It is a perfectly valid reasoning: Addons can be like malware, and that is something Mozilla should protect its users from. Reviewing and then signing extensions is an ok way to do that. But the focus here is not the signing, it is the reviewing.
The problem is not the reviewing either. That may take time and is unpleasant, but it offers something good in return. The problem is the "we will do it this way and make it not configurable". There is no need for that. Users don't change defaults, it would be perfectly valid to go the android route: Disallow the installation of unreviewed addons by default, but add an option in the settings to override this behaviour for users who know what they are doing.
That way, you still protect users in general, and you don't anger the other users who want to install addons from github or whatever. It was completely unnecessary to make it this controversial by forcing it on all users, by taking freedom away.
Actually, the point of this change is that there is no opt out. The main target of this change is to prevent grayware from silently sideloading bad add-ons onto users' systems. Up to this point, such grayware could hide behind the argument that some user action implied consent to the add-on installation. With this new change, that is no longer possible. It is almost as easy for such grayware to silently modify the Firefox binary directly, so from a security standpoint this change does not really contribute much. However, such modification to the Firefox binary (or a similar action) is much more obviously malware than side loading an extension is. So Mozilla is trying to gain leverage against bad actors who are trying to pose as legitimate actors. The problem with an opt-out is that grayware could silently activate the opt-out and claim that such an action was implied by the installation of the grayware.
That said, Mozilla has also said that they will release an unbranded version of Firefox that does not include the add-on signing restriction but is otherwise identical. Hopefully, that "identical" promise holds true and users who do not want to deal with the signing restriction can use this unbranded version.
Microsoft already disproved this belief with Window’s UAC mechanism. Unless you have an unusually savvy user-base, you have to assume that a non-trivial percentage of people will approve any prompt which is claimed to give music, games, coupons, porn, etc.
Just to illustrate how unworkable this is currently, Facebook had to include a huge warning in the developer console telling you not to XSS yourself because people would follow instructions to open the developer tools and paste in a blob of JavaScript: https://www.facebook.com/help/246962205475854
In which case they will also download and run SomethingSagaCheats.exe without second thought. Should Firefox disable exe downloads without a setting to turn them on? What about users who download SomethingSagaCheats.jpg and rename it to exe before running? We should disable all downloads then, no?
In general I do not like restricting rights to protect people. Now Mozilla is no government, but the same basic idea is going on here. Removing (instead of disabling or discouraging) features in the name of safety. At some point you have to tell someone they are responsible for their own online safety, give them the resources to educate themselves, and let them face the consequences if they choose not to.
Exactly. Instead of encouraging an environment of healthy suspicion and "I don't know what this does, maybe I should find out more first; else I shouldn't run it" type of attitude, we've gotten into a situation where people are seemingly loathe to educate themselves - and have been conditioned to trust whatever some piece of software says about whether something is malware or not.
I appreciate your desire to improve user security, but it is a huge uphill battle, and many things that you imagine will help will just make users switch to something that nags them less.
Teaching users to be safe -- assuming that's possible -- is a battle that has to be won in very very small steps.
> At some point you have to tell someone they are responsible for their own online safety, give them the resources to educate themselves, and let them face the consequences if they choose not to.
If you follow the Mozilla security blogs, they've spent the last couple of years removing the ability of not-quite-malware to alter the browser without both the user opting-in and having an easy way to disable anything if they change their mind. That doesn't stop outright malware but it removes one of the legal fig-leaves which ad-ware vendors rely on and exactly supports your stated goal above by allowing a user to learn how to manage add-ons and remove something annoying without having their decision reset by the adware.
The real problem, however, is that it's currently fantasy to assume that any has enough information to make these decisions because a) the permissions models are still basically all-or-nothing and b) the halting problem has not yet been solved. Unfortunately, it's not just a question of tweaking the permissions models – as Android has shown, all that does is train users to approve blindly because every single app requests access to just about everything. That's not something we can fix overnight because it involves both things like better permissions models and changing the structure of the environment to be closer to something like WebIntents where many classes of add-on are only executed in response to specific user actions.
