Categories
main mozilla po polsku tech

Podszywanie się podczas logowania przy użyciu mechanizmu BasicAuth w Firefoksie

W związku z licznymi raportami dotyczącymi Super Poważnego Błędu w Firefoksie, pozwole sobie streścić po Polsku odpowiedź z Mozilla Security Blog.

Problem

Napastnik może oszukać użytkownika podczas wyświetlania opisu zasobu do którego użytownik się loguje i sprawić, aby użytkownik pomyślał, że loguje się do innej, zaufanej strony.

Wpływ

Podczas wyświetlania okienka dialogowego prostej autentykacji, Firefox wyświetla aktualne źródło zapytania na samym końcu tekstu w okienku. Niektóre inne przeglądarki wyświetlają adres źródła zapytania na samym początku tekstu dialogowego, lub jako fragment tytułu wyskakującego okna, co zmniejsza niebezpieczeństwo pomyłki.

Taki sposób prezentowania informacji przez Mozillę Firefox może umożliwić napastnikowi spreparować okno dialogowe autentykacji, które będzie mylące i w efekcie spowooduje wysłanie danych logowania do napastnika.

Status

Mozilla jest w trakcie analizy problemu i wstępnie okresliła poziom zagrożenia na niski. Można śledzić prace nad tym problemem tutaj: https://bugzilla.mozilla.org/show_bug.cgi?id=244273

Podziękowania

Problem został zgłoszony publicznie oraz na listy mailingowe bugtraq przez Aviva Raffa.

http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx

Categories
main mozilla tech

Central Europe marketshare situation – short analysis (part 3 / Hungary)

The third part of this summary focuses on Hungary. (part 1 – Poland, part 2 – Czech Republic, part 4 – Lithuania, part 5 – Ukraine)

 


Flag of Hungary

Hungary

 

Population: 10 mln
Internet users: 3 mln (30%)

Hungary is similar in size to Czech Republic, but has fewer Internet users (ratio is similar to Poland – 30%). Usually in Eastern Europe, the lower level of the Internet connection saturation means that the market is yet waiting for it’s boom, and it’s about to begin. Hungary and Poland are both members of European Union, and in both cases the reason for such a low Internet penetration is connection price. In Poland for 512 Kb (Neostrada TP), I pay the price that in UK people pay for 8 Mb (BT Total Broadband). With the open market, we’re facing the prices to go down and I expect it’ll unblock the boom this year.

Hungary has it’s community HQ located at mozilla.fsf.hu.

centraleurope-graph19Back to numbers.

Hungary is yet another good news for Mozilla, with over 34% of the market share owned by Firefox and less than 2/3rd by IE.

Overall, Gecko has 34.9% and IE 62.9%, which places Hungary in between Poland and Czech Rep. in terms of Firefox adoption, which confirms the results from XiTi monitor.

 

Categories
main mozilla tech

Central Europe marketshare situation – short analysis (part 2 / Czech Republic)

The second part of this summary focuses on Czech Republic. (part 1 – Poland, part 3 – Hungary, part 4 – Lithuania, part 5 – Ukraine)

 


Czech Republic flag

Czech Republic

 

Population: 10.3 mln
Internet users: 5.1 mln (50%)

Czech Republic is almost 5 times smaller than Poland, but has much better Internet penetration with 50% of its citizens connected to the Web.

Czech Republic has, similar to Poland, great and very strong Mozilla community (CZilla) founded in 2002. Group of project members with huge experience guarantees high quality and on-time releases with similar set of end-user oriented support features like we can see in Poland.

As I mentioned in part 0 of this article, Gemius has lower penetration here than for Poland. So while it still seems to be very representative, more data sources would be very useful.

 centraleurope-graph13

Let’s start the graph show with current market situation.

IE has a strong position with 67.2% which is 7.7% more than in Poland and even more than in the Polish emigrants group. Firefox has 27.5% – 5.8% less thanin Poland.

Firefox with over 1/4th and IE with 2/3rd are shaping the whole market.

 

 

To answer the question about how fast the Czech market is adopting new technologies, we can take a look at the versions graph:

Categories
main mozilla tech

Central Europe marketshare situation – short analysis (part 1 / Poland)

The first part of this summary focuses on Poland. (part 2 – Czech Republic, part 3 – Hungary, part 4 – Lithuania, part 5 – Ukraine)

 


Flag of Poland

Poland

 

Population: 38.5 mln
Internet users: 11.4 mln (29.9%)

In case of Poland we can present two datasets (as this is the data we have from Ranking.pl) – users of the Polish Internet who come from Poland and users who come from outside of Poland.

The emigrants group is important because it brings us the numbers that should be near to Western Europe/US numbers while still in Gemius methodology.

Poland has very stable, big and well organized community lead by two projects. MozillaPL is a community project focused on self support, community activities, extension localization, and is an amazing source of energy. Aviary.pl is much smaller, task oriented group, that is considering itself as fully professional localization team, with a clear entry barrier, rules, internal structure and growing set of projects under its guide. It started as a part of MozillaPL with a goal to provide high quality localization of Firefox and Thunderbird, but now, it localizes big variety of products both commercially and non-commercially.

