LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Firefox 8 released

Firefox 8 released

Posted Nov 9, 2011 1:58 UTC (Wed) by akumria (subscriber, #7773)
Parent article: Firefox 8 released

The headline feature appears (sadly) to be a Twitter search option.

It appears the grumpy editor has turned into the sarcastic editor.

The headline feature, i.e. the one they promote the most is:

  • Add-ons installed by third party programs are now disabled by default

Whilst that is uncommon on Linux platforms (except for Ubuntu) it is reasonably common on Windows that someone you know has downloaded an anti-virus program and it now feels it should take over the search bar, etc.

(Log in to post comments)

Headline feature

Posted Nov 9, 2011 2:17 UTC (Wed) by corbet (editor, #1) [Link]

The first thing mentioned in the blog entry - the only "above the fold" item - is the twitter search feature. I don't think it's overly sarcastic to point that out.

Headline feature

Posted Nov 9, 2011 11:28 UTC (Wed) by akumria (subscriber, #7773) [Link]

Ah, right, the blog post. I was looking at the release notes.

Odd how they have different headline features in each.

Firefox 8 released

Posted Nov 9, 2011 7:46 UTC (Wed) by taavi (subscriber, #28277) [Link]

For me the headline feature is "load tabs on demand". Startup with some app tabs and tabs from previous session, is much more quicker.

Firefox 8 released

Posted Nov 9, 2011 10:50 UTC (Wed) by Cato (subscriber, #7643) [Link]

Use with care, I had to disable this on Windows as after a few restarts the tabs would not load even when selected. A shame as Firefox restarts were so fast with this enabled.

For easy restarts, I recommend the Restartless Restart addon that just adds a Restart option to the main (File) menu. And doesn't require a restart to install ...

Tabs loaded on demand

Posted Nov 9, 2011 12:34 UTC (Wed) by robbe (guest, #16131) [Link]

Also good for tor users, I guess.

Firefox 8 released

Posted Nov 9, 2011 8:30 UTC (Wed) by job (guest, #670) [Link]

What does that even mean, "disabled by default"? Do plug-ins (sorry, "add-ons") need to be remotely enabled with some cryptographic signature for Firefox to run them? (I just hope it just doesn't mean "installation of addons is now more complicated".)

Firefox 8 released

Posted Nov 9, 2011 9:07 UTC (Wed) by ekj (guest, #1524) [Link]

It's been a problem that unrelated third-party programs being installed on the same computer, take the liberty of inserting add-ons into firefox, bypassing the normal restrictions. (only add-ons from user-approved sites are installed, and the user needs to explicitly click "Install" after having watched a dialogue warning about the dangers of untrusted addons for atleast 5 seconds)

For example, if you install a certain instant-messaging-crapware-program, you also get, at no extra charge, a firefox-addon that'll change your default search-provider to Yahoo, and set your homepage to a banner-ad-infested hell. (and it'll reset these two settings on every firefox launch)

Such addons --- i.e. ones that are not installed trough firefox, but merely present in the apropriate addon-directory, will now be disabled by default. (though you can still enable them in the addon-manager if you *do* want them)

Firefox 8 released

Posted Nov 9, 2011 10:52 UTC (Wed) by Cato (subscriber, #7643) [Link]

On Windows, Microsoft Office, Adobe Reader and quite a few other applications do this, and often they re-enable the addons/plugins every time the application is updated. Great that Firefox now addresses this.

Firefox 8 released

Posted Nov 9, 2011 13:02 UTC (Wed) by gidoca (subscriber, #62438) [Link]

Yes, it is. I wonder though how long it will take for application developers to figure out how to bypass this.

Firefox 8 released

Posted Nov 9, 2011 13:11 UTC (Wed) by Cato (subscriber, #7643) [Link]

Firefox is just scanning for installed addons when it starts up, I believe, so the addon would have to change Firefox's own files to fool it - probably possible but addons that do that are really crossing the line into malware and should be treated as such.

Firefox 8 released

Posted Nov 9, 2011 20:43 UTC (Wed) by gidoca (subscriber, #62438) [Link]

IMHO, changing the home page and default search provider at every start of Firefox is already well beyond the line to malware.

Firefox 8 released

Posted Nov 10, 2011 9:23 UTC (Thu) by job (guest, #670) [Link]

You just said "disabled by default" with many more words. The question remains what Mozilla can do to remedy this?

The only thing I can think of is to make installation really convoluted, perhaps require that several different changes are made, in sync, to undocumented file formats. A reasonably intelligent person would recognize this as a solution probably worse than the problem.

I'm slightly sad that not only is the release announcement made of these nonsensical PR bullet points, but they are repeated on news sites and blogs while no one understands what they mean. People do not seem to expect anything else anymore. Web browser development has been made more ivory tower-ish over the past few years and all that's visible on the outside is new window dressing every few months.

Solution is simple...

Posted Nov 10, 2011 9:48 UTC (Thu) by khim (subscriber, #9252) [Link]

The only thing I can think of is to make installation really convoluted, perhaps require that several different changes are made, in sync, to undocumented file formats.

Not really. You only need one such file - and you already have it: browser binary. Just sign the preferences file with some key unique to the browser build - and that's it. You will need to include keys for all previous officially released builds, obviously (to make it possible to upgrade), but this is not a big deal.

Sure, crapware developers may try to scan you binary to find embedded keys, but these schemes will be inherently fragile. Your goal is not to make something impossible but merely make something unfeasible, after all.

Solution is simple...

Posted Nov 10, 2011 17:03 UTC (Thu) by job (guest, #670) [Link]

I'd like to challenge that. Even if keys were unique for each build they are stored somewhere and a third party installer could just as easily extract them. You would need to obfuscate keys by hand at random positions for each release for this scheme to slow down a third party installer noticeably.

It amounts to a pretty standard copy protection scheme, and all of those are broken not very long after release. (By people who receive by pay by the way, defeating this installer would be worth money.)

This is not so simple.

Posted Nov 10, 2011 17:42 UTC (Thu) by khim (subscriber, #9252) [Link]

You would need to obfuscate keys by hand at random positions for each release for this scheme to slow down a third party installer noticeably.

Nope. We are talking crapware here, not malware. You only need to slow down it enough to trigger ยง 1201. After that point you don't have an example of crapware. It's clearly illegal malware and should be treated as such: it will be added to virus databases, etc.

This is not so simple.

Posted Nov 14, 2011 20:28 UTC (Mon) by job (guest, #670) [Link]

I see. I would never have thought that I would find EUCD/DMCA on my side some day, but what do you know...

Firefox 8 released

Posted Nov 10, 2011 10:13 UTC (Thu) by Cato (subscriber, #7643) [Link]

Plugins (binary code) are still separate from extensions (XUL code) in Firefox btw. The collective term is add-ons.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds