1. 12

    I gave up after a few minutes. These DTKs exist so that developers of all the apps he complains about can be ported. Why review beta OS on Beta hardware and say at this point that the situation is bad. Of course it is bad - nobody has dine the work yet.

    1. 1

      Fair enough. I originally had much higher hopes for the DTK and do understand the purpose of them. I thought that it was going to be a much different video than what it turned out to be. However, it is what it is for now. I spoke to the community about my findings and they still wanted to see the video.

      1. 4

        Based on the demo, I would have expected Rosetta to be able to run every app as is. These are early days though, so I’m not really concerned.

        I am really curious how people will manage docker images. Are they going to start building all their images to support arm & amd64? Or will people prefer to use cloud servers that run on arm? Or will this be enough to convince people to switch away from Apple Laptops for development work?

        1. 5

          If you look at the DTK release notes, they document an issue with page size support in the DTK hardware only, which will not exist in the final hardware, and which prevents Rosetta from running apps which expect to do memory protection operations on 4K pages. This includes just about any App that relies on JIT compilation - this means browsers and Electron apps of course.

          They were apparently not exaggerating about the bit about the DTK not being representative of final hardware.

          Re: Docker, well, you could run an x86-64 Linux VM inside Qemu on an aarch64 Mac…

          1. 4

            The wwdc architecture talk said that the Rosetta on the DTK has page size restrictions, so some uses of mmap, etc fail.

            Mono’s JIT runs under Rosetta once they recompiled with 16k page support

            1. 2

              It’s really interesting. So, the default included Ruby version is 2.6.3 and it is Universal.ARM based. However, when installing Ruby from ASDF, it was Intel based. So, we could probably keep developing using a version manager Ruby install if it is going through Rosetta.

              The whole docker issue will be up for debate. I bet we’ll be able to run x86 docker containers and things will work as if we were on an Intel processor. Things might just be a bit slower. From a consumer of a cloud service perspective, I just don’t see the benefit right now to using ARM. I’m sure we’ll get to a point where it is a viable option, but currently, it’s no cheaper than x86.

              Lately, I’ve been considering going back to Windows/Linux for my development machine. Haven’t moved on this though as my current rig still has plenty of years left.

        1. 1

          Does meta work now? Last time I tried it I could not make it work for Emacs.

          1. 1

            git ls-files is a nice trick that I did not know of

            1. 3

              If anyone’s got any spare 5 1⁄4-inch floppies, let me know, because now I’ve got two whole slots for them (this is actually a serious inquiry, please tweet at me!).

              I have some bad news for you: floppies degrade over time. When I was poking an Apple IIe about 15 years back, a bunch of my disks from the 80s and early 90s already had corruption.

              IIRC, there are ways to store them to minimize degradation, but the most comon ways of storing them were really bad.

              edited to add: There are plenty of Apple II disk images out there (the asimov.net apple section is pretty remarkable). It may well be more profitable to get a Raspberry Pi to interface with your Disk II controller, translating from images.

              1. 2

                Most of my floppies from the 80s still work fine.

                1. 1

                  My Amiga DD floppies do.

                  HD floppies on the other hand are mostly unreadable by PC FDCs. And not usable anymore. I needed to write a bunch recently from disk images, went through old ones, about one in 6 did format, write and verify. I have a large stack of bad floppies from attempts.

                2. 2

                  My C64 disks are in my parents’ (unconditioned) attic. Bet they’re in real pretty shape.

                  1. 2

                    Hey, at least you still have them.

                    One time several years ago, my parents were cleaning out their storage room. They came across a box full of old Commodore 64 and 128 software. Knowing my soft spot for retrocomputing, they asked me what to do with it. I was pretty sure our old Commodore 128D we’d had was somewhere nearby, so I told them to keep it unless they couldn’t find the 128. They never did find the 128, so they threw it out.

                    I remained half-convinced that they still had it somewhere, though, and much more recently, I was visiting them and we found the 128 in a box in the shed in the back yard. I’m not sure I have ever felt such intense regret at being proven right.

                    1. 2

                      About 27 years ago, when I was 12, I wrote an Apple II program in assembler that I was inordinately proud of. My mother and I planned to sell it, and she made sure I kept frequent backups. It never went anywhere; after all, that was the year that the Apple IIe was discontinued (though I didn’t know that until much later).

