Re: [FYI] the danger of extensions

From: Justin Stimatze <>
Date: Sat, 11 Feb 2006 23:54:47 -0800

Hash: SHA1

Well, I read the article and these responses and I definitely agree it's
a great topic. However, I believe the reaction is out of proportion with
the problem.

Sure, the article has some very valid points, namely, that Exts are not
held to the same level of quality as FF itself. But if we are concerned
about average users and their impression of FF as a product, then I
think it's important to consider how much poorly written software your
average person has installed on the average PC. So, although MS has
talked a lot about trusted code recently, it doesn't take more than a
few clicks of "Next/Finish" to bring a stable XP system down a notch
with common/popular software.

So, in the grand scheme of things, is Ext quality really that critical?
The fact that FF makes you wait a few seconds and requires an
installation whitelist means you probably think more about installing an
Ext than you would about a random chunk of software.

I really can't get behind the article's comment on differing version
numbers. If an extension is not compatible with a version of FF, it's
automatically disabled. If there's an update that would make it
compatible, it's automatically retrieved. And frankly, how many end
users even notice version numbers?

So, I think that it's something worth thinking about but not worrying
about. IMHO, of course.

- - J -

Brett Zamir wrote:
> That was an interesting article, thanks...One concern I didn't see
> specifically mentioned in the article is the security issue of updates
> as well as first-time installations...
> David Karger wrote:
>> I think this is the tip of an iceberg. Extensions arepopular because
>> they let us avoid a lot of the hassle of installing things in our OS.
>> But the reason they let us avoid the hassle is that they shorcut a lot
>> of the protections and access controls that an OS offers us. And the
>> reason the OS offers us those capabilities is that they get really
>> important when large numbers of components of different qualities need
>> to work together. If we only installed one or two simple applications
>> on our machines, we wouldn't need all the power of the OS. As
>> extensions get more and more complicated and numerous, we're going to
>> discover we want all those OS-type protections inside firefox.
>> Perhaps we'll turn firefox into an OS to compensate, get annoyed at
>> how complicated it becomes to "install" new extentions through those
>> protections, pick some popular extension that most people have running
>> in firefox, and develop a framework for installing
>> extension-extensions inside that extension, thus starting the whole
>> game over again.
>> Stefano Mazzocchi wrote:
>>> Found this via MozillaZine
>>> Food for thought.
Version: GnuPG v1.4.1 (Darwin)

Received on Sun Feb 12 2006 - 07:53:45 EST

This archive was generated by hypermail 2.3.0 : Thu Aug 09 2012 - 16:39:18 EDT