Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Mozilla Programming Security

Mozilla Launches Student Coding Program "Winter of Security" 40

First time accepted submitter NotInHere (3654617) writes "Mozilla has introduced a new program called MWoS, or 'Mozilla Winter of Security,' to involve university students in security projects. The attending students will write code for a Mozilla security tool during (northern hemisphere) winter. Unlike GSoC, attending it involves no monetary payment, but the student's universities are expected to actively cooperate and to give the students a credit for their work. From the article: 'MWoS is a win for all. Students get a chance to work on real-world security projects, under the guidance of an experienced security engineer. Professors get to implement cutting-edge security projects into their programs. Mozilla and the community get better security tools, which that we would not have the resources to build or improve ourselves.'"
This discussion has been archived. No new comments can be posted.

Mozilla Launches Student Coding Program "Winter of Security"

Comments Filter:
  • by Anonymous Coward

    , but the student's universities are expected to actively cooperate and to give the students a credit for their work

    If you're from a good university you dont really need such programs, and crappy universities dont give credit unless the work meets a list of crappy criteria designed in the 1950's , so the program is not going to be really great

    • by monkeyhybrid ( 1677192 ) on Sunday May 18, 2014 @12:01PM (#47032451)

      If you're from a good university you dont really need such programs

      Working in a professional environment as part of your education can be a very valuable experience and shouldn't be sniffed at. I had the good fortune to do something similar when I was younger, and looking back at it now, I can really appreciate how it helped sharpen my skills and gave me greater insight into what real world software development is like.

    • by raymorris ( 2726007 ) on Sunday May 18, 2014 @12:07PM (#47032475) Journal

      Having looked into the security related curriculum at MIT, Princeton, etc, I'd certainly be more likely to hire a student who had hands-on experience under the guidance of a security professional. Their academic programs do not prepare a student for serious security work, in my opinion. In fact, I'd say that a student needs to take all (both) of the security-related electives just to be prepared to write internet-accessible applications.

      Not only is there a huge difference between theory and actual practice, but even the theory side is quite limited for security at the top universities. The best I've found is offered by a part of the Texas A&M system, called TEEX.

      When I went to work at TEEX, I expected that I'd need to find diplomatic ways of telling them that their cyber-security classes suck, because most classes in the field do suck. I was surprised to see that the TEEX material is pretty good. I can only try to help them make the visual presentation be as good as the actual material is.

    • This type of arrogance might explain why so many university graduates I work with are clueless on resolving real world problems within real world deadlines.
  • S.m.r.t (Score:5, Insightful)

    by Kamineko ( 851857 ) on Sunday May 18, 2014 @10:51AM (#47031929)

    Superlative plan.

    Get students doing the security work, because the real developers are way too busy screwing around with the user interface and can't be disturbed.

  • Now is the winter of our discontent
    Made glorious summer by this sun of York;
    And all the clouds that lour'd upon our house
    In the deep bosom of the ocean buried.
    Now are our brows bound with victorious wreaths;
    Our bruised arms hung up for monuments;
    Our stern alarums changed to merry meetings,
    Our dreadful marches to delightful measures.
    Grim-visaged war hath smooth'd his wrinkled front;
    And now, instead of mounting barded steeds
    To fright the souls of fearful adversaries,
    He capers nimbly in a lady's chamber
    To the

  • Winter of Security?

    I thought we were heading into summer (in the northern hemisphere, where Mozilla and most universities are located)

    Do they know something we don't?

  • I hope that the first thing these guys do is to figure out how to crack or remove Firefox's DRM, I liked Firefox but I will NOT use it if they implement DRM. All DRM says is "We hate, despise, and crap on our users." Full stop.

    But maybe DRM in Firefox is a good thing. It has been a long time since a new browser player came into the market and with Firefox soon to crack single digits(post DRM) it might make room for some fresh blood. So maybe one of these students will learn the Firefox code and business
  • I'm surprised that Mozilla has time for this sort of thing. I would think that trying to make a Chome clone would keep them busy all the time. Hell, on top of that they seem to be actively going against the wishes of their community. That has to take a lot of time; they have to figure out what would keep them in the game and then do the opposite.

    Seriously though, Mozilla has destroyed itself in the past three years. It is depressing. I don't want to use Chrome because Google..hell, IE is starting to look
  • by chrisvdb ( 149510 ) on Sunday May 18, 2014 @11:58AM (#47032435)

    I'm not sure if I really understand where Mozilla is heading... I chose Firefox over Chrome because of a) secure password sync'ing across devices (real end to end encryption for cloud storage and master password for local storage) and b) addons on Firefox mobile version.

    Recently they decided to implement another password sync'ing scheme as the old one (based on pairing devices) was apparently too hard to use for the modal FF user (stats showed that less than 1% of their userbase was using old sync). Unfortunately the new system is by design not nearly as secure as the old system. After a few weeks of enabling the new sync'ing tool I randomly noticed that passwords no longer got sync'ed correctly. Turned out that the new sync system does not work when a master password is enabled. No mention of this in the release notes, no warning message during installation.

    With the new sync system we not only get less security by design, on top we're no longer able to locally protect stored passwords with a master password. That means that every malicious/buggy application on your computer is able to read _all_ your saved passwords in plaintext. Take a look at https://bugzilla.mozilla.org/show_bug.cgi?id=995268 for the details. Password sync'ing security is now at par with Chrome, so b) is now the only reason why I'm still staying with FF.

    If you take the time to read the bug report it really feels that Mozilla is losing touch with the power users in their pursuit of the average user. They forget that power users influence the rest...

    Anyway, I think it's rather ironical that they are doing this security thing while they are knowingly removing security features at the same time.

  • Golden chance to make all kinds of, "Winter is coming..." jokes. Yet not a single one so far.
  • Let's hope for a "Spring of Usability", because 29 is a waist-high heap of gusset scrapings.

    "Refresh" and "Back" are now tied to the url bar (previously, you could move them if the wind was blowing in the right direction).

    The zoom controls have a 100% thing in the middle (which apparently doesn't do anything) making it far wider than it needs to be.

    The customize window has the controls at the bottom, including one at the lower right to close the entire app. Why would you want ever want to do that from ther

  • This is a much better initiative than both Google's Summer of Code and Microsoft's Fall of Disappointment.

  • ... "Mozilla Winter of We're Too Busy Making our Browser Look Like Chrome and Adding DRM to Bother with Trivial Stuff like Security so we'll get Unpaid Students to Do It Instead" didn't fit into a short acronym.
  • Suppose any part of this will be for finally converting TB to maildir format?

    No, wait, that would suppose it's still actually in development. Why they let such a promising cross-platform app wither on the vine is beyond comprehension.

Truly simple systems... require infinite testing. -- Norman Augustine

Working...