MozillaZine

AMO WebExtensions.

Discussion of general topics about Mozilla Firefox
Frank Lion

User avatar
 
Posts: 19834
Joined: April 23rd, 2004, 6:59 pm
Location: ... The Exorcist....United Kingdom

Post Posted December 18th, 2017, 2:03 am

I see this AMO WebExtension stuff is going well -

47 of the 60 add-ons on the first two pages are spam add-ons right now, only 13 are legitimate extensions for Firefox.


https://www.ghacks.net/2017/12/13/mozil ... festation/
Metal Lion latest SeaMonkey & Thunderbird Themes - Sea Monkey and Silver Sea Monkey
"The only thing necessary for the triumph of evil, is for good men to do nothing." - Edmund Burke (attrib.)

LIMPET235
Moderator

User avatar
 
Posts: 38155
Joined: October 19th, 2007, 1:53 am
Location: The South Coast of N.S.W. Oz.

Post Posted December 18th, 2017, 3:14 am

Yep.
It's all "clear sailing" from now on.
Image

I like this comment though...
Safeguards are in place that prioritize extensions that are uploaded, but the fact remains that extensions are made
available on AMO for a period of time before they are checked by a human.
Ancient Amateur Astronomer
Win-7-HP/IntelĀ® DualCore-2.0GHz/500G HDD/4 Gig Ram/550Watt PSU/350WattUPS/Firefox-20.0-57.0/T-bird-2.0.0.24/SnagIt-v10.0.1/MWP-7.11.0.
RadioYachting. (Always choose the "Custom" Install.)

Omega X

User avatar
 
Posts: 8043
Joined: October 18th, 2007, 2:38 pm
Location: A Parallel Dimension...

Post Posted December 18th, 2017, 6:38 am

Honestly, I won't totally fault Mozilla for this one. I've seen A LOT of bot spam elsewhere that looks similar to this all throughout comment systems and other public facing review sections where its easy to make an account.
Latest: Firefox/59.0.2 *ESR/52.7.3 - Mobile/59.0.2 - Thunderbird/52.7.0
Nightly: Nightly/60.0a1 - Mobile/60.0a1 - Daily/60.0a1

Brummelchen
 
Posts: 3266
Joined: March 19th, 2005, 10:51 am

Post Posted December 18th, 2017, 8:00 am

a lot of illegal offers/downloads (films/series), online casino/gambling. phishing and hacking crap. modified extensions - same name, but ads in it.
but that is not all - a lot of crappy extensions, just another name for old coffee, copy&pasted code.
this automated review and signing really needs improvement. the illegal film stuff can hunt mozilla down.

Aris

User avatar
 
Posts: 3127
Joined: February 27th, 2011, 10:14 am

Post Posted December 18th, 2017, 8:16 am

A while ago add-on developers got punished by a crappy false positives throwing add-ons validator on add-on upload. They got punished a second time by very long review times sometimes. In worst case a third punishment was declining add-on release to the public, if something was wrong or the reviewer did not understand either the code or what the add-on was for. (This happened twice with my add-ons in the last six years: one reviewer called used ids/classes being too "general", one reviewer refused to give a full review, because the add-on would not target many users -> not logic in that, I know).

I'm glad to see they finally threw all this overboard after a large amount of devs left add-on development for good just to make today's spammers happy.
It seems like there is no more code checking for suspicious stuff inside add-on validator (this shitty tool isn't even able to permit multiple add-on uploads using same add-on name). Apparently add-on reviewers don't check WEs and crappy/broken/faulty/scam add-osn can be released to the public automatically. WOW, just wow.

therube

User avatar
 
Posts: 18479
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted December 18th, 2017, 1:05 pm

But you're all missing the point.
Now when you install an extension, there is a disclaimer, "this addon is allowed to", so "we're covered".
And they're signed - for our protection.
Plus extensions are now far less useful, far less powerful, so there is no way they can be nefarious.

