Hacker News new | ask | show | jobs
by notnarb 3804 days ago
While I would agree that these changes are unfortunate for this specific use case, I do believe there are at least two workarounds for you:

1) Creating an AMO account and running the command line "jpm sign" tool yourself. This requires a bit of overhead per each new addon you want to make modifications to, but the actual signing of unlisted addons (which is entirely automated) had been fast and mostly painless in my experience.

2) Using Firefox Aurora/Developer Edition as your main browser and relying on its automatic update mechanism.
2 comments
dstillman 3804 days ago
No need to use Developer Edition. The unbranded builds of Release and Beta will have an update mechanism too.

They'll be en-US only, though, so if you want a non-English interface, you're out of luck.

link
kbrosnan 3801 days ago
If you want to use a non-English interface you would install the langpack for example https://ftp.mozilla.org/pub/firefox/releases/44.0/win32/xpi/ you would need to navigate the ftp to match your particular install.
link
superkuh 3804 days ago
What's going to prevent malware authors from making a bunch of AMO accounts and signing their malware if it's so easy and automated?
link
notnarb 3804 days ago
(I do not work for Mozilla so this is speculation):

As far as I can tell, side loaded extensions require a full, non-automated, review http://i.imgur.com/r070Grv.png and it wouldn't surprise me if side-loaded extensions were the worst offenders.

Upon discovering a malicious extension, Mozilla could look through all extensions they've signed and blacklist (https://addons.mozilla.org/en-US/firefox/blocked/) all extensions with a similar signature similar to how some anti-malware databases work.

There is probably not all that much stopping you from writing a malicious extension that passes the AMO automated review (example: https://addons.mozilla.org/en-US/firefox/blocked/i1058), but the cost for malware writers is going to be significantly higher since it will be far easier for Mozilla to shut them down via their blacklists.

link
yuhong 3804 days ago
I think Mozilla can block the accounts and blocklist the add-ons.
link