• Many Firefox browser addons just suddenly stopped working due to the expiration
    118 replies, posted
Maybe benign to you but not as benign as you seem to think for others. Majr, a few posts above this post, brings up a good point that affected quite a few users for example. And anyone such as myself who relies on addons such as uMatrix or NoScript to keep their computer more secure (I don't run scripts on any website that I not only explicitly trust but also needs it as well) was negatively impacted as well. You try to paint this as people just whining about not having their adblock while simultaneously blatantly ignoring the fact that ads have been a vector for malware for as long as they've existed. And in many cases not having access to Stylus, Tamper/Greasemonkey, or other functionality addons can directly have a negative impact on the usability of sites. And this doesn't go into the fact that this entire fuck up could have been easily worked around if Mozilla hadn't decided their users were incapable of responsibly using an option that works on dev builds. I don't agree that whoever's responsible necessarily needs to be fired but you're underselling the impact of the problem. Mozilla dropped the ball here quite badly on multiple fronts.
Just posted on their twitter: https://twitter.com/firefox/status/1124677072771665920
Is it only uBlock that's broken for you or are you still having issues with all addons? If it's the former then the only thing I could really suggest is completely uninstalling and reinstalling the extension. If it's the latter then you'll need to make sure that the "Allow Firefox to install and run studies" setting under about:preferences#privacy is enabled and maybe try restarting your browser afterwards.
I just got home after having this problem in the morning, it was fixed when I launched firefox. Try restarting?
No, I didn't, holy shit calm the fuck down and try to avoid inferring shit that isn't there. I know ads are a primary malware vector, hence why I brought up "anyone who cares will have moved to network based blocking by now", because relying entirely on your browser addons as a security measure is insanity. If you're not running a hosts blocker or something like a PiHole to blackhole malicious DNS entries you're not really properly protecting your network. NoScript or uMatrix are obviously quite good security measures, losing them is a problem. But most of the stuff you'd want them blocking would be blackholed before it even reaches your machine if you're committed to the cause. Losing things like Stylus and Tampermonkey sucks as they're genuinely useful, but it's not the end of the world to lose them for a little while. They're not gone forever. That accounts container thing is quite a fuck up, but it's not the end of the world. Thankfully I've not had any of my addons disabled as losing access to 1password would be a massive ballache, especially if I had something time critical to do. Mozilla fucked up here, there's no denying it. But the reaction some people are having is fucking ludicrous. Certificates expire, that's just something that happens. Be thankful that the default behaviour doesn't allow unsigned code to run when this happens, because that would be a shitload more problematic. Calling for the heads of whichever devs rolled out the update, or whichever platforms manager forgot to renew the cert isn't a good response to this problem. It'd be nice to know why they don't ship that option in stable, about:config is pretty awkward for a normal user to get around as it stands, but for power users it doesn't hurt to have it.
I've already enabled that setting and removed uBlock entirely, but now I can't even re-download it. I just get the message "Download failed. Check your connection." uBlock is the only addon that I'm having issues with.