                      Then a couple of years ago, feeling nostalgic, I wanted to look back at that project. I called my mother to ask if any of our old Apple II disks were still around. They had all been thrown out, on the assumption that we had moved on.

                      To be fair to my parents, in several of the intervening years, I didn’t care about that old stuff any more than they did. I really had moved on. But now I wish I could look back at some of that old code I wrote.

                      1. 1

                        Never, ever trust family with your old computers and media. You should have taken them with you.

                        If any of you has a bunch of floppies or computers you care about at your family’s place, ensure you get them on your next visit. You’ll be lucky if they are stil there. Priorize the data, as computers are somewhat replaceable, but data is not.

                        1. 1

                          Oof. That sucks. At least in my case the discarded disks didn’t represent the loss of anything I had created personally (I’m a bit younger than you, so my memories of the Commodore consist mainly of playing Space Taxi and Montezuma’s Revenge until we got a PC), but because the machines and all those disks were originally my dad’s, it would’ve been an interesting time capsule.

                      2. 1

                        Just ensure you imaged the important ones.

                      3. 1

                        Is it degradation of the data or of the medium? I mean, okay, over time the magnetic surface enters a high-entropy state, losing data in the process, but that’s nothing a good old reformat isn’t supposed to resolve on floppies, making them - in theory - reusable.

                        1. 1

                          I’m not an electrical engineer, so take all this with a grain of salt, but: both.

                          Apple II disks are actually more resilient against data-loss than, say, the high-density 3.5” floppies that came later, just because larger bits means more tolerant to small changes in magnetism. But after 30 years, there’s likely to still be a fair bit of data degredation – and if your goal is to (e.g.) play vintage games, a reformat isn’t what you want to do.

                          But there is also medium degradation. Normal physical stuff (bending, dust, etc), environmental stuff (humidity, temperature fluctuations, etc), electronic stuff (magnetic fields including those from transformers and motors, static electricity, etc), and chemical stuff (oxide degradation, exacerbated by environmental factors) can all cause physical media degradation. Like any medium nowadays, there were also service lifespan issues: the more you use it, the closer to medium failure you get.

                          Some of the old disk manufacturers would say “30 year lifespan” or something similar. I suspect that was an exaggeration, or maybe a best-case scenario, since not many people expected floppies to still be in use 30 years later.

                          None of that is to say that an old disk is guaranteed to have failed. But the likelihood increases over time, same as everything else. And oxide-on-mylar is less durable than most of what we use today.

                      1. 8

                        Star Trek shuttle/ship names. Of course.

                        1. 4

                          They shipped an update yesterday that removes he SDK.

                          1. 2

                            Be careful - Turning a new project into a learning opportunity for your team can be the greatest mistake you make as an engineering manager.

                            It depends on the situation of course. But it is not a given that combining a new project with a new stack will result in success.

                            In my opinion There are better and less risky ways to broaden your skills and look beyond what you know today.

                            Never stop learning. Never stop moving forward.

                            1. 1

                              I couldn’t agree more. Encouraging your team to try a totally new language, framework or paradigm for an actual production project that has anything like a deadline puts all kinds of not particularly constructive pressure on the learners.

                              Better to have some kind of 20% time or such that’s scheduled but has very squishy metrics around deliveries, and encourage people to play with new stuff there where the consequences of failure are non existent.

                            1. 4

                              The Newton was a fantastic platform. I really enjoyed developing for it back in the day.

                              There was really nothing with that kind of operating system and application runtime that you could hold in your hand.

                              It ultimately failed but many of the ideas, concepts and people defined a long stream of innovation. Very similar to General Magic.

                              1. 0

                                Baby don’t hurt me. Don’t hurt me. No more.

                                1. 1

                                  https://stefan.arentz.ca

                                  Statically generated with Hugo and a slightly modified standard Hugo theme.

                                  I need to blog more often :-/

                                  1. -10

                                    You definitely seem to have ‘issues’ with this project and your V posts are heavily biased. How about instead of shooting projects down, contribute to them to make them better. That is more in the spirit of open source.

