[Tobu]

Tab Mix Plus is explicitly mentioned as something they'll support: https://wiki.mozilla.org/WebExtensions#Additional_APIs

[wvenable]

Lets be clear; they won't be supporting Tab Mix Plus. They will be providing an API that might allow something similar to be built by someone. This is a good thing but nothing is guaranteed.

[brighteyes]

It's not guaranteed, but they said they are hiring people to work with addon developers to update their addons. It seems very likely Tab Mix Plus would be on the top of that list, since it's already mentioned as an addon they want to work in the new model.

[brighteyes]

The blogpost should have led with that.

A lot of the discussion here is based off of people incorrectly assuming addons like that won't work.

[the8472]

That still only covers extentensions that have already been invented.

It doesn't solve the problem of letting people tinker to discover the need for a new API in the first place.

[brighteyes]

You can still tinker when building firefox from source.

I agree it's not as convenient as the default builds being open to such modding, but that's the point - the default builds should be safer because 99% of users don't tinker.

[the8472]

So it's ok to make life harder for 1% so the 99% have it easier?

And why make it "safer" for the 99%, considering they have been able to live with the current situation for years?

Shouldn't things be improved for everyone?

And aren't those 1% that tinker those who provide new stuff to the 99%?

[pcwalton]

> And why make it "safer" for the 99%, considering they have been able to live with the current situation for years?

It's hard for me to read this comment as anything other than "browser security is fine and people shouldn't bother trying to improve it".

[the8472]

Well, fixing security bugs obviously is necessary. But that doesn't mean that features should be thrown out of the window in the name of security.

And I was mostly referring to mozilla's tendency to nanny its users.

For example the argument for extension signing is that users can't decide for themselves what to install. And that even side-loading from the operating system would be too dangerous because some users could get tricked (in my book that's a people problem, not a software problem).

And again, the argument for whitelisted, locked-down APIs for extensions is security, that giving extensions the same powers as native applications (which don't have to be signed) is unacceptable. Again, reducing features in the name of security.

Fixing privilege escalation attacks and nannying users so they don't apply foot-guns are two quite separate approaches to security in my opinion. Especially since the latter is onerous on powerusers while the former is not.

The restrictions weren't necessary in the past, the situation was clearly good enough for millions to start using browsers. Why is it necessary now?

[brighteyes]

> So it's ok to make life harder for 1% so the 99% have it easier?

Generally speaking - yes.

Making a browser safer for 99% of people might be worth making the experience of 1% a little less flexible.

Unless you can find a solution that makes 100% of people happy, we will always have such tradeoffs. And so far, no browser has found such a solution for addons.