Mozilla in Asia

My colleague, Shyam Mani, and I will be at Echelon 2010 this week, which looks to be one of the most exciting Internet events in Asia this year. Over 750 participants from all across Asia, it’s quite an accomplishment and congratulations to the e27 organizers.

I’m speaking about Addons on Tuesday morning, and will be around for the rest of the event gathering feedback from participants and sharing the news about what’s going on at Mozilla with mobile, Firefox 4, etc.

In unrelated news, I’m looking forward to some authentic chicken rice!

Bernard Leong and Daniel Cerventus of This Week in Asia interviewed me last week in advance of the Echelon 2010 conference in Singapore on June 1-2.  I will be speaking at Echelon about browser customizations and how they can help startups retain users and grow usage of your website/ webservice.

If you’re going to Echelon, I look forward to seeing you.

This Week in Asia Episode 39: Gen Kanai from Mozilla

I made one error in the interview that I need to clarify.

I said that the Firefox 4 alphas are not yet available. That is incorrect. They are available today as Mozilla Developer Preview (Gecko 1.9.3 alpha).

I got confused between the Firefox for Android builds, which were pre-alpha at the time of the interview but is now available as a nightly build for testing.

For those of you who have followed my blog, you know that it has been 3 years since I first reported on the fact that Korea does not use SSL for secure transactions over the Interent but instead a PKI mechanism that limits users to the Windows OS and Internet Explorer as a browser. Nothing fundamentally has changed but there are new pressures on the status quo that may break open South Korean for competition in the browser market in the future.

In fact, one of the new pressures on the status quo has been the popularity of the iPhone in South Korea, which wasn’t available officially until late 2009 due to a different Korean software middle-ware requirement, WIPI, which has since been deprecated. With WIPI dead and buried, Apple released the iPhone to great fanfare in the Korean market and Blackberry has also launched in the Korean market.

Another pressure on the status quo was a recent report out from 3 researchers (Hyoungshick Kim, Jun Ho Huh and Ross Anderson) from the University of Oxford’s Computing Laboratory, “On the Security of Internet Banking in South Korea.”

South Korean Internet banking systems have a unique way of enforcing security controls. Users are obliged to install proprietary security software – typically an ActiveX plugin that implements a bundle of protection mechanisms in the user’s browser. The banks and their software suppliers claim that this provides trustworthy user platforms. One side-effect is that almost everyone in Korea uses IE rather than other browsers.

We conducted a survey of bank customers who use both Korean and other banking services, and found that the Korean banks’ proprietary mechanisms impose significant usability penalties. Usability here is strongly correlated with compatability: Korean users have become stuck in an isolated backwater, and have not benefited from all the advances in mainstream browser and security technology. The proprietary mechanisms fail to provide a trustworthy platform; what’s more, alternative strategies based on trustworthy computing techniques are quite likely to suffer from the same usability problems. We conclude that transaction authentication may be the least bad of the available options.

The popularity of the iPhone (the press claims 500,000 units sold in the few months since it was released) resurfaced the issue that only Windows and IE can be used to make secure transactions with Korean Internet services. iPhone/Blackberry/Android users in Korea (not to mention Firefox/Opera/Safari/Chrome users) cannot bank online or purchase items online or do any secure transaction with the smartphone browser because Korean services only support the PKI mechanism that only works with Active-X in IE and Windows.

Dr. Keechang Kim of Korea University has been working tirelessly for many years to try to change the status quo in Korea around browsers and the reliance on a PKI mechanism that is tied to one platform. With concern being raised by different parts of the Korean government, including the Korean Communications Commission as well as the Office of the President of Korea, Keechang has gathered a very interesting panel of presentations for April 29th in Seoul.  The panelists will be addressing the (Korean) Financial Supervisory Service (FSS) which is the regulatory body in Korea that is currently mandating the PKI mechanism that is in place today (which requires Active-X, etc.)  Unless the FSS relaxes or changes their regulations, Korean banks cannot offer other mechanisms for Korean users to bank online, etc.  In short, unless the FSS changes their stance, nothing will change in Korea.

