Most active commenters
  • Wowfunhappy(8)
  • (4)

←back to thread

All extensions disabled due to expiration of intermediate signing cert

(bugzilla.mozilla.org)
1318 points xvector | 33 comments | 04 May 19 01:31 UTC | HN request time: 0.47s | source | bottom
1. Wowfunhappy ◴[04 May 19 02:12 UTC] No.19823890[source]
This is why users need to be in control of their own computers. Why can't I tell my copy of Firefox to ignore the certificate? Why can't I sign my own extensions?

Mistakes happen, it's okay. But users should be empowered to work around them.

replies(9): >>19823918 #>>19823919 #>>19823921 #>>19823930 #>>19824013 #>>19824265 #>>19824275 #>>19824334 #>>19824438 #
2. userbinator ◴[04 May 19 02:19 UTC] No.19823918[source]
It's always felt somewhat unsettling that, although the Internet is decentralised, a small number of large organisations have a surprisingly large amount of control over the software which the majority of users view sites with. I don't like this concentration of power --- even if you think Mozilla is benevolent, it's not immune to making mistakes; and the more power it has, the bigger the consequences.

Before the forced code signing, before the automatic updates, Mozilla or any other organisation's mistakes would not have such dramatic effects; now, they have the power to basically break almost all their userbase nearly instantly, and that is what worries me the most.

3. ehsankia ◴[04 May 19 02:19 UTC] No.19823919[source]
> Why can't I tell my copy of Firefox to ignore the certificate? Why can't I sign my own extensions?

The issue is that if you leave any sort of lever that reduces security, it will be abused by bad actors. This is why browsers are having ever decreasing ways to bypass security and have full access. It is annoying, but at the end of the day, protecting 99.999% of the users trumps what us power users want.

replies(4): >>19823956 #>>19823992 #>>19824076 #>>19825643 #
4. revvx ◴[04 May 19 02:20 UTC] No.19823921[source]
It is possible, according to another post by bitbang [1]:

> Temporary work around till the cert gets fixed: set "xpinstall.signatures.required" to false

https://news.ycombinator.com/item?id=19823879

replies(1): >>19824133 #
5. ◴[04 May 19 02:22 UTC] No.19823930[source]
6. userbinator ◴[04 May 19 02:29 UTC] No.19823956[source]
protecting 99.999% of the users

It is horribly paternalistic to advocate for keeping users ignorant, unlearning, and --- dare I say it --- easily manipulated.

I will refrain from mentioning again that infamous Franklin quote. I am frankly very fucking pissed off by this authoritarian walled-garden trend, and vehemently oppose anyone who helps this industry put the nooses around the necks of others as well as their own.

replies(4): >>19823984 #>>19824236 #>>19824346 #>>19824781 #
7. macintux ◴[04 May 19 02:34 UTC] No.19823984{3}[source]
I’ve been in software development and operations for 25 years.

I still don’t want to have to understand everything I ever touch, even if I could.

replies(3): >>19823998 #>>19824018 #>>19824143 #
8. ◴[04 May 19 02:35 UTC] No.19823992[source]
9. Wowfunhappy ◴[04 May 19 02:37 UTC] No.19823998{4}[source]
I'm not understanding the relationship. Of course users aren't going to understand all the underpinnings of how software works.

I do think that in the future, it will be imperative for everyone to have some level of technological literacy above what is currently the average. And I'd like to work to get to that point, instead of taking all the tools away because they're too dangerous.

Also, sensible defaults are good! Hiding dangerous settings is also good! What's not okay is making those settings completely unavailable. At least in Firefox's case you have the option to recompile the source code, but that should not be the only recourse...

replies(1): >>19824249 #
10. lmz ◴[04 May 19 02:40 UTC] No.19824013[source]
Because it's hard to tell the difference between "users" and "malicious software running on their computers".
replies(2): >>19824274 #>>19824646 #
11. swiley ◴[04 May 19 02:41 UTC] No.19824018{4}[source]
"don't run privileged code from people you don't trust." Is both critically important to understand for anyone using a network connected computer and not at all complicated.

If we're going to be authoritarian I would rather ban anyone who doesn't understand that from connecting to the internet then have a broken walled garden.

replies(1): >>19824115 #
12. Wowfunhappy ◴[04 May 19 02:55 UTC] No.19824076[source]
Consider the recent news stories about the Boeing 737 Max. Boeing added an automatic system to an airplane, and then didn't give users (the pilots) a way to disable that system. This worked out great while the automatic system is working properly. When the system broke, well, we all know what happened.

If we're going to assume that software is right and the user is wrong 100% of the time, then the software needs to actually be right 100% of the time. Unfortunately, our software isn't that robust, and it never will be.

replies(2): >>19824154 #>>19824376 #
13. datguacdoh ◴[04 May 19 03:03 UTC] No.19824115{5}[source]
> "don't run privileged code from people you don't trust." Is both critically important to understand for anyone using a network connected computer and not at all complicated.

