Mozilla Launches Student Coding Program "Winter of Security"

First time accepted submitter NotInHere (3654617) writes "Mozilla has introduced a new program called MWoS, or 'Mozilla Winter of Security,' to involve university students in security projects. The attending students will write code for a Mozilla security tool during (northern hemisphere) winter. Unlike GSoC, attending it involves no monetary payment, but the student's universities are expected to actively cooperate and to give the students a credit for their work. From the article: 'MWoS is a win for all. Students get a chance to work on real-world security projects, under the guidance of an experienced security engineer. Professors get to implement cutting-edge security projects into their programs. Mozilla and the community get better security tools, which that we would not have the resources to build or improve ourselves.'"

Expecting cooperation from universities...

[Anonymous Coward]

, but the student's universities are expected to actively cooperate and to give the students a credit for their work

If you're from a good university you dont really need such programs, and crappy universities dont give credit unless the work meets a list of crappy criteria designed in the 1950's , so the program is not going to be really great

Re:Expecting cooperation from universities...

[monkeyhybrid]

If you're from a good university you dont really need such programs

Working in a professional environment as part of your education can be a very valuable experience and shouldn't be sniffed at. I had the good fortune to do something similar when I was younger, and looking back at it now, I can really appreciate how it helped sharpen my skills and gave me greater insight into what real world software development is like.

theory vs practice. Having looked at univ programs

[raymorris]

Having looked into the security related curriculum at MIT, Princeton, etc, I'd certainly be more likely to hire a student who had hands-on experience under the guidance of a security professional. Their academic programs do not prepare a student for serious security work, in my opinion. In fact, I'd say that a student needs to take all (both) of the security-related electives just to be prepared to write internet-accessible applications.

Not only is there a huge difference between theory and actual practice, but even the theory side is quite limited for security at the top universities. The best I've found is offered by a part of the Texas A&M system, called TEEX.

When I went to work at TEEX, I expected that I'd need to find diplomatic ways of telling them that their cyber-security classes suck, because most classes in the field do suck. I was surprised to see that the TEEX material is pretty good. I can only try to help them make the visual presentation be as good as the actual material is.

Re:

[chentiangemalc]

This type of arrogance might explain why so many university graduates I work with are clueless on resolving real world problems within real world deadlines.

S.m.r.t

[Kamineko]

Superlative plan.

Get students doing the security work, because the real developers are way too busy screwing around with the user interface and can't be disturbed.

Re:

[Hognoxious]

Hey, that zipfy curve on the tabs didn't design itself, you know!

The bard said it!

[OzPeter]

Now is the winter of our discontent
Made glorious summer by this sun of York;
And all the clouds that lour'd upon our house
In the deep bosom of the ocean buried.
Now are our brows bound with victorious wreaths;
Our bruised arms hung up for monuments;
Our stern alarums changed to merry meetings,
Our dreadful marches to delightful measures.
Grim-visaged war hath smooth'd his wrinkled front;
And now, instead of mounting barded steeds
To fright the souls of fearful adversaries,
He capers nimbly in a lady's chamber
To the

Climate Change

[rossdee]

Winter of Security?

I thought we were heading into summer (in the northern hemisphere, where Mozilla and most universities are located)

Do they know something we don't?

Preparation

[tepples]

Probably announcing half a year in advance because it takes months to prepare for these events.

Crack Firefox DRM

[EmperorOfCanada]

I hope that the first thing these guys do is to figure out how to crack or remove Firefox's DRM, I liked Firefox but I will NOT use it if they implement DRM. All DRM says is "We hate, despise, and crap on our users." Full stop.

But maybe DRM in Firefox is a good thing. It has been a long time since a new browser player came into the market and with Firefox soon to crack single digits(post DRM) it might make room for some fresh blood. So maybe one of these students will learn the Firefox code and business

Do they really have time for this?

[michael021689]

I'm surprised that Mozilla has time for this sort of thing. I would think that trying to make a Chome clone would keep them busy all the time. Hell, on top of that they seem to be actively going against the wishes of their community. That has to take a lot of time; they have to figure out what would keep them in the game and then do the opposite.

