Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Mozilla Launches Student Coding Program "Winter of Security"

samzenpus posted about 4 months ago | from the student-labor dept.

Mozilla 40

First time accepted submitter NotInHere (3654617) writes "Mozilla has introduced a new program called MWoS, or 'Mozilla Winter of Security,' to involve university students in security projects. The attending students will write code for a Mozilla security tool during (northern hemisphere) winter. Unlike GSoC, attending it involves no monetary payment, but the student's universities are expected to actively cooperate and to give the students a credit for their work. From the article: 'MWoS is a win for all. Students get a chance to work on real-world security projects, under the guidance of an experienced security engineer. Professors get to implement cutting-edge security projects into their programs. Mozilla and the community get better security tools, which that we would not have the resources to build or improve ourselves.'"

cancel ×

40 comments

Sorry! There are no comments related to the filter you selected.

Expecting cooperation from universities... (2, Interesting)

Anonymous Coward | about 4 months ago | (#47031893)

, but the student's universities are expected to actively cooperate and to give the students a credit for their work

If you're from a good university you dont really need such programs, and crappy universities dont give credit unless the work meets a list of crappy criteria designed in the 1950's , so the program is not going to be really great

Re:Expecting cooperation from universities... (5, Insightful)

monkeyhybrid (1677192) | about 4 months ago | (#47032451)

If you're from a good university you dont really need such programs

Working in a professional environment as part of your education can be a very valuable experience and shouldn't be sniffed at. I had the good fortune to do something similar when I was younger, and looking back at it now, I can really appreciate how it helped sharpen my skills and gave me greater insight into what real world software development is like.

Re:Expecting cooperation from universities... (0)

Anonymous Coward | about 4 months ago | (#47032793)

If you're from a good university you dont really need such programs

Working in a professional environment as part of your education can be a very valuable experience and shouldn't be sniffed at. I had the good fortune to do something similar when I was younger, and looking back at it now, I can really appreciate how it helped sharpen my skills and gave me greater insight into what real world software development is like.

The only way you sharpen your skills and gain greater insight into real world software development is designing and writing software. All these programmes do is encourage people lacking necessary aptitude for logical, methodical thinking and problem-solving. I once had a team lead scoff at the methodical approach I practised when troubleshooting software when a client requested support via telephone.

theory vs practice. Having looked at univ programs (4, Insightful)

raymorris (2726007) | about 4 months ago | (#47032475)

Having looked into the security related curriculum at MIT, Princeton, etc, I'd certainly be more likely to hire a student who had hands-on experience under the guidance of a security professional. Their academic programs do not prepare a student for serious security work, in my opinion. In fact, I'd say that a student needs to take all (both) of the security-related electives just to be prepared to write internet-accessible applications.

Not only is there a huge difference between theory and actual practice, but even the theory side is quite limited for security at the top universities. The best I've found is offered by a part of the Texas A&M system, called TEEX.

When I went to work at TEEX, I expected that I'd need to find diplomatic ways of telling them that their cyber-security classes suck, because most classes in the field do suck. I was surprised to see that the TEEX material is pretty good. I can only try to help them make the visual presentation be as good as the actual material is.

Re:Expecting cooperation from universities... (2)

chentiangemalc (1710624) | about 4 months ago | (#47033725)

This type of arrogance might explain why so many university graduates I work with are clueless on resolving real world problems within real world deadlines.

S.m.r.t (4, Insightful)

Kamineko (851857) | about 4 months ago | (#47031929)

Superlative plan.

Get students doing the security work, because the real developers are way too busy screwing around with the user interface and can't be disturbed.

Re:S.m.r.t (0)

Anonymous Coward | about 4 months ago | (#47032091)

Superlative plan.

Get students doing the security work, because the real developers are way too busy screwing around with the user interface and can't be disturbed.

You mean 'super plan', not 'superlative'. A superlative is a word of exaggerated praise, but superlative itself is not such a word.
Word.
-D

Re:S.m.r.t (0)

Anonymous Coward | about 4 months ago | (#47032179)

The humanity...! I suppose it's too late to claim that I meant it as a sort of pun, meaning "it's a plan of extremes": either extremely good or extremely bad. Or perhaps a placeholder for any you wish to insert.

