ProHoster > Ibhulogi > iindaba ze-intanethi > Iinkcukacha zobuchwephesha zokucinywa kwamva nje kwezongezo kwiFirefox

Iinkcukacha zobuchwephesha zokucinywa kwamva nje kwezongezo kwiFirefox

Phawula umguquleli: ukwenzela ukuba kube lula kubafundi, imihla inikwe ngexesha laseMoscow

Kutshanje siphoswe lixesha lokuphelelwa kwesinye sezatifikethi ezisetyenziselwa ukusayina izongezo. Oku kubangele ukuba izongezo zivaliwe kubasebenzisi. Ngoku ingxaki sele ilungisiwe ubukhulu becala, ndingathanda ukwabelana ngeenkcukacha zokwenzekileyo kunye nomsebenzi owenziweyo.

Imvelaphi: izongezo kunye nemisayino

Nangona abantu abaninzi besebenzisa isikhangeli ngaphandle kwebhokisi, iFirefox ixhasa izongezo ezibizwa ngokuba β€œzizongezo.” Ngoncedo lwabo, abasebenzisi bongeza izinto ezahlukeneyo kwibhrawuza. Kukho ngaphezu kwe-15 lamawaka ezongezo: ukusuka uthintelo lwentengiso Π΄ΠΎ lawula amakhulu eethebhu.

Izongezo ezifakiweyo kufuneka zibe nazo umsayino wedijithali, ekhusela abasebenzisi kwii-add-ons ezinobungozi kwaye ifuna ukuhlaziywa okuncinci kwezongezo ngabasebenzi baseMozilla. Sazisa lo myalelo ngo-2015 ngenxa yokuba sasifumana iingxaki ezinzulu ngezongezo eziyingozi.

Isebenza njani: Yonke ikopi yeFirefox iqulethe "isatifikethi esiyingcambu". Isitshixo sale "ngcambu" sigcinwe kuyo Imodyuli yoKhuseleko lweHardware (HSM)ngaphandle kofikelelo lwenethiwekhi. Yonke iminyaka embalwa, "isatifikethi esiphakathi" esitsha sisayinwe kunye nesi sitshixo, esisetyenziswa xa kusayinwa izongezo. Xa umphuhlisi engenisa isongezelelo, senza "isiqinisekiso sokuphela" sexeshana kwaye sisisayine sisebenzisa isatifikethi esiphakathi. I-add-on ngokwayo isayinwe kunye nesatifikethi sokugqibela. Ngokucwangcisiweyo kubonakala ngathi.

Nceda uqaphele ukuba isatifikethi ngasinye sine "subject" (esinikwe kuye isatifikethi) kunye "nomniki" (okhuphe isatifikethi). Kwimeko yesatifikethi esiyingcambu, "subject" = "issuer", kodwa kwezinye izatifikethi, umniki wesatifikethi ngumxholo wesatifikethi somzali esisayinwe ngaso.

Inqaku elibalulekileyo: i-add-on nganye isayinwe sisatifikethi sokuphela esisodwa, kodwa phantse rhoqo ezi zatifikethi zokugqibela zisayinwa sisatifikethi esiphakathi.

Inqaku loMbhali: Imeko engaqhelekanga yongezo ezindala kakhulu. Ngelo xesha, iziqinisekiso ezahlukeneyo zangaphakathi zazisetyenziswa.

Esi satifikethi siphakathi sibangele iingxaki: isatifikethi ngasinye sisebenza ixesha elithile. Ngaphambi okanye emva kweli xesha, isatifikethi asisebenzi kwaye isikhangeli asizukusebenzisa izongezo ezisayinwe sesi satifikethi. Ngelishwa, isatifikethi esiphakathi siphelelwe ngoMeyi 4 ngo-4 am.

Iziphumo azizange zivele kwangoko. IFirefox ayijongi utyikityo lwezongezo ezifakiweyo rhoqo, kodwa phantse kube kanye rhoqo kwiiyure ezingama-24, kwaye ixesha lokuqinisekisa lelomntu ngamnye kumsebenzisi ngamnye. Ngenxa yoko, abanye abantu baba neengxaki ngoko nangoko, ngoxa abanye baba neengxaki kamva. Siqale saqaphela ingxaki ngexesha lokuphelelwa kwesatifikethi kwaye kwangoko saqala ukukhangela isisombululo.

