Coming soon to squarefree.com
I have trouble completing personal projects that take longer than a weekend. I often lose interest after doing the interesting parts and procrastinate indefinitely on completing the projects since they have no deadline. In August 2004, I set a goal compatible with my attention span: "start and finish one interesting project every weekend". This goal helped me write a bunch of Firefox extensions and one or two Firefox patches, but of course it didn't help me finish longer projects. Now I have several half-finished longer-than-a-weekend projects piled up.
I'm hoping that this "coming soon" post will make me finish at least some of these projects soon. Also, you can tell me which projects you want me to finish first.
- A novel attack against something that was proven secure using a what I think is a poor definition of security.
- A proof that a popular puzzle is NP-complete.
- A list of some of Firefox's weaknesses, design elements that can lead to security holes.
- Security tips for Firefox users (current version). Since this document is already 7 printed pages long without screenshots, it may be more effective at pointing out critical user interface flaws in Firefox and Windows than at educating users.
- Security tips for web application developers (current version).
- Security tips for Firefox developers and extension developers (current version).
January 17th, 2005 at 7:34 am
Your previous demos of novel attacks have been great, and have prompted discussion and fixes, so that’d be my choice.
I think there’s already enough known low-priority Firefox security issues, and I can’t see much changing before 1.1, so I’m not sure making that list is so important. The other tips would be good, but it depends if you can get anyone to read them ;)
And not on the list as such, but probably overlapping, so if you need another project… I keep seeing requests for a document explaining why Firefox/Mozilla’s design gives better security than IE’s. Currently we have vague hand-waving in the Firefox marketing stuff, and we have a selection of short documents, spread in different places, written for developers, but nothing between. You’re probably the person most capable of writing such a thing, and you’ve got bits of it already.
January 17th, 2005 at 7:58 am
*A list of some of Firefox’s weaknesses, design elements that can lead to security holes.
This one could be useful.
January 17th, 2005 at 8:22 am
“A novel attack against something that was proven secure using a what I think is a poor definition of security.”
I always like to see innovative exploitation.
January 17th, 2005 at 9:40 am
It depends. Have you already solved problem #2 in polynomial time?
January 17th, 2005 at 7:20 pm
# A list of some of Firefox’s weaknesses, design elements that can lead to security holes.
# Security tips for Firefox developers and extension developers (current version).
Yes please! (Not that the other subjects don’t look interesting, but these I’d be most interested in.)
January 23rd, 2005 at 3:47 am
None of the above.
You have almost missed your calling in life.
More lists please.
Lucky I had finished my beer otherwise I would have choked when I laughed.