What's Going on with Firefox Addons/Extensions?

hydrurga · 05-05-2019, 05:03 PM

Quote:

Originally Posted by ChuangTzu

Could you imagine the flack any other browser would face if they were able to remotely disable all of your addons? Why is it that Firefox should get a free pass? Or a my bad? Is this what happens when millennials start working?

Way to have a dig at a whole generation.

Mozilla are getting a great deal of flak over this (read the various forum and news site comments), and rightly so. However, each of us personally makes decisions based on costs and benefits, and petelq has obviously decided that it is more beneficial to stay with Firefox. As will I. Others will decide differently. Such is the rich tapestry of life.

ChuangTzu · 05-05-2019, 05:18 PM

Quote:

Originally Posted by hydrurga

Way to have a dig at a whole generation.

Mozilla are getting a great deal of flak over this (read the various forum and news site comments), and rightly so. However, each of us personally makes decisions based on costs and benefits, and petelq has obviously decided that it is more beneficial to stay with Firefox. As will I. Others will decide differently. Such is the rich tapestry of life.

Let me clarify, not a dig at petelq at all. If there was a dig (your word) then yes it was directed at a generation that is conditioned for/by automation with little regards to inner workings, eschews the basics of good computer programming for trends, and forgets the wisdom repeated in one of their movies: https://www.youtube.com/watch?v=mRNX6XJOeGU , watch and listen to that carefully. What happened to Firefox these last few days is indicative of what's wrong with computing today.

hydrurga · 05-05-2019, 05:33 PM

Quote:

Originally Posted by ChuangTzu

Let me clarify, not a dig at petelq at all. If there was a dig (your word) then yes it was directed at a generation that is conditioned for/by automation with little regards to inner workings, eschews the basics of good computer programming for trends, and forgets the wisdom repeated in one of their movies: https://www.youtube.com/watch?v=mRNX6XJOeGU , watch and listen to that carefully. What happened to Firefox these last few days is indicative of what's wrong with computing today.

Read the Who Me? pages of The Register and you'll see that there have been computing blunders since time immemorial. The only difference now is that due to the "cloud" and centralisation, a single point of failure can affect millions/billions.

Don't get me wrong though - I'm pretty livid at Mozilla for mucking this up. I just don't think it's anything new or extraordinary in the grand scheme of things.

ChuangTzu · 05-05-2019, 05:37 PM

Quote:

Originally Posted by hydrurga

Read the Who Me? pages of The Register and you'll see that there have been computing blunders since time immemorial. The only difference now is that due to the "cloud" and centralisation, a single point of failure can affect millions/billions.

Don't get me wrong though - I'm pretty livid at Mozilla for mucking this up. I just don't think it's anything new or extraordinary in the grand scheme of things.

That's part of my point, we are in agreement.

(we need a cup of tea emoji). Wait until the epic muck ups with IOT start to hit the proverbial fan.

hydrurga · 05-05-2019, 05:45 PM

Quote:

Originally Posted by ChuangTzu

That's part of my point, we are in agreement.

(we need a cup of tea emoji). Wait until the epic muck ups with IOT start to hit the proverbial fan.

I'm a sci-fi fan - I know what's coming.

A cup of tea does sound good though to finish off my day. Cheers!

greencedar · 05-05-2019, 06:21 PM

I noticed this addon fix on blog. mozilla.org

https://blog.mozilla.org/addons/2019...ns-in-firefox/

ntubski · 05-06-2019, 06:26 AM

Quote:

The bigger problem, IMO, is it puts a spotlight (rightly so) on a design flaw(s) within a) Mozilla and/or b) Firefox. The expired cert should have only prevented new addons from being installed, it should not have arbitrarily disabled everyone's addons, making the browser even less secure.

I certainly agree with that, and I already said as much: #49

Quote:

Originally Posted by ChuangTzu

You have a valid point, however, if it was just an expired cert, then issue a new cert and have on with it.
[...]
Also, how they are attempting to "fix" the problem is beyond moronic and borders on incompetence or worse "by design".

It sounds like they normally can't push new certificates into browsers remotely, except via the "study" mechanism (which I guess can run arbitrary code).

https://bugzilla.mozilla.org/show_bu...id=1548973#c57

linustalman · 05-06-2019, 09:51 AM

Just did update in Debian 9 Stable - FF ESR now 60.6.2 . All good again.

Ryu945 · 05-06-2019, 02:18 PM

Quote:

Originally Posted by Ryu945

I saw this question and thought I would post a fix I used. I have some warnings capitalized because I also posted this same fix in a less technical forum

IF YOU WANT TO FIX THE PROBLEM, READ THIS. THIS WORKS ON ALL WINDOWS, LINUX AND MAC.

It got caused by a certificate expiring. Firefox no longer allows add-ons not built under the new system. Since this caused a problem, Firefox made an emergency patch to turn it back on. The problem is the patch has not made it to everyone yet. To get your addons working follow the following steps.