Seriously though, Mozilla has destroyed itself in the past three years. It is depressing. I don't want to use Chrome because Google..hell, IE is starting to look

They just removed a major security feature in FF

[chrisvdb]

I'm not sure if I really understand where Mozilla is heading... I chose Firefox over Chrome because of a) secure password sync'ing across devices (real end to end encryption for cloud storage and master password for local storage) and b) addons on Firefox mobile version.

Recently they decided to implement another password sync'ing scheme as the old one (based on pairing devices) was apparently too hard to use for the modal FF user (stats showed that less than 1% of their userbase was using old sync). Unfortunately the new system is by design not nearly as secure as the old system. After a few weeks of enabling the new sync'ing tool I randomly noticed that passwords no longer got sync'ed correctly. Turned out that the new sync system does not work when a master password is enabled. No mention of this in the release notes, no warning message during installation.

With the new sync system we not only get less security by design, on top we're no longer able to locally protect stored passwords with a master password. That means that every malicious/buggy application on your computer is able to read _all_ your saved passwords in plaintext. Take a look at https://bugzilla.mozilla.org/show_bug.cgi?id=995268 for the details. Password sync'ing security is now at par with Chrome, so b) is now the only reason why I'm still staying with FF.

If you take the time to read the bug report it really feels that Mozilla is losing touch with the power users in their pursuit of the average user. They forget that power users influence the rest...

Anyway, I think it's rather ironical that they are doing this security thing while they are knowingly removing security features at the same time.

Firefox was specifically not for power users.

[raymorris]

> Mozilla is losing touch with the power users in their pursuit of the average user.

Seamonkey was supposed to be the full-featured Mozilla browser for power users. Firefox was launched as a stripped-down, lightweight version of Seamonkey for Average Joe to check Facebook with. Of course, after a couple of years they forgot about the lightweight thing. They are specifically not targeting power users though.

The 1.0 release notes say it did

[raymorris]

See the Firefox 1.0 release notes, where they say Firefox (then called Phoenix) will be like Seamonkey, but with "features deemed geeky" removed.

http://website-archive.mozilla... [mozilla.org]

In the 1.0 release notes, Seamonkey is called "the Mozilla browser". The new Firefox (aka Phoenix aka Firebird) is contrasted with the pre-existing browser from Mozilla, internally known as Seamonkey. The Seamonkey name goes all the way back to Netscape. Extetnally, Netscape Inc. branded Seamonkey as "Netscape", the Mozilla Foun

Re:

[Gavagai80]

0.1 you mean. Firefox 1.0 was years later long after most of us had started using it.

1993 browser comparison page "Netscape Seamonkey"

[raymorris]

In 1993, this page compared Mosaic to "Netscape Seamonkey". That's eleven years before Firefox.

http://kuliah-pegawai-stt-band... [kurikulum.org]

Shocked

[slack_justyb]

Golden chance to make all kinds of, "Winter is coming..." jokes. Yet not a single one so far.

Let's hope...

[Hognoxious]

Let's hope for a "Spring of Usability", because 29 is a waist-high heap of gusset scrapings.

"Refresh" and "Back" are now tied to the url bar (previously, you could move them if the wind was blowing in the right direction).

The zoom controls have a 100% thing in the middle (which apparently doesn't do anything) making it far wider than it needs to be.

The customize window has the controls at the bottom, including one at the lower right to close the entire app. Why would you want ever want to do that from ther

Aces Mozilla

[binarylarry]

This is a much better initiative than both Google's Summer of Code and Microsoft's Fall of Disappointment.

I guess the more accurate name...

[arglebargle_xiv]

... "Mozilla Winter of We're Too Busy Making our Browser Look Like Chrome and Adding DRM to Bother with Trivial Stuff like Security so we'll get Unpaid Students to Do It Instead" didn't fit into a short acronym.

My Box Is Huge

[jman.org]

Suppose any part of this will be for finally converting TB to maildir format?

No, wait, that would suppose it's still actually in development. Why they let such a promising cross-platform app wither on the vine is beyond comprehension.