                                    1. 26

                                      I would, but I’ve been blocked from the V github repo with no option for appeal or reversal.

                                      1. 5

                                        Do you know what caused you to be blocked?

                                        1. 8
                                      2. 23

                                        The history of V so far has been pretty… interesting. Lots of marketing and sparse substance. It came across to me as frequently “snake oil” like.
                                        I think if it hadn’t have been so over-hyped and over-sold to start with, people would be a lot more accepting of shortcomings and date slippages.

                                        1. 12

                                          Also wasn’t the author notoriously aggressive with all his skeptics? O remember him attacking Andrew Kelley a whole bunch for calling out some of the wilder claims.

                                          1. 2

                                            Yup, I remember that too.

                                        2. 16

                                          Didn’t expect to see this comment here. I’ll post the same reply I have you on the orange site:

                                          It’s perfectly fine to critique without contributing. You’ll also notice this:

                                          I can’t open issues myself because I’ve been banned from the V issue tracker, or I would have already.

                                          Also this from their previous article on V:

                                          I hope this feedback can help make V a productive tool for programming. It’s a shame it seems to have been hyped so much for comparatively so little as a result. The developer has been hyping and selling this language like it’s the new sliced bread. It is not. This is a very alpha product. I bet you could use it for productive development as is if you really stuck your head into it, but as it stands I recommend against using it for anything.

                                          1. 12

                                            I also think that there is value in calling out false and)or overhyped claims. It’s not like this is a student’s first project or something similarly worthy of a gentle hand. It also isn’t like V is providing anything very unique.

                                          1. 3

                                            JavaScript :-/

                                            1. 12

                                              FWIW, I liked the PDF link you’d just posted better; as it didn’t require me to run nonfree JS to read the slides.

                                              1. 2

                                                apologies, the original link were the slides the speaker used to give the talk but there was a mistake which was corrected in the slideshare copy.

                                                1. 1

                                                  Ah, I see. I wish the speaker would fix their slides then. :)

                                                2. -9

                                                  Lol

                                                1. 1

                                                  After two decades of tcsh and zsh I am on fish. Which is amazing. It just works. I think the only thing I did was adding something to my path and change the prompt to include vcs info.

                                                  1. 3

                                                    We worked on this release for 4 years but we will not tell you what Haxe actually is.

                                                    Yes I could navigate to the website and explore. But if you know people are going to link to your release announcement m, why not spend 5 minutes on writing a paragraph that exPlains what your product does.

                                                    1. 2

                                                      To be fair, if you’ve navigated to the download page you probably already know what it is. It’s just that this Lobste.rs submission is a deep link. I don’t think this page is a “release announcement” as such.

                                                    1. 2

                                                      Of course they are. It is bad for their business if they cannot see your DNS.

                                                      1. 2

                                                        It is funny that this is downvoted. That is exactly the purpose of this kind of lobbying and messaging: turn the discussion around and away from Comcast abusing your data.

                                                        They are not innocent and their motives are profit driven. Don’t mistake Comcast to be a company that deeply cares about the health of the internet or individual user privacy.

                                                      1. 13

                                                        Maybe I am missing the point, but the slide in the article isn’t totally incorrect.. it will centralize a critical service that the internet depends on under the world’s largest ad company.

                                                        1. 7

                                                          Of course, it’s worth noting that, in 2017, ISPs lobbied Congress to make it possible to sell your browsing data without your consent.

                                                          “Either, they are doing something with this data today that is not transparent to users, or they are working incredibly hard to protect a future business model,” [Marshall] Erwin [senior director of trust and safety at Mozilla] said.

                                                          The attempt to monetize DNS traffic by ISPs is one of the biggest motivations for browsers to DNS over HTTPS, but such a solution does involve trusting a particular certificate authority, just as ISPs already do. Google provides their own DNS services, whereas Firefox seems to be using CloudFlare as the default option when users enable it. By default ISPs provide a default DNS server, and even if a user uses a custom DNS server, ISPs seem to be monitoring and monetizing the users browsing info on which domains they visit, as DNS is unencrypted by default. With encrypted DNS, only the DNS over HTTPS server can know which domains one visits.

