Improving Wetware

Because technology is never the issue

Firefox is going to lose a lot of developers (and users)

Posted by Pete McBreen Thu, 26 Nov 2015 03:01:00 GMT

Somehow or other the Firefox community has convinced itself that scanning add-ons for vulnerabilities and malware is a good idea. Luckily Dan Stillman the developer of Zotero called them out on it pointing out that it is just Security Theater.

Firefox has always had lots of really large extensions, but by deciding that they must be signed and reviewed, the Firefox community has just committed itself to a LOT of extra work reviewing the extensions. Hence the dumb idea of scanning to see if there is anything malicious in it. Now that is an arms race that is going to be lost. The guys in the AdBlock game know that, a continual game of whack a mole. Actively developed extensions like Zotero really lose out because a manual review of a large codebase takes a long time, and scanning is insufficient (as the above link describes, it is easy to create an add-on that passes scanning and does nasty things).

Breaking news...programmers are not engineers

Posted by Pete McBreen Sat, 07 Nov 2015 23:59:00 GMT

The Atlantic just realized that programmers are not engineers

Sorry to break it to them, but this has been a topic of conversation long before I wrote the book Software Craftsmanship, which was published nearly 15 years ago.