Until we reach that promised land, however, I don't see the big deal to Mozilla requiring you follow a free signing process for an extension so add-ons can easily be killed if needed and publishing something deceptive will require you to burn a developer account. It's not like they're talking about anything based on the content of the add-on.
In this case, the opt-out is to download the unbranded version of the browser. It's identical to the normal version but it doesn't use Mozilla's trademarks (logos etc) and won't require signed extensions.
It could also patch firefox.exe to allow it. Or, just run in the background in its own process because malware.exe is already running. Once you have malicious binaries running on the user's computer all bets are off.
This is partially true – code-signing defeats it on modern operating systems – but don't forget that much of the problem isn't outright malware but rather ad-ware like the ask.com toolbar where the companies try to claim that users chose to enable it to avoid prosecution or lawsuits.
This is a relatively minor change but the automated checks prevent some of the more blatant abuse and, more importantly, the fact that you can't just anonymously upload code forces shady companies to leave more of a paper-trail.
My windows box will still happily run unsigned binaries, so I don't see how code-signing would help it there. Unless you were not referring to regular windows/linux as modern. I'm not sure if there's anything special with regards to replacing signed binaries with unsigned ones, but if so you could just put the binary elsewhere and replace the shortcuts.
With regard to the ad-ware like toolbars, is that really reason enough to lock everyone into a walled garden? I'd rather deal with the occasional toolbar than only being allowed run blessed extensions.
> My windows box will still happily run unsigned binaries, so I don't see how code-signing would help it there. Unless you were not referring to regular windows/linux as modern
Close: it's not the OS flavor so much as the security configuration. All of the major operating systems can be configured to restrict execution – whether that's mandatory code-signing, only running code from white-listed restricted directories, etc. this can be used by a security-aware admin to prevent whole classes of attacks or escalation for successful attacks.
That's the default on OS X but can also be enabled if you're willing to break with tradition on most other operating systems. That certainly has a compatibility cost but much of that cost is born by users who don't benefit from it.
> With regard to the ad-ware like toolbars, is that really reason enough to lock everyone into a walled garden?
First, the nakedesecurity writer used a click-bait headline to troll for clicks but that hinges on a redefinition for the accepted meaning of “walled garden”. It's highly misleading since Mozilla isn't charging for signatures or deciding which companies are allowed to publish add-ons.
Second, millions of people are affected by dishonest software. I'm not terribly enthusiastic about needing to sign things now but I'm not cavalier enough to dismiss the argument that a minor inconvenience for a few developers is worth more than improving the average user’s experience. Any time I look at my front-end JavaScript logs, I'm reminded of just how many people are browsing the web with untrustworthy code injected into every page.
Theoretically Malware.exe could be able to replace (or alias, or provide a convenient shortcut on Windows' desktop) the Firefox binary with one, that does not perform a certificate check. It is hard to protect user from something that is already running on their computer.
In which case, for the user's safety, we need to remove the ability to download exe's. Disabling won't be good enough; they may follow steps to enable it not knowing what they are doing.
It's funny to read this and the previous articles about the loss of freedom in Firefox, then see the description on its download page (https://www.mozilla.org/en-US/firefox/new/):
"Download Mozilla Firefox, a free Web browser. Firefox is created by a global non-profit dedicated to putting individuals in control online."
I find the "appeal to security" argument that's being increasingly popular these days as nothing more than an excuse to restrict general-purpose computing and control the users, and I am not happy about it at all. "Malware is the new terrorism." The idea that we should take away freedom just because someone could possibly make a wrong decision is personally quite horribly disturbing. On the other hand, from the perspective of wanting to exert control, it makes perfect sense: by decreasing the amount of decisions users have to do, it induces atrophy of their critical thinking skills, and makes them more inclined to accept things without questioning...
"Freedom is not worth having if it does not include the freedom to make mistakes."
Users are still allowed to install any extension from outside the garden they want.
It's yet another hoop to jump through, one that further splits "developers" and "users" and makes it harder to be a "casual developer" - one who just wants to make an extension and share it among a small group.
> one who just wants to make an extension and share it among a small group.