                                                          1. 6

                                                            Yeah, don’t get me wrong, ISPs are up to no good, but I think their argument is still worth considering since giving near complete control to Google and Cloudflare is not the answer (IMHO).

                                                            1. 2

                                                              Tor (or equivalent) is the answer to ISP privacy-invasion concerns. not centralized DoH.

                                                              1. 4

                                                                Ok. So ignoring that the Tor network would break if everyone used it, and if everyone had relays & exit nodes the networks would be prohibitively congested, and running into the issue of ISP’s having asymmetric peering speeds, your suggestion for my privacy conscious grandmother is to run Tor?

                                                                1. 0

                                                                  Two things

                                                                  One, using centralized DoH services like Cloudflare/Google does virtually nothing for your privacy conscious grandmother’s privacy.

                                                                  Two, if you’re trying to imply that your grandmother is technically impaired, that’s irrelevant to Tor. Downloading and using Tor Browser is as easy as downloading and using any third-party browser, Chrome included.

                                                                  1. 3

                                                                    One, using centralized DoH services like Cloudflare/Google does virtually nothing for your privacy conscious grandmother’s privacy.

                                                                    A. I said literally nothing about DoH.
                                                                    B. That’s not true.
                                                                    It’s absolutely not a perfect solution, but its (largely) eliminating an entire set of actors who have pushed forward legislative rollbacks of consumer protections and is actively monkeying with dns resolution. If you don’t like google or cloudflare you also have the option to change the provider (you an even host your own). Its a deeply flawed system as it stands now but its an improvement to the previously deeply flawed system.

                                                                    Two, if you’re trying to imply that your grandmother is technically impaired, that’s irrelevant to Tor. Downloading and using Tor Browser is as easy as downloading and using any third-party browser, Chrome included.

                                                                    Question: My grandmother watches Netflix regularly, do you support the idea of her being on Tor doing this?

                                                                    To be clear. I think Tor is invaluable, and donate to both Mozilla and Tor regularly. But I think the maximalist position of privacy and security is actively harmful if it blocks incremental improvements.

                                                                    1. 3

                                                                      Its a deeply flawed system as it stands now but its an improvement to the previously deeply flawed system.

                                                                      It’s not an improvement. Sending all your DNS queries to Google just gives Google more data. It doesn’t prevent Comcast from knowing what websites you’re visiting. It makes a bad problem worse.

                                                                      Question: My grandmother watches Netflix regularly, do you support the idea of her being on Tor doing this?

                                                                      Obviously not, but using DoH doesn’t prevent her ISP from knowing when she watches Netflix.

                                                                      But I think the maximalist position of privacy and security is actively harmful if it blocks incremental improvements.

                                                                      Criticizing DoH for its ineffectiveness at its stated goal is not a “maximalist” position.

                                                              2. 2

                                                                We wouldn’t be forced into this shitty dilemma if Ajit Pai didn’t made it clear ISPs have nothing to fear by selling customer data. Of course, if we had actual competition in telecoms by forcing telecoms to open their networks like in other countries, then consumers might have some choice.

                                                              3. 2

                                                                This isn’t completely true. SNI(over HTTPS/TLS) means that anyone watching the first bits of any/all HTTPS traffic can see it as well. DNS over HTTPS does nothing for this, and ISP’s can keep on collecting who/what/when/where.

                                                                1. 4

                                                                  Even ignoring this, the IPs you are connecting to are still in the clear.

                                                                  1. 3

                                                                    Firefox supports eSNI (not enabled by default yet) that encrypts SNI and the certificate, so ISP can only see the IP. And if the IP belongs to a large CDN, that tells them very little.

                                                                2. 1

                                                                  As far as I can tell Google and Firefox aren’t looking to centralise DNS into their control through this push of DNS over HTTPS, rather they are adding the support for DNS over HTTPS into their applications so if the users designated DNS server supports it their application will use it.

                                                                  1. 1

                                                                    The point that you are missing is that Comcast or any other big company lobbying will say anything as long as it serves their goals. Their goals are not to make the world a better place. Their goals is to stop things from happening so that they can keep using DNS to spy on you and turn that into a revenue source and please their shareholders.

