"In terms of implementation, the most interesting one is “Іron Wаllеt” (the I, a, and e are Cyrillic). Three seconds after install, it fetches the phishing page’s URL from the first record of a NocoDB spreadsheet and opens it [...] The API key had write access, so I wiped the spreadsheet."
I'm laughing so hard at the video, I imagine this is what browsing the web is like for the elderly that barely know how to use a computer. Can someone do this in Chrome?
> I did some research to find why this took so long. 13 years ago, extensions.json used to be extensions.sqlite. Nowadays, extensions.json is serialized and rewritten in full on every write debounced to 20 ms, which works fine for 15 extensions but not 84,194.
This is probably a good example of the opposite. It would be a mistake to design for the fleetingly rare case. If you’re dealing with a handful of extensions, a json file that’s rewritten is fine.
In an ideal world, software with 100 million users would be optimised for energy usage. It all adds up. This does pale in comparison to everything else, though.
This article is wonderful crazy.
The icing on the cake is the discovery of a potential performance bug in one or more of the about: pages, that's definitely worthy of following up.
"I got basically all the extensions with this, making everything I did before this look really stupid."
I geel this on a deep personal level.
"In terms of implementation, the most interesting one is “Іron Wаllеt” (the I, a, and e are Cyrillic). Three seconds after install, it fetches the phishing page’s URL from the first record of a NocoDB spreadsheet and opens it [...] The API key had write access, so I wiped the spreadsheet."
The extension is actually still up: hxxps://addons[.]mozilla[.]org/en-US/firefox/addon/%D1%96ron-w%D0%B0ll%D0%B5t/
I'm laughing so hard at the video, I imagine this is what browsing the web is like for the elderly that barely know how to use a computer. Can someone do this in Chrome?
My favorite part was the metal pipe sound effect. Wish the author investigated which extension does that.
Where is the video, I scanned through and only saw still images.
https://jack.cab/blog/every-firefox-extension#attempts-4-10-...
It's inline. Search the page for (and heed): epilepsy warning
Dang this is so good. Well done.
> It turns out there’s only 84 thousand Firefox extensions.
On addons.mozilla.org, but you can distribute Firefox extensions without posting on addons.mozilla.org. I do.
> I did some research to find why this took so long. 13 years ago, extensions.json used to be extensions.sqlite. Nowadays, extensions.json is serialized and rewritten in full on every write debounced to 20 ms, which works fine for 15 extensions but not 84,194.
Occasionally, databases are useful. ;)
This is probably a good example of the opposite. It would be a mistake to design for the fleetingly rare case. If you’re dealing with a handful of extensions, a json file that’s rewritten is fine.
In an ideal world, software with 100 million users would be optimised for energy usage. It all adds up. This does pale in comparison to everything else, though.