That's a fair point, but I don't think it's that bad. I do this all the time with Chrome, which already has walled garden:
"Hey guys, I made a Chrome Extension that inlines all the images in our shitty issue tracking app rather than having to download them all. Extract the zip, visit chrome://extensions, enable developer mode, and load that folder."
Except in this new scenario it's install a different version of Firefox (Firefox Developer). Good luck with that on many work machines. My dad is unable to install any applications on his work machine but he was able to install Adblock for Chrome the other day. So had he wanted to install this hypothetical extension for Firefox he would have been unable to.
My startup, that shall go nameless, provides a service used mainly by the tech illiterate. Early in our first beta we determined we needed to log client side errors since there is quite a lot going on in there, so we quickly implemented a system that phones homes for every uncaught exception and error. Since we didn't filter the source, immediately after we were getting flooded with third party javascript errors. But not the innocuous facebook like button or google analytics kind of errors, mind you, but errors coming from javascript sources we had never added, that is, injected javascript.
Upon further inspection at the source code of these scripts and some googling, we found out that it was ad injecting malware in the form of Chrome extensions. Basically and long story short, some 40-50% of our customer base browses the web with ad injecting malware installed, and that's only counting malware that caused errors client side, which is obviously not all.
This was naturally disheartening for us, because you pour your heart and soul into building the best product you can deliver only to hear a very large amount of your customers will never experience anything other than a very subpar version of it...
Browser malware is a very real problem, and I don't know if Mozilla's approach is the best way to tackle it, but there definitively needs to be more people thinking about it, and in particular the Google Chrome team.
I remember when Chrome kicked any youtube-downloading extensions out of the chrome store. What happened? A few people downloaded non-chrome store extensions, but most of them downloaded the ones that were left in the store - the malware extensions that promised to download youtube but didn't. Huge spike in malware on Chrome installs that I saw.
With each passing day, Mozilla tries harder and harder to get me to stop using their browser. If not for Chrome being the only viable alternative, they would have long since succeeded.
Wreck the address bar algorithm? Ugh. Move the tabs on top? Ugh. Force me to keep download history? Ugh. Bury all the configuration options (like JS features) into about:config? Ugh. Turn the UI into a poor Chrome imitation? Ugh. Turn the new tab page into adware? Ugh. Promote a bigot to the CEO position? Ugh. And now turn extensions into a walled garden? ... I can't even muster up the energy to feign surprise anymore. I basically expect a new disappointment every time I hear Mozilla in the news.
It's currently showing 77% of the reports about Firefox as being 'sad', while only 23% are 'happy'. It gets even worse if Firefox OS and Firefox for Android are included, too. In that case, 86% of the reports are 'sad', and only 14% are 'happy'.
I expect disappointed users to be more likely to say something, but that's still an awfully large difference between the proportion of users who are 'happy' and those who are 'sad'. When I used Firefox for Android, I'm pretty sure it sometimes prompted me to give feedback, so it's not like only disappointed users looking to complain are being sampled.
I don't know how things work at Mozilla, but at any other software product company I've ever worked at, feedback results so out of whack would've raised a lot of eyebrows, and gotten a lot of attention. Much effort would have been put toward finding out what's wrong, and what can be done to fix it, especially if the results were consistently bad for weeks or months on end.
I think it's part of the dark side of open source software.
When your product is free, you feel no obligation to your users whatsoever. We see it time and time again. Firefox, Ubuntu, Gnome 3, KDE 4, systemd, etc. The attitude is always, "we know what's best for you, piss off."
Hell, I am guilty of it myself. When I'm working on projects for free, I do things the way I want them done. But in my defense, I'm one person working on niche projects nobody would ever depend on for anything important, and I am not looking for popularity.
But right now, the most I can do to express my dissatisfaction is to simply leave. And when we all do that, then suddenly they don't hear anyone complaining, so they think everything they are doing is great, and keep getting worse. I complain because I've enjoyed their software so much in the past, and I'm saddened by its new direction.
Microsoft really went against the grain with Windows 8. And you saw similar levels of outrage. But you know what? The Windows 10 preview has fixed most of it. The Metro start page is gone, the start menu is back, Metro things can run inside windows and multi-task properly now ... they may not be perfect, but they are definitely listening to their customer's feedback, at least.
