Its not the same thing, and I'd hope you would have the sense to realize that.

Blacklisting an addon requires an action on the part of Mozilla. But now with the way the signing requirement appears to be implemented, the use of new or unusual addons can be stopped by simple neglect on Mozilla's part... LACK OF AN ACTION will now block addons!

And even that would be OK with me if you gave the user some way to click some extra buttons or context menus to make an exception as is done in Windows and OS X.

But no..... lets be inspired by iPhones and iPads.

I'm in favor of signing as a way to protect against MITM attacks when installing or updating addons. And I think Mozilla curating its own AMO site is a good thing. These two practices, implemented together flexibly, would be a boon a Firefox users if Mozilla had the sense to arrive that decision.

However, the way you're implementing this is cutting across PC culture by giving the user no recourse. That is a big mistake. Whether you intend it or not, a de-facto walled garden is still a walled garden.

Neither Windows nor OS X completely tie the users' hands when encountering un-signed programs, and there are good reasons for this.

...that makes neat features accessible to both developers and users.

And by "solid platform", I mean something that demonstrates a consistent philosophy and design from the UI and APIs down through the kernel and the hardware.

There should also be a specification (like Multi-Media PC was for Microsoft in the 90s) of what a minimum hardware configuration should look like for a given platform (mobile, desktop, etc) to support most of the apps users will find enticing.

If you build a consistent, feature-stable platform with neat features the app developers will come. Maybe not in droves, but you will start seeing some very interesting new ideas and apps written by the sort of people who do NOT like to tinker with kernel options in grub.cfg or have to dig through /etc with a text editor to get things working.

Tim Berners Lee wrote the first web browser on the NeXT platform which had a tiny user base. Now Ubuntu is trying to compete with iOS, which is the progeny of NeXT.

The hypocrisy from the ad industry is so thick you could cut it with a knife.

Qubes handles video playback just fine even at FHD (although within a frame, to show security context).

The MS Office website says Excel requires DirectX "for acceleration". IOW, it runs without acceleration if DirectX hardware is not available. Its not something I really notice, given that Excel mainly deals with text on a grid.

If you really need 3D, Qubes can handle it as long as you supply an additional GPU that behaves well with an IOMMU, such as an Nvidia Quadro. Otherwise, you have to wait for ITL to incorporate GPU virtualization into the Qubes codebase... but virtual GPU tech has only been demonstrated by GPU vendors very recently.

Granted, 3D is an important feature in PCs today, but the inability to /safely/ incorporate it thus far highlights the kind of negligence that has held sway in the computer industry.

Most hypervisors are designed for the convenience of users and sysadmins to either run another OS, or better manage server