Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Mozilla Dumps Info of 76,000 Developers To Public Web Server

samzenpus posted about a month and a half ago | from the for-everyone's-eyes dept.

Mozilla 80

wiredmikey writes Mozilla warned on Friday that it had mistakenly exposed information on almost 80,000 members of its Mozilla Developer Network (MDN) as a result of a botched data sanitization process. The discovery was made around June 22 by one of Mozilla's Web developers, Stormy Peters, Director of Developer Relations at Mozilla, said in a security advisory posted to the Mozilla Security Blog on Friday. "Starting on about June 23, for a period of 30 days, a data sanitization process of the Mozilla Developer Network (MDN) site database had been failing, resulting in the accidental disclosure of MDN email addresses of about 76,000 users and encrypted passwords of about 4,000 users on a publicly accessible server," Peters wrote. According to Peters, the encrypted passwords were salted hashes and they by themselves cannot currently be used to authenticate with the MDN. However, Peters warned that MDN users may be at risk if they reused their original MDN passwords on other non-Mozilla websites or authentication systems.

cancel ×

80 comments

Sorry! There are no comments related to the filter you selected.

Mozilla... (3, Funny)

SeaFox (739806) | about a month and a half ago | (#47595723)

"Committed to you, your privacy and an open Web"

Re: Mozilla... (5, Insightful)

relisher (2955441) | about a month and a half ago | (#47595777)

Well, in Mozillas defense, at least they admitted their mistake rather than ignoring it like many companies we have seen on Slashdot do.

They don't deserve to be commended. (-1)

Anonymous Coward | about a month and a half ago | (#47595979)

Why should we commend them for doing exactly what they should have done, given the situation?

Why should we commend them for not totally fucking up yet again, after having just fucked up once already?

I don't know about you, but meeting the bare minimum requirements doesn't earn somebody commendation from me. It makes me wonder why the hell they aren't doing any better.

Re:They don't deserve to be commended. (5, Insightful)

jopsen (885607) | about a month and a half ago | (#47596137)

but meeting the bare minimum requirements doesn't earn somebody commendation from me.

How often do hear news stories about leaks with encrypted passwords that are properly salted? :)
How often does anybody admit a possible leak, when there is no evidence anybody downloaded the database dump...?
Really, how often do you hear about things like this, if discovered internally?

I agree, it's the decent thing to do, but I don't think you can expect this level of detail, openness and honesty from commercial players.
I can't imagine any organization that wouldn't sweep this under the rug, after all it was discovered internally.

It makes me wonder why the hell they aren't doing any better.

Avoiding a leak would certainly have been preferred. But mistakes happens, processes fails.

Re:They don't deserve to be commended. (-1)

Anonymous Coward | about a month and a half ago | (#47598597)

You're basically saying, "Good job, Mozilla! You guys merely fucked up a whole lot, rather than fucking up completely! Good job!", and then you're saying, "Good job, Mozilla! You guys haven't fucked up as badly as some other idiots have fucked up! Good job!"

Like the GP said, you're commending them for bad behavior leading to an incident that neve should have happened. You shouldn't do that. All they deserve is ridicule in this case.

Seriously, they thought it was sensible to try to sanitize the existing data, rather than just dumping the schema and generating realistic fake data? Come on. If they didn't have the minimal level of foresight to see how such data dumping could easily blow up in their faces, then they're dumbasses, plain and simple.

Re:They don't deserve to be commended. (2, Insightful)

stoborrobots (577882) | about a month and a half ago | (#47596519)

Why should we commend them...?

We shouldn't. They fucked up. We should call them out for fucking up.

What the GP said was not "we should commend them", but "in their defense".

It's a valid defense: they fucked up, they noticed, they cleaned up what they could, and they admitted their mistake and advised people appropriately. That doesn't make their mistake go away, but it changes it from Badness Level 50 (eBay) to Badness Level 30 (Target).

Re: They don't deserve to be commended. (0)

Anonymous Coward | about a month and a half ago | (#47600325)

But open source. Derp.

Mozilla... (0)

Anonymous Coward | about a month and a half ago | (#47595789)

Mistakes happen. You should look into the technical side of the healthcare industry...

Re:Mozilla... (0)

Anonymous Coward | about a month and a half ago | (#47595829)

If you don't like it, why don't YOU join Mozilla and improve things? I thought not. It's far easier to criticize them for their eventual slip-ups than it is to actually be the one to try.

Re:Mozilla... (1)

Anonymous Coward | about a month and a half ago | (#47595891)

If you don't like it, why don't YOU join Mozilla and improve things? I thought not. It's far easier to criticize them for their eventual slip-ups than it is to actually be the one to try.

Because even I can't fuck up a UX badly enough to impress a Mozilla developer.

Re:Mozilla... (0)

Anonymous Coward | about a month and a half ago | (#47596145)

Ah, I see. Then enjoy the experience you get, because that's all that your vapid sarcasm will get you. To get actual results you have to do something, like Mozilla does. If even a tiny fraction of the people who bitch about their mistakes actually acted then things would be much better and you would have to find something else to complain about.

Re:Mozilla... (0)

Anonymous Coward | about a month and a half ago | (#47596221)

To get actual results you have to do something, like Mozilla does

The more Mozilla "improves" their UX, the more their users abandon them. I've got better things to do with my time than write and maintain extensions for things the Mozilla UX team wants to rip out. I wanted a flexible, configurable, and functional browser, not using the browser as a means to jumpstart a career in UX by chasing the latest trends at the expense of what my userbase wants.

