top | item 36678070

(no title)

This is really minor compared to other parts of Firefox. Notably, Firefox requires all extensions to be signed by Mozilla.

And the only way to turn that restriction off, is to either use Firefox Nightly or Firefox Developer Edition (which is a beta). If you want to use stable Firefox, because you like having a stable web browser, you just can't turn the restriction off. Period. The closest thing you can do is installing it as a "temporary extension" which uninstalls itself when the browser restarts.

It's kind of ridiculous that the default browser of most Linux distros has a Apple-esque mentality of "we get to tell you what you're allowed to install."

discuss

emn13|2 years ago

I think it's unreasonable to assume the vast, vast majority of users, including technically literate ones, are likely to have an in detail understanding of any specific software's installation.

Requiring a few hoops - and it sounds like e.g. requiring a developer edition sounds like such a hoop - to ensure a likely misconfiguration was actually intentional and the user is capable of dealing with the consequences is not a bad idea.

In particular, debugging when things go wrong can be an insurmountable task.

Better isolation of software components has been a trend for decades; to the point where I think we can safely say that the old unix and windows model of permissions was a fundamentally insufficient idea. Devs flock to using VMs and containers precisely because uncontrolled interaction between stuff even controlled by the same nominal "user" is a huge pain - and that's before malware and privacy concerns come in.

Were software more isolated by default, and interaction more controlled and/or explicit, then indeed I think the argument against this kind of controlling-the-"user" features would be stronger. But as is? The alternative is clearly much, much worse.

After all, certainly here and often in other cases too - it's not like it's actually impossible to circumvent these restrictions. It's simply technically inconvenient in a way that happens to also prevent many unintentional bugs and some malware vectors.

In an ideal world, a devs for a piece of software would be hard-pressed to even do this, let alone feel the need to do it. But that's just not the world we live in; we're not even really close yet - except on really locked down platforms that go much further than needed to prevent the risks, and into the territory of quite openly restricting the user, not the software.

TeMPOraL|2 years ago

> Requiring a few hoops - and it sounds like e.g. requiring a developer edition sounds like such a hoop - to ensure a likely misconfiguration was actually intentional and the user is capable of dealing with the consequences is not a bad idea.

Except when such hoops then start being used as evidence the user is an undesirable and should be kept away from various services. See e.g. many Android apps refusing to work on rooted phones.

I specifically don't like bucketing things like these under "development" label - "dev mode", "dev build", "dev edition", etc. - because it creates the idea that those "dev capabilities" are there to help developers with development, and should very much not be used for non-development things.