Ukunciphisa umonakalo

Sathi sakuyiqonda into eyenzekileyo, sazama ukuyinqanda le meko ukuba ingabi mbi.

Okokuqala, bayeka ukwamkela kunye nokusayina izongezo ezintsha. Akukho sizathu sokusebenzisa isatifikethi esiphelelweyo kule nto. Xa ndikhangela emva, bendinokuthi ngesasishiye yonke into injengoko ibinjalo. Siphinde saqala ngoku ukwamkela izongezo.

Okwesibini, bathumela ngokukhawuleza ukulungiswa okwathintela ukutyikitya ukuba kuhlolwe imihla ngemihla. Ke, sibasindise abo basebenzisi abakhange babenaxesha lokujonga izongezo kwiiyure ezingama-24 zokugqibela. Olu lungiso lurhoxisiwe ngoku kwaye alusafuneki.

Ukusebenza okufanayo

Kwithiyori, isisombululo sengxaki sibonakala silula: yenza isatifikethi esiphakathi esisebenzayo kwaye usayine kwakhona i-add-on nganye. Ngelishwa oku akuyi kusebenza:

  • asikwazi ukuphinda sisayine ngokukhawuleza i-15 lamawaka ezongezo ngexesha elinye, inkqubo ayilwanga umthwalo onjalo
  • Emva kokuba sisayine izongezo, iinguqulelo ezihlaziyiweyo kufuneka zisiwe kubasebenzisi. Uninzi lwezongezo zifakwe kwiiseva zeMozilla, ke iFirefox iya kufumana uhlaziyo kwiiyure ezingama-24 ezizayo, kodwa abanye abaphuhlisi basasaza izongezo ezisayiniweyo ngokusebenzisa amajelo omntu wesithathu, ngoko ke abasebenzisi kuya kufuneka bahlaziye ezongezo ngesandla.

Endaweni yoko, sizame ukuphuhlisa ukulungiswa okuya kufikelela kubo bonke abasebenzisi ngaphandle kokufuna isenzo esikhulu okanye kungabikho nto kwicala labo.

Ngokukhawuleza safika kumacebo amabini aphambili, esiwasebenzise ngokufanayo:

  • Hlaziya iFirefox ukuze utshintshe ixesha lokuqinisekiswa kwesatifikethi. Oku kuyakwenza ukuba izongezo ezikhoyo zisebenze ngomlingo kwakhona, kodwa ziyakufuna ukukhulula kunye nokuthunyelwa kolwakhiwo olutsha lweFirefox.
  • Velisa isatifikethi esisebenzayo kwaye ngandlel 'ithile uqinisekise iFirefox ukuba yamkele endaweni yesi sikhoyo siphelelwe lixesha

Sagqiba ekubeni sisebenzise ukhetho lokuqala kuqala, olubonakala lusebenza. Ekupheleni kosuku, bakhulula ukulungiswa kwesibini (isatifiketi esitsha), esiza kuthetha ngaso kamva.

Ukutshintsha isatifikethi

Njengoko benditshilo ngasentla, yayifuneka:

  • yenza isatifikethi esitsha esisebenzayo
  • yifake ukude kwiFirefox

Ukuqonda ukuba kutheni oku kusebenza, makhe sijonge ngakumbi inkqubo yokuqinisekisa yokongeza. I-add-on ngokwayo iza njengeseti yeefayile, kubandakanywa ikhonkco lezatifikethi ezisetyenziselwa ukusayina. Ngenxa yoko, i-add-on inokuqinisekiswa ukuba isikhangeli siyayazi isatifikethi sengcambu, esakhiwe kwiFirefox ngexesha lokwakha. Nangona kunjalo, njengoko sele sisazi, isatifikethi esiphakathi siphelelwe lixesha, ngoko akunakwenzeka ukuba uqinisekise ukongeza.