Re:Mozilla... (2)

lgw (121541) | about a month and a half ago | (#47596447)

If even a tiny fraction of the people who bitch about their mistakes actually acted then things would be much better and you would have to find something else to complain about.

I do do something about it. You don't see this kind of leak nonsense from any product I've ever worked on. I expect developers elsewhere to be equally professional. User credential data (and personal info) is important, and development processes need to be more careful around it.

Re:Mozilla... (0)

Anonymous Coward | about a month and a half ago | (#47596589)

Oh? Shame you haven't helped others like Mozilla with that. It would sure be nice if you could spread your magical immunity from human error out to others, but apparently you're too professional to share that wisdom. Far easier to just tear a strip out of others while pretending it will never happen to you.

Re:Mozilla... (2, Interesting)

lgw (121541) | about a month and a half ago | (#47597647)

Oh? Shame you haven't helped others like Mozilla with that. It would sure be nice if you could spread your magical immunity from human error out to others, but apparently you're too professional to share that wisdom.

Best practices for avoiding leaks of important stuff are well known (and, really, Mozilla didn't suck here). But they had insufficient code or process review somewhere, to have had this leak. Normally, I'm all for rapid, agile development, but when it comes to the important stuff don't do that. Go slow. Get 20 people to review the change. Come back after a week or a month and review it again. It's important, don't rush it. There's very little most of us work on that's actually important, since most people don't work on life safety code, but user personal info counts.

Sounds like the process that was supposed to scrub this info was failing for quite some time. Where was the monitoring? Where was the alerting? If a process is important, you don't let it fail silently.

None of this is rocket science. You know how some guys go on about the difference between "software engineering" and "coding"? Yeah, sometimes it's not just BS.

Re:Mozilla... (0)

Anonymous Coward | about a month and a half ago | (#47599837)

You seem to feel the whole world owes some kind of debt to Mozilla and we all have to volunteer to be good people?

How about no?

Re:Mozilla... (0)

Anonymous Coward | about a month and a half ago | (#47600003)

Stop pretending you have any high ground. If you have a vested interest in Mozilla, then "no" simply isn't acceptable, especially if you're just going to spout off about them. And if you don't have a vested interest in them then just keep your petty and non-constructive opinions to yourself.

Re:Mozilla... (1)

wonkey_monkey (2592601) | about a month and a half ago | (#47597599)

I do do

Hah. You said doodoo.

Re:Mozilla... (0)

hawkinspeter (831501) | about a month and a half ago | (#47598431)

Are you suggesting that it's only valid criticism if you've actually tried to improve things? Does that mean that I can't criticise the condition of roads as I've never tried to repair them myself? I'm not allowed to criticise rich bankers as I've never tried to run a banking institution?

Re:Mozilla... (0)

Anonymous Coward | about a month and a half ago | (#47599773)

There's a difference between constructive criticism and just being a ass. You're not adding anything to the substance of the universe by being the latter, and trying to pretend that you're some of kind of hero for it just makes you a pompous ass.

Re:Mozilla... (1)

Anonymous Coward | about a month and a half ago | (#47595867)

Well, at least they succeeded on the last one.

Re:Mozilla... (1)

FuzzNugget (2840687) | about a month and a half ago | (#47595927)

The more you think about it, the more it sounds like doublespeak.

You: oh, so that's why they remove useful features that everyone wants with every new release? That's why they shove a godawful UI that nobody wants down everyone's throat?

Your privacy: see summary

Open web: the EME debacle says otherwise

Re:Mozilla... (0)

Anonymous Coward | about a month and a half ago | (#47596153)

Well, I'm sure glad that you're actually doing something about it instead of using Mozilla as a convenient scapegoat.

Re:Mozilla... (1)

narcc (412956) | about a month and a half ago | (#47596599)

You: oh, so that's why they remove useful features that everyone wants with every new release?

Wasn't everyone complaining about feature 'bloat' before? Damned if you do...

That's why they shove a godawful UI that nobody wants down everyone's throat?

I think by 'nobody' you mean 'a tiny minority'. It looks fine to me. What do you think is so awful about it?

What the fuck has happened to Mozilla?! (1, Interesting)

Anonymous Coward | about a month and a half ago | (#47595951)

The name "Mozilla" used to be among the most respected names in computing. It represented integrity, honesty, innovation, and quality software.

Bugzilla was one of their first successes. It was widely used during the early 2000s, and some development teams still use it to this day. It's the kind of tool that helped make a lot of software development teams a lot more efficient, and it helped users do what they could to get a better experience out of the software they were using. People's lives were made better.

And then when Phoenix/Firebird/Firefox first came on the scene, it was revolutionary. Mozilla was graciously providing us with a high-quality open source web browser that was far more secure and usable than its competitors. This new browser offered a better browsing experience for pros and new users alike. A large number of people immediately found it to be useful, and it saw widespread adoption. People's lives were made better.

Then they released Thunderbird. Again, it was a great piece of software that many people rapidly found to be very useful. People's lives were made better.

But then something happened. I don't know exactly what it was, but around 2010 or so things really started to slide downhill for Mozilla. Maybe it was the rise of Google Chrome, which provided some serious competition for Firefox. Maybe it was how they reacted to this competition from Chrome, by throwing away everything that made Firefox good and usable in their rush to imitate Chrome to the very last detail. Maybe it was a change in culture, with more hipsters getting involved, and taking away influence from the sensible old guard who had founded Mozilla and achieved its early success. Maybe it was the rise of mobile computing.

