11 Matching Annotations
  1. May 2020
    1. This task disables two-factor authentication (2FA) for all users that have it enabled. This can be useful if GitLab’s config/secrets.yml file has been lost and users are unable to log in, for example.
    1. It would be best to offer an official way to allow installing local, unsigned extensions, and make the option configurable only by root, while also showing appropiate warnings about the potential risks of installing unsigned extensions.
    2. I know, you don't trust Mozilla but do you also not trust the developer? I absolutely do! That is the whole point of this discussion. Mozilla doesn't trust S3.Translator or jeremiahlee but I do. They blocked page-translator for pedantic reasons. Which is why I want the option to override their decision to specifically install few extensions that I'm okay with.
    3. As I see it, we've got 3 solutions in front of us currently to have in-line translation:
    4. I appreciate the vigilance, but it would be even better to actually publish a technical reasoning for why do you folks believe Firefox is above the device owner, and the root user, and why there should be no possibility through any means and configuration protections to enable users to run their own code in the release version of Firefox.
    5. It should be possible to implement the functionality of page-translator via a more popular extension that is designed to inject arbitrary data into websites, including remote code, e.g. https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/ .
    6. I appreciate the vigilance, but it would be even better to actually publish a technical reasoning for why do you folks believe Firefox is above the device owner, and the root user, and why there should be no possibility through any means and configuration protections to enable users to run their own code in the release version of Firefox.
    7. We must consider introducing sensible default options in Firefox, while also educating users and allowing them to override certain features, instead of placing marginal security benefits above user liberties and free choice.
    1. To load one temporarily go to about:debugging, "This Firefox" and click "Load temporary add-on from file". More permanently: many (most?) Linux distributions allow unsigned extensions to be placed in /usr/lib/firefox/browser/extensions/ and they will automatically be loaded, provided they have valid names (e.g. dodgy@unsignedextension.com.xpi).
  2. Mar 2020