Most active commenters
  • Wowfunhappy(7)

←back to thread

All extensions disabled due to expiration of intermediate signing cert

(bugzilla.mozilla.org)
1318 points xvector | 21 comments | 04 May 19 01:31 UTC | HN request time: 1.085s | source | bottom
Show context
Wowfunhappy ◴[04 May 19 02:12 UTC] No.19823890[source]
This is why users need to be in control of their own computers. Why can't I tell my copy of Firefox to ignore the certificate? Why can't I sign my own extensions?

Mistakes happen, it's okay. But users should be empowered to work around them.

replies(9): >>19823918 #>>19823919 #>>19823921 #>>19823930 #>>19824013 #>>19824265 #>>19824275 #>>19824334 #>>19824438 #
1. ehsankia ◴[04 May 19 02:19 UTC] No.19823919[source]
> Why can't I tell my copy of Firefox to ignore the certificate? Why can't I sign my own extensions?

The issue is that if you leave any sort of lever that reduces security, it will be abused by bad actors. This is why browsers are having ever decreasing ways to bypass security and have full access. It is annoying, but at the end of the day, protecting 99.999% of the users trumps what us power users want.

replies(4): >>19823956 #>>19823992 #>>19824076 #>>19825643 #
2. userbinator ◴[04 May 19 02:29 UTC] No.19823956[source]
protecting 99.999% of the users

It is horribly paternalistic to advocate for keeping users ignorant, unlearning, and --- dare I say it --- easily manipulated.

I will refrain from mentioning again that infamous Franklin quote. I am frankly very fucking pissed off by this authoritarian walled-garden trend, and vehemently oppose anyone who helps this industry put the nooses around the necks of others as well as their own.

replies(4): >>19823984 #>>19824236 #>>19824346 #>>19824781 #
3. macintux ◴[04 May 19 02:34 UTC] No.19823984[source]
I’ve been in software development and operations for 25 years.

I still don’t want to have to understand everything I ever touch, even if I could.

replies(3): >>19823998 #>>19824018 #>>19824143 #
4. ◴[04 May 19 02:35 UTC] No.19823992[source]
5. Wowfunhappy ◴[04 May 19 02:37 UTC] No.19823998{3}[source]
I'm not understanding the relationship. Of course users aren't going to understand all the underpinnings of how software works.

I do think that in the future, it will be imperative for everyone to have some level of technological literacy above what is currently the average. And I'd like to work to get to that point, instead of taking all the tools away because they're too dangerous.

Also, sensible defaults are good! Hiding dangerous settings is also good! What's not okay is making those settings completely unavailable. At least in Firefox's case you have the option to recompile the source code, but that should not be the only recourse...

replies(1): >>19824249 #
6. swiley ◴[04 May 19 02:41 UTC] No.19824018{3}[source]
"don't run privileged code from people you don't trust." Is both critically important to understand for anyone using a network connected computer and not at all complicated.

If we're going to be authoritarian I would rather ban anyone who doesn't understand that from connecting to the internet then have a broken walled garden.

replies(1): >>19824115 #
7. Wowfunhappy ◴[04 May 19 02:55 UTC] No.19824076[source]
Consider the recent news stories about the Boeing 737 Max. Boeing added an automatic system to an airplane, and then didn't give users (the pilots) a way to disable that system. This worked out great while the automatic system is working properly. When the system broke, well, we all know what happened.

If we're going to assume that software is right and the user is wrong 100% of the time, then the software needs to actually be right 100% of the time. Unfortunately, our software isn't that robust, and it never will be.

replies(2): >>19824154 #>>19824376 #
8. datguacdoh ◴[04 May 19 03:03 UTC] No.19824115{4}[source]
> "don't run privileged code from people you don't trust." Is both critically important to understand for anyone using a network connected computer and not at all complicated.