Re:S.m.r.t (0)

Anonymous Coward | about 4 months ago | (#47032189)

superlative
sprltiv/
adjective
1.
of the highest quality or degree.
"a superlative piece of skill"
synonyms: excellent, magnificent, wonderful, marvelous, supreme, consummate, outstanding, remarkable, fine, choice, first-rate, first-class, premier, prime, unsurpassed, unequaled, unparalleled, unrivaled, preeminent; More
antonyms: mediocre
2.
GRAMMAR
(of an adjective or adverb) expressing the highest or a very high degree of a quality (e.g., bravest, most fiercely ).
noun
noun: superlative; plural noun: superlatives
1.
GRAMMAR
a superlative adjective or adverb.
the highest degree of comparison.
noun: the superlative
2.
an exaggerated or hyperbolical expression of praise.
"the critics ran out of superlatives to describe him"

Re:S.m.r.t (0)

Anonymous Coward | about 4 months ago | (#47034095)

A superlative is a word of exaggerated praise

No it's not. It's the degree of an adjective that's higher than a comparative, you rubberlipped porch-monkey.

Re:S.m.r.t (-1)

Anonymous Coward | about 4 months ago | (#47032099)

You're forgetting all of that DRM that absolutely needs to be implemented and the version number needs to be incremented at least ten times per day. That's why Mozilla has shamelessly ripped-off the interfaces from Opera and Chrome, they haven't any time with all of the corporate dick sucking they've been doing. There is certainly no time for fixing security holes or memory leaks which have existed in Firefox for years.

Re:S.m.r.t (1)

Hognoxious (631665) | about 4 months ago | (#47034053)

Hey, that zipfy curve on the tabs didn't design itself, you know!

Re:S.m.r.t (0)

Anonymous Coward | about 4 months ago | (#47036751)

Superlative plan.

Get students doing the security work, because the real developers are way too busy screwing around with the user interface and can't be disturbed.

User interface? Mozilla?

They're too busy being harrased and defeinding themselves from false rape accusations.

imaginary 'security' = safety misnomer hypenosys (-1)

Anonymous Coward | about 4 months ago | (#47031991)

return to our spirits of honor & integrity happening? http://www.youtube.com/results?search_query=world+wakes+up

Re: imaginary 'security' = safety misnomer hypenos (-1)

Anonymous Coward | about 4 months ago | (#47032061)

Blame Obama for these violations of your freedoms

Re: imaginary 'security' = safety misnomer hypenos (-1)

Anonymous Coward | about 4 months ago | (#47032335)

I blame every politician in the US government. The entire, current system needs to be discarded and rebooted.

time involved in murdering 100 million innocents (-1)

Anonymous Coward | about 4 months ago | (#47032087)

not to mention the MANpower,, based on greed/insecurity/fear the neverending nazi zion holycost Ihttp://www.youtube.com/results?search_query=unrepentant&sm=3 getting us to do such things voluntarily defies the spirit & intent of creation & it's earth bound representatives momkind our centerpeace... new clear options abound creation is all ++++ with no known limits as we remain hostage to our deceptive media based perceptions... carry on

The bard said it! (0)

OzPeter (195038) | about 4 months ago | (#47032083)

Now is the winter of our discontent
Made glorious summer by this sun of York;
And all the clouds that lour'd upon our house
In the deep bosom of the ocean buried.
Now are our brows bound with victorious wreaths;
Our bruised arms hung up for monuments;
Our stern alarums changed to merry meetings,
Our dreadful marches to delightful measures.
Grim-visaged war hath smooth'd his wrinkled front;
And now, instead of mounting barded steeds
To fright the souls of fearful adversaries,
He capers nimbly in a lady's chamber
To the lascivious pleasing of a lute.
But I, that am not shaped for sportive tricks,
Nor made to court an amorous looking-glass;
I, that am rudely stamp'd, and want love's majesty
To strut before a wanton ambling nymph;
I, that am curtail'd of this fair proportion,
Cheated of feature by dissembling nature,
Deformed, unfinish'd, sent before my time
Into this breathing world, scarce half made up,
And that so lamely and unfashionable
That dogs bark at me as I halt by them;
Why, I, in this weak piping time of peace,
Have no delight to pass away the time,
Unless to spy my shadow in the sun
And descant on mine own deformity:
And therefore, since I cannot prove a lover,
To entertain these fair well-spoken days,
I am determined to prove a villain
And hate the idle pleasures of these days.
Plots have I laid, inductions dangerous,
By drunken prophecies, libels and dreams,
To set my brother Clarence and the king
In deadly hate the one against the other:
And if King Edward be as true and just
As I am subtle, false and treacherous,
This day should Clarence closely be mew'd up,
About a prophecy, which says that 'G'
Of Edward's heirs the murderer shall be.
Dive, thoughts, down to my soul: here
Clarence comes.

