←back to thread

All extensions disabled due to expiration of intermediate signing cert

(bugzilla.mozilla.org)
1318 points xvector | 7 comments | 04 May 19 01:31 UTC | HN request time: 1.33s | source | bottom
Show context
rmbryan ◴[04 May 19 10:27 UTC] No.19825581[source]
Update: We have rolled out a partial fix for this issue. We generated a new intermediate certificate with the same name/key but an updated validity window and pushed it out to users via Normandy (this should be most users). Users who have Normandy on should see their add-ons start working over the next few hours. We are continuing to work on packaging up the new certificate for users who have Normandy disabled.
replies(20): >>19825596 #>>19825603 #>>19825612 #>>19825623 #>>19825631 #>>19825665 #>>19825705 #>>19825721 #>>19825744 #>>19825813 #>>19825905 #>>19825998 #>>19826421 #>>19826769 #>>19826772 #>>19826878 #>>19827050 #>>19829585 #>>19831941 #>>19840386 #
brador ◴[04 May 19 10:31 UTC] No.19825596[source]
What is Normandy?
replies(2): >>19825604 #>>19825613 #
megous ◴[04 May 19 10:33 UTC] No.19825604[source]
https://wiki.mozilla.org/Firefox/Normandy/PreferenceRollout
replies(1): >>19825619 #
chinathrow ◴[04 May 19 10:36 UTC] No.19825619[source]
So is that a backdoor into my prefs? How can I check if Normandy is active on my installation?
replies(2): >>19825625 #>>19825696 #
megous ◴[04 May 19 10:58 UTC] No.19825696[source]
Something with a public wiki page describing what it does exactly is hardly a backdoor.

Also here's the code for the server: https://github.com/mozilla/normandy

replies(1): >>19825812 #
tssva ◴[04 May 19 11:29 UTC] No.19825812[source]
The wiki entry evidently doesn't describe what it does because according to the wiki entry it allows for the enabling and disabling of preferences. The updating of a certificate is beyond what is described in the wiki.

Mozilla should follow up with a post describing exactly how Normandy works and the full capabilities it gives them.

replies(2): >>19825915 #>>19831678 #
1. tssva ◴[04 May 19 12:10 UTC] No.19825941[source]
Users shouldn't have to search and then be able to understand the code found for such a feature. When a remote capability such as this exists it is Mozilla's responsibility to document how the feature works and the exact capabilities it gives them. Instead of doing so they have produced a wiki entry which appears to falsely describe the capabilities of this remote feature by stating it is used to change default preference values.
replies(2): >>19826026 #>>19826726 #
2. greendestiny_re ◴[04 May 19 13:07 UTC] No.19826178[source]
All code is available – as a tar.xzipped archive of Firefox source code containing over 150k files and measuring over 1GB in size when unpacked.
replies(1): >>19826748 #
3. megous ◴[04 May 19 14:40 UTC] No.19826726[source]
Hacker News

I think people here can be expected to read some code if they are interested in how something works.

4. megous ◴[04 May 19 14:43 UTC] No.19826748[source]
grep -iR normandy

I expect code related to normandy to be ~1k LOC in size and probably written in JS. I haven't checked though, because I don't really care today.

replies(1): >>19828332 #
5. lordlimecat ◴[04 May 19 18:27 UTC] No.19828249[source]
Open source software can't have a backdoor because the code is available to review.

Got it.

6. devcpp ◴[04 May 19 18:38 UTC] No.19828332{3}[source]
And you shouldn't have to care. No one should. The very fact that this exists and that we are expected to trust it is very disappointing.
7. dang ◴[05 May 19 04:16 UTC] No.19831123{4}[source]
Please read and follow the site guidelines when commenting here.

https://news.ycombinator.com/newsguidelines.html