undefined | Better HN

0 pointsEisenstein3y ago0 comments

> (a) we obviously considered this in the first version of extensions and did not allow permissions "below" the fold

Irrelevant.

> (b) Chrome's extension model dramatically improved on the previous state of the art which was Firefox's "every extension can do everything, extensions can't be uninstalled completely, and there's no review"

Irrelevant.

> (c) the install dialog is just one part in a bigger system which includes the review process.

"Our MFA system is broken and will accept wrong input, but that doesn't matter because you without the correct password you won't get in."

Would that fly?

> I also encourage readers to remember that generally speaking, you all _want_ extensions. When Chrome didn't have them, they were the top feature request in the bug tracker.

What are you trying to say? That because users want it then overlooking security issues is excusable?

> If you don't solve user needs, users solve them themselves with solutions that are even worse (ie native code).

That falls under the realm of 'their fault.' This problem does not.

> Please spare a bit of empathy for the "chain of humans" that have had it.

OK, I feel bad for the poor Google worker with the thankless job and a six figure salary. Now fix it.

0 comments

MichaelZuo3y ago

This is a needlessly combative reply. Your interlocutor is not sitting at the interrogation table.

EisensteinOP3y ago

I admit it is a bit combative, but his response took absolutely zero responsibility and expressed zero concern for what is in my mind a huge and inexcusable security oversight. Countering an acting apologist for a de facto monopolist corporation is also needed, or else we end up with complacency and rot.

kccqzy3y ago

Frankly your tone made yourself sound like an entitled armchair expert, whereas the paragraphs you have labeled as "irrelevant" sound extremely relevant. Why don't you use a few words to explain why you think that paragraph is irrelevant?

Even though he didn't take responsibility I walk away convinced that he's doing a good enough job.

1 more reply

dcow3y ago

Because there’s nothing to be concerned about. Author irresponsibly incited a bunch of FUD. End of story.

1 more reply

tzs3y ago

>> (a) we obviously considered this in the first version of extensions and did not allow permissions "below" the fold

> Irrelevant

No, it is directly relevant. He is responding to someone who said that this problem with the permissions UI goes all the way back to the everyone who was involved from the very beginning.

He is one of those people who were involved at the beginning and is pointing out that they did not have that problem back then.

j / k navigate · click thread line to collapse

0 pointsEisenstein3y ago0 comments

> (a) we obviously considered this in the first version of extensions and did not allow permissions "below" the fold

Irrelevant.

> (c) the install dialog is just one part in a bigger system which includes the review process.

"Our MFA system is broken and will accept wrong input, but that doesn't matter because you without the correct password you won't get in."

Would that fly?

> I also encourage readers to remember that generally speaking, you all _want_ extensions. When Chrome didn't have them, they were the top feature request in the bug tracker.

What are you trying to say? That because users want it then overlooking security issues is excusable?

> If you don't solve user needs, users solve them themselves with solutions that are even worse (ie native code).

That falls under the realm of 'their fault.' This problem does not.

> Please spare a bit of empathy for the "chain of humans" that have had it.

OK, I feel bad for the poor Google worker with the thankless job and a six figure salary. Now fix it.

0 comments

MichaelZuo3y ago

This is a needlessly combative reply. Your interlocutor is not sitting at the interrogation table.

EisensteinOP3y ago

kccqzy3y ago

Even though he didn't take responsibility I walk away convinced that he's doing a good enough job.

1 more reply

dcow3y ago

Because there’s nothing to be concerned about. Author irresponsibly incited a bunch of FUD. End of story.

1 more reply

tzs3y ago

>> (a) we obviously considered this in the first version of extensions and did not allow permissions "below" the fold

> Irrelevant

No, it is directly relevant. He is responding to someone who said that this problem with the permissions UI goes all the way back to the everyone who was involved from the very beginning.

He is one of those people who were involved at the beginning and is pointing out that they did not have that problem back then.

j / k navigate · click thread line to collapse