![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Ah want security / Ah want it at any cost
Jul. 3rd, 2006 01:35 pmThe Central Library has wireless access for people who bring their laptops in. It only allows HTTP connections, which I suppose is fair, and in order to access it at all in a given 8-hour period, you have to first visit a login site and confirms to their router that the person using your computer's MAC address has agreed to the library's minimal code of internet contact.
This site is encrypted and authenticated, but it only supports SSL 2.0.
SSL is the protocol used by secure sites to both prove to you that they are who they say they are and to encrypt your connection. SSL 1.0 never shipped, so SSL 2.0 was the first public version. SSL 2.0 has some "known security flaws." Luckily, you can block those flaws by using SSL 3.0.
Mozilla Firefox 2.0 is dropping support for SSL 2.0. It's not even going to be available in the preferences dialog. You can turn it on, but only by using about:config. So if you're using the next version of the second-most popular web browser in the world, you can't connect to the library's login site unless you deliberately open yourself up to security holes, using an arcane process that probably only 10% of Firefox users even know about.
SSL 3.0 shipped in 1996 with the release of Netscape Navigator 2.0.
I reckon the library should probably upgrade their wireless login page to a 1996 level of technology; I passed the IT guys a friendly note to that effect through the guy at the reference desk. I know a few of you guys live in the Twin Cities, and it might be helpful if you could fire off an email or two as well. (Or better yet, talk to the reference desk people next time you're at Central.)
EDIT: Incidentally, you know the best part of doing your important stuff over at Central because it's too hot outside and it's a nice air-conditioned place where they won't kick you out if you sit for five hours and don't buy anything? If you suddenly realize you really really want a book, you can just... wander over and grab it. (There are five copies of that one in the system. Four are checked in. They're all at Central. This is why living in the City Proper is the shit.)
This site is encrypted and authenticated, but it only supports SSL 2.0.
SSL is the protocol used by secure sites to both prove to you that they are who they say they are and to encrypt your connection. SSL 1.0 never shipped, so SSL 2.0 was the first public version. SSL 2.0 has some "known security flaws." Luckily, you can block those flaws by using SSL 3.0.
Mozilla Firefox 2.0 is dropping support for SSL 2.0. It's not even going to be available in the preferences dialog. You can turn it on, but only by using about:config. So if you're using the next version of the second-most popular web browser in the world, you can't connect to the library's login site unless you deliberately open yourself up to security holes, using an arcane process that probably only 10% of Firefox users even know about.
SSL 3.0 shipped in 1996 with the release of Netscape Navigator 2.0.
I reckon the library should probably upgrade their wireless login page to a 1996 level of technology; I passed the IT guys a friendly note to that effect through the guy at the reference desk. I know a few of you guys live in the Twin Cities, and it might be helpful if you could fire off an email or two as well. (Or better yet, talk to the reference desk people next time you're at Central.)
EDIT: Incidentally, you know the best part of doing your important stuff over at Central because it's too hot outside and it's a nice air-conditioned place where they won't kick you out if you sit for five hours and don't buy anything? If you suddenly realize you really really want a book, you can just... wander over and grab it. (There are five copies of that one in the system. Four are checked in. They're all at Central. This is why living in the City Proper is the shit.)