“Security Issues of Online Banking & Payment in Korea” is an open public meeting (registration recommended) starting at 10 AM on April 29th at COEX Conference Hall E1 and will feature:

• Bruce Schneier (Chief Security Technology Officer, BT) on “Security: What Works, What Doesn’t, and Why”
• Hyoungshick Kim, Jun Ho Huh (Univ. of Oxford) “What’s the danger of mandating proprietary security solutions?”
• Lucas Adamski (Dir. Security Engineering, Mozilla) on “Securing Browser Interactions”

Again this meeting is open to the public. Anyone is welcome to attend.

While I have no illusions that one meeting will get the key Korean government entities to do a 180 from their current stance, I do think this will be an important opportunity to bring external, Korean and non-Korean security expertise to Korea to discuss the current state of affairs and show that a PKI-based security architecture is only as secure as the computers that those certificates are used on.  If the computers are compromised, and at least one security services provider, Network Box, claims that S. Korea is the largest source for malware in the world, (Korea reigns as king of malware threats) then there is no way to be sure that the person in control of those personal certificates is the legitimate owner.

The deletion of the requirement for WIPI in Korean mobile phones opened the Korean market to the iPhone and the Blackberry and Android phones from outside of Korea.  Korean users of these new smartphones realized that they could not bank online, buy online, etc. and are now pressuring the Korean government to change the current laws which mandate a PKI-based mechanism that has been implemented with Active-X.  As the popularity of smartphones that cannot make use of the current PKI-based architecture for encryption/authentication grows in Korea, the pressure for the government to change their regulations will only mount.  The key question for Mozilla is whether the Korean government will open up to a point where Firefox and Fennec can be used in the future for secure transactions in Korea.

Thank you to Keechang and everyone in the OpenWeb.or.kr community for your tireless efforts to try to break open the Korean market. Thank you also to Channy Yun who has put aside his own schedule in order to participate and guide Lucas in Seoul.  There is still a long road to walk to an open, competitive market in S. Korea for browsers, but I am starting to see the light at the end of the tunnel.

Chris Grams interviews Chris Blizzard at opensource.com on the topic of building community in open source. The five questions in question are:

1. When I first met you ten years ago, you were a Red Hat employee with a day job keeping the redhat.com website up and running, and, even then, you were hacking on Mozilla for fun in your spare time. Now you run developer relations for Mozilla, and you’ve had some other amazing experiences, including working on the One Laptop Per Child project, along the way.It strikes me that you are a great case study of someone who has achieved success in the meritocracy of open source by doing good work. Knowing what you know now, if you were starting from ground zero as a community contributor, how would you get started?

2. Firefox is arguably the most successful open source project from a mainstream consumer standpoint. Meaning, it not only has an active community of developers, but it also attracts a broad community of users from all walks of life. Why has Firefox succeeded at reaching a mainstream audience when other open source projects (like the Linux desktop) have struggled?

3. Mozilla has a noble mission, beautifully articulated here, of “encouraging choice, innovation and opportunity online.” What role to do you feel this mission plays in attracting developers to work on Mozilla projects? Are most developers oblivious to it and just want to work on cool technology? Or is the mission meaningful to them?

4. What’s the dumbest thing a company can do when trying to build an active, engaged community of contributors?

5. And what’s the smartest thing?

Five questions about building community with Chris Blizzard of Mozilla | opensource.com

Channy Yun, Mozilla’s community leader in Korea and the Korean Firefox localization leader has been selected as a Mindtouch “Most Powerful Voice” in open source.  Congrats to Channy for his tireless efforts to push web standards, the open web, and promote open source in both Korea and the world.

In the span of a few months, the brand new Mozilla community in the Philippines is active and ambitious.  A new Mozilla Philippines Community website, Five Years of Firefox in Manila, and check out the 2010 plans they have for promoting Firefox and Mozilla in the Philippines here: Mozilla Philippines Community 2010 Kick-Off.