I never knew about that page to this day. I left a 'happy' piece of feedback.
Should I have a serious issue, I'd probably look for a feedback page to report my problems, and would find it.
So I think the feedback there is seriously skewed towards "unhappy".
And this is why feedback forms are useless. They just reinforce people's intrinsic biases.
Someone thinks that the current version is good, but the feedback is bad overall? Must just be that the feedback is skewed. Someone thinks that the current version is bad but the feedback is good overall? Must just be that the feedback is skewed.
I upvoted you to get you out of the grey because I didn't feel like your comment was too inflammatory and did bring up specific issues which are relevant in a big picture view to this change. That said, the CEO comment was a bit unproductive.
One thing I would like you to consider is that Firefox has to maintain a certain marketshare in order to continue to serve their mission. Which includes fighting for web standards and other things outside directly working on the browser/phone os. Unfortunately, that causes them to serve the larger market than what you or I might enjoy. I'm definitely not a big fan of the dummification trend in UX right now(which most of your complaints seem to stem from), but I'm sure it's just that, a trend, and we'll see some of the more ridiculous parts of that trend move back toward the middle soon enough. Design trends are like the weather, if you don't like it now, just wait a bit and it will be sure to change.
So, hopefully you can cut Mozilla a little slack as they have a many headed dragon to feed and that set of compromises will leave everyone a bit hungry, but on the whole I feel more comfortable depending on Mozilla than the alternatives of Apple and Google.
> That said, the CEO comment was a bit unproductive.
I thought about leaving it out because it wasn't a technical issue, but being honest, it was one of the bigger disappointments I've had with their project, so it seemed important to include it.
I know all about the situation, and I also don't like how it was resolved (my disappointment was that it happened in the first place.) I also know others won't agree with me on that. But to me, it's a very important issue. I think ethics are absolutely essential for a CEO of a company.
> Which includes fighting for web standards
This is certainly one positive thing I will say about them. They have definitely helped advance good standards (HTML5, CSS3, etc.)
> Design trends are like the weather, if you don't like it now, just wait a bit and it will be sure to change.
I sure hope so. I've been backed into such a tight corner. I'm down to running FreeBSD with Xfce, and I'm already starting to write my own basic system utilities now (file manager, text editor, etc) because this trend is just accelerating so rapidly.
I agree with you on this. However i have also seen that alot of malware and adware does indeed make it to the browser to make it more pathetic and i think its a good direction in that regard. However i think that they really need to actually think what users are going to use then just build random features that nobody really cares for. And the imitation game is definitely not good, why be separate if you're going to keep on imitating.
The problem is that the malware is going to find a way through anyway. Even if it has to replace firefox.exe with a custom compiled binary that removes the signature checking function; or simply patches out the check in the binary on your system like a warez crack.
This is going to impede regular users a lot more than the advertisers.
I hear you - very few of Mozilla's moves have been to my liking, and I have to work harder and harder on every fresh install to get Firefox looking and working the way I like it.
However, thus far, I've been able to do it. I disable the magic address bar, I use tree style tabs, I have history disabled, and I use combo of menu, toolbar and status bar (Status 4 Evar, addon bar, whatever) to maintain what I consider to be a usable UI. These are all extra work, but I haven't been locked out.
My concern about this latest move is the lag when Firefox needs an upgrade, and not all extensions have been updated and signed. I've had to download and install custom treestyle tabs builds in the past in particular.
Likewise. I am currently running Classic Theme Restorer, oldbar, Cookies Manager+, Download Cleaner, plus the usual stuff (Adblock and such.) Not only do I have to trust a bunch of third-party devs I don't know; it also takes longer and longer to setup and start using Firefox on a fresh install.
And indeed like you said ... the signing thing is a huge issue. oldbar in particular hasn't been touched since 2008. I've also had to manually load Greasemonkey before, and many times I've had to manually edit the XPI file compatibility ranges so that I could install certain extensions.
For extensions that will never be publicly distributed and will never leave an internal network, there will be a third option. We’ll have more details available on this in the near future.
That sounds like admin installed certificates in the browser to verify the local signatures.
