Downloading, certificates and funny acronyms

Midori 0.4.7 has reached a new level of downloading experience. Panel and statusbar consistently verify file integrity, show size, remaining time and speed of a file. An icon and expected file size are displayed before saving a file. External download managers, namely SteadyFlow, Aria2 or command-line based such as wget are available in the preferences. To counter phishing sites which fake downloads as demonstrated by Michal Zalewski the origin of the file is clearly visible. Finally, you can now save whole websites including any images, scripts and other resources – optionally.

On the topic of security Midori has reached another milestone. Goodbye colorful urlbar, you were beautiful but let’s face it, once you get used to the colors nobody pays attention even when it’s read. What this means is that SSL errors are now fatal by default – conveniently we can use GCR, a library based on GNOME keyring, to show plenty of detail for a certificate. Once you “Trust” a website other GCR-using applications can also trust it.
The cherry on the secure cake is HSTS, not to be confused with whatever Wikipedia may suggest it stands for, HTTP Strict Transport Security, which Midori recognizes and caches behind the scenes – no UI by design, you get SSL without typing https.

For lots of other exciting goodies in this release, see the ridiculously long beast of a change log. And stay tuned on the Windows build – it’s going to follow soon.

So download Midori v0.4.7 (1 MB) (MD5) (ChangeLog) already!

5 thoughts on “Downloading, certificates and funny acronyms

  1. midori-fan

    I actually thought midori’s failure when not being able to verify was a cool feature. It’s the right thing to do.

    I really don’t want too much going on “behind the scenes” _by default_ where this is concerned. That is how exploits happen. When no one knows what’s happening behind the scenes and they blindly trust the browser.

    Now, I’ll accept that it’s necessary to be able to have certificate checking automated. It’s great to hear you’ve settled on a solution.

    I’d still like to see instructions on how to check certificates and add them to /etc manuallly, using openssl_verify of whatever. midori’s failure feature has motivated me to learn how to do this. And for that I’m thankful.

    Alas, real security is not something that comes from blindly trusting someone else’s automation. Users ideally should understand how things are done manually before they turn on “automatic security”.

  2. Pingback: Релиз Midori 0.4.7 | PROUBUNTU

  3. Pingback: Релиз Midori 0.4.7, легковесного веб-браузера на базе движка WebKit | AllUNIX.ru — Всероссийский портал о UNIX-системах

  4. Hue

    Anybody else got this error when running make?

    [ 30/138] cc: midori/midori-panel.c -> _build/default/midori/midori-panel_1.o
    Waf: Leaving directory `/home/hue/src/midori-0.4.7/_build’
    Build failed: -> task failed (err #1):
    {task: cc midori-browser.c -> midori-browser_1.o}
    make: *** [all] Error 1

Comments are closed.