Now is the winter of my disco tent. (0)

Anonymous Coward | about 4 months ago | (#47032129)

If the code is only as good as the final vetting by security minded eyeballs what does this accomplish in reality? Pipelining for future mozilla engineering candidates?

Followed by the "Fall of DRM" (0)

Anonymous Coward | about 4 months ago | (#47032283)

Or would that be "Fail"?

Secure DRM! (0)

Anonymous Coward | about 4 months ago | (#47032291)

Now awesome for your curriculum too!

Climate Change (0)

rossdee (243626) | about 4 months ago | (#47032315)

Winter of Security?

I thought we were heading into summer (in the northern hemisphere, where Mozilla and most universities are located)

Do they know something we don't?

Preparation (1)

tepples (727027) | about 4 months ago | (#47035711)

Probably announcing half a year in advance because it takes months to prepare for these events.

Crack Firefox DRM (1, Interesting)

EmperorOfCanada (1332175) | about 4 months ago | (#47032353)

I hope that the first thing these guys do is to figure out how to crack or remove Firefox's DRM, I liked Firefox but I will NOT use it if they implement DRM. All DRM says is "We hate, despise, and crap on our users." Full stop.

But maybe DRM in Firefox is a good thing. It has been a long time since a new browser player came into the market and with Firefox soon to crack single digits(post DRM) it might make room for some fresh blood. So maybe one of these students will learn the Firefox code and business model well enough to fork a successful non DRM product that will get the traction of MariaDB with the fools still using the old product(think AOL) and the people in the know using the new product.

Re:Crack Firefox DRM (0)

Anonymous Coward | about 4 months ago | (#47038227)

grep -nrH DRM Firefox/
vim Firefox/DRM.cpp
add to top: #if 0
add to bottom: #endif :wq
recompile?

Do they really have time for this? (2)

michael021689 (791941) | about 4 months ago | (#47032381)

I'm surprised that Mozilla has time for this sort of thing. I would think that trying to make a Chome clone would keep them busy all the time. Hell, on top of that they seem to be actively going against the wishes of their community. That has to take a lot of time; they have to figure out what would keep them in the game and then do the opposite.

Seriously though, Mozilla has destroyed itself in the past three years. It is depressing. I don't want to use Chrome because Google..hell, IE is starting to look pretty good.

They just removed a major security feature in FF (5, Interesting)

chrisvdb (149510) | about 4 months ago | (#47032435)

I'm not sure if I really understand where Mozilla is heading... I chose Firefox over Chrome because of a) secure password sync'ing across devices (real end to end encryption for cloud storage and master password for local storage) and b) addons on Firefox mobile version.

Recently they decided to implement another password sync'ing scheme as the old one (based on pairing devices) was apparently too hard to use for the modal FF user (stats showed that less than 1% of their userbase was using old sync). Unfortunately the new system is by design not nearly as secure as the old system. After a few weeks of enabling the new sync'ing tool I randomly noticed that passwords no longer got sync'ed correctly. Turned out that the new sync system does not work when a master password is enabled. No mention of this in the release notes, no warning message during installation.

With the new sync system we not only get less security by design, on top we're no longer able to locally protect stored passwords with a master password. That means that every malicious/buggy application on your computer is able to read _all_ your saved passwords in plaintext. Take a look at https://bugzilla.mozilla.org/show_bug.cgi?id=995268 for the details. Password sync'ing security is now at par with Chrome, so b) is now the only reason why I'm still staying with FF.

If you take the time to read the bug report it really feels that Mozilla is losing touch with the power users in their pursuit of the average user. They forget that power users influence the rest...

Anyway, I think it's rather ironical that they are doing this security thing while they are knowingly removing security features at the same time.

Firefox was specifically not for power users. (1)

raymorris (2726007) | about 4 months ago | (#47032983)

> Mozilla is losing touch with the power users in their pursuit of the average user.