Instead of a walled garden approach, why cant they do a "Verified by Mozilla" badge for each plugin, with warnings if one doesn't have it BUT still giving the user control and choice of whether to use a plugin.
I a made a quick and dirty plugin for chrome a month ago only to find out i need to undergo an anal exam and give over credit card information to Google, fuck that! is that where Mozilla want to endup?
Actually for the Chrome store you can make a developer account, never send them any money and then publish your extension as unlisted. This way it will not show up in search results, but you can still link to it directly.
Less nice than being able to self-host them which used to be possible, though...
I know that people love to reflexively bash anything that Mozilla does (and I'm critical more often than not myself), but this seems positive overall. As a savvy user, I can always manually install a plugin just as I can side-load an Android app that isn't on Google Play. However, my mom and other casual users who probably shouldn't be installing plugins at all have a somewhat more curated experience.
I'm a bit skeptical of an automated security scan and approval process, but at least it provides a means to revoke a malicious plugin when complaints come in after the fact.
According to the article you won't be able to do that; although not all extensions have to go through addons.mozilla.org they do all have to be digitally signed.
There are exceptions - something about "in house, corporate" (whatever that means), developer editions of Firefox and nightly builds. But if I read correctly users of the current, stock Firefox will not be able to suppress the signature check when installing addons.
To be honest, I don't think people who aren't capable of or interested in downloading a developer edition should be installing unsigned extensions. If there's an unsigned extension you really can't live without, just download Iceweasel - problem solved.
It's not like this will be that hard to get around for people who know what they're doing, so I'm not too worried about this change.
I don't completely disagree, and I know computer users have always been treated as separate groups based on skills. That said it's unsettling to me to see a group like Mozilla officially treating users this way.
Software freedom is for everyone and, IMHO, treating one group differently than another with regards to this freedom just legitimises the walled garden concept further.
As the article said, it's hard to call them a community or foundation when they turn around and announce a very company-like policy such as this...
Mozilla took the power user out around the back with the shotgun long, long ago, unfortunately; just the latest sacrifice in their futile war to copy everything chrome does (and yet the PHBs making these decisions still wonder why they are haemorrhaging market share). Time to move to Pale Moon.
I can totally see why such a thing would be required. I have always wanted to have add-ons vetted by someone I can trust. This will be really effective at least on windows where softwares randomly install shitty add ons and hijack the browser. And mozilla not likely to give in to unreasonable requests from governments because if they are not then add ons should be the least of our worries.
"I have always wanted to have add-ons vetted by someone I can trust."
That's fine, but what about those, who want to homebrew their own plug-ins, experiment with something from GitHub etc? Mozilla could make signed plug-ins a default choice, but not prevent others. A good model, imho, is implemented on Android -- your (only) default choice is Google Play, but if you know what you are doing, you can install any app from anywhere. This way users, that need a hand holding, are protected, but more tech savvy ones will not have their freedom denied.
My Chrome profile is current infected with malware due to Google's laissez-faire attitude towards their app store. I consider myself a pretty tech savvy user and still managed to get infected.
A bit of vetting for add-ons is probably a good thing in the long run.
Malicious extensions are apparently the driver for this. So we're back to the problem that any sufficiently flexible platform is a vector for malware. The platform authority then institutes code signing as a checkpoint against this. Thus raising a big barrier to entry for non-malicious extensions.
It's hard to see how to get back into this particular Eden.
Sorry for the rude question here, but is this speculation on your part or based on stuff said by folks at Mozilla (the corp, not just contributors/clients)? Some clearer sources would be helpful this early in the morning.
From the Mozilla add-ons blog, which is linked to in the article:
Extensions that change the homepage and search
settings without user consent have become very
common, just like extensions that inject
advertisements into Web pages or even inject
malicious scripts into social media sites. To combat
this, we created a set of add-on guidelines all
add-on makers must follow, and we have been
enforcing them via blocklisting (remote disabling of
misbehaving extensions). However, extensions that
violate these guidelines are distributed almost
exclusively outside of AMO and tracking them all
down has become increasingly impractical.
Furthermore, malicious developers have devised ways
to make their extensions harder to discover and
harder to blocklist, making our jobs more difficult.