Xa iFirefox izama ukuqinisekisa isongezo, ayipheleliselwanga ekusebenziseni izatifikethi eziqulethwe ngaphakathi kwesongezo ngokwaso. Endaweni yoko, isikhangeli sizama ukwenza ikhonkco lesatifikethi esisebenzayo, ukuqala ngesatifikethi sokuphela kwaye siqhubeke de sifike engcanjini. Kwinqanaba lokuqala, siqala ngesatifikethi sokugqibela kwaye emva koko sifumane isatifikethi eso sifundo singumniki wesatifikethi sokugqibela (oko kukuthi, isatifikethi esiphakathi). Ngokwesiqhelo esi satifikethi siphakathi sinikezelwa kunye nesongezo, kodwa nasiphi na isatifikethi esisuka kwindawo yokugcina isikhangeli sinokusebenza njengesi satifikethi esiphakathi. Ukuba sinokongeza ukude isatifikethi esitsha esisebenzayo kwivenkile yesatifikethi, iFirefox iya kuzama ukusisebenzisa. Imeko ngaphambi nasemva kokufaka isatifikethi esitsha.

Emva kokufaka isatifikethi esitsha, iFirefox iya kuba neenketho ezimbini xa iqinisekisa ikhonkco lesatifikethi: sebenzisa isatifikethi esidala esingasebenziyo (esingayi kusebenza) okanye isatifikethi esitsha esisebenzayo (esiya kusebenza). Kubalulekile ukuba isatifikethi esitsha sibe negama lesifundo esifanayo kunye nesitshixo sikawonke-wonke njengesesatifikethi esidala, ngoko ke utyikityo lwaso kwisatifikethi sokugqibela luya kuba semthethweni. IFirefox ikrelekrele ngokwaneleyo ukuba ingazama zombini iinketho ide ifumane enye esebenzayo, ke izongezo zivavanywa kwakhona. Qaphela ukuba le yingcinga enye esiyisebenzisayo ukuqinisekisa izatifikethi ze-TLS.

Inqaku loMbhali: Abafundi abaqhelene neWebPKI baya kuqaphela ukuba izatifikethi ezinqamlezayo zisebenza ngendlela efanayo.

Into entle ngolu lungiso kukuba ayifuni ukuba usayine kwakhona izongezo ezikhoyo. Nje ukuba isikhangeli sifumane isatifikethi esitsha, zonke izongezo ziya kusebenza kwakhona. Umceli mngeni oseleyo kukuhambisa isatifikethi esitsha kubasebenzisi (ngokuzenzekela kunye nokude), kunye nokufumana iFirefox ukuba iphinde ijonge izongezo ezikhubazekileyo.

INormandy kunye nenkqubo yophando

Okumangalisayo kukuba, le ngxaki ixazululwa nge-add-on ekhethekileyo ebizwa ngokuthi "inkqubo". Ukwenza uphando, siphuhlise inkqubo ebizwa ngokuba yiNormandy ehambisa uphando kubasebenzisi. Ezi zifundo zenziwa ngokuzenzekelayo kwibhrawuza, kwaye ziphucule ukufikelela kwii-API zangaphakathi zeFirefox. Uphando lungongeza izatifikethi ezitsha kwivenkile yesatifikethi.

Inqaku lombhali: Asongezi isatifikethi kunye nawaphi na amalungelo awodwa; isayinwe sisatifikethi esiyingcambu, ngoko ke iFirefox iyayithemba. Siyongeza nje kwiqula lezatifikethi ezinokusetyenziswa sisikhangeli.

Ngoko isisombululo kukudala isifundo:

  • ukufakela isatifikethi esitsha esisenzela abasebenzisi
  • ukunyanzela isikhangeli ukuba sijonge kwakhona izongezo ezikhubazekileyo ukuze zisebenze kwakhona

"Kodwa linda," utsho, "izongezo azisebenzi, ndingasungula njani isongezelelo senkqubo?" Masisayine ngesatifikethi esitsha!

Ukubeka konke kunye ... kutheni kuthatha ixesha elide?