:happy:!
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

the-edmeister

User avatar
 
Posts: 32033
Joined: February 25th, 2003, 12:51 am
Location: Chicago, IL, USA

Post Posted December 18th, 2017, 1:32 pm

Omega X wrote:Honestly, I won't totally fault Mozilla for this one. I've seen A LOT of bot spam elsewhere that looks similar to this all throughout comment systems and other public facing review sections where its easy to make an account.


They are directly at fault! Mozilla Addons crew dropped their guard and allowed this to happen by ending manual screening of new WebExtensions too soon AND then not keeping an eye on that was "coming in the door". Anyone with half a brain would have at least been monitoring an increase in volume in new addon submissions and that wondered enough about the screwy and similar names of so many submissions, and then "slammed the door" until they figured out what was going on.

And what about automated screening? Has that ended, too? A simple tweak to the algorithm for just the check for duplicate extension names should have flagged the vast majority of that crap based upon the excess of punctuation marks, nonsensical words used, and similarity of names. Not that AMO hasn't been down that road before ...
A mind is a terrible thing to waste. Mine has wandered off and I'm out looking for it.

Frank Lion

User avatar
 
Posts: 19834
Joined: April 23rd, 2004, 6:59 pm
Location: ... The Exorcist....United Kingdom

Post Posted December 18th, 2017, 2:46 pm

Omega X wrote:Honestly, I won't totally fault Mozilla for this one. I've seen A LOT of bot spam elsewhere that looks similar to this all throughout comment systems and other public facing review sections where its easy to make an account.

You didn't skim read this stuff, did you?

I mean, you do know this about real live extensions being offered to the public for installation on their systems and not about bot spam on comment/review threads, right?


As for human reviews of extensions or lack of, here's a quiz -

#1. Have you noticed a huge reduction in the number of extensions lately?
#2. Guess what skills you need to analyse code as an AMO reviewer?
#3. Guess what percentage of AMO reviewers are/were also extension/theme developers themselves?
#4. If #1="true" then what happens to the total number of active extension developers and in turn to the total number of active AMO reviewers?

This AMO stuff is a pity, Jorge is OK as are the reviewers (mainly fellow devs anyway) and as a 'golden boy' my stuff always flies through review in hours. But, looking at the situation objectively, yeah, it's one almighty **** up.

As to who's to blame, well that's easy. It's bound to be entirely the fault of that rancid stoat, fligtar. The fact that he claims to no longer work for Mozilla cuts no ice with me, trust me on this, it's all his fault.



See? without any smilies you just don't know, do you?
Metal Lion latest SeaMonkey & Thunderbird Themes - Sea Monkey and Silver Sea Monkey
"The only thing necessary for the triumph of evil, is for good men to do nothing." - Edmund Burke (attrib.)

Omega X

User avatar
 
Posts: 8043
Joined: October 18th, 2007, 2:38 pm
Location: A Parallel Dimension...

Post Posted December 18th, 2017, 4:43 pm

I really don't care. I'm really tired of caring about Mozilla and its constituents. I'm more than happy to let them fall on their face. What I do know is that this type of attack is automated and is attacking more than just AMO.
Latest: Firefox/59.0.2 *ESR/52.7.3 - Mobile/59.0.2 - Thunderbird/52.7.0
Nightly: Nightly/60.0a1 - Mobile/60.0a1 - Daily/60.0a1

Frank Lion

User avatar
 
Posts: 19834
Joined: April 23rd, 2004, 6:59 pm
Location: ... The Exorcist....United Kingdom

Post Posted January 11th, 2018, 7:06 pm

https://blog.mozilla.org/addons/2018/01 ... zilla-org/

Hmm, sounds like AMO are getting a bit short of add-on reviewers. I wonder why that would be?
Metal Lion latest SeaMonkey & Thunderbird Themes - Sea Monkey and Silver Sea Monkey
"The only thing necessary for the triumph of evil, is for good men to do nothing." - Edmund Burke (attrib.)

Return to Firefox General


Who is online

Users browsing this forum: No registered users and 3 guests