Not everyone can afford such a setup. Raspberry Pis aren't horribly expensive but it's still more than plenty of people can actually afford to shell out. Not to mention that it's something outside plenty of people's area of expertise. I'm not a hardware person myself. I have zero experience with Raspbery Pis and very little knowledge of them, nor can I afford to buy one to screw around with it. And I'm admittedly not well-versed with them but I'm not sure all ISPs would even support them. My garbage ISP, for example, outright requires me to use their shit routers. So the actually decent one I have is totally useless here, for example. It's not the end of the world but usability is a huge factor in actually being able to use some sites. And with Tampermonkey in particular, for people who have serious eye issues it can be the difference between not being able to use a site because it's too harsh on your eyes and actually being able to use it without burning out your retinas. I have custom stylesheets on a lot of sites to help avoid eyestrain because I have really bad eyes and need to do what I can to avoid it. A number of sites I normally frequent were outright unusable for me until I could use Stylus again. (Actually I couldn't even use it through loading it as a temporary addon with about:debugging too for some reason. The addon loaded and saw all my stylesheets but for whatever reason it refused to actually insert them on any pages.) It's a serious issue for some people who make ample use of containers though. I've seen at least half a dozen incidents of people losing hundreds of opened tabs due to the issue. And then there's issues like Majr's that I referenced in my last post where there were bigger issues than simply losing the opened tabs. Many of the problems caused by this issue can be worked around but it takes time to work through the issues. Time that not everyone can afford. And not having access to those addons can negatively impact the productivity of their work, most notably for anyone who does web development or otherwise does significant amounts of their work on the internet. I absolutely agree with you on this. Shit happens and even if you're vigilant issues do occasionally crop up. Unless it's an issue that stemmed from someone being a lazy asshat I don't think they really deserve to lose their job over it. It sounds like it was a legitimate accident. The weird part is that the option actually exists on the stable branch. It just doesn't serve any function whatsoever. I could get it if it was something specifically added for the nightly builds but seeing as the option itself actually exists in stable, that doesn't seem to be the case. So they're going out of their way to disable it in the stable branch which is frustrating. While in rare situations like this it seems that the nightly builds would be to the benefit of users affected by issues like this, in general those builds have far more negative issues that would affect a general user so it's unfortunately not really an option for most people.
Fixed rolled out and my addons. If it's not automatically updating for you, you can try using this to force an update: https://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate%40mozilla.com-1.0.2-signed.xpi
Thank you! uBlock is finally working again.
Well, it started letting my stuff work again. But I guess i the process of trying the workaround with nightly, a lot of my addons got poofed. So that's been fun
While obviously I'm not happy that this happened, a lot of you all are overreacting. The entire system worked remarkably well. The addons stopped working without even a page refresh, best I can tell - and you do want them to stop working if the cert becomes invalid, because that's exactly what your browser would see if the addon repository were hacked. They got things working without needing to issue a full update, didn't even have to restart to get the fix. Sure, it made the internet pretty much unusable for me for about eight hours... but I slept through six of those, and I have a collection of locally-downloaded content for just such a scenario. Cert expiries happen. There's a good security reason for them to exist, and there's a good security reason to act the way Firefox did when it saw it. Pretty much every tech company has some sort of cert problem at some point. Others have mentioned large ISPs doing just that. I know Google's done it at least once, probably far more times than that. It's a fuckup when it happens but it's one of those normal-level fuckups. Appropriate level of anger is like a 3, not an 11. If anything, this proves that there is a serious problem with the internet. Addons should not be necessary - yet I, and many of you, discovered that without AdBlock or UBlock or whatever your preferred flavor is, many websites become unbearable. Had this affected only my other addons - a screenshot tool, a color picker - I would probably not even have noticed. The "best" corrective action would be for us as a culture to ditch the obsession with advertising. I am personally convinced that it's worthless, and have been for many years. At the very least, "personalized" ads are a fucking scam on whoever's buying them, even with all the data Google has on me, they seem to do worse than the untargeted generic ads I see. The only idea advertisers seem to be able to sell is their own services. But since that's not going to happen, I think the better solution would be to make adblocking an integral part of Firefox. Adblock is as necessary a feature now as bookmarks or sync - so let's not leave it to be a vulnerable addon, but rather integrate it into the core. Most everyone is using the same syntax for their block lists anyways, this should not be all that difficult. And I expect you could get quite a performance boost as well, moving it into native code and bypassing the exposed APIs. (I recall an argument against moving Firefox to Chrome-compatible extensions being that the old way allowed adblock extensions to actually stop ads from downloading, not just from displaying. They moved to WebExtensions anyways, but I don't know if they added an API for blocking downloads. If they didn't, making it native could easily restore that functionality.)
You should go in to detail about just what is in this collection.