                                                                    1. 1

                                                                      That point is not lost on me, I’m not sure why you assumed that it was. The point you are missing is that their argument in the slide from the article is not wrong. The motivation they have for pointing that out doesn’t automatically invalidate their argument.

                                                                      Ideally there would be a solution that 1) prevents ISPs from spying on customers and 2) doesn’t consolidate DNS under the world’s largest ad company (because what could possibly go wrong with that? /s)

                                                                  1. 17

                                                                    I’m sad that every thread about Firefox turns into a complain-fest. It is a 28 million line product. It is hard to please everyone. Accept that it is not perfect and please don’t feel entitled that your bug must be catered to. It is a product with 100s of millions of users, hundreds of developers and dozens of teams. If it were simple to fix all the bugs and satisfy every request, it would be done. Really!

                                                                    1. 3

                                                                      I love constructive feedback and productive discussions in bugs. Please.

                                                                      1. 1

                                                                        I’m sad that every thread about Firefox turns into a complain-fest. It is a 28 million line product.

                                                                        and you jump straight to criticism too

                                                                        1. 6

                                                                          Yes I criticize the tone of the discussions.

                                                                          1. 6

                                                                            I think the joke was that 28 millions lines of code is a ton of code for a web browser :)

                                                                      1. 5

                                                                        Friendly warning to anyone manually updating, Firefox will trash any settings you have regarding updating. So if your machine is set for manual updates, and you install Firefox 70, it changes to automatic updates. Mozilla refuses to fix this:

                                                                        https://bugzilla.mozilla.org/show_bug.cgi?id=1576400

                                                                        1. 22

                                                                          Firefox works fine when managed by, for example, a Linux distribution’s package manager. This necessarily means that the auto updater is disabled. So this use case is handled fine. It’s also open source and Mozilla is non-profit, so I’m not sure why you’ve chosen Firefox as your evil straw man. Your bug report is not productive and your childish antics have only wasted developers’ time, who have plenty of actual work to do.

                                                                          1. 2

                                                                            I think the bug report is legitimate, as are the explanation, resolution and workaround that have been provided. You reply seems unnecessarily harsh to me, though I agree the submitter accepting the Firefox response would be appropriate.

                                                                          2. 18

                                                                            Tbh your behaviour on that bug wasn’t really acceptable. When a maintainer closes an issue please don’t re-open it simply because you disagree. As for the “bug” itself, you were given two possible workarounds. Yet for some reason you still expect developers to spend their time catering to your very obscure edge case.

                                                                            1. 9

                                                                              Thats interesting framing.

                                                                              They broke the feature. Its not me asking for something new. Its me asking them to restore the previously working behavior. Before, if you wanted to permanently disable updates, you just go into about:config and toggle, and done. Now you have to manually create a JSON file, a file which is removed the next time you manually update. Just because you call it “very obscure edge case”, doesnt make it so.

                                                                              I imagine, especially in Lobster community, and especially in the current environment of well deserved distrust with tech companies, that its not as obscure as you think or hope it is.

                                                                              LOL just checked your bio:

                                                                              Engineering productivity at Mozilla

                                                                              https://lobste.rs/u/ahal

                                                                              1. 10

                                                                                There is an XKCD which is precisely applicable to your situation.

                                                                                Your use case is an edge case as far as the Mozilla developers are concerned & since it’s a tiny, tiny minority of users that are relying on it (i.e., you) then the rest of the userbase comes first. Consider yourself fortunate that the mozilla developers were kind enough to tell you how to do what you want to do in future.

                                                                                This is the price of using a piece of software with millions of users in a unique fashion I’m afraid - your use case is never going to trump those millions of users.

                                                                                1. 11

                                                                                  You seem to be under the impression that there’s a smoky back room at Mozilla HQ where they twirl their mustaches and cackle about how they’re deliberately taking away your freedom. Admittedly it’s been some years since I worked for Mozilla, and I was A) remote employee and B) didn’t work on the browser, but if there is such a room I certainly never heard about it, let alone got invited to go see it.

