CNNIC certificate criss: what you should do

Posted on by

Disclaimer: I am a Mozilla Taiwan Community contributor, however the followings are my own point of view; not the view of entire community.

中文版貼在 Mozilla Links

So, now we got bug 476766 calling Mozilla to remove CNNIC CA certs from it’s codebase, and people posted over on how to remove it manually. Personally I agreed with the objective argument in the bug, that officially CNNIC is considered innocent until proven guilty. To make my point, here is a PhotoShop MS Paint mock up for you. Please stop the nonsense in bug 476766 unless you see this:

But if you do, please immediately click [Detail…] and export the fake SSL cert. Every responsible browser vendor, include Mozilla, will remove the CNNIC Root upon this goes public, and the fake certificate would be the biggest scandal of the year to China, on the Internet.

What you should do before that

If you feel unsafe on the standard practice of browser vendors, you could disable the CA certs in your computer. Mozilla is correct on not-removing the CA certs, but for user who want to remove them themselves, I don’t think Mozilla has provided an easy tool for that. Clicking Tools – Options – Advanced – Security – Certificate Manager is just too painful. So here is an add-on I wrote which does that for you: CA Untrustworthy. Do remember that removing CNNIC CA certs will break legit CNNIC-signed websites.

For the less paranoid, Rex provided us an add-on “Cert Alert” that alerts user whenever they encountered an CNNIC-signed website. Install it, after that, when you see the alert, you could use your judgment to consider the trustworthiness of the website – you might actually find the fake SSL cert that way.

Animation Smoothness

Posted on by

中文: 寫了一個測試動畫順暢度的網頁,用了三種不同的處理方法:一種讓 JavaScript 去改 CSS 的 top 和 left、另一種是改 background-position、最後就是用 HTML 5 的 <canvas> 來繪圖。結論是 background-position 最順,另外 Webkit 感覺比 Gecko 厲害一點。

I wrote a little test to find out which way of doing animation is the most smooth one. The three animation being tested are:

  1. Changing CSS top and left property.
  2. Chainging CSS background-position property.
  3. Copy the image into a <canvas>

background-position seems to be wining on both Webkit and Gecko; Gecko preformed poorly on top/left property changing when full page zoom is in effect. Also Webkit preforms better than Gecko in all three animations.

HTML5 File API + XmlHttpRequest = SWFUpload, now what?

Posted on by

So what should you do if you decided to ditch SWFUpload and embrace HTML5 solution for ajax file upload? In honor of the releases of Firefox 3.6 (with File API), I decided to just that in the GFX Firefox promotion site. (sounds perfectly reasonable to use Fx-only technology on such site, right?) Firefox now gives us the bricks (File API, binary XHR, and File drag-drop), but to build a house it still takes some work. The Mozilla Hacks demo works great but to work with the existing site I need:

  1. To create a SWFUpload-like button that opens file selection dialog instead of HTML form file input.
  2. To send the file as a ordinary file upload form – no need to change php backend to handle raw post
  3. Send the file by jQuery.ajax, firing global callbacks

I came up with these methods to solve them:

Continue reading