Ke, isicwangciso: khupha isatifikethi esitsha sokutshintsha esidala, yenza isongezelelo senkqubo kwaye usifakele kubasebenzisi ngeNormandy. Iingxaki, njengoko benditshilo, zaqala ngoMeyi 4 ngo-4:00, kwaye sele sele nge-12:44 kwangolo suku lunye, ngaphantsi kweeyure ezili-9 kamva, sathumela ukulungiswa eNormandy. Kuthathe ezinye iiyure ze-6-12 ukuba ifikelele kubo bonke abasebenzisi. Akulunganga kwaphela, kodwa abantu kuTwitter bayabuza ukuba kutheni singenakwenza ngokukhawuleza.

Okokuqala, kwathatha ixesha ukukhupha isatifikethi esitsha esiphakathi. Njengoko ndikhankanyile ngasentla, isitshixo kwisatifikethi esiyingcambu sigcinwe ngaphandle kweintanethi kwimodyuli yokhuseleko lwehardware. Oku kuhle ngokwembono yokhuseleko, kuba ingcambu isetyenziswa ngokunqabileyo kakhulu kwaye kufuneka ikhuselwe ngokuthembekileyo, kodwa iyinto ephazamisayo xa ufuna ukusayina isatifikethi esitsha ngokukhawuleza. Omnye weenjineli zethu kwafuneka ahambe kwindawo yokugcina i-HSM. Emva koko kuye kwakho iinzame ezingaphumelelanga zokukhupha isatifikethi esichanekileyo, kwaye ilinge ngalinye lixabisa iyure enye okanye ezimbini ezichithwe kuvavanyo.

Okwesibini, ukuphuhliswa kwenkqubo yokongeza kuthathe ixesha. Ngokwengqiqo ilula kakhulu, kodwa neenkqubo ezilula zifuna ukhathalelo. Sasifuna ukuqiniseka ukuba asiyenzi ibe mbi ngakumbi le meko. Uphando kufuneka luvavanywe ngaphambi kokuba luthunyelwe kubasebenzisi. Ukongeza, i-add-on kufuneka isayinwe, kodwa inkqubo yethu yokutyikitya ivaliwe, ngoko kwafuneka sifumane i-workaround.

Ekugqibeleni, emva kokuba uphando lulungele ukungeniswa, ukusasazwa kwathatha ixesha. Isikhangeli sijonga uhlaziyo lwaseNormandy rhoqo kwiiyure ezi-6. Ayizizo zonke iikhompyuter ezihlala zivuliwe kwaye ziqhagamshelwe kwi-Intanethi, ngoko kuya kuthatha ixesha ukulungisa ukusasazeka kubasebenzisi.

Amanyathelo okugqibela

Uphando kufuneka lulungise ingxaki kubasebenzisi abaninzi, kodwa alufumaneki kuye wonke umntu. Abanye abasebenzisi bafuna indlela ekhethekileyo:

  • abasebenzisi abaye bakhubaza uphando okanye i-telemetry
  • abasebenzisi benguqulo ye-Android (i-Fennec), apho uphando aluxhaswanga kwaphela
  • abasebenzisi bolwakhiwo lwesiko lweFirefox ESR kumashishini apho i-telemetry ingenakwenziwa ukuba isebenze
  • abasebenzisi abahleli ngasemva kweMitM proxies, kuba inkqubo yethu yofakelo yofakelo isebenzisa isitshixo sokucofa, esingasebenziyo ngezo proxies.
  • abasebenzisi beenguqulelo zakudala zeFirefox abangaluxhasi uphando

Akukho nto sinokuyenza malunga nodidi lwamva lwabasebenzisi - kusafuneka bahlaziyele uhlobo olutsha lweFirefox, kuba abo baphelelwe lixesha banobuthathaka obungabhalwanga. Siyazi ukuba abanye abantu bahlala kwiinguqulelo ezindala zeFirefox kuba bafuna ukusebenzisa izongezo ezindala, kodwa uninzi lwezongezo ezindala sele zifakwe kwiinguqulelo ezintsha zesikhangeli. Kwabanye abasebenzisi, siye saphuhlisa isiqwenga esiya kufaka isatifikethi esitsha. Ikhutshwe njengokukhululwa kwe-bugfix (inqaku lomguquleli: Firefox 66.0.5), ke abantu baya kuyifumana - kusenokwenzeka ukuba sele beyifumene - ngejelo lohlaziyo oluqhelekileyo. Ukuba usebenzisa ulwakhiwo lweFirefox ESR, nceda uqhagamshelane nomlondolozi wakho.