 

cenatrleurope-graph1

First, let’s take a look at the current market share of the most important browsers.

Yes, in contrast to the situation in western Europe, America and Asia, Opera does exists on our market and has its share, while Safari (0.1%) and the whole Mac platform are hardly visible.

Looking at the graph on the right, you can see the latest cumulative set with Microsoft Internet Explorer keeping the crown with 59.5% of the market share, Firefox being second with 33.3% and Opera being third with 5.8%.

In terms of engines, Gecko has 34% and MSIE has just dropped below 60% (59.9%) point.

 Yes. The results are different to the ones from XiTi Monitor. According to what we know, XiTi measures websites in English, French and Spanish, so they’re most representative in western Europe. For other countries they measure users from those regions who connect to the tracked websites, which distorts the results.

  Now, let’s take a look at users from outside of Poland (29% in this group is from England, 16% Germany, 14% USA, 27% other European countries, 14% rest of the world):

Categories
mozilla tech

Central Europe marketshare situation – short analyze (part 0)

My recent focus is on browsers situation in Europe. Especially non-western europe.  It means pretty big area with tons of countries, languages and home-grown Internet booms in the middle. I’d like to share some basic data about 5 of those basing on the data from Gemius.

Gemius is a polish company that focus on Internet statistics, profiling users for websites etc. What is good for us, is that the company is presenting weekly their merged results for “whole polish Internet” on the website ranking.pl. Which gives everyone in Poland pretty good idea on what’s going on here.

Some time ago Gemius expanded to new markets – Czech Republic, Hungary, Lithuania, Ukraine. Another thing is that due to the rising problem of “cookie deletion” the ambitious methodology of tracking “visits” had to be shifted into “tracking page views”, and I want to present you the summary of this data in case of web browsers that I think is representative for those countries and this part of Europe (1).

In the next posts I’ll be analyzing each of the countries and in summary, I’ll present the combined data for the whole region.

1) To explain why I tend to assume that Gemius data for Poland is a good estimation for population, let me show same data.
According to InternetWorldStats, Poland has around 11,5 mln Interent users. According to last Gemius weekly stats before they changed the methodology (May 2007) they tracked 19 296 045 visits during the week.
Even if we assume it’s not 100%, it’s still pretty good sampling, especially as my goal is not to measure the amount of users, but the market share trends.
For Czech Rep., InternetWorldStats says they have 5.1 million users, and Gemius in May tracked 8 million visitors during the week.
For Hungary, IWS says about 3 mln users, and Gemius tracked 3.6 mln visits.
For Lithuania, IWS says about 1.2 mln users, and Gemius tracked 1.3 mln visits
For Ukraine, IWS says about 5.3 mln users, and Gemius tracked 1.2 mln visits.

Usually, one user is doing far less than 3 visits per week which means that you can divide the visits by 3 and get estimated real users. Comparing IWS Internet users to those real users will give you a sampling.
In all those cases, beside Ukraine, we can say that it’s very representative sampling. In case of Ukraine, I still tend to believe that it’s enough to get some idea on what’s going on there.
please, bear in mind, that those are statistics. Statistics are a way to represent the data, and data represents reality. On each level there are simplifications and mistakes, and it’s up to you to decide on your own how far you trust the summary results.

Categories
mozilla po polsku tech

Tak się robi historię…

Przepis jest prosty, bierzesz historię i ją robisz. Korzystając z faktu, że Tobie zależy na pewnej jej wersji bardziej niż innym, nie napotykasz raczej oporu, skutek jest wszystkim.

Ostatnio często mówi się opoprawianiu Wikipedii“. Jak wiadomo, Wikipedia nie jest doskonała, i można ją poprawić. Nasz wewnętrzny dysonans poznawczy wręcz marzy o takiej okazji zewnętrznej racjonalizacji naszych przekonań, decyzji i wyborów.

Niestety nawet na naszym, małym, podwórku przeglądarek internetowych nie każdemu udało się oprzeć tej pokusie “wykreowania” kawałka historii.

Categories
mozilla tech

Microsoft ignores the lesson and keeps being simply rude

So… there is this huge network of the world called the Internet. And there is a protocol called HTTP which is a base of communication for pretty popular WWW.

Many years ago, Microsoft has prepared pretty good browser – Internet Explorer, that stormed the market. It was really good product, IE4 was the best at the time. Their marketshare rocketed up and around 2002 they have had between 90 to 98% of the Internet browser market share. That’s pretty a lot!

So. After IE6 released in 2001, the company released the team that was working on it, and left the product hardly maintained with no plans for future development. The market was theirs. The tool for using WWW was in their hands. From the economical point of view, their decision was reasonable. Cut the costs. Goal was achieved.

But the missing element is the altruistic theory – “consumer matters”. And consumer does not erase his needs once you have the marketshare taken. Really. But for Microsoft, for some reason, this equation worked.

