I like FF, don't get me wrong, but this is going to absolutely fucking destroy user trust in Mozilla. This kind of incompetence, on a browser scale, is breathtaking.
I'm not sure this cert is used with the PW manager?
Firefox password storage isn't even encrypted by default, last I checked.
I think we'll all live. No need for the chicken little act.
My concern is around non-technical users (the group, mind you, that Firefox has been spending marketing dosh on courting recently with Quantum and all) who don't have as compelling reasons for not just switching back to Chrome. In the last hour, I've gotten several phone calls from family members asking me why the browser I convinced them to use is broken. I don't have a good answer, because platitudes about surveillance and muh freedoms don't count for shit when your grandma just wants to get rid of the ads on the local newspaper site.
I'm personally going nowhere and deeply appreciate Mozilla for all the work on FF and friends, occasional fuckups aside, but I don't think this is going to be a non-event for a browser that's been desperately fighting to regain market/mind-share.
We check our warning system (set up to detect suspicious logins, incidentally also catches any users who've been locked out because they forgot their password), and his last login attempt took a total of two tries.
Example: https://subdavis.com/Tusk/
Very much this. People are often too quick to forget who their customers are and what they really want.
Sadly, I have to agree that this feels like a big blow to user trust.
User trust is not really just about respect or values; it definitely also includes things like performance and reliability. The average user, right now feeling powerless, might even feel anger towards Mozilla for this - after all, they already downloaded the extension, why would they all just stop working behind their backs? They don't understand what CAs are or why certificates expire. People don't frankly care what place your heart is in when they are angry about something. Perhaps people are being dramatic, but that's normal. People are pretty darn dramatic about Chrome, too.
Meanwhile... I use Firefox everywhere, and I've lost my password manager, adblocking, security-related extensions, etc. all in one go, and the only solutions I'm aware of involve disabling extension signing. Gotta admit, even though I will probably continue using Firefox after this, that it certainly is a bummer.
While I agree with you two assuming the bridge is over water and not too high, there are real consequences that cannot be reversed. I cannot unsee the ads I saw in the past few minutes before switching to nightly.
And yet every other major browser vendor has punched their users with far worse catastrophes of privacy, security, ripping away features, breaking features, and general shitheaddedness.
Switching browsers because of this incident is like ordering a burger at your favourite restaurant and one time it comes out without the meat patty, so in protest you switch to a crappy alternative restaurant that has had a long history of health code violations.
I'm glad you have software/vendors you feel you can trust. I definitely don't feel that way about most software anymore. I do think you are being a bit hyperbolic regarding other browser vendors, but to each their own, I don't know what trying to argue about that would solve for anyone.
This should not be possible.
Worse, had they not taken the paternalistic, nanny-like stance that you can't even disable the signing checks, I could roll out a script that would make this a non-issue for my users. But no, thanks Mozilla for ruining my Monday.
Might not be the most substantive comment I could possibly make in the circumstances, but I'm pissed. The only appropriate response feels like a string of infuriated profanity directed at their incompetence and decision-making.
Luckily, I can still type "make install" without debian informing me that "random_dangerous_untrusted_code_from_interwebs" is not approved.
I think what is a real tough dillema is being sad about nonfunctioning adblocker while working for the biggest internet ads company.
So are you working in chrome marketing department?
I have computers other than my work computer(s.) I, indeed, do not have Chrome or Chromium installed on my home boxes running NixOS. I do not use my work devices for personal web browsing. I'm currently posting this message with Firefox 66.0.3 on NixOS 19.03.
>I think what is a real tough dillema is being sad about nonfunctioning adblocker while working for the biggest internet ads company. > >So are you working in chrome marketing department?
I'm a software engineer. I'm also over at Github:
I work at Google because it's an excellent place to work. I'm far from elite; I didn't finish college (couldn't afford) and I grew up in the suburbs of Detroit, so being able to work at any large SV company is something I don't take for granted. I don't think any single employee can claim to love 100% of the things Google does, and that's fine. Nobody is required to.
As for why I would use an adblocker, practically speaking it's both for reducing annoyances and increasing security. Malware (and 0days!) delivered via ads is not unheard of, sadly.