will be very fine for Compiz and the minimal other 3D requirements I have. I wanted a new case as my current PC’s case is terrible. It was cheap, looked it too and is really noisy with quite a few 80mm fans churning away constantly. This new Antec Three Hundred case looks much better, has bigger 120mm and 140mm fans (that turn slower and thus make less noise) and has better cable management so air should flow well and is quite capacious so I have room to expand too.
My main source of knowledge for this lot comes from the excellent Custom PC Magazine. Although it is heavily geared toward gamers and high end systems, their no-nonsense reviews and technical features are the best I have come across, and I’ve been reading computer magazines virtually since they first appeared. When Custom PC review a product, if it is crap they really say so. There never seems to be any of the “polite excuses” or bias toward particular suppliers or vendors – unless they make really good gear that is. My only gripes with it are I’d like it to cover more Media and power efficiency topics and feature more Open Source software. Perhaps I should suggest some articles…
For the supplier of the bits, I have gone to Scan Computers. I have used them several times before and have no complaints at all. They have a great reputation for service and they do tend to have the best prices too. Hopefully the bits will be here by the weekend, just in time for my 10th Wedding Anniversary, so how much actually ends up getting assembled before next week remains to be seen…
For this blog, I’ll take some pictures of the bits before, during and after assembly and run through the way I put together a new PC. It isn’t terribly hard and is very satisfying when it’s finished.
Update: I’ve written two articles covering the build process. Part 1 is here.
* All the computers in our house are named after characters from Terry Pratchett’s Discworld novels. So far I have used: Rincewind, Mort, Binky, Moist, Angua, Twoflower, Gladys and Vimes.
Firefox 3 Download Day: World Record?
Well, it looks like Mozilla have got their record…
Thanks to the support of the always amazing Mozilla community, we got more than 8 million Firefox 3 downloads in 24 hours. That’s more Firefox downloads than we’ve ever had in a single day — an impressive feat indeed!
Please be patient while the good people of Guinness review our World Record attempt. This might take a few days so please check back here. And, a huge thanks for all of your support!
Looking on the map; France, Spain and the UK managed around 300,000 downloads each, Germany nearly 700,000, China came in with just 175k somewhat surprisingly and Russia even less at 110k (more copies were downloaded from Holland). Amazingly Iran recorded 260,000 (what gives there then? Anyone got any clues?) along with Italy at a similar figure and the USA dwarfed all others with a massive total of over 2.5million.
I guess the counts are indicative rather than completely accurate but it’s an interesting map and think it’s pretty awesome that more than 8million copies of Firefox 3 got delivered, for free, in just 24hrs. Congratulation to Mozilla and to the Open Source community. Now we should all go and get hammered on Wine which, after approx. 15 years, was finally released as a 1.0 product on the 17th June.
PS – The Mozilla counter is still counting BTW so I wonder how long before it reaches 10m? Tomorrow morning perhaps…
[Update: Yep. It’s 06:18 here in the UK and their counter is already over 10m by a hundred thousand or so]