We’re responsible for our add-ons ecosystem and we
can’t sit idle as our users suffer due to bad
add-ons. An easy solution would be to force all
developers to distribute their extensions through
AMO, like what Google does for Chrome extensions.
However, we believe that forcing all installs
through our distribution channel is an unnecessary
constraint. To keep this balance, we have come up
with extension signing, which will give us better
oversight on the add-ons ecosystem while not forcing
AMO to be the only add-on distribution channel.
"This, of course, raises the question, "Will the unbranded or the Developer builds be sufficiently similar to the Release versions out in the real world that developers can stand by their testing results?""
And what about other xulrunner applications, such as Conkeror? Do their extensions need to be signed by Mozilla?
So if I use a xulrunner based app, and I want to run a Firefox extension (like ABP, mozrepl, etc), right now all I have to do is edit it's install.rdf and whitelist my application, and if there's a signature (META-INF folder), delete that. In this scheme, as I understand it, that would not work, unless I was running the Firefox Developer edition or had an app popular enough to get developers to include it in their whitelist before signing, and even then there would be plenty of exceptions.
So now no one can run my xulrunner based app (with extensions) with the normal firefox installed on their system (or likely available in their distro package repository).
Please tell me this won't apply to apps launched via xulrunner or firefox -app (with the normal firefox).
The initial announcement said, that there are no immediate plans to enable this for Thunderbird. I'd guess it's just a compile-time flag in .mozconfig. In that case it would affect firefox -app. (But I didn't bother to actually look at the source!)
This is similar to what Safari does for their extensions, as a policy it sounds reasonable. However, the part about the possibility of manual review if automated checks fail is alarming.
I self distribute my extension because I found the AMO process to be infuriating. The extension would pass review then not pass and require changes. Each step in the process requires a multi-week wait in a queue. Unanswered requests for clarification, lost communications, etc, etc. After months of trying I gave up, I know I am not alone in this. The possibility of having to go back into that Kafka-esque maze is extremely disconcerting.
The manual review possibility should also be a concern of all current AMO users, as it has the potential to lengthen current queue wait times.
The problem with browser extensions is that there are too many bad players on the field, preying on the non-technical people. The situation is not as bad as in the IE heydays where I regularly cleaned up 10+ (!) toolbars from customers' computers, but it's still a problem.
And I, unfortunately, don't see any way to avoid a walled garden approach - as long as there is a sideload option like on Android, I'm fine with it.
edit: downvotes? Care to explain how else to solve the bundled crapware toolbar plague?
the thing is, you won't be able to side-load extensions. There will be no about:config option. You will be forced to use the Development or Nightly versions to get that freedom.
I'm not sure how this will bode for my own extension, which I maintain for my own private use to do whatever comes to mind, like redirecting certain pages, applying userscripts and css files, and some other customization. Also I wouldn't have tried out all the spiffy new ES6 features that Firefox supports except that I can freely use them because it can only run in Firefox anyway.
One thing I did realize in learning how to make these extensions is that, unlike with Chrome, Firefox extensions can do anything any other executable file on your computer can do, or at least, they can move, delete, edit, and rename any file anywhere on the hard drive, spawn any process, download anything and save it, so effectively all a malware author has to do is make the extension's install hook download their payload and execute it. It's a one liner to wipe out your $HOME (I have no idea if it will work I'm not going to try it!):
I'm expecting/hopeful that there will be some kind of about:config flag to disable enforcing signed packages, it just seems typical of Mozilla to include such a feature for power users.
For developers hosting their add-ons on AMO, this means that they will have to
either test on Developer Edition, Nightly, or one of the unbranded builds.
Does this mean that developers won't be able to test the add-ons on official stable binaries end users will consume their add-ons on? Good luck with that.
Me neither. Maintaining a set of features that will be unused by most users is definitely more convenient than maintaining a whole separate build that will be used by a small subset of users.
I'm wondering how the EFF feels about this, amogst others.
HTTPS Everywhere is currently only available via their website because it's actually securer than though AMO. If mozilla wall-gardens firefox in the interest of security, I guess they've got some serious issues to settle.
