[funklebunkle]

> Apple does the very same thing.

I understand that Apple does everything in its power to make the life of developers miserable (such as requiring a Mac to be used for iOS development), but Mozilla were supposed to be the good guys on the web.

[zaarn]

I think you misunderstood there.

Apple's primary aim by limiting the access to the store isn't to make devs miserable, it's to have users trust the app store.

Mozilla's aim is (likely) the same. If a user finds an addon in Mozilla's addon store, then Mozilla wants the user to fully trust that this addon will not violate their privacy in unexpected ways or install malware on their computer or otherwise interfere with them.

Similarly, Apple spends a lot of money on making sure the PR image of the app store is clean. People should be able to fully trust Apple's app store, in Apple's opinion.

That doesn't mean there won't be addons you don't like, it just means that malicious behavior is not allowed. If the user doesn't like it they can remove it without consequence.

[SilasX]

But what about the whole "give users control of their machines again"? What if I have an extension originating elsewhere -- say, because I'm a sympathetic person Mozilla claims they encourage learning to code -- and I want to bypass the usual protections.

They still won't let me install it.

[zaarn]

You can install it if you use the developer edition or unbranded version, this is fairly well documented.

[SilasX]

Sure, if you're willing to forgo the updates and have to manually install each time, or have the updates convert you to the branded version:

https://blog.mozilla.org/addons/2016/07/29/extension-signing...

(Good luck compiling it yourself.)

[zaarn]

I compile a unbranded version of Firefox for each released version on my private repository for AUR packages, automated and without the need of intervention at all.

I'm currently running the branded release but I could pick unbranded, beta, dev or nightly editions of Firefox if I wanted. It's not hard to automate and especially with the unbranded version you have permission to distribute the binary that results, a permission you don't have with the branded edition.

You can also use the Nightly or Developer Edition of Firefox as well.

[SilasX]

Yes, you could. What about the person Mozilla claims to want to get into coding? They have to choose between getting the regular updates vs being able to tweak their addons.

And do you plan to set that all up in the middle of your workday when a forced update disables your extensions?

[PhasmaFelis]

It is not reasonable for a user-freedom-oriented browser like Firefox to require you to install a separate version to install unsigned extensions. Hiding it in about:config behind a "this is dangerous, are you sure" warning would be the right thing to do here.

[zaarn]

I think it's fairly reasonable for a user-freedom-oriented browser that also markets itself as a safe and fast alternative to Google Chrome. This exists to some extend to protect users who will click on any button as long as it makes them able to do what they want no matter how dangerous (which is, for example, why HSTS doesn't have a "Add Exception" button).

Mozilla focuses on maximizing the user's freedom to browser the web without being hindered by harmful addons.

And at the end of the day, Firefox is a Mozilla brand, using the Firefox browser associated with their Brand means to some extend that Mozilla will want to ensure that the average user has a certain experience with that brand. The average user is perfectly fine not installing unsigned addons, which is arguably something the more advanced and above average user might want, who has the full freedom to use a edition of the browser that is explicitly marketed to them, no?

[1024core]

> Mozilla's aim is (likely) the same.

Nothing prevents me from compiling my own binaries and running them on my Mac.

But the issue here (AFAICT) is that Mozilla won't even let you sideload your own stuff on your browser. This is horribly broken.

[dralley]

>But the issue here (AFAICT) is that Mozilla won't even let you sideload your own stuff on your browser.

There's no way to allow that that doesn't also allow crapware / malware installers from injecting stuff into Firefox.

[zaarn]

You can install unsigned or foreign-signed addons, you simply need either the developer editino or you use a unbranded version of Firefox (ie, any Firefox binary that isn't branded for Mozilla). It's a compile option.

[yholio]

>That doesn't mean there won't be addons you don't like

But it certainly guarantees there won't be any apps Apple doesn't like and haven't paid the appropriate fee.

It's incredibly naive to think the primary reason for Apple is trust and security. At least as far as their mobile ecosystem is concerned, their control over what the user can run is a major revenue source.

[zaarn]

You are aware there is a difference between "primary" and "only", yes?

I'm not saying Apple's intent is pure but there is a primary driving factor behind it, that to my knowledge, seems fairly pro-consumer. Doesn't mean it has other, anti-consumer motivations.

[yholio]

Let's see if I got the hang of this: The average iPhone user can only install software approved by Apple, and their primary motivation for that setup is an anti consumer one.

[Mindwipe]

> Apple's primary aim by limiting the access to the store isn't to make devs miserable, it's to have users trust the app store.

It really isn't. It's to prop up their own services through anti-competitive blocking, to maintain a level of terrifying censorship, and to rent seek on what remains.

[zaarn]

That is a good side effect for apple but it's not the primary aim/goal of controlling the app store. They already control the ecosystem by virtue of not allowing sideloading easily so controlling the app store serves little additional effect other than cleaning it up and increasing trust.

It's still bad overall though.

[gamblor956]

Not sure where you are getting your information, as Apple has publicly stated to its investors that the first and last of those 3 were their actual purposes behind the restrictions on the app store.

[bigpicture]

> I understand that Apple does everything in its power to make the life of developers miserable

All XCode projects are automatically code signed on every build. If you have a developer membership with Apple, it uses a certificate issued by Apple. If not, it's just a locally-generated certificate.

If you use make or call Clang directly, obviously there is no signing process, but there is a command-line tool that you can use and integrate into your non-Xcode build process just fine.

[funklebunkle]

How do I run XCode on Linux? Or do I have to spend $2k on a machine that will only be used to run a single build? Speaking of, how do I integrate that mess with my automated build systems? Also, how can I get it to sign stuff without forking over $100 every year?