Mozilla plans to debut a "lockdown" feature in Firefox 3.6 to force third party application developers to toe the line by preventing them from adding their own code into the browser's components directory. "Firefox is built around the idea of extensibility - it’s part of our soul," proclaimed Mozilla's Jonathan Nightingale in a …
No more .NET nonsense plugins installed without warning!
And before any .NET developers start whining about this, if you're writing code that relies on a .NET client-side plugin installed on your visitors computers you're doing the internet wrong.
Didn't they forget to add...
..."so screw you, Microsoft" to that? Rightly so, too.
I don't see how Firefox can stop such behaviour.
Surely any add-ons will be registered in a config file or the registry and being open source it will be easy enough to see how that's done and do the same using a program which isn't Firefox. Largely a cut-and-paste of the Firefox provided code I'd expect.
Mine's the one with the notepad with the outline for a "Firefox introduces DRM to lock-out devious developers" article.
NOT related to the .NET Add-on mess.
Remember it could be blacklisted _because_ it was an Add-on. A badly designed; crap; installed without you knowing it; security hole care of MS kind of Add-on but an Add-on nonetheless.
This is related to apps that don't even let Mozilla blacklist them.
This wouldn't affect the .Net extension, that was 'installed' by setting a registry key.
You may be right in an absolute sense but they could easily make it far more of a pain in the arse than it is now by introducing hash signatures / signed files.
had it coming
Take THAT Microsoft.
I wonder if over-riding the "lock-down" will constitute an offence under the DMCA? In which case I'd love to see Microsoft in court the next time they do a stealth-install of their crap.
But as Jason comments, don't see how it will stop the real black-hats. But I guess the main purpose is to stop those companies who only act like black hats when it suits them.
"Surely any add-ons will be registered in a config file or the registry and being open source it will be easy enough to see how that's done and do the same using a program which isn't Firefox."
Well, that's the point I think, certain people *cough*Microsoft*cough* were NOT registering in a config file, just dropping junk into the directory, so the component would execute but would not be listed for updates, compatibility checking, or uninstallation.
I assume firefox really can't control what goes into this directory (it really can't prevent anything for instance when it's not even running) but will no longer run anything that's just haphazardly dropped in there.
Frankly, any app that has code along the lines of "unconditionally execute any modules in $directory" is an accident waiting to happen.