And for photos from the 2010 kick-off meeting, be sure to visit Pics from the Mozilla Philippines 2010 Kick-Off Meeting.

Robert O’Callahan mentioned it on his blog but if you attend Linux.conf.au this week, you get to see not only ROC in action speaking on the importance of open video on the Web,  but also Chris Double on implementing HTML5 video in Firefox and Taras Gleck on The Hydras too.

Not only that, they’re screening Code Rush on Wednesday evening, so you get to see Stuart Parmenter too!

This is a re-post from the Mozilla Blog:

It has come to our attention that there are reports on the popular Thai forum Blognone, มีบริษัทไหน โดนคนจาก Mozilla โทรข้ามประเทศมาเช็คยอดคนใช้ Firefox บ้างไหมครับ, and from Mr. Paiboon’s blog เมื่อมีฝรั่งแปลกหน้าโทรเข้า ออฟฟิศของผม !!, of someone called ‘Edison’ calling Internet businesses in Thailand and using the Mozilla Foundation name. These callers are asking about how many computers in the company are using Mozilla Firefox and are connected to the Internet. Mozilla has no representatives named Edison and no representatives in Thailand doing any telephone-based market surveys. If you receive a phone call from a ‘representative of the Mozilla Foundation’ they are not a representative of Mozilla Corporation or the Mozilla Foundation.

Mozilla has done web-based surveys from the Mozilla website and other websites and does market research via email, but not via phone in Thailand. If you receive a phone call in Thailand from someone saying that they are from Mozilla, please do not provide any information and take their name and number and send it to press at mozilla dot com for confirmation.

Thank you very much for your support of Mozilla and Firefox in Thailand.

On November 26th, the newest Mozilla community, Mozilla Philippines, which started only a few weeks earlier in the Philippines, celebrated the Five Years of Firefox at the Asian Institute of Management in Manila.

Everything came together very quickly with organization driven by Regnard Raquedan, our new community leader, as well as the Filipino Campus Reps, (Ren-Ren Gabas, Allan Caeg, and Joell Lapitan among many others) who have been very active.  Sherwin Sowy of Globe Labs (a division of Globe Telecom) was kind enough to help with sponsorship and showed off a Firefox Addon that university students had recently developed which enabled the sending of web content (text or images) via SMS/MMS.

If you would like to join the new community that is growing in the Philippines to support Mozilla and Firefox, please join the Philippine Mozilla community list.

Five Years of Firefox in Manila Done!

Other blog posts on the event can be found here:

Five Years of Firefox in Manila Done! – Mozilla Philippines

Five Years of Firefox in Manila Done!

Five Years of Firefox in Manila! – a set on Flickr (Photos courtesy of Aja Lapus & Joell Lapitan)

Mozilla Firefox Turns Five

5 Years of Firefox in Manila, a Report

Happy 5th Birthday Mozilla Firefox!

2009-11-21 Five Years of Firefox in Manila – a set on Flickr:

While this is ostensibly about European Union politics, I wanted to make sure that Planet readers saw this interesting Ashlee Vance story in the NY Times on business models in open source software that mentions Mozilla and Firefox.

Open-source software has thrived and played a prominent role in the building of the Internet’s infrastructure. Many companies rely on Linux-based computers and Apache Web server software to display their Web pages. Similarly, the Mozilla Firefox Web browser has emerged as the most formidable competitor to Microsoft’s Internet Explorer.

The grass-roots nature of open source has led advocates to view the projects as a populist foil to proprietary software, where a company keeps the inner workings of its applications secret.

But in the last decade, open-source software has become more of a corporate affair than a people’s revolution.

In some cases, dominant technology companies have used open-source projects as pawns. Google, for example, has needled Microsoft by providing financial support to the nonprofit Mozilla Foundation, which oversees of the development of Firefox. I.B.M. has been a major backer of Linux, helping to raise it as a competitor to Microsoft’s Windows and other proprietary operating systems.

Open Source as a Model for Business Is Elusive