Like I said, I don't know what it was. But since around 2010 we've seen nothing but total bullshit from Mozilla. All of the Firefox design changes have ruined it for a lot of users. The user experience is similar to or worse than Chrome's, but at least Chrome is a faster browser (don't waste our time with the bullshit benchmarks that Mozilla tries to use to ineffectually refute this fact). I read an article linked to from another submission here at /. about how Firefox's usage share is under 13% now [arstechnica.com] , and it is even below Safari's! With Safari, Chrome and even IE giving a better experience than Firefox, it's no wonder why people are switching away!

Then Mozilla gave Thunderbird to the community to maintain, which essentially means they killed it as a product. Then they wasted a bunch of effort on that failed authentication system (sorry, I can't even remember the name of it). And then they wasted even more on that failed mobile OS that nobody really wants. Do they seriously think they're going to compete with iOS and Android by offering a half-assed mobile OS (sorry, I can't remember its name, either) that doesn't support real native apps of any kind? Come on, every HTML5 and JS "app" I've ever seen has been total shit. And if a usable HTML5/JS app ever was created, it would probably run just fine on Android and iOS! There's no need for another mobile OS that'll be less used than even BlackBerry OS and whatever Microsoft's mobile OS is these days.

Although I think that Mozilla has a mobile version of Firefox out now, I don't know anyone who actually uses it. I rarely hear about it, and when I do it's never positive. I do hear positive things about the mobile Opera, Chrome and Safari browsers, though. So as far as I can tell, this mobile version of Firefox is pretty much irrelevant.

And then there were all those shenanigans recently about their former CEO who donated money to some cause that some people got offended about and whined a lot about, causing him to step down, or something like that.

Now we have this whole data leak debacle, which is totally stupid and probably should never have even happened in the first place.

Thanks to them fucking up Firefox, fucking up Thunderbird, engaging in one stupid and unused project after another, suffering from turmoil among their leadership, and now releasing private info, the name "Mozilla" has been ruined. It no longer commands respect. It is a name that is mocked. It has come to represent horrid UI designs, and the killing of useful projects, failure, scandal, and now security breaches.

This makes me really sad, because Mozilla used to be so great. It used to be a group of people that I looked up to and held a deep-seated respect for. But they threw it all away, for no reason at all! They could have done so much to truly change the world, but now they're looked upon with disdain. It is a loss that never should have happened.

Re:What the fuck has happened to Mozilla?! (1)

haruchai (17472) | about a month and a half ago | (#47596217)

Like how you managed to slip in a jab against "hipsters", who will no doubt destroy civilization.
And you must be smoking a lot of crack if you think IE is a better browser.

Re:What the fuck has happened to Mozilla?! (1)

Anonymous Coward | about a month and a half ago | (#47596327)

Well, I think the GP could be right. Hipsters have done a pretty damn good job of destroying GNOME 3, Windows 8, iOS 7, and Firefox. Given how they've managed to harm or kill prominent and widely used software systems like those, I don't see why civilization itself wouldn't be next!

Have you actually used IE 11? Its UI is kind of in the dumps, but underneath it's actually a pretty good browsers these days. It's fast, it's standards compliant, and it works. It's not as good as Chrome, but it's a huge step up from old IE, and I too think it's better than Firefox. Like others have said, Firefox gives a bad UI and bad performance. Chrome and IE only give a bad UI, but pretty good performance. That's what makes them better than Firefox. I know, I didn't think I'd ever be saying that, but here I am!

Re:What the fuck has happened to Mozilla?! (0)

Anonymous Coward | about a month and a half ago | (#47597029)

Well if you don't care about customizability, or you're so picky you can't be bothered to install an addon to get it, then neither IE nor Chrome can match Firefox. Besides, for all the bluster that it's a poor UI or has poor performance, I really can't see it. I run all three side by side and use them regularly, not just for testing, and I can only safely say that Firefox lacks a multi-process model for tabs, and even that's just a concession for some of the more disgustingly bloated web apps out there like Google's, which NoScript renders a non-issue to begin with. In fact I'm writing this comment from Firefox and have been finding it a pleasure to use all day.

I honestly think Firefox fans are so caught up in the trivium that they've forgotten how good the browser really is, or how much it's sincerely improved over the years. Not that I care, though. Its fans are doing an excellent job of making sure that it gets nothing but bad press and a bad reputation. That kind of self-sabotage means that soon I won't have to support Gecko as a browser engine. If Gecko goes the way of Presto, I'll only have three engines to worry about. Sure, it's the second-best engine out there, but nobody seems to care. People even pretend IE11 is "standards compliant" when it's honestly way behind Chromium and Gecko.

Re:What the fuck has happened to Mozilla?! (1)

0123456 (636235) | about a month and a half ago | (#47597397)

I honestly think Firefox fans are so caught up in the trivium that they've forgotten how good the browser really is, or how much it's sincerely improved over the years.

[citation needed]

I can't see anything that's improved in Firefox since they went Full Metal Retard a few years ago. They've screwed up the UI, they've added new bugs, they've neglected to fix old ones. All they've succeeded at is rapidly increasing the version number.

I dread a new Firefox release, because I know they'll have fcsked up something else.

Re:What the fuck has happened to Mozilla?! (0)

Anonymous Coward | about a month and a half ago | (#47600933)

Even a cursory glance at the bugs they've fixed over the last few years shows that you're dead wrong. I don't think it's Mozilla who went Full Metal Retard in the last few years if you genuinely believe what you say. Just load up Firefox 3 and use it for a day. If you can still sincerely say it was better, or that things haven't significantly improved, then you're wearing the thickest nostalgia goggles in history.

Re:What the fuck has happened to Mozilla?! (1)

j127 (3658485) | about a month and a half ago | (#47601705)

I can't see anything that's improved in Firefox since they went Full Metal Retard a few years ago. They've screwed up the UI, they've added new bugs, they've neglected to fix old ones.