I also wonder bit what happens to developers who need a small userbase to tests their alphas/betas before publishing, as well as custom-built extensions.
The short answer is that you can still have AMO sign an extension even if you distribute elsewhere (e.g. the way password managers like to ship one installer for everything) and the nightly / developer builds will allow unsigned extensions for obvious reasons. They are planning a private-app signing process but the details aren't public yet.
"That makes it vaguely more egalitarian than a complex and bureaucratic mechanism that tends to favour bigger, more established software makers, who themselves have the staff and bureaucracy to match."
This is FUD. Even Apple's App Store doesn't require huge amount of bureaucracy let alone what they seem to be talking about.
I think this refers to the apple practice of having vague rules and arbitrarily classify apps one way or another with no reliable explanation reaching the outside. So not bureaucratic in a literal sense, but rather in the sense of an opaque apparently rule-driven organization that produces incomprehensible decisions.
Sometimes apps containing things like pictures of old paintings with nude ladies are fine, sometimes not.
Often updates to something published will get stuck because some rule is supposedly being broken by the update, but of course the original, accepted, app contained the exact same thing.
Agreed. Cryptographic signing of extensions in this context doesn't seem to me to be significantly different from the signing done by your other package management systems.
One of my professors said "the browser is the new OS" about a decade ago. This seems like more proof of that to me — if we want fast, low power JavaScript in browsers, we have to have a reasonable chain of trust imo.
IMO the rise of aggressive ad-blocking extensions has spoiled a good thing for everyone.
I don't believe that Mozilla has any innate desire to lock-down users and prevent them from customizing their browsers, but making a browser is now an expensive and complicated project, and both Firefox and Chrome are bankrolled by companies which make their revenue primarily via advertising (Google + Yahoo, Google).
It's clear that Google will never make the same mistake with mobile Chrome -- it will never be extensible, because they have no desire to sacrifice that advertising revenue. I doubt it will be more than a year or two before the Mozilla app store is purged of ad-blocking extensions, if they ever make it in.
I don't want to get in some flamewar about "oh but ads are so bad, I can't help but install adblock". They suck, and I'm not accusing anyone of acting in anything other than their personal best interests, but I think everyone should acknowledge that this is the natural end-game.
There is now a different prong on this fork: adblocking software can help in filtering out drive-by-malware served up through advertising infrastructure. By removing ads you get rid of one possible source of trouble.
So besides the speed and the nuisance factors there is now also a security factor involved in ad-blocking.
Well thats a totally click-bait and misleading title. The essence of a walled garden is that it's hard to get in, and if you're not let in then you lose out. Mozilla only require signing by them or by someone else, which given the proliferation of malware is hard to see as a bad thing, especially given the privileged access granted to addons.
If you're too stubborn to let Mozilla sign it AND too lazy to do it yourself then that's your problem - you have no inalienable right to demand that people run your code if you can't be bother to secure it. However you are never locked out of providing mozilla addons, you can still supply whatever you like.
Also, Why did this piece bother to quote the random verbal vomit of some internet commenters? What is that supposed to show? That some people online are rude and ignorant? Frankly there's quite a bit of FUD in this thing, like asking if devs can trust that moving from Dev versions to production will break their code - pretty much the whole point of Mozilla's development model in iterating and providing developer editions is to ensure that doesn't happen.
Some people will see walled garden as one with few gates and a sentry controlling who can enter, e.g. Ios app store is not very difficult to enter in as a million apps have entered, but if apple does not agree, you cannot publish the app.
It is a perfectly valid reasoning: Addons can be like malware, and that is something Mozilla should protect its users from. Reviewing and then signing extensions is an ok way to do that. But the focus here is not the signing, it is the reviewing.
The problem is not the reviewing either. That may take time and is unpleasant, but it offers something good in return. The problem is the "we will do it this way and make it not configurable". There is no need for that. Users don't change defaults, it would be perfectly valid to go the android route: Disallow the installation of unreviewed addons by default, but add an option in the settings to override this behaviour for users who know what they are doing.
That way, you still protect users in general, and you don't anger the other users who want to install addons from github or whatever. It was completely unnecessary to make it this controversial by forcing it on all users, by taking freedom away.