it's over. no unverified addons even with override landed on beta
can't wait for a shitstorm it would cause in stable
Firefox 47: (Pushed from Firefox 46). Release and Beta versions of Firefox for Desktop will not allow unsigned extensions to be installed, with no override. Firefox for Android will enforce add-on signing, and will retain a preference — which will be removed in a future release — to allow the user to disable signing enforcement.
https://wiki.mozilla.org/Add-ons/Extension_Signing
should've used animeme OP pic i guess
>>54409871
uBlock Origin is signed on my firefux.
>>54409871
and it will never be verified because that loses them money
DROP SJWFOX
>>54409871
Will drop this browser the moment they will disable any of my addons. If they want to loose remaining user base then that's a good way to do it.
>>54412183
they seem hellbent on loosing everyone left, it was a fun ride
>>54409871
Good, Unsigned add-ons shouldn't exist.
By the way, uBlock Origin is signed.
Just use the developer version faggots.
>>54412339
>Unsigned add-ons shouldn't exist
Best goy.
>>54412381
You are a complete idiot if you truly believe that.
Addon signatures are useless anyway.
>>54412408
>I want Mozilla to dictate what I can and can't use
I changed my mind, you're just a cuck.
>>54412339
The regular user should be protected from it, but power users shouldn't be forced not to use something when they fully understand the risks of doing so. They're effectively locking everyone out of using them, not just protecting normal users. That's not okay, with anything.
>>54412440
Yeah, you are right. It should be an about:config override.
>>54412468
>It should be an about:config override
Problem is that malicious software would just edit the about:config settings and then install their add-on.
That's the same reason they had to remove the about:newtab URL from about:config because malware kept hijacking the value.
>>54409871
Install the signed copy you fucking retard.
https://addons.mozilla.org/firefox/addon/ublock-origin/
>>54412504
>inb4 muh beta builds
They are signed too.
https://addons.mozilla.org/firefox/addon/ublock-origin/versions/
>>54409999
>can't wait for a shitstorm it would cause in stable
This shit has been in stable for a while now.
>>54409871
Firefox without addons is fucking worthless. Maybe Mozilla has forgotten what made people choose them in the first place. This is what happens when you fire a compete person just because he didn't like homos. Instead you have incompetent sjw making retarded decisions.
>>54412563
But no extension worth your time is still unsigned…
Extension signing has literally no negative effect on 99.9% of users.
>>54412492
Then there's no way around it. The best option is signed add-ons.
>>54412563
I have an above-average number of extensions for Firefox and they've all been signed for months already.
>>54409871
>>54412585
>The best option is signed add-ons.
Yep. It's the least bad option there is.
And besides, 3 out of 5 flavors of Firefox still support unsigned extensions.
Only Firefox and Firefox Beta cannot install unsigned extensions.
Firefox Developer Edition, Nightly and Firefox ESR still support unsigned extensions.
So if you need some special snowflake extension by some autist that refuses to get their shit signed, you still have plenty of options.
itt: babbies without selfmade-addons
Mozilla is now the admin of your browser. You are slaves.
>it's over.
Just use the fucking Developer version.
>>54412632
>itt: babbies without selfmade-addons
You can sign your self-made extensions.
They don't even need to be on AMO – you can get self-hosted extensions signed.
>>54412492
Malicious software could also rewrite Firefox's binary so that it allows for overriding via about:config
>>54412632
>claim to be an extension dev
>don't use developer edition or nightly where there's an override option
>>54412755
If the malware has that kind of power/permission, you have far worse problems and it doesn't need Firefox as a vector anyway.
>>54412755
Then the entire application wouldn't be signed and it would throw up a warning message on first run.
>>54412772
So why doesn't that apply to the about:config?
>>54412784
>OS allows unsigned binaries to run
How about that
>>54409871
>>54409999
And so it begins, The journey to find a new browser.
>>54412426
this famalam
>>54412817
NVM I see now that OP is retard
>>54412816
>So why doesn't that apply to the about:config?
Because about:config stuff can be changed in the user.js file which is basically just a text file and can be easily modified by "light" malware.
If you have the kind of malware that could modify the Firefox executable (without it freaking out and/or you noticing) you are fucked either way and it doesn't need Firefox at this point.
>>54412873
>about:config is insecure
Option one: add in some sort of security for it
>about:config can be trusted again
Option two: acknowledge it's insecure and do nothing about it
>about:config not only can't be trusted, but can be modified freely by "light" malware and change users' settings without their permission
>>54412963
The problem is basically plebs.
They install some fucking toolbar or whatever that changes their homepage and they're like HURR DURR Firefox sucks it changed my homepage ALL BY ITSELF and I DID NOTHING.
Plebs are the reason we can't have nice things.
>>54412963
The way the original addons works it's not really possible to secure about:config against them. The original addons basically become a part of the browser when they're loaded, complete with all the same permissions as the browser. It's basically running everything as root. The original addon API was made before modern security practices were well established. WebExtensions will improve things but that's going to come at a later time.
>>54413043
Signing shitstorm would be nothing in compared to webextension switch. They need multiyear buffer to phase out XUL
>>54413102
They're already phasing it in on nightly I think. The API isn't finished yet but Mozilla is already recommending devs use it where possible.
https://blog.mozilla.org/addons/2016/04/29/webextensions-in-firefox-48/
>>54413043
This might be a bit too old-school for the current culture of "everything is an app" but what happened to "don't run things you don't trust?" If people would still do that, they wouldn't need to rely on the trust of others to determine whether or not the program they were sent should be run or not. We've made everything so baby-proofed that no one can trust themselves and we need developers to hold our hands, even if we know that the extension our friend just made is safe without waiting for approval from Mozilla
Use Developer Edition or Nightly.
>>54412492
>Problem is that malicious software would just edit the about:config settings and then install their add-on.
Solution: get rid of about:config.
WE CHROME NOW, BABY.
>>54413191
WebExtensions isn't just for security though, that's part of it but the other part is providing a stable API that addons can safely rely on for the foreseeable future. Right now with the current system the addons are just hooking directly into the internals of firefox, it works but if Mozilla changes something interally that the addons are relying on it can render those addons useless. This is why e10s has taken as long as it has, e10s is a huge change to the internals of firefox and it requires a lot of cooperation with addon devs. Since all these addons are going to break anyway Mozilla is using this opportunity and establishing a proper API for them to use. After WebExtensions land there shouldn't be as many broken addons after updates. It also means they can eventually swap out gecko or servo. As long as the externally facing API remains the same it doesn't matter what the internals of firefox looks like.
>>54409871
Time to move to Waterfox.
Just earlier today I read something about "Brave" by some devs of Mozilla that got pissed and left, haven't checked it out yet tho, might be worth looking at.
>>54414211
>brave
A browser made in JS?! I don't see what could go wrong.
Does chrome have NoScript or something equivalent that can import my 6 year old whitelist? I refuse to not use it and some equivalent of Adblock Plus easylist + element hiding helper
>>54414366
uBlock Origin and uMatrix. Use Chromium instead.
>>54414396
Thanks bruh
If you're a dev you're using developer edition anyway. Right?
>>54414396
>>54414211
>>54412817
>>54412755
>>54409871
people not using icecat
Will this affect SeaMonkey? If it does, will I still be able to convert Fx addons for it?
>>54414272
also it seems to be based around the illogical idea of blocking ads while still somehow giving content creators a way to profit, which makes no sense, since you can't do that without creating a whole new type of revenue generation, not by writing a browser
>>54414465
I am though.
>>54414465
reminder: if you're using icecat + non foss addons you're using it wrong
>>54412817
gugle chrom