                                                                                  And what I think from reading that bug report is that you used a feature (the distribution directory) for a purpose it wasn’t intended for, and then were unhappy when it behaved as documented, because it turned out not to support the use case you want. Your use case is apparently very important to you personally, but that doesn’t mean it has to be important to them, or that they have to support it. They have the freedom to decide not to support your use case; you have the freedom not to use their software. And in fact you’re better off than you’d be with some browsers, because you also have the freedom to grab the source, modify it to suit your use case, and use and distribute your fork. But you don’t and never will have a right – moral, legal, or otherwise – to force them to support your use case.

                                                                                  1. 4

                                                                                    You seem to be under the impression that there’s a smoky back room at Mozilla HQ where they twirl their mustaches and cackle about how they’re deliberately taking away your freedom.

                                                                                    That is a strawman.

                                                                                    Changes like this always have a reason. Usually, someone runs a study, or reviews a retrospective, and finds that like 20% (I don’t know the number, but I’m sure I could find it if I looked) of Firefox users had auto-updates disabled by some adware installer or whatever. And the only way Mozilla knows of preventing other software running on the same Windows machine from changing a setting is to hardcode it into the executable, where the Windows code integrity system will ensure it doesn’t get changed.

                                                                                    That doesn’t change the fact that the solution here is removing power from the end user in ways that are frequently quite harmful. I’m pointing directly at Page Translator here. That kind of “collateral damage” is extremely messed up.

                                                                                    Hard-coding auto-updates into the EXE probably isn’t that bad (running an outdated browser with known CVEs on the Internet is just stupid). Neither is the whole practice of shipping a blocklist (obviously, allowing the blocklist to be disabled in about:config, where adware installers can change it, would completely defeat the purpose of the blocklist). The fact that it ended with an add-on that clearly isn’t adware getting blocked, on the other hand, is a scandal.

                                                                                    1. 7

                                                                                      I read the Bugzilla bug linked from that post, and it appears that there was a policy change from “side-loaded extensions can execute remote-source code” to “they can’t”.

                                                                                      I have a hard time seeing that as “a scandal”. Especially given how many times we’ve seen the pattern of an extension/add-on that used to be safe and gets taken over by an entity who abuses the extension’s privileges to do malicious things.

                                                                                      So it seems there’s been a decision that nobody gets trusted to execute remote code from an add-on, and while there are certainly going to be examples like the translator add-on that intuitively feel like they should get special exceptions to that policy, special exceptions for the “good” add-on authors don’t scale.

                                                                                      Meanwhile, the “freedom” arguments almost always really boil down to demanding that someone else write software in a way that the “freedom” supporter prefers. And I don’t see any principle of software freedom which supports forcing other people to write the things you want.

                                                                                    2. 4

                                                                                      You seem to be under the impression that there’s a smoky back room at Mozilla HQ where they twirl their mustaches and cackle about how they’re deliberately taking away your freedom.

                                                                                      You missed last week’s meeting, BTW.

                                                                                      1. 3

                                                                                        We mostly talked about you and then assigned all the bugs to you. This is what happens when you miss a meeting.

                                                                                    3. 7

                                                                                      As an industry, the risk of users being on outdated versions of software is huge. It is prudent to take measures to auto-update and ensure that users are on the latest versions of software to reduce this risk. An inconvenience to you is a huge boon to me, and the industry as a whole.

                                                                                      1. 4

                                                                                        Thats a false choice. If a user understands the consequences, and is warned loud and clear before making this type of change, they should be allowed to do so. Thats why sudo exists and UAC on Windows.

                                                                                        1. 4

                                                                                          TBH users been trained to click “Allow” and “I Agree” until the dialogs go away.

                                                                                          Those decisions such as enabling auto-updating to everyone are based on statistics. They are much more likely to help than to hinder. Just displaying a dialog box is not enough these days.

                                                                                          I too would like if it was simple toggle somewhere in settings to disable updates, but Firefox is a more complex project than people realize and there is a ton of checks, balances, and teams working on different aspects of what is in essence a little virtualized operating system with a poor choice of view model for apps.

                                                                                          I understand why you’re frustrated, I have my pet bugs too. The good thing is that you can change stuff, you can engage in constructive dialog and send a patch. And like everyone, you need to be prepared for the team who develop that app not to want your patch or feature.

