It's over. no unverified addons even with override landed on beta

You are a complete idiot if you truly believe that.

Addon signatures are useless anyway.

>I want Mozilla to dictate what I can and can't use
I changed my mind, you're just a cuck.

The regular user should be protected from it, but power users shouldn't be forced not to use something when they fully understand the risks of doing so. They're effectively locking everyone out of using them, not just protecting normal users. That's not okay, with anything.

Yeah, you are right. It should be an about:config override.

>It should be an about:config override
Problem is that malicious software would just edit the about:config settings and then install their add-on.
That's the same reason they had to remove the about:newtab URL from about:config because malware kept hijacking the value.

Install the signed copy you fucking retard.
addons.mozilla.org/firefox/addon/ublock-origin/

>inb4 muh beta builds
They are signed too.
addons.mozilla.org/firefox/addon/ublock-origin/versions/

>can't wait for a shitstorm it would cause in stable
This shit has been in stable for a while now.

Firefox without addons is fucking worthless. Maybe Mozilla has forgotten what made people choose them in the first place. This is what happens when you fire a compete person just because he didn't like homos. Instead you have incompetent sjw making retarded decisions.

But no extension worth your time is still unsigned…
Extension signing has literally no negative effect on 99.9% of users.

Then there's no way around it. The best option is signed add-ons.

I have an above-average number of extensions for Firefox and they've all been signed for months already.

...

>The best option is signed add-ons.
Yep. It's the least bad option there is.
And besides, 3 out of 5 flavors of Firefox still support unsigned extensions.

Only Firefox and Firefox Beta cannot install unsigned extensions.
Firefox Developer Edition, Nightly and Firefox ESR still support unsigned extensions.
So if you need some special snowflake extension by some autist that refuses to get their shit signed, you still have plenty of options.

itt: babbies without selfmade-addons

Mozilla is now the admin of your browser. You are slaves.

>it's over.
Just use the fucking Developer version.

>itt: babbies without selfmade-addons
You can sign your self-made extensions.
They don't even need to be on AMO – you can get self-hosted extensions signed.

Malicious software could also rewrite Firefox's binary so that it allows for overriding via about:config

>claim to be an extension dev
>don't use developer edition or nightly where there's an override option

If the malware has that kind of power/permission, you have far worse problems and it doesn't need Firefox as a vector anyway.

Then the entire application wouldn't be signed and it would throw up a warning message on first run.

So why doesn't that apply to the about:config?
>OS allows unsigned binaries to run
How about that

And so it begins, The journey to find a new browser.

this famalam

NVM I see now that OP is retard

>So why doesn't that apply to the about:config?
Because about:config stuff can be changed in the user.js file which is basically just a text file and can be easily modified by "light" malware.
If you have the kind of malware that could modify the Firefox executable (without it freaking out and/or you noticing) you are fucked either way and it doesn't need Firefox at this point.

>about:config is insecure
Option one: add in some sort of security for it
>about:config can be trusted again
Option two: acknowledge it's insecure and do nothing about it
>about:config not only can't be trusted, but can be modified freely by "light" malware and change users' settings without their permission

The problem is basically plebs.
They install some fucking toolbar or whatever that changes their homepage and they're like HURR DURR Firefox sucks it changed my homepage ALL BY ITSELF and I DID NOTHING.
Plebs are the reason we can't have nice things.

The way the original addons works it's not really possible to secure about:config against them. The original addons basically become a part of the browser when they're loaded, complete with all the same permissions as the browser. It's basically running everything as root. The original addon API was made before modern security practices were well established. WebExtensions will improve things but that's going to come at a later time.

Signing shitstorm would be nothing in compared to webextension switch. They need multiyear buffer to phase out XUL

They're already phasing it in on nightly I think. The API isn't finished yet but Mozilla is already recommending devs use it where possible.

blog.mozilla.org/addons/2016/04/29/webextensions-in-firefox-48/

This might be a bit too old-school for the current culture of "everything is an app" but what happened to "don't run things you don't trust?" If people would still do that, they wouldn't need to rely on the trust of others to determine whether or not the program they were sent should be run or not. We've made everything so baby-proofed that no one can trust themselves and we need developers to hold our hands, even if we know that the extension our friend just made is safe without waiting for approval from Mozilla

Use Developer Edition or Nightly.

>Problem is that malicious software would just edit the about:config settings and then install their add-on.

Solution: get rid of about:config.

WE CHROME NOW, BABY.

WebExtensions isn't just for security though, that's part of it but the other part is providing a stable API that addons can safely rely on for the foreseeable future. Right now with the current system the addons are just hooking directly into the internals of firefox, it works but if Mozilla changes something interally that the addons are relying on it can render those addons useless. This is why e10s has taken as long as it has, e10s is a huge change to the internals of firefox and it requires a lot of cooperation with addon devs. Since all these addons are going to break anyway Mozilla is using this opportunity and establishing a proper API for them to use. After WebExtensions land there shouldn't be as many broken addons after updates. It also means they can eventually swap out gecko or servo. As long as the externally facing API remains the same it doesn't matter what the internals of firefox looks like.

Time to move to Waterfox.
Just earlier today I read something about "Brave" by some devs of Mozilla that got pissed and left, haven't checked it out yet tho, might be worth looking at.

>brave
A browser made in JS?! I don't see what could go wrong.

Does chrome have NoScript or something equivalent that can import my 6 year old whitelist? I refuse to not use it and some equivalent of Adblock Plus easylist + element hiding helper

uBlock Origin and uMatrix. Use Chromium instead.

Thanks bruh

If you're a dev you're using developer edition anyway. Right?

people not using icecat

Will this affect SeaMonkey? If it does, will I still be able to convert Fx addons for it?

also it seems to be based around the illogical idea of blocking ads while still somehow giving content creators a way to profit, which makes no sense, since you can't do that without creating a whole new type of revenue generation, not by writing a browser

I am though.

reminder: if you're using icecat + non foss addons you're using it wrong

gugle chrom