Seamonkey was supposed to be the full-featured Mozilla browser for power users. Firefox was launched as a stripped-down, lightweight version of Seamonkey for Average Joe to check Facebook with. Of course, after a couple of years they forgot about the lightweight thing. They are specifically not targeting power users though.

Re:Firefox was specifically not for power users. (0)

Anonymous Coward | about 4 months ago | (#47033273)

Seamonkey didn't come before Phoenix/Firefox, but after.

> which that we would not have the resources

Well stated, Mozilla. Having college students may help with removing either which or that.

The 1.0 release notes say it did (1)

raymorris (2726007) | about 4 months ago | (#47034249)

See the Firefox 1.0 release notes, where they say Firefox (then called Phoenix) will be like Seamonkey, but with "features deemed geeky" removed.

http://website-archive.mozilla... [mozilla.org]

In the 1.0 release notes, Seamonkey is called "the Mozilla browser". The new Firefox (aka Phoenix aka Firebird) is contrasted with the pre-existing browser from Mozilla, internally known as Seamonkey. The Seamonkey name goes all the way back to Netscape. Extetnally, Netscape Inc. branded Seamonkey as "Netscape", the Mozilla Foundation branded it as "Mozilla browser", but it was always Seamonkey in the code.

    After the ad in the New York Times and other marketing helped Firefox to become more popular than it's older brother, the Mozilla foundation switched it's focus away from Seamonkey to the new product, Firefox. After a few years of that, the governance of the Seamonkey project changed. That change came after Firefox, so that may be the event you're thinking of. That wasn't the birth of Seamonkey, though, far from it. That was a milestone marking the DECLINE of Seamonkey because Mozilla had moved focus away from Seamonkey.

Re:The 1.0 release notes say it did (1)

Gavagai80 (1275204) | about 4 months ago | (#47036141)

0.1 you mean. Firefox 1.0 was years later long after most of us had started using it.

1993 browser comparison page "Netscape Seamonkey" (1)

raymorris (2726007) | about 4 months ago | (#47034351)

In 1993, this page compared Mosaic to "Netscape Seamonkey". That's eleven years before Firefox.

http://kuliah-pegawai-stt-band... [kurikulum.org]

Shocked (0)

slack_justyb (862874) | about 4 months ago | (#47032461)

Golden chance to make all kinds of, "Winter is coming..." jokes. Yet not a single one so far.

Error detected (0)

Anonymous Coward | about 4 months ago | (#47032501)

Unlike GSoC, attending it involves no monetary payment, but the student's universities are expected to actively cooperate and to give the students a credit for their work.

That should be "students' universities".

Let's hope... (1)

Hognoxious (631665) | about 4 months ago | (#47032653)

Let's hope for a "Spring of Usability", because 29 is a waist-high heap of gusset scrapings.

"Refresh" and "Back" are now tied to the url bar (previously, you could move them if the wind was blowing in the right direction).

The zoom controls have a 100% thing in the middle (which apparently doesn't do anything) making it far wider than it needs to be.

The customize window has the controls at the bottom, including one at the lower right to close the entire app. Why would you want ever want to do that from there anyway?

Still, it's not all doom and gloom. We've gained rounded ends on the tabs which, well, they're rounded which is exponentially UX-ey. Then there's my particular favourite, monochrome icons. Because, redundant coding, is, like WTF?

Aces Mozilla (1)

binarylarry (1338699) | about 4 months ago | (#47033177)

This is a much better initiative than both Google's Summer of Code and Microsoft's Fall of Disappointment.

Winter of Discontent - 29 (0)

Anonymous Coward | about 4 months ago | (#47033235)

Mozilla ought to worry about the mass exodus of users they're going to get from 29 and beyond... security is irrelevant if your product is so broken people have to abandon it.

I guess the more accurate name... (1)

arglebargle_xiv (2212710) | about 4 months ago | (#47035145)

... "Mozilla Winter of We're Too Busy Making our Browser Look Like Chrome and Adding DRM to Bother with Trivial Stuff like Security so we'll get Unpaid Students to Do It Instead" didn't fit into a short acronym.

My Box Is Huge (1)

jman.org (953199) | about 4 months ago | (#47039189)

Suppose any part of this will be for finally converting TB to maildir format?

No, wait, that would suppose it's still actually in development. Why they let such a promising cross-platform app wither on the vine is beyond comprehension.

Brace yourselves... (0)

Anonymous Coward | about 4 months ago | (#47063889)

Winter is coming
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>