What are you talking about? Firefox is now faster than Chrome, uses less memory, and has Odin Monkey. Mozilla is a non-profit organization that is dedicated to privacy. Google is a data mining company that has begun moving towards more-closed types of projects (killing RSS, XMPP integration, etc.). Anyone that cares about technology freedom and privacy should be using supporting Mozilla.

Re:What the fuck has happened to Mozilla?! (1)

Anonymous Coward | about a month and a half ago | (#47596261)

What happened is that they can no longer fight the good fight on their own like they could when it was just them, the like-minded Opera, and a Microsoft who cared nothing about the situation and let their own browser rot. Now they have Google, Apple, and Microsoft to face off against, and an increasingly useless fanbase who just see the negatives and don't even want to pitch in anymore.

You try stopping Google when they say "jump". At least Mozilla stands up to them and tries to effect change. Everyone else just jumps. And then Mozilla loses users because "Chrome just works" and all you locusts jump out to add nothing but negative press to the situation. It's a lose-lose for Mozilla, and all people are doing is whining and blaming them for it, rather than trying to actively help out.

Take off your rose-colored glasses and realize that without us, Firefox and its spin-offs are nothing. I don't just mean people who think that merely using Firefox is enough, yet then proceed to not donate anything back and load up AdBlockers and anonymize Google searches so Mozilla doesn't even get any revenue from their use of the browser. I'm talking about actually contributing something positive to the cause.

I know, I know: it's tough. We all have day jobs and that's why we want Mozilla to be a magical shield for us. But times have changed, and we clearly haven't. Mozilla tried to, but they clearly can't do it on their own anymore. So it's high time we actually did something too. Yet all I hear is whining about UI changes and other constant melodrama over things not being as flawless as they once were (which they weren't; rose-colored glasses just makes you think they were, until you actually use an old version of Firefox and see how far it's come).

What we're seeing isn't the decline of Mozilla, but the rise of corporate interests that they can't stand up to, and the decline of the Mozilla fandom to the point of stagnation and aristocratic behavior: we want it to work like it always has! Let the other users eat Chrome! Clearly those kinds of childish attitudes won't fly, and pinning that blame on Mozilla just proves how childish they truly are.

Re:What the fuck has happened to Mozilla?! (1)

Anonymous Coward | about a month and a half ago | (#47597081)

I know, I know: it's tough. We all have day jobs and that's why we want Mozilla to be a magical shield for us. But times have changed, and we clearly haven't. Mozilla tried to, but they clearly can't do it on their own anymore. So it's high time we actually did something too. Yet all I hear is whining about UI changes and other constant melodrama over things not being as flawless as they once were (which they weren't; rose-colored glasses just makes you think they were, until you actually use an old version of Firefox and see how far it's come).

Some people did. http://www.palemoon.org/ [palemoon.org] . Mozilla's engine, Firefox 3.6's UI. Fuck the UXtards.

The UI changes aren't whining. They're the central issue that's driven people away from Firefox. Some of us just want a functional web browser whose UI doesn't change every release according to the whims of some webdevs. (Fuck Asa Dotzler and all his clones.) The problem isn't unique to Firefox. GNOME3 and Win8 failed for the same reasons. Some of us actually have some work to do. UXtards don't want to hear this, because their jobs depend on denying it, but the UI for the web browser and the desktop was done five years ago. Stop burning money on useless UX masturbation (or if you must, fuck with mobile and leave the desktop alone, maybe you're right and mobile takes over from the desktop, and maybe you're wrong but you still made a lot of money doing mobile but at least you didn't ruin the desktop for everyone who creates content instead of just consuming it on a fucking tablet) and use those resources to make a more secure, stable, and performant product.

Re:What the fuck has happened to Mozilla?! (0)

Anonymous Coward | about a month and a half ago | (#47597167)

It *is* whining. I know you don't like to hear it, but the UI does change all the bloody time. Five years ago we didn't have video or audio, WebRTC, and many other things that have (or are becoming) web standards which need new UX entirely. Even the tab and address bars are hardly static, and despite some whining they keep improving under the hood, and we are still granted the means to tweak them to our heart's content.

Now I understand not liking it when they change a few things or remove a feature they don't want to support anymore. But if someone out there could create Pale Moon from Firefox, then you really are just whining. You're still using Firefox, just a custom version. And you're hardly such a huge number of people that Mozilla is blatantly wrong to go against your wishes.

Besides if Firefox dies, so does Pale Moon. So you're not helping anyone, even yourselves, to whine about UX changes to the point where you negatively influence Firefox uptake by others. The world changes, even in ways we don't like, and in ways we might consider inferior. At least here we have a chance to change it back. Blaming that on a few UX people doesn't change the fact that you're not heros, just disgruntled people waiting for someone else to do the hard work for you. Name calling is not going to help your case.

Re:What the fuck has happened to Mozilla?! (0)

Anonymous Coward | about a month and a half ago | (#47599937)

Oh FFS, be careful getting off of that high horse, you may hurt yourself when you land.

75%+ of Firefox users hate the UX changes and yet Mozilla do not care. That is all anyone needs to know. Mozilla is dead, stick a fork in it. They just don't know it yet. You see they have to pickup a steady stream of new devs to survive long term. They aren't doing that anymore, instead they are alienating users and devs. The next five years will see Mozilla falling much further and will end up with it being the joke of the browser space. Unless of course they wake up, but I for one will not hold my breath. // Note: Been a fan of Mozilla since day one and used to be a big supporter, not happy with what I wrote above, but it's the truth.