For the next 6 years, each and every user of the Internet was forced to use IE6, because the WWW network was compatible with this web browser, and there was no upgrade on a horizon.

Categories
flock main tech

Flock 1.0 in 6 languages!

As Stef wrote, we have finally released first locales of Flock 1.0 to the public!

Spanish (for spain and latin america), Finnish,  Polish, Russian, Slovak are available for users!

We’re working on the next round that should contain some of those from Flock 1.0 L10n status.

If you want to help with those, or start a new localization for Flock, read this 🙂

Categories
main tech

PulseAudio in Hardy by default!

Woa! That’s a news! I’m a huge fan of PulseAudio, it really seems to be the Compiz of sound.

I dream about the day when I’ll be able to move audio streams live between my 5.1 sound system and headphones without restarting apps.

I dream about the day when I’ll be able to use 2 laptops to emulate dolby surround by setting one laptop as a front speakers and another as rare speakers.

I dream about the day when I’ll be able to make browser not play sounds (flash ads!) while Amarok is loud. Until Skype is calling of course, when Amarok goes down to 5% 🙂

PulseAudio promises that, and I’m happy my next Ubuntu will go this path.

Categories
main tech

Project watcher update (part 2)

Updates, part two.

  • Crystal Space – In January 2007, Crystal Space finally, after 10 years (sic!) of development, has reached 1.0 release. One of the most popular and important projects related to open source gaming space has a stable release! It’s a big step forward, and I consider it as a symbol. Many of the things that happened after this release could of course happened before CS 1.0, but the magical barrier, that means “you can rely on this release” is important. CS is now in 1.2 stage, with many game projects using it, and it’s joining with Blender in effort to create a new game, more on this later. CS is healthy and stays important part of currently rising open source game world. Read changelog to get an idea on where CS is in terms of new features.
  • Yake – this project spent the last 1,5 year in the shadow, but surprisingly it’s alive! They have skipped 0.5 release, and went straight forward to 0.6 released on April 2007 to public and 0.7 being ready in it’s branch. On the other hand, the wiki is down for some time, it’s hard to find any changelogs. Most of the communication happens through forums, and there’s not much going on yet. I’d say that probably Yake is waiting for it’s “1.0” to get momentum and attention. Pity, cause it seems to be the cleanest API for game writing and it bases on OGRE, so you get all the beauty of OGRE updates and Yake updates with each release.
  • Speaking of OGRE 3D – In mid 2005, OGRE got it “1.0” and it took a year to get next stabel release – 1.2. It happened on May 2006, and was followed by 1.4 in March 2007. I’m not a game dev, just an observer, but OGRE seems to be the biggest project around. With professional games like Ankh or Pacific Storm it was tested in battle, huge wiki, strong and ultra-active community, and huge amount of projects using it, it’s just a pleasure watching it’s growth. It seems that this project is getting attention beside of the Open Source/Linux walls and may be one of the best ambassadors beside of Firefox, Open Office, Thunderbird or Blender that we have.
  • Blender – another success story. Since last Project Watcher, Blender upgraded itself from 2.40 to 2.45. It’s simply impossible to list all the new features between those two. Just read the release notes: 2.41, 2.42, 2.43, 2.44, 2.45.
    By the way. I love how they present themself to the community. Their release notes are the best I’ve ever seen (even a total newbie can *see* what’s going on), they have huge amount of community related websites, great video tutorials, and extremely interesting UI. It has rather high learning curve, but it’s very intuitive once you get it and feels very fast.
  • GIMP – This project reminds me Mozilla Suite it many ways. It has great potential, but UI blocks it from being a success. It took them a way too much time to release 2.4, but it’s very nice and mature. The only problem that stays is the UI, which is impractical and hard to learn. Fortunately they guys know what keeps them down. MMIWorks, a company specialized in UI design, is tracking the work on the new UI. What’s interesting here is that Gimp team tends to use the community and they keep their progress in open. Read the Wiki, and the blog. I may be wrong but it seems to be the first “big” open source project that goes through major UI redesign to match the world standards and it happens in open. It’s very interesting to watch how this works.
  • Elephant’s Dream – The movie is ready now. You can download it and watch, it’s beautiful, but too “artistic” in screenplay for me. I’d like something “easier” to attract wider attention. They probably can read my mind, cause they already started project “Pitch” – another open source movie made in the model of “Hack’a’ton” (well, half year of it). It’s going to be cute, pink and funny. During each movie they testing quality of Blender and influencing it’s development. Oh, it’s perfect model of development 🙂 You’ve got open source movies, better 3d software, and models from the movie will be used in the open source game (Crystal Space + Blender). Tadam 🙂

Enough for today. The gaming/modeling stage is very healthy and all the projects are progressing (with Yake a bit behind) 🙂 I should add Irrlicht and Inkscape to the group, and I’ll write more about it once I get through the current state of whole Project Watcher list and start adding new members.