Siyaqonda ukuba oku akulunganga. Kwezinye iimeko, abasebenzisi balahlekelwe idatha yokongezwa (umzekelo, idatha yokongeza Iziqulathi zeAkhawunti ezininzi).

Esi siphumo secala asikwazanga ukuphetshwa, kodwa sikholelwa ukuba kwixesha elifutshane sikhethe esona sisombululo silungileyo kubasebenzisi abaninzi. Kwixesha elide, siya kukhangela ezinye, iindlela eziphambili zoyilo lwezakhiwo.

Izifundo

Okokuqala, iqela lethu lenze umsebenzi omangalisayo wokudala kunye nokuthumela ulungiso ngenqanawa ngaphantsi kweeyure ezili-12 emva kokuba umba ufunyenwe. Njengomntu owayesiya ezintlanganisweni, ndingatsho ukuba kule meko inzima abantu basebenza nzima yaye lincinane kakhulu ixesha elachithwayo.

Ngokucacileyo, kwakungafanele kwenzeke konke konke oku. Kuyafaneleka ngokucacileyo ukulungelelanisa iinkqubo zethu ukunciphisa ukubakho kweziganeko ezinjalo kunye nokwenza lula ukulungiswa.

Kule veki izayo siza kupapasha ingxelo esemthethweni yokuhlolwa kwesidumbu kunye noluhlu lweenguqu esizimisele ukuzenza. Okwangoku, ndizakwabelana ngeengcinga zam. Okokuqala, kufuneka kubekho indlela engcono yokubeka iliso kwimeko yento enokubakho ibhombu yexesha. Kufuneka siqiniseke ukuba asiziboni sikwimeko apho omnye wabo esebenza ngequbuliso. Sisasebenza iinkcukacha, kodwa ubuncinci, kuyimfuneko ukuqwalasela zonke ezo zinto.

Okwesibini, sifuna isixhobo sokuhambisa ngokukhawuleza uhlaziyo kubasebenzisi, nokuba-ingakumbi xa-yonke enye into isilela. Kwaba kuhle ukuba sakwazi ukusebenzisa inkqubo "yophando", kodwa sisixhobo esingafezekanga kwaye sineziphumo ebezingalindelekanga ezingafunekiyo. Ngokukodwa, siyazi ukuba abasebenzisi abaninzi banohlaziyo oluzenzekelayo luvuliwe, kodwa bangathanda ukungathathi nxaxheba kuphando (ndiyavuma, ndibacimile nabo!). Kwangaxeshanye, sidinga indlela yokuthumela uhlaziyo kubasebenzisi, kodwa nokuba kuyintoni na ukuphunyezwa kobugcisa bangaphakathi, abasebenzisi kufuneka bakwazi ukubhalisela uhlaziyo (kubandakanywa nezilungiso ezishushu) kodwa baphume kuyo yonke enye into. Ukongeza, isitishi sohlaziyo kufuneka siphendule ngakumbi kunokuba sinjalo ngoku. Nge-6 kaMeyi, bekusekho abasebenzisi abangazange bathathe ithuba lokulungiswa okanye inguqulelo entsha. Le ngxaki sele ilungisiwe, kodwa okwenzekileyo kwabonisa indlela ebaluleke ngayo.

Okokugqibela, siza kujonga ngakumbi ulwakhiwo lokhuseleko lwezongezo ukuqinisekisa ukuba lubonelela ngenqanaba elifanelekileyo lokhuseleko kunye nomngcipheko omncinci wokwaphula nantoni na.

Kwiveki ezayo siza kujonga iziphumo zohlalutyo olucokisekileyo lwento eyenzekayo, kodwa okwangoku ndiya kuvuya ukuphendula imibuzo nge-imeyile: [imeyile ikhuselwe]

umthombo: linux.org.ru

Yongeza izimvo