1. Go into "about:config" using your URL bar. Keep in mind that this a very dangerous menu. Be extremely careful what you touch.
2. Search for "app.normandy.run" .
3. Set the value to 1
4. Restart browser
5. If this fixes it then be sure to set the value back to 21600 and restart browser. If it doesn't, go to step 6)

optional:
6) You should still have you value set previously to 1.
7) Go to the three bars in top right - > preference -> privacy and security -> Firefox Data Collection and Use
8) Turn on "Allow Firefox to send technical and interaction data to Mozilla" if you have it off.
9) Turn on "Allow Firefox to install and run studies" . Note that this puts you browser in a very "beta" like mode and should never be left running like this unless you know want it running like that.
10) Restart your browser. Your add-ons now work again.
11) Be sure to turn off "Allow Firefox to install and run studies"
12) If you don't want Firefox collecting interaction and technical data then turn off "Allow Firefox to send technical and interaction data to Mozilla"
13) Be sure to set the value of "app.normandy.run" back to 21600
14) Restart your browser.
15) MAKE SURE YOU SET EVERYTHING BACK TO NORMAL AND RESTART YOUR BROWSER. MAKE SURE YOUR EXTREMELY CAREFUL IN THE ABOUT:CONFIG MENU . IF YOUR NOT COMFORTABLE MESSING AROUND IN THAT MENU THEN GET SOMEONE TECHNICAL TO DO IT FOR YOU. THERE IS A REASON WHY FIREFOX HAS HUGE WARNING MESSAGE WHEN YOU MESS IN THAT AREA.

In a different Firefox browser, I tried this without using studies and just changing the normandy value. Then restarting, it worked fine.

edit start: You know longer need to do android fix. Just update the browser : edit end

I found a way to get it working in android since this fix does not work in android.

1) Go to about:config

2) Toggle the value xpinstall.signatures.required to false

3) Restart Firefox

This removes the check to see if the addon has a proper signature and thus addons work again.

Ryu945 · 05-06-2019, 02:19 PM

Quote:

Originally Posted by kingbeowulf

Well, the workaround toggle with 'xpinstall.signatures.required' worked here, FF 60.6.1esr Slackware64 14.2. 'Firefox Preferences -> Privacy & Security -> Allow Firefox to install and run studies' is NOT an acceptable "fix" especially as it is disabled in Slackware for good reason. I suppose I'll have to wait until Slackware posts an updated build in the official repositories.

I'm also not buying "just a mistake" either. Certificate errors are simply not acceptable. Mozilla should and does know better.

SeaMonkey is not a bad alternative. Unfortunately it seems frozen in the past. A number of security extensions available in FF are no longer available in SM. Chromium? meh.

I found out that just changing the Normandy value alone does work.

hemlocktree · 05-06-2019, 05:19 PM

well spent some time to set up vivaldi best i can - a few of the choices are sketchy as to what they do.... pretty fast and faster than firefox across the board but still think chromium is faster. i do not like the chromium google connection and vivaldi is chromium based and also has some proprietary stuff. so - will test the two. chromium seems to be the better of the two but the other may be more private re: calling home - which chromium does i read and hear.

may test it on my daily beater thinkpad before i dare do it on my office one and also the debian - and my wife's i will not even go there for her.

just a quci addendum - vivaldi - not sure if it too phones home but...

also the settings are way overkkill and many you can figure out but there are a lot that you have no clue as to just what they do which is why i originally said too cluttered. i did the best i can but i am sure that some settings are really not what i want or desire.

hemlocktree · 05-07-2019, 05:29 PM

i realize old thread already - but vivaldi was not my cup of tea. If i hadn't a choice that would have to work. It is faster than firefox but chromium is a smoother and much faster experience. FWIW!!!

astrogeek · 05-07-2019, 06:24 PM

Quote:

Originally Posted by hemlocktree

i realize old thread already - but vivaldi was not my cup of tea.

Find something that suits your needs best.

I would not describe Vivaldi as my own cup of tea either, although I am pretty much happy with its features for my uses. Unfortunately I have concluded that my cup of tea is not among the currently available choices.

But for myself, Vivaldi brings the single most important ingredient to the table that _all_ others now lack: Those responsible for it actually respect my own choices and FREEDOM, and apparently make good-faith effort to keep me, the end user, both foremost in mind when making their technical choices, and well informed of what their choices were. Given the origin of the core code, there are certainly limits to how far they can go, and for how long... but at this point in time they stand alone in that regard.

In truth, I found my ability to secure Vivaldi much easier, and my confidence level in the end result much better than with any recent Firefox. Figuring out just what all the about:configs actually do is ultimately extremely complex, often baffling, and never reliable because they come and go, mix and match and change meaning frequently. I have put a lot of effort into configuring and verifying my Firefox configs and would have though it not possible for an expired cert on their end to totally - say that again - _totally_ disable my carefully configured and updated core plugins. I have seen in many online comments that the act of disabling some of those also results in other about:config options reverting to some default value... so now that my plugins are back, I still have no clue how my Firefox is actually working, but I know it is certainly _not_ "fixed". The mindset that built such a kludge clearly did not have the user's interests in mind, it has all been "open source theater", but perhaps less free as in Freedom development that we might have expected. How else might that manifest in time to come (or in ways I simply am not yet aware of)?

With Vivaldi I am at least not under the delusion that the core code actually has respect for the end user - it comes from the enemy camp! But I am convinced that the current Vivaldi developers actually do respect my interests and having that code passed through their filter, and placing some degree of trust in their sincerity, is the best I can do, for as long as it lasts.

hemlocktree · 05-07-2019, 08:31 PM

Good points! worth some more thought.... thanks astrogeek!

hemlocktree · 05-07-2019, 08:51 PM

astrogeek - - - you made me put it back in testing phase on my daily work thinkpad. :-)))