That is absolutely complicated for the vast majority of the world's internet users. No one else is my family would understand what the hell "privileged code" means and shouldn't have to.

replies(1): >>19824260 #
9. mrob ◴[04 May 19 03:09 UTC] No.19824143{3}[source]
>I still don’t want to have to understand everything I ever touch

If you don't understand it, don't touch it. The default settings should work for most users. There can even be a warning against touching without understanding, like with Firefox's about:config. The offensive thing is preventing users from touching even if they do understand.

replies(1): >>19827332 #
10. yazzoo7 ◴[04 May 19 03:11 UTC] No.19824154[source]
You mean the 737Max?
replies(1): >>19824163 #
11. Wowfunhappy ◴[04 May 19 03:13 UTC] No.19824163{3}[source]
Yes, that was stupid. Edit now, thank you.
12. simcop2387 ◴[04 May 19 03:28 UTC] No.19824236[source]
The issue here is that this wasn't done in a vacuum. Other software vendors were secretly and deceptively installing extensions that were tracking everything users were doing online.
13. ◴[04 May 19 03:30 UTC] No.19824249{4}[source]
14. Wowfunhappy ◴[04 May 19 03:32 UTC] No.19824260{5}[source]
The statement can be simplified down to "don't run programs downloaded from random websites which ask for your admin password."

Adjust the qualifier at the end depending on your platform. On Windows, it might be apps that present a UAC dialogue—or maybe just remove the qualifier, since Windows doesn't do much sandboxing by default.

15. lvh ◴[04 May 19 03:56 UTC] No.19824346[source]
Most people do not know what a manifest.json is or what sort of permissions they're handing to a random WebExtension.

If you want your freedom from reviewed extensions: fine, get an unbranded Firefox, or Developer edition, and you get that.

replies(1): >>19826819 #
16. catherd ◴[04 May 19 04:05 UTC] No.19824376[source]
It doesn't have to actually be right 100% of the time. The balance of downsides and upsides of any chosen solution just have to be more palatable than those of whatever alternate implementation you're considering, with a tradeoff between 100% correctness and ability to be implemented before the heat death of the universe being one of the axes to be considered, as well as the level of benefit provided over your whole user base.

In this case, dropping the extra control/ignoring power users is probably saving a lot of non-power users from shooting themselves in the foot in the vast majority of cases. Pilots (should be) 100% power users. The average operator of a browser is somewhere on the opposite end of the spectrum.

Any real system will have things go horribly wrong for some subset of users on a regular basis. It's impossible to be all things for all people for all situations, so you have to choose your battles.

17. shstalwart ◴[04 May 19 06:22 UTC] No.19824781[source]
Completely agree. Using firefox feels more and more like using an iThing.
18. megous ◴[04 May 19 10:43 UTC] No.19825643[source]
> The issue is that if you leave any sort of lever that reduces security, it will be abused by bad actors.

As you can see in this discussion, there already are some obtuse ways to disable/ignore the signing. It's just way worse if people have to disable the signing instead of adding a trust for their own certificate, so that only mozilla and user's addons are truste instead of all the malicious garbage out there on the web.

19. Wowfunhappy ◴[04 May 19 14:58 UTC] No.19826819{3}[source]
A Developer Edition is unstable, so I wouldn’t want to use that.

If you can recommend an fork that allows extension sideloading but is kept up to date, please do so, I’ve been looking...

replies(1): >>19826972 #
20. Wowfunhappy ◴[04 May 19 15:20 UTC] No.19826972{4}[source]
Okay, figured it out. Thank you for giving me the search term "Unbranded Firefox"—I didn't realize this referred to something specific.

Unbranded Firefox is actually a specific version of Firefox distributed by Mozilla, which allows you to disable extension signing requirements. I am very glad to see that they offer this, and I will be using it from now on.

https://wiki.mozilla.org/Add-ons/Extension_Signing#Unbranded...

21. sfink ◴[04 May 19 16:14 UTC] No.19827332{4}[source]
The difficulty is in how to keep them available to end users while keeping them unavailable to malware and bad actors who post "helpful" advice or publish temporarily useful addons that get updated to malware.

I'm not disagreeing with you, but the right mechanism is not straightforward to figure out, and you'll always be in a game of cat and mouse. One that sucks resources from whatever other useful stuff you might be spending your (or Mozilla's) time on.