Well, last night, I chose to re-read a rather entertaining book about the chemistry of rockets. Ignition!, by Dr. John Clarke - I highly recommend it. It was out of print long enough that PDF scans are everywhere, the top Google result is literally a full download, should you care to check it out. I have a modest selection of other quality nonfiction and reference materials (did you know the US Army published an Esperanto dictionary?), plus a few good novels (mostly Asimov's Foundation and Pratchett's Discworld), some movies, an anime or two, a few comic books (Neil Gaiman's take on Sandman), and a rather large collection of music (because last I checked, Spotify didn't have a meticulously-tagged, obsessively-complete collection of video game OSTs). Not much but combined with my analog media, it should last me through at least a straight month of internet outage. Oh yeah, and I've got a fuckton of porn too.
Didn't even know there was a problem, probably because I'm on a fork with it's own flavors of problems.
I thought I was going to have this issue myself, but you don't need to fuck with the router to get these working. As long as the Pi or whatever tiny machine you're running such a software on is on your network, it'll be usable. Not as good as the router using it, but good enough. Saved my skin in a shared household where I really, really don't want to be intercepting the DNS requests of my housemates. I'll never be able to look at them the same after that I'm sure. It's still quite a tech-follower oriented thing, but the guys behind these setups have got it down to basically a button press now. It's really come a long way. Honestly, never actually thought about that at the time of posting. Reasonable point. I've not personally used things like Stylus to that degree.
I was scrolling through the thread and my addons still weren't fixed so thanks a bunch for this.
no, but adware can which was the whole point, software would sneak in addons and then users would blame Mozilla
Wierd, my Firefox addons worked just fine throughout the day and only just got disabled now.
The real fuck up here is the design which prevents users from overriding this while essentially having the ability to remotely kill all the addons. They've been told, over, and over, this is bad design, this will come back to bite you, this is not the correct way to improve user security, and they ignored every criticism since they did this. Now the thing people were saying was going to happen happened, and now they should lose their job.
Just happened to me. Everything's been running fine all day, and they just all suddenly decided to stop working entirely.
Dang, mine stopped about an hour ago. I thought I'd avoided it. Well, guess I'm not visiting any website that isn't Facepunch or Wikipedia.
Nothing makes you appreciate adblockers more than having to browse the internet for a couple hours without one. I forgot how incredibly annoying and cluttered some sites are with ads. Scroll up to lilguy's post, there's a fix that'll force the update. Mine stopped working earlier today and I couldn't get the update to download, but I managed to force it with that.
if youre still out of luck, an official hotfix is to go to options > privacy/security > allow firefox to install and run studies it can take a bit for the hotfix to actually kick in (u can check about:studies to see if youve got it). it requires you to temporarily allow data to be sent to FF but thats all they have out for now, and seems to have fixed the broken ublock problem for me
Your typical assumption that every user is just like you and operates in the same environment as you do and thus will have the same environmental variables is patently false, particularly in regards to intranetwork security.
There's no uninstall/addon entry for the hotfix if you do it manually. It looks like it'll have to be deleted from your profile\extension folder. As annoying as this is, I like how the function called in the hotfix is "DoTheThing()"
Sounds like the software is doing what it's supposed to, disabling addons with invalid certificates
I heard that Firefox is no longer major browser these days (Chrome is dominating, unfortunatelly), something like 9% of the browser popularity. Then you get thing like this. What happened with Mozilla?
Eh, in the long run this bug is no real big deal, a system accidentally triggered and worked as intended. It was fixed within a day and anyone who's so butthurt about it to switch to shit like Chrome didn't care about their security to begin with. I'll take a bug that accidentally activates a major security feature, which inadvertently proves the feature works, over having to go a day without surfing the internet.
2 days and still unable to use add-ons on my phone actually.
iirc they said there was going to be a different method for the phone version of Firefox. I was able to click on the fix link and install that, and it seemed to work on my phone.
Sorry, you need to Log In to post a reply to this thread.