That is absolutely complicated for the vast majority of the world's internet users. No one else is my family would understand what the hell "privileged code" means and shouldn't have to.

replies(1): >>19824260 #
14. parrellel ◴[04 May 19 03:06 UTC] No.19824133[source]
Gratzi!
15. mrob ◴[04 May 19 03:09 UTC] No.19824143{4}[source]
>I still don’t want to have to understand everything I ever touch

If you don't understand it, don't touch it. The default settings should work for most users. There can even be a warning against touching without understanding, like with Firefox's about:config. The offensive thing is preventing users from touching even if they do understand.

replies(1): >>19827332 #
16. yazzoo7 ◴[04 May 19 03:11 UTC] No.19824154{3}[source]
You mean the 737Max?
replies(1): >>19824163 #
17. Wowfunhappy ◴[04 May 19 03:13 UTC] No.19824163{4}[source]
Yes, that was stupid. Edit now, thank you.
18. simcop2387 ◴[04 May 19 03:28 UTC] No.19824236{3}[source]
The issue here is that this wasn't done in a vacuum. Other software vendors were secretly and deceptively installing extensions that were tracking everything users were doing online.
19. ◴[04 May 19 03:30 UTC] No.19824249{5}[source]
20. Wowfunhappy ◴[04 May 19 03:32 UTC] No.19824260{6}[source]
The statement can be simplified down to "don't run programs downloaded from random websites which ask for your admin password."

Adjust the qualifier at the end depending on your platform. On Windows, it might be apps that present a UAC dialogue—or maybe just remove the qualifier, since Windows doesn't do much sandboxing by default.

21. ◴[04 May 19 03:33 UTC] No.19824265[source]
22. Wowfunhappy ◴[04 May 19 03:35 UTC] No.19824274[source]
If the malicious software can adjust protected user settings, can't it also just inject into the Firefox process directly?

If there's a privilege level that allows for one but not the other, that sounds like something Mozilla should fix.

23. anfilt ◴[04 May 19 03:35 UTC] No.19824275[source]
Makes me think of this ticket no work around for the error other than closing the browser and editing a file or modifying the browser and recompiling. No options at all in the advance settings.

https://bugzilla.mozilla.org/show_bug.cgi?id=1528738

It's stuff like this that makes me unhappy with mozzilla. User's who know what they are doing should be permitted to do so. Warn them here be dragons or whatever, but it's ultimately their choice.

24. lvh ◴[04 May 19 03:54 UTC] No.19824334[source]
There are multiple versions of Firefox that do that: the Developer edition, and most of the unbranded versions.
25. lvh ◴[04 May 19 03:56 UTC] No.19824346{3}[source]
Most people do not know what a manifest.json is or what sort of permissions they're handing to a random WebExtension.

If you want your freedom from reviewed extensions: fine, get an unbranded Firefox, or Developer edition, and you get that.

replies(1): >>19826819 #
26. catherd ◴[04 May 19 04:05 UTC] No.19824376{3}[source]
It doesn't have to actually be right 100% of the time. The balance of downsides and upsides of any chosen solution just have to be more palatable than those of whatever alternate implementation you're considering, with a tradeoff between 100% correctness and ability to be implemented before the heat death of the universe being one of the axes to be considered, as well as the level of benefit provided over your whole user base.

In this case, dropping the extra control/ignoring power users is probably saving a lot of non-power users from shooting themselves in the foot in the vast majority of cases. Pilots (should be) 100% power users. The average operator of a browser is somewhere on the opposite end of the spectrum.

Any real system will have things go horribly wrong for some subset of users on a regular basis. It's impossible to be all things for all people for all situations, so you have to choose your battles.

27. TheRealPomax ◴[04 May 19 04:27 UTC] No.19824438[source]
You can, though, on both accounts? Use the dev version of Firefox and you get the power to ignore addon certificates, and you can already self-sign your own extensions as much as you like?
28. altfredd ◴[04 May 19 05:31 UTC] No.19824646[source]
Fortunately, it is no longer necessary to run malicious software on user computers. With latest "advancements" in Firefox security everyone can publish malware directly in Firefox addon center [1]. No review needed!

"We accidentally uploaded all your HTTP requests to our servers, but we will definitely fix that in next addon version!~"

[1]: https://arstechnica.com/?post_type=post&p=1340459

29. shstalwart ◴[04 May 19 06:22 UTC] No.19824781{3}[source]
Completely agree. Using firefox feels more and more like using an iThing.
30. megous ◴[04 May 19 10:43 UTC] No.19825643[source]
> The issue is that if you leave any sort of lever that reduces security, it will be abused by bad actors.

As you can see in this discussion, there already are some obtuse ways to disable/ignore the signing. It's just way worse if people have to disable the signing instead of adding a trust for their own certificate, so that only mozilla and user's addons are truste instead of all the malicious garbage out there on the web.

31. Wowfunhappy ◴[04 May 19 14:58 UTC] No.19826819{4}[source]
A Developer Edition is unstable, so I wouldn’t want to use that.

If you can recommend an fork that allows extension sideloading but is kept up to date, please do so, I’ve been looking...

replies(1): >>19826972 #
32. Wowfunhappy ◴[04 May 19 15:20 UTC] No.19826972{5}[source]
Okay, figured it out. Thank you for giving me the search term "Unbranded Firefox"—I didn't realize this referred to something specific.

Unbranded Firefox is actually a specific version of Firefox distributed by Mozilla, which allows you to disable extension signing requirements. I am very glad to see that they offer this, and I will be using it from now on.

https://wiki.mozilla.org/Add-ons/Extension_Signing#Unbranded...

33. sfink ◴[04 May 19 16:14 UTC] No.19827332{5}[source]
The difficulty is in how to keep them available to end users while keeping them unavailable to malware and bad actors who post "helpful" advice or publish temporarily useful addons that get updated to malware.

I'm not disagreeing with you, but the right mechanism is not straightforward to figure out, and you'll always be in a game of cat and mouse. One that sucks resources from whatever other useful stuff you might be spending your (or Mozilla's) time on.