On 5/20/2010 4:28 AM, Gervase Markham wrote:
On 18/05/10 15:54, johnjbarton wrote:
I mean that starting a design from the point of view that the users have
faulty judgment will almost certainly lead to software that fails.
If users did not have faulty judgement, and always made correct
On 5/18/2010 2:17 PM, Eddy Nigg wrote:
On 05/18/2010 10:37 PM, From johnjbarton:
2) Openness and encouragement of better API and UI for mozilla
security solutions (concretely your fabulous resources are effectively
out of reach for JS developers, it's a real shame)
...but I'm ce
On 5/18/2010 12:15 PM, Eddy Nigg wrote:
On 05/18/2010 09:44 PM, From johnjbarton:
The better model begins by abandoning the "security-vs-convenience"
mindset. Security should be about the maximum actually and effective
security experienced by users. Our reaction to users clicki
On 5/18/2010 9:08 AM, Marsh Ray wrote:
On 5/18/2010 9:54 AM, johnjbarton wrote:
I mean that starting a design from the point of view that the users have
faulty judgment will almost certainly lead to software that fails.
The judgment starts when the user chooses the app. In effect the
On 5/18/2010 4:44 AM, Gervase Markham wrote:
On 18/05/10 05:20, johnjbarton wrote:
Many of our potential users are inexperienced computer users, who do
not
understand the risks involved in using interactive Web content. This
means we must rely on the user's judgement as little as possibl
On 5/17/2010 9:41 PM, Kurt Seifried wrote:
The reason we have so many problems is this: Security is hard.
Lots of things about computing are "hard". The path to improvement is in
looking for ways to make the systems easier to operate properly. A place
to start is a little respect for use
On 5/17/2010 11:58 AM, Nelson B Bolyard wrote:
On 2010-05-17 10:31 PDT, johnjbarton wrote:
On 5/17/2010 10:23 AM, Nelson B Bolyard wrote:
My favorite quote:
"Given a choice between dancing pigs and security,
users will pick dancing pigs every time."
It's so true. If
On 5/17/2010 10:23 AM, Nelson B Bolyard wrote:
On 2010-05-17 08:41 PDT, johnjbarton wrote:
Cormac Herley provides a detailed exploration of dangers of
inappropriate security warnings:
https://docs.google.com/viewer?url=http%3A%2F%2Fresearch.microsoft.com%2Fen-us%2Fum%2Fpeople%2Fcormac%2Fpapers
Cormac Herley provides a detailed exploration of dangers of
inappropriate security warnings:
https://docs.google.com/viewer?url=http%3A%2F%2Fresearch.microsoft.com%2Fen-us%2Fum%2Fpeople%2Fcormac%2Fpapers%2F2009%2Fsolongandnothanks.pdf&pli=1
or here is the short URL
http://bit.ly/9flIbJ
Check
On 4/19/2010 10:52 AM, Nelson B Bolyard wrote:
On 2010/04/19 08:33 PDT, johnjbarton wrote:
...
There are appropriate channels for advertising this problem and
educating users and servers about it. The current Error Console spam
campaign and the propose pop-up ads campaign are simply not
On 4/19/2010 1:42 AM, Nelson B Bolyard wrote:
On 2010-04-18 21:16 PST, johnjbarton wrote:
I see nothing wrong with users contacting sysadmins. I object to using
the browser as a platform for badgering Web developers to contact
sysadmins on your behalf.
You continue to make the mistake of
On 4/18/2010 10:36 AM, Matt McCutchen wrote:
On Sat, 2010-04-10 at 08:10 -0700, johnjbarton wrote:
On 4/9/2010 6:06 PM, Matt McCutchen wrote:
Are you saying that Mozilla shouldn't encourage users to bother their
server operators because if the problem were real, the server operators
On 4/11/2010 7:48 PM, Nelson Bolyard wrote:
On 2010-04-08 09:59 PST, Robert Relyea wrote:
On 04/07/2010 09:35 PM, Nelson B Bolyard wrote:
We plan on alerting users in a future update. This is fair warning
to server operators and those who are debugging their sites.
If this is a real threat do
On 4/9/2010 6:06 PM, Matt McCutchen wrote:
On Fri, 2010-04-09 at 09:34 -0700, johnjbarton wrote:
On 4/8/2010 12:13 PM, Matt McCutchen wrote:
On Thu, 2010-04-08 at 09:35 -0700, johnjbarton wrote:
On 4/7/2010 9:35 PM, Nelson B Bolyard wrote:
...
Inconveniencing the users is a NECESSARY part of
On 4/8/2010 12:13 PM, Matt McCutchen wrote:
On Thu, 2010-04-08 at 09:35 -0700, johnjbarton wrote:
On 4/7/2010 9:35 PM, Nelson B Bolyard wrote:
...
Inconveniencing the users is a NECESSARY part of getting this vulnerability
fixed. Without that, the servers have NO INCENTIVE to lift a finger to
On 4/7/2010 9:35 PM, Nelson B Bolyard wrote:
...
Inconveniencing the users is a NECESSARY part of getting this vulnerability
fixed. Without that, the servers have NO INCENTIVE to lift a finger to fix
this.
...
The claim is obviously false as the recent update to Firefox 3.6.3
clearly demonstr
On 4/4/2010 10:41 PM, Daniel Veditz wrote:
On 4/3/10 9:30 AM, johnjbarton wrote:
If the *users* of Firefox are truly in jeopardy, then this alert should
be provided to *users*. Since this alert is not shown to users I can
only assume that in fact there is no practical threat here. You&#x
On 4/3/2010 6:45 AM, Jean-Marc Desperrier wrote:
On 02/04/2010 18:25, johnjbarton wrote:
The appropriate way to address this security problem starts by
contacting the major providers of server software
There's no need to contact them, they are well aware of the problem.
AFAIK they hav
On 4/2/2010 2:22 AM, Jean-Marc Desperrier wrote:
johnjbarton wrote:
Closely related to bug 554594 is
https://bugzilla.mozilla.org/show_bug.cgi?id=535649
Web developers using Firefox Error Console or tools like Firebug that
use nsIConsoleService are now bombarded with pointless messages like
On 3/31/2010 5:26 AM, Eddy Nigg wrote:
[ Please follow up to mozilla.dev.tech.crypto ]
After some discussion at bug 554594 I'm following up here - the bug was
unfortunately misused by me a little for the initial discussion.
Closely related to bug 554594 is
https://bugzilla.mozilla.org/show_bug
20 matches
Mail list logo
