They only point out the opt-in instructions for the few people that voluntarily opt out of Shield studies and wish to get the fix sooner.
Most Firefox users have that checkbox enabled by default, and so most Firefox users received the fix within 0-6 hours of the blog post's publication.
HN readers often take special care to prevent Mozilla from updating Firefox, but that in no way represents the wider population of either all addons users or all Firefox users.
Then it seems it’s a good thing they had a system in place that could deliver the quick fix in less than a day, on a Friday evening, when shipping a normal fix could have — is — taking longer to ship than that quick fix did.
> it’s a good thing they had a system in place that could deliver the quick fix
No, it's not. "Studies" is not a security-related mechanism and it didn't exist in the past, when fixes were rolled out very quickly anyway for security reasons. "Studies" should not be relied on to be a fix-delivery mechanism, because it just isn't.
This is not even about privacy, it's simple good engineering sense.
It seems like your objection to the Normandy system is that the UX surrounding it includes the word “Studies”. I am grateful they chose in this instance to prioritize repairing addons worldwide over the confusion that word has caused you and potentially others. I assume, having seen this and other such comments delivered with outrage rather than thankfulness today, that they will re-evaluate the UX surrounding the Normandy system to ensure that it more clearly designates non-study changes as such.
It's not about designation, it's about control. If Mozilla really cares about trust, they shouldn't mix their update delivery system, which should care for timely security-related material, with general telemetry, data-gathering, and experiments.
I use FF because I care about principles. Otherwise I might as well just let myself be exploited by Google, MS, Apple and friends.
Ah, you object to Normandy’s design in some manner. That’s being hashed out in today’s Normandy thread, and if you haven’t already read that link you’ll definitely want to:
Why does it take longer to ship a general fix / update? They don’t do a full regression for the studies fix? Update mechanism doesn’t check for updates as often? I couldn’t find any information on this yet but would love to know.
“How long does it take to build, unit test, performance test, and QA check a new Firefox release on every supported release of macOS, Windows, and Linux platform?” is absolutely a question that outraged users are trying not to confront. You’re right to ask it, so don’t let the downvotes get you down.
Presumably the testing burden for a preference update using Normandy is smaller, as (and I’m guessing wildly here) fewer things can be altered with Normandy and therefore testing can be simplified to exclude, for made-up example, “the code-signed binary can be executed on all platforms”.
Sounds reasonable to me. Would love too see that information on the official Mozilla blog for the post-mortem. I personally think it is great to have a mechanism to push fixes quickly - whatever the name is. I just don't understand why this mechanism can't be the regular update mechanism.
Most Firefox users have that checkbox enabled by default, and so most Firefox users received the fix within 0-6 hours of the blog post's publication.
HN readers often take special care to prevent Mozilla from updating Firefox, but that in no way represents the wider population of either all addons users or all Firefox users.