I'm reminded of the ArchLinux AUR, which deals with a problem kind of like this. AUR managers show a diff of what changed in a package on each update.
Perhaps one could make extension auditing easier by scripting together a Git repository from extracted xpis, and presenting updates as patches to that repository. This is probably only viable for high-security environments - it's not with it in the common case.
Of course, the real fix would come from Firefox itself: it should provide signed extensions and a way to tie them back to Git repositories with source code, which would eliminate the need for the above automation, and allow people to crowdsource extension auditing.
Alternatively: I was thrown off by the new tab behavior in Tree-Style Tabs and didn't want the complexity of a tree of tabs. Vertical Tabs Reloaded[0] gives me the "tabs in a sidebar to the left" without the complexity.
Yeah, when I worked at thousand-person companies it was like this:
CEO -> SVP -> VP -> Eng manager -> IC
Or, alternatively,
CEO -> Director -> Manager of managers -> Manager -> IC
I didn't feel like either needed more middle management (each had about ~2k employees), but in the case of the latter some reorganization would have helped (some managers had 50+ reports).
Compact mode, which Reddit also offers, is an easy way to satisfy both camps. Set the default to whatever your users prefer (determine this with A/B testing) and allow the other choice in Settings.
Totally agree. I did government research for a while and published papers. Don't exclude them - anyone at the intersection of government work and research is likely to have meaningful contributions to this website.
In this contest, you are to intentionally insert a difficult-to-detect bug into otherwise legible code. In the obfuscated C contest, you are writing obfuscated code.
I'm reminded of the ArchLinux AUR, which deals with a problem kind of like this. AUR managers show a diff of what changed in a package on each update.
Perhaps one could make extension auditing easier by scripting together a Git repository from extracted xpis, and presenting updates as patches to that repository. This is probably only viable for high-security environments - it's not with it in the common case.
Of course, the real fix would come from Firefox itself: it should provide signed extensions and a way to tie them back to Git repositories with source code, which would eliminate the need for the above automation, and allow people to crowdsource extension auditing.