Why does it take a team of highly competent people (lol) working around the clock to update a certificate and...

why does it take a team of highly competent people (lol) working around the clock to update a certificate and distribute it? serious question

Attached: firefox.jpg (800x655, 156K)

Other urls found in this thread:

wiki.mozilla.org/Add-ons/Extension_Signing#Timeline
twitter.com/SFWRedditVideos

Because Firefox doesn't trust add-ons whose certificate has been revoked
However that's not the issue, the hack job they have distributed through user studies/normandy simply resets the revoked flag and renews the cert with a later expiration date
They decided to push this hacky and unsafe fix through user studies to force people to enable user studies (and get adware like Looking Glass) instead of pushing a new build with the extended cert
They have been working on a proper fix but they can't make it work, from @mozamo on Twitter (the only guy who cares about half assedly keeping users informed)

Mozilla Add-ons
@mozamo
5h5 hours ago

Since the updated builds went into testing, we've found some issues that need addressing. We're still working on it.


Mozilla Add-ons
@mozamo
19m19 minutes ago

Hi folks, our team has been working around the clock for the last 24 hours to get your extensions back up and running. Unfortunately, we don't have a permanent fix ready to be released.


Mozilla Add-ons
@mozamo
16m16 minutes ago

We're going to hold off on trying to push a permanent fix tonight (Pacific time) and give our engineers a chance to breathe while our QA team runs a more complete battery of tests on the updated builds.
3 replies 3 retweets 2 likes


btw, the hotfix doesn't work for everyone too

Mozilla Add-ons
@mozamo
14m14 minutes ago

We know that this hotfix isn't working for some of you because of another error, and some members of the team are looking in to what's going on.

If you're in this group, for sending sending in your screenshots and helping us see what you're seeing.

>firefox addons all worked fine last week
>update firefox and suddenly everything needs to be fixed
How about they just roll it back? What are they so afraid of?

is it going to be ok?

It wasn't at update, this has hit everyone with Firefox 43+, so unless you haven't updated since Firefox 42 then it wasn't a update
See
wiki.mozilla.org/Add-ons/Extension_Signing#Timeline

just toggle those 2 things is about config}

Okay let me rephrase that.
>1s and 0s produced normal results for years
>changes suddenly made to 1s and 0s
>everything breaks
How about they just dont fuck with it and rollback.

Mark my words they are using this as an excuse to mass flag specific addons that were previously approved that they dont want renewed.

You would need to rollback 2+ years of updates
While the extension signing system it's clearly flawed this isn't something that happened out of the blue, it's something that people called out two years ago

>Mark my words they are using this as an excuse to mass flag specific addons that were previously approved that they dont want renewed.
btw the possibility of doing this has been around since Firefox 48, which was 2 years ago iirc, you're just some random Jow Forums shitter that doesn't understand anything about the signing system, next you will post about muh dissenter

I seen a buncha threads about this hear allday.Fucking tranneys broke firefox fuck firefox. Pol alway write.

>Mark my words they are using this as an excuse to mass flag specific addons that were previously approved that they dont want renewed.
Like what the only two addons i really care about are noscript and ublock and no way they would block those 2 they are even in the promoted page

Nigga I dont give a fuck about what Jow Forums thinks. 2 years ago was when the initial addon purge happened right? When they broke support for all previous addons
You can call me a conspiratard if you like, but that doesnt make it any less sketchy that they do this, then the only solution they offer to fix it is turning on telemetry studies.

You're misunderstanding the problem
You're only half right
The problem is that Firefox has a built-in ballpoint pen which can magically only be used by Firefox to sign off that an add-on has not been tampered with. This pen, which has been around since FIrefox 42, ran out of ink today and now needs to be replaced. There is a hotfix which will replace the pen with a new one, but this is only temporary as that pen will again run out of ink eventually. The fags over at Mozilla don't want to push a real patch which adds a new pen for a reason which I have not bothered to understand. Probably because they are trying to include a permanent fix in the patch which will add some functionality for automatically replacing the pen in the future.

There was no change.
A security certificate that firefox relied on had an expiration date and it expired today.

If traveled back in time to the release date of FF42 and set your computer's clock to May 04 2019, it would break just as much.

>2 years ago was when the initial addon purge happened right? When they broke support for all previous addons
It was way before that user, that happened in Fx 57, this feature got introduced in Fx 48
>then the only solution they offer to fix it is turning on telemetry studies.
Yeah, this is what adds insult to injury, they didn't even disable running studies so you would get studies (which don't get disabled after unchecking the studies checkbox) alongside the fix
The manual fix that doesn't involve enabling studies was posted by third parties on places like the Hacker News comments
I'm not a retard dumb faggot, I'm not against extension signing, however I was and still am against disabling the possibility to disable signing checks
>for a reason which I have not bothered to understand
The add-on update logic permanently disables any extension whose certificate has expired, that's why the fix isn't trivial
>permanent fix in the patch which will add some functionality for automatically replacing the pen in the future.
This completely defeats the point of signing extensions

The possibility to disable signing checks is still available in the dev version, so if you actually need that functionality you should probably use that. And no, automatically updating the certificate does not defeat its purpose. Since only Mozilla can replace it there is no difference whether they do it manually or automatically. (Although I was only guessing that they'd be adding that kind of functionality anyway)

>The possibility to disable signing checks is still available in the dev version
Yeah, and on Nightly and ESR too, but not on stable which is what the majority of users run
>so if you actually need that functionality you should probably use that
So I'm at the mercy of Mozilla trannies who can't even renew their certs?
>automatically updating the certificate does not defeat its purpose
It does if it is done locally
> Since only Mozilla can replace it there is no difference whether they do it manually or automatically. (Although I was only guessing that they'd be adding that kind of functionality anyway)
There's no need to add this functionality client side, pretty much anyone who is sane automatically renews certs, except for the incompetent fucks at Mozilla
Either way, automatically renewing certs doesn't need an user side update

Most people are very, VERY stupid about SSL certificates and PKI. Even most programmers at major tech companies are. Mozilla should really be pulling the latest cert periodically from a known URL rather than shipping it with no way to update, and I suspect they're struggling with that change like retards as described in .

This is a client side cert. Mozilla has to get it to their users somehow.

Still sounds pretty gay. My old addons all died for this nu-firefox. The people who programmed them are probably old men or dead by now. I have no faith in the current generation to make.anything decent

It's already done through the update mechanism Firefox uses for add-ons

To be clear, I'm not defending them and I think this is an amazing failure on their end. You may need a client-side update for such functionality in order to allow the client to receive such an update. In other words, if the certificate is completely baked in and there is no remote way to replace it with a new one then client functionality needs to be developed. I'm not saying to generate it on the client, as that would require Mozilla's private key.

The problem with the old addons, and the entire reason Chrome exists, is that you can't do multiprocess or sandboxing when extensions have full access to the browser's internals and it assumes single process.

Because of the diversity hires.

Attached: Screen_Shot_20190503_at_11.31.21_PM.png (1200x424, 135K)

What a bunch of incompetent boobs.

AAAAAAAAAAAAAAAAAAAAAAHHHHH

WHAT IS HAPPENING!!!!

WHY MY EXTENSIONS DON'T WORK!