New People!
One of the best parts of my job is that I get to work with an awesome group of smart and passionate people. We’ve grown a bit in the front end development realm, and I’ve been remiss in not introducing the new people who’ve joined up to form the core of an actual front end team. Soon I hope to see all of them blogging and syndicated to planet, but in the meantime, meet some of the new team!
Rob Strong
Rob’s actually been with MoCo since early December, and has been a strong hacker on the project for a lot longer than that. He’s been beating the extension manager with a pretty large stick, and in between whackings, is working on integrating a new NSIS-based installer into our build system. He’s older, wiser, and possibly even more cynical than I am, which is both refreshing and frightening at the same time. For his next trick, he’s about to unveil central blacklisting for extensions and themes, which will allow us to block problematic extensions remotely by GUID and version.
Dietrich Ayala
Joining us just last week, Dietrich’s the punk rock guy in the toque (I’ve decided he’s an honourary Canadian) with a reputation for doing the impossible. And of course, true to his reputation, he’s been thrown to the wolves right off the bat with Session Restore. On IRC, he’s currently findable as autonome, but I hope to convince him (a la Robert Accettura, and myself once upon a time) that nicknames on IRC are very 1998.
Gavin Sharp
Joining us for a few months on an internship out of the University of Waterloo, Gavin’s actually been around the project for a long while, taking on the seemingly-thankless tasks that make Firefox a much more polished browser. True to how we tend to treat interns, we’ve saddled him with rewriting the search service to support OpenSearch in addition to Sherlock plugins, along with providing new levels of flexibility to extend the search bar (more on this later). There’s also the flexibility to handle additional plugin types as search continues to evolve.
What would stop a bad XPI vendor from randomly cycling the GUID with each served XPI? Spammers don’t care for standards, and it only needs to be installed once to do damage. Are you also implementing xpi from domain/ip blocking etc?
I think by problematic, Mike means “extensions that are known to break quite badly” rather than “extensions that are malicious”.
To install a malicious extension you need to:
1. Go to some site othe than AMO.
2. Click a link to launch the install.
3. Whitelist a given domain.
4. Accept the install after the dialog opens.
That’s quite a bunch of hoops to jump through in order to facilitate malicious activity. The need for a malicious provider to generate a random GUID after this would make their lives even harder.
Personally, I don’t see why anyone would make the effort to produce malicious XPIs after blacklisting lands. If you want to break into someone’s computer, it’s easier to trick users into downloading other harmful files that Firefox will never have any control over (or at least, much less control). Serving a random GUID is a fairly non-trivial task at best.
Congratulations to the new employees as well! You guys rule.
“To install a malicious extension you need to:
1. Go to some site othe than AMO.
2. Click a link to launch the install.
3. Whitelist a given domain.
4. Accept the install after the dialog opens.”
Which is the same number of steps to install any legitimate other extension outside of AMO. Regular users have no real ability to discern what to trust out there, and any decent web design, (or promise of free pr0n) will make people install XPIs.
“Personally, I don’t see why anyone would make the effort to produce malicious XPIs after blacklisting lands.”
Famous last words. That’s like saying there’s no way anybody would steal things because shops have a “No stealing” sign on the wall.
Nitpick: the link to Session Restore should be http://wiki.mozilla.org/Session_Restore — it seems your copy-paste magic fouled up.
Aside from this blog post being an inappropriate place to be bringing this up:
The goal is to make it no easier than installing a random executable, not to make it 100% foolproof against determined misuse.
– Chris
Aside: I believe you should be linking ‘Session Restore’ to this:
http://wiki.mozilla.org/Session_Restore
Otherwise, it certainly sounds like good news.
“Which is the same number of steps to install any legitimate other extension outside of AMO.”
Which is why MoCo need to work on making AMO appeal to developers and end-users. Installing extensions from outside AMO is a bad idea in general.
“Regular users have no real ability to discern what to trust out there, and any decent web design, (or promise of free pr0n) will make people install XPIs.”
The install prompt is blocked by default. Short of doing this, there’s nothing that MoCo can do to stop malicious content getting to the end-user’s machine unless they preventing people from downloading or installing anything.
Obviously that’s never going to happen because the concept is absurd.
“Famous last words. That’s like saying there’s no way anybody would steal things because shops have a “No stealing” sign on the wall.”
No, my point is, why bother with a malicious XPI and a horribly complex system to beat Firefox’s blacklist when you can create an executable and have users run that instead? It doesn’t make any sense and is Firefox-specific.
Will Dietrich Ayala be working on Session Restore or Search Service where the link points to? Because they are two separate things, correct? Like undo close all tabs and refining the search mechanisms…
I forgot to tell you. Effective imediately, I don’t want to be known as as raccettura anymore. I would like to be called “the artist formerly known as raccettura”.
I feel that would be better for my image.
Thanks.
I suck at the linking (the danger of the new rich editing widget!)
I would like to see rob strong’s large stick in action, pls.
P.S. Only you would find someone more cynical than you “refreshing.”
Majken – I think the large stick in action (at least as it relates to the Extension Manager) can be seen in the checkins I landed today on both the trunk an MOZILLA_1_8_BRANCH… in relation to anything else… ackhemmm.
Mike – I’m not more cynical… just more firmly based in reality.