Re:What the fuck has happened to Mozilla?! (1)

allquixotic (1659805) | about a month and a half ago | (#47601041)

Where do you get the "75%+" number that people hate the UX changes? For what it's worth, I've used Firefox for years as my primary browser; I've used Chrome and IE only as necessary to test websites (or to use websites that are so poorly coded that they don't work with Firefox), and when I upgraded to FF 29 with the new UI, it took me about 15 minutes to get acclimated.

I keep hearing people lump the FF UI redesign in with things like GNOME 3 and the Windows 8 start screen. But it's nothing like them; nothing at all. The problem with those UIs is that they are trying to design a single UI that works both on tablets and desktops. That was never a design goal of the new Firefox UI. Do you see enormous pastel-colored buttons? Do you see common browser functionality that FORCES you to use mouse gestures like "swiping" to take basic actions? No -- none of that. They moved the tab bar to the top, bundled the menus into a much more streamlined and sensible layout (with the ability to fall back to the old menu style, to boot), and changed the style of the tab bar to save on vertical real estate. Big fucking deal. If anything, I find it easier and more natural to use Firefox with the enhancements -- and this is with a traditional keyboard and mouse on a dual-screen desktop.

I love it how people always think that "75%+" of the people agree with them, just because they hold a strong opinion on a topic. I'll be the first to admit I have no idea how many people feel the same way as I do about the UI redesign, but I don't think it is the primary reason for Firefox's decreasing market share (Chrome's perceived speed as well as it being preinstalled on many Lenovo and Dell systems out of the box, probably have more to do with it). I certainly won't claim that "75%+" of the people love the new UI, though. I don't have to pull numbers out of my ass to prop up my argument.

Re:What the fuck has happened to Mozilla?! (1)

narcc (412956) | about a month and a half ago | (#47596607)

And then they wasted even more on that failed mobile OS that nobody really wants.

I must have missed the part where it failed ... and the part where 'nobody' wants it.

Re:What the fuck has happened to Mozilla?! (0)

Anonymous Coward | about a month and a half ago | (#47596843)

Are you being serious?

If you actually are, well, let's look at some numbers. How about these: https://en.wikipedia.org/wiki/Usage_share_of_operating_systems#Mobile_devices [wikipedia.org]

So we see that Android and iOS have quite dominant positions, regardless of who is doing the measurements, and regardless of the exact method used. Together, they account for 90% to 93% of the market. That doesn't leave much room for competitors! Of those, BlackBerry OS and the various Windows mobile OSes account for about 3% each. So that leaves at most 4% or less for the remaining players to fight for. This includes Bada, Tizen, Symbian, webOS, Firefox OS, and others. Even being generous, Firefox OS is seeing perhaps a 0.5% market share. (Although in reality, given that devices coming with Firefox OS are not widely available for purchase, it's probably well, well below that.)

A market share of a mere 0.5%, even of a "huge" market, is generally considered to be a complete and utter failure, as well as indicative of a product that nobody wants. And the numbers show exactly what people want: Android and iOS. Everything aside from those two is, in practice, irrelevant.

How many more years, or even decades, of sub-1% adoption will it take for you to admit that Firefox OS is a failed and unwanted product?

Re:What the fuck has happened to Mozilla?! (0)

Anonymous Coward | about a month and a half ago | (#47599839)

FirefoxOS is barely even out of the gate yet worldwide and you're already declaring it a failed and unwanted product? And in your world, a company with 0.5% the revenue of the others having 0.5% market share is a complete and utter failure? Sorry, but I don't think your opinion can be trusted if it doesn't even have the fundamentals correct.

Stop Storing Personal Data (0)

ObsessiveMathsFreak (773371) | about a month and a half ago | (#47595727)

Data is easy to keep but it's also easy to leak. And given the consequences of leaks, companies need to start asking themselves whether it is worth storing all this data in the first place.

How many times did Mozilla ever actually use all this personal data internally? How many times on average the data for each of the 76,000 developers used? How many records were never accessed at all?

If you don't need all this data, then just don't store it. It's easy!

Re:Stop Storing Personal Data (4, Insightful)

Charliemopps (1157495) | about a month and a half ago | (#47595815)

All this personal data? It's your email address... that's it. Because your email is used to log you in.
They also leaked a hashed and salted password.

I keep hearing your argument, but I always ask myself... if you car that much, why did you surrender personal information in the first place??!? I've never been to any site other than facebook that actually required any personal information. Even then you can just put in bullshit.

Mozilla did everything right here... other than the breach itself of course. Mistakes happen, and with properly Hashed/Salted passwords and quick and full disclosure those mistakes don't have to be serious.

Re:Stop Storing Personal Data (4, Informative)

viperidaenz (2515578) | about a month and a half ago | (#47595833)

By personal data, they mean 76,000 email addressed and 4000 salted password hashes.

As for how many times it was accessed, RTFA

"We traced back as much as we could. Access logs, netflow data, etc.," the user wrote. "We found that the tar.gz containing the DB dump had been downloaded only a small number of times. Mostly by known contributors. But we can't rule out that someone with malicious intentions got access to it."

Or... you could throw your toys out of your cot and post a rant condemning Mozilla.

You're obviously not effected by this either or you would already know the answers to your questions because they emailed everyone effected about it already.

Re: Stop Storing Personal Data (-1, Flamebait)

ShieldW0lf (601553) | about a month and a half ago | (#47596077)

I ditched them over the Brendan Eich debacle, myself... haven't missed em. Free software is an important issue, but preserving the place of the traditional nuclear family is a more important issue. The fags and the feminists insinuated them selves, and now the project will die just like gnome project did. At least this time they're killing something people remember... perhaps they'll open a few eyes this time, and people will clue in that, even if you agree with their politics, it's still going to kill the project when gender issues are poaching away resources from real work.

Probably too optimistic... it'll die and few will put together why it really happened, just like gnome.

Re: Stop Storing Personal Data (0)

Anonymous Coward | about a month and a half ago | (#47597909)

What is it like being a shallow human and a bigot?

Re: Stop Storing Personal Data (0)

Anonymous Coward | about a month and a half ago | (#47598283)

What is it like being a shallow human and a bigot?

Not agreeing with GP, but: what's it like to be a self-righteous groupthinker?

Re: Stop Storing Personal Data (0)

Anonymous Coward | about a month and a half ago | (#47601401)

when gender issues are poaching away resources from real work.

Your gender issues seem to be poaching away resources from real thinking. How is it related to web browsers what other people may or may not do with their nether appendages?

Btw I'm queer and I'm sad about how some marriage advocates made Brendan Eich quit. But I'm confident there's still "real work" going on at Mozilla.

Re: Stop Storing Personal Data (1)

ShieldW0lf (601553) | about a month and a half ago | (#47605085)

when gender issues are poaching away resources from real work.

Your gender issues seem to be poaching away resources from real thinking. How is it related to web browsers what other people may or may not do with their nether appendages?

Btw I'm queer and I'm sad about how some marriage advocates made Brendan Eich quit. But I'm confident there's still "real work" going on at Mozilla.

Are you familiar with the debacle where the Gnome Foundation went broke because they blew all the money on their Outreach Program for Women?

Here's coverage if you're unfamiliar, although if you're a queer slashdot reader you probably aren't:

http://www.phoronix.com/scan.p... [phoronix.com]

The Eich issue showed the world that Mozilla is chock full of the same sentiment. And Mozilla's lost so much market share that they're only a bit player now. When push comes to shove, their "Real Work" is not cutting the mustard.

I've worked on technology projects with people who didn't agree with my views on the issues, and done volunteer work on community projects with people who didn't agree with my views, but everything worked because the projects were focused enough that they became something we could both agree on.

The reason gender issues are screwing up technology projects is because technology projects are extending their mission statements in political directions and it's removing the focus that made it possible for people who disagree on political issues to work together.

Expressed simply, if you stand for one thing, you get half the people agreeing with what you stand for and half of them not agreeing, and 50% of the people give you their support.

If you stand for two things, half the people who were supporting you will no longer feel comfortable supporting you, and they will leave. You shrink your support from 50% to 25%.

It's not that we disagree. It's that I can't actively support organizations that vocally espouse things that I think are nihilistic and therefore immoral, and logic dictates that if I was the only one, there would be no controversy, so therefore, I'm not the only one.

The ability to agree to disagree has been removed, and it's not going to do anything but harm.

Re: Stop Storing Personal Data (0)

Anonymous Coward | about a month ago | (#47627917)

It's that I can't actively support organizations that vocally espouse things that I think are nihilistic and therefore immoral

You don't think that, though. You know marriage equality is good and right. You just don't want it to be.

Mozilla will continue to do just fine, and you will continue to try - without success - to comfort yourself by insisting that its doom is imminent.

Re:Stop Storing Personal Data (0)

Anonymous Coward | about a month and a half ago | (#47595841)

Did you think before posting that? You're saying you want companies to delete their user accounts. I'd be really pissed if my email account was deleted at the end of every month and I had seconds before someone else grabbed my account, causing me to change email addresses. I'd have to inform all of my contacts that my address changed, but it's likely some of their addresses changed as well. In addition, I'd miss any emails that came in during that offline period and the person who got my email address would be able to impersonate me.

Didn't post on Slashdot for the past week? Sorry, your account has been deleted for inactivity.

Sign up for a mailing list? Didn't respond to anyone this past month? Bam, your subscription gets deleted with no notification to you. You'll miss the next security notification or whatever.

What a horrible, horrible idea.

Robyn 'Stormy' Peters - bad bad Mojo, real evil (-1)

Anonymous Coward | about a month and a half ago | (#47595745)

Robyn 'Stormy' Peters wrecked the Gnome Foundation when in charge of it, and now it looks she is hard at work destroying Mozilla. This woman is a curse of incompetence, evil and incredible stupidity. When she isn't inviting corporate assassins to feast on Free Software, reducing it to the fly blown corpse called 'open source', she is just fucking shit up when she manages to get more than 6 fingers out of her own anus. Gross Incompetence and brain dead Corporate Speak Buzzwords are all this has to offer besides what appears to be genuine sabotage that she is very skilled at blaming others for.

Re:Robyn 'Stormy' Peters - bad bad Mojo, real evil (1)

Anonymous Coward | about a month and a half ago | (#47595799)

Au Contraire! Per the summary, she found the problem on June 22nd - one day before it even started! That's amazing work! She should be commended for finding it so early. On the other hand, why she let it go on for 30 days when she found it before it started is anyone's guess. Maybe someone should learn to write a summary (one massively long run on there). Perhaps someone should fact check said summary too.

Re:Robyn 'Stormy' Peters - bad bad Mojo, real evil (-1)

Anonymous Coward | about a month and a half ago | (#47595859)

she was covering her huge fat ASS, of course. I know this cunt personally, and she is Evil Incarnate.

she will tear off your eyelids and eat them in front of you, and never miss a beat of HR/Corporate Etiquette.

Re:Robyn 'Stormy' Peters - bad bad Mojo, real evil (1)

Kisame217 (3537447) | about a month and a half ago | (#47597019)

So, is your face alright??

Dammit! (-1)

Anonymous Coward | about a month and a half ago | (#47595767)

You had one job!

Could have been worse (1)

Anonymous Coward | about a month and a half ago | (#47595779)

At least they had enough sense to salt the hashes. It's gotta be annoying to have your email address floating around out there though.

Not Surprising When You Think About It (-1)

Anonymous Coward | about a month and a half ago | (#47595883)

Given that the Firefox (previously Mozilla, before Netscape) browser has been known for its long history of memory leaks, this event should not be surprising for anyone.

Slashdot comments (2)

Joe Johnson (3773821) | about a month and a half ago | (#47595907)

I find it rather laughable that mostly everyone in the comments has taken a "forgive and forget" attitude in regards to this post. I love Mozilla...as a developer who uses their mdn site actively, I applaud their active involvement in creating awareness of their mistake so people like me can take measures in protecting their accounts, however, if it was another company, most of these comments would be lambasting this breach of security and protocol on their part. That being said, I'm confident that Mozilla has taken every action they can to prevent this from happening in the future. And, I'm looking forward to looking up a reference section on mdn this week!

Re:Slashdot comments (2, Interesting)

Anonymous Coward | about a month and a half ago | (#47596115)

I think people in here believe that Mozilla made an honest mistake here. A mistake that wasn't a result of cost cutting or malice.

In those instances, a little understanding is called for.

Re:Slashdot comments (1)

uncqual (836337) | about a month and a half ago | (#47597525)

Are ignorance, negligence, or arrogance better reasons not to behavior professionally and follow accepted best practices?

Sure, maybe I could have reviewed the code personally since, I assume, it's open source (as are, I assume all the administration scripts they use? Yeh, right). But, I probably use, directly or indirectly, nearly a billion lines of code every year - I really don't have time to review each change any more than I have the resources or interest to test each gallon of gasoline I put in my car for full compliance with all industry and governmental standards.

Re:Slashdot comments (0)

Anonymous Coward | about a month and a half ago | (#47599213)

So you have never made a mistake? Ever?

If you have just kill yourself now you sociopathic nightmare.

[or accept the fact that good people make mistakes too and should be cut slack when they do as long as no one dies]

Re:Slashdot comments (0)

Anonymous Coward | about a month and a half ago | (#47599371)

I think people in here believe that Mozilla made an honest mistake here. A mistake that wasn't a result of cost cutting or malice.

In those instances, a little understanding is called for.

The understanding comes only because they make open source products, and "open source" is the synonym for "saving whales" around these parts.

Sentence Structure (2)

ohnocitizen (1951674) | about a month and a half ago | (#47595963)

The discovery was made around June 22 by one of Mozilla's Web developers, Stormy Peters, Director of Developer Relations at Mozilla, said

Makes it sound like Stormy Peters is both the Director of Developer Relations and the developer who discovered the error.

what kind of hash / salt? (1)

raymorris (2726007) | about a month and a half ago | (#47595983)

Neither of the two links in TFS mentioned what kind of hash was being used. Does anyone happen to know? If it was the old fashioned DES hash as commonly used in .htpasswd, it may well be plaintext. If it was crypt('$5$xxxxxxxxxxxx' SHA, it's only a concern for people who chose very bad passwords.

Re:what kind of hash / salt? (1)

LordLimecat (1103839) | about a month and a half ago | (#47596103)

DES isnt a hash, its a Data Encryption Standard.

On which the most common hash is based (3, Informative)

raymorris (2726007) | about a month and a half ago | (#47596161)

DES is the encryption standard which is the basis of what for many years was the most common type of hash.
For DES-based hashing, as used in .htpasswd files, the least significant bits of the first eight characters are used as a 56-bit key. This key (the users password) is used to encrypt a null bytes, 25 times. crypt(3) accepts a two-character salt, but uses only the lowest six bits of each character, so it's a 12 bit salt and a 56 bit password (maximum).

crypt(3) can also support better hash algorthims by passing salt values such as $1$xxxxxxxx$ or $5$xxxxxxxxxxxx$

Re:On which the most common hash is based (1)

LordLimecat (1103839) | about a month and a half ago | (#47599409)

The more you know...

Not clear why you would use an encryption scheme to do hashing, though-- my understanding is that while both should have good hash characteristics (small changes in plaintext should cascade into large changes in the secured form), purpose-designed hash algorithms will generally be more resistant to attack than encryption schemes, and often faster.

Why wouldnt they have used MD5 back when DES Hash was used?

Re:On which the most common hash is based (1)

raymorris (2726007) | about a month and a half ago | (#47600605)

A good encryption algorithm cannot be reversed without knowing the key, and a hash shouldn't be reversible, so a good encryption is a good basis for a hash. For PASSWORD hashing you don't use just the primitive, whether that primitive is DES or MD5. You do many rounds, with salt.

  If you're not kidding about MD5, DES was in use twelve years before Rivest proposed MD2. Maybe 20 years before MD5, I don't remember the exact year for MD5.

Purpose-built hash algorithms have not been better, historically. MD2 had to be quickly replaced with MD3, which fell and required MD4, then MD5. MD5 was broken a few years ago. Each one lasted only a few years. On the other hand, DES encryption is still secure. A DES-based hash would still be fine, just by allowing more bits. The original hash dropped everything after the first eight characters before passing it to DES, and arbitrarily chose to use just 12 bits of salt. One could easily allow longer passwords and salt and have a secure DES-based hash. It would be more secure than any MDx.

* emphasis on more bits (3DES) (1)

raymorris (2726007) | about a month and a half ago | (#47604025)

I said:

> A DES-based hash would still be fine, just by allowing more bits.

I should clarify that DES itself specifies a key length of 56 bits. To get more bits, you do DES three times*, which is called Triple DES or 3DES. If you use three different 56-bit keys, that's effectively a 112 bit key due to meet-in-the-middle, and that's strong for an another fifteen years.

* encrypt(key1,decrypt(key2,encrypt(key3,plaintext)))

Backlash (1)

ArchieBunker (132337) | about a month and a half ago | (#47596319)

Probably backlash from the 80% disapproval rate for that shitty new interface they dreamed up. I'm using Palemoon now.

Re:Backlash (0)

Anonymous Coward | about a month and a half ago | (#47596441)

What backlash? You're not even trying to segue into your boastful Australis-bashing anymore, are you?

Different concerns now (0)

SuperKendall (25149) | about a month and a half ago | (#47596451)

Obviously at Mozilla, the effort to be 100% Politically Correct means security takes a back-seat in terms of effort.

Re:Different concerns now (0)

Anonymous Coward | about a month and a half ago | (#47597929)

You think security would've been more important if they put the inventor of Javascript of all things in charge of the organisation?

Really?

What would one expect of an organization... (1)

uncqual (836337) | about a month and a half ago | (#47597505)

...that would think it was okay to screw over users with a new UI and not continue to provide security and stability updates for a few years to those who didn't want a new broken UI (something few successful commercial enterprise companies have managed to do). Or, thought it was okay to, a few days ago, push an update which either broke the UI further or broke a popular add-on that many of us were using to work around their earlier mistake.

If you can't get UIs right or understand that UI stability is important, there's no hope that you can get security or hard problems right.

Finally, after using Firefox since shortly after it was first released, I'm evaluating Chrome, Safari, and (ugh, but MS does understand users) IE. As much as it pains me, IE is looking better and better because I don't really want to spend time worrying about drive-by updates that break my world any more than I look forward to spending my time worrying about drive-by updates to my porch light or microwave oven intended to give me "better" (NOT) functionality. Sad, but my job isn't to work around broken UIs in utilities and spend hours figuring out how to restore behavior similar to prior behavior in order to get security updates to previous sloppy code at unexpected moments. This reminds me of the mid/late 90's when you couldn't trust Microsoft updates not to break your system.

It's unwise to trust amateurs with any of your information. Therefore, none of this is newsworthy. Just abandon Mozilla and don't waste your time contributing (obviously, though, spend a few minutes closing your accounts @ Mozilla). I'm sad to have been driven to this conclusion as I like Open Source and Free (not as in Beer) Software, but also it's not worth my time to try each harebrained alpha product and search for workarounds in hopes of getting security updates. Sometimes it just makes more sense to go with professionals.

Re:What would one expect of an organization... (0)

Anonymous Coward | about a month and a half ago | (#47597515)

Why is there an "insightful" mod and why isn't it "-1"? If I wanted insight, I wouldn't be reading /.

It is, you're just looking at it upside down.

Re:What would one expect of an organization... (0)

Anonymous Coward | about a month and a half ago | (#47602647)

Jeez, you "Firefox good, Australis BAD" droolies need to get off your high horses already. You talk a big game but you clearly don't "evaluate" things very much in the end, you just go with irrational emotional triggers.

Just be sensible and switch to Firefox ESR or Pale Moon, and stop bitching about irrelevant shit already. Honestly, you guys are such drama queens over change that I wonder how you've managed to keep using computers at all over the years. How the hell do I know more about Firefox options than you, despite not being a regular user?

Or go ahead and switch to IE, and then bitch about how much it changes with every major release like the rest of us IE users (yes, including system updates that occasionally break things for many users). Or switch to Opera, which dumped it's entire browser and became Chromium Brand X. Or switch to Chrome, and suffer its inevitable breaking of addons or moronic UX changes like all the other Chrome users.

ALL browsers suffer from this, you just happen to be too bullheaded to find the version for you, and so you act like a rich teenager throwing a tantrum when they get the wrong color paint on the car their dad bought for them as a birthday present.

What's he big deal? (1)

l0ungeb0y (442022) | about a month and a half ago | (#47597581)

Back in the day you'd count yourself lucky be be dumped onto a server to play a serious of deadly games on an electric matrix in the hopes of finally having a face off with the Overseer of Games, who looks just like your dick-head suspender wearing boss who always asking you to "ummmm yeah, come in on Saturday mmmm'kay?" like a question, as if you could actually say no, in heated one on one combat, only to ultimately prevail when you send a blazing disk straight through his face and watch in rapt glee as he disintegrates before your eyes.

dear mozilla (0)

Anonymous Coward | about a month and a half ago | (#47597667)

Stop opening up private data online
We do not need to see this
If you are trying to compete with the australian dhs you have lost

Who cares if the passwords were re-used? (1)

Zero__Kelvin (151819) | about a month and a half ago | (#47600989)

Maybe I'm missing something here, but if the data is a salted hash, they cannot recover it in any reasonable time, especially if they don't know the hashing algorithm used. Even if they do know the hashing scheme it is likely that any password that isn't a dictionary word won't be recovered in this decade, so why would it matter if they used the same password on another website?

Could someone explain (1)

PJ6 (1151747) | about a month and a half ago | (#47604033)

why they feel the need to public data requiring sanitation in the first place?

If the failure a result of a code change, why was there no unit test to catch it?

And if there was no code change, why would you set up such a publish process to silently continue if such a critical step failed?
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>