                                                                                          The good news is that even if they don’t want that feature, there is nothing stopping you from building your own build at home or forking. Still, I’d think that if you’re forking because you don’t want auto-update because you distrust big tech, then how the hell do you expect a single person to maintain security updates for a browser? I think auto update is really good and brings in a ton of fixes in.

                                                                                          1. 2

                                                                                            That’s a bad analogy. You should probably thinking about how the browsers that come with Windows get updated. Mozilla needs to weigh multiple issues and stakeholders here. It does not serve them well to cater to edge cases which significantly increase risk.

                                                                                            This is also not a user “rights” issue like your language suggests. Your rights are to take the open source code and make your own build if what Mozilla provides doesn’t work for you. Your time might be better spent looking at the overall update space and lobbying for solution that gives you more of what you want while aligning to the high-level goals of Mozilla.

                                                                                          2. 3

                                                                                            I don’t think users end up in about:config without meaning to and accidentally turn off automatic updates. Mozilla’s response to this issue seems silly, since they should never have removed the about:config switch in the first place. At the same time, Mozilla’s decision to remove the distribution directory seems to positively affect a large number of non-technical users who would receive a custom copy of Firefox (maybe alongside another piece of software) and then try to install vanilla Firefox.

                                                                                            Good for non-technical users, bad for corporations trying to unify rollouts of software updates. Users like @cup are probably insignificant to Mozilla in making this decision (as they represent a very small vocal minority of the Firefox userbase).

                                                                                            1. 8

                                                                                              I don’t think users end up in about:config without meaning to and accidentally turn off automatic updates.

                                                                                              Third-party software, installed on the same computer, does that. A lot of the blocked add-ons have block descriptions like “overrides search behavior without user consent or control”. Because it’s adware.

                                                                                              I’ve seen people get infected with that kind of thing; it comes bundled with another application that they installed. If it’s in about:config, then the third-party installer can just change it. If it’s hardcoded in the EXE, then the app can’t change it without re-signing Firefox, which will get their signing key revoked by Microsoft and Apple, and likely get them sued by Mozilla for trademark infringement.

                                                                                              1. 6

                                                                                                That’s sneaky. I guess the fact that I wasn’t aware of that goes to show that Mozilla had more of a point here than I thought they did. Thank you for informing me.

                                                                                                I know that sandboxing on the desktop would solve this particular problem, but I’m afraid of the consequences of that on software development and particularly people learning to code. It’s pretty difficult to be exposed to real-world programming on a locked-down mobile device.

                                                                                                1. 1

                                                                                                  I don’t think that’s a problem.

                                                                                                  • There are perfectly good ways that an operating system vendor could allow users to turn off the sandbox without allowing arbitrary applications to do that. I particularly like the Chromebook method where you use a literal jumper on the motherboard to switch it off; it’s really just a skewmorph, to make sure the human understands that they’re doing something to their computer at a low level, but it seems effective enough.

                                                                                                    Unfortunately, Mozilla’s attempt to ship an actual operating system didn’t go anywhere, so they never got the chance to implement anything like that.

                                                                                                  • Breaking out of the sandbox is really only necessary if you want to do systems programming. I love systems programming, but most software is application code, and most of that is written with sandboxed systems like web-based JavaScript and spreadsheet macros in Excel. I can write that kind of stuff on locked-down mobile devices right now.

                                                                                              2. 1

                                                                                                Companies trying to unify rollouts of software is part of the problem. Many major malware incidents get investigated and the findings include well meaning administrators who wished to unify and manage updates - but, failed to update in certain situations.

                                                                                                We shouldn’t maintain the pretense that admins will get this right 100% of the time. They are people and they will fail. Their efforts are best spent elsewhere, including work to encourage devs to test compatibility, giving admins more of a stake in software acquisitions, etc.

                                                                                            2. 5

                                                                                              Thanks for reporting this behavior, and also thank you for pointing out the potential conflict of interest of the person who criticized you for the way you reported it. It’s really unfortunate that the Mozilla devs are optimizing for silently updating the browser and making it difficult for users to disable this behavior. If anyone is aware of a fork of Firefox that doesn’t do this, I’d love to hear about it.

                                                                                              1. 16

                                                                                                The initial report was fine, it’s the way they kept reopening that isn’t

                                                                                        1. 0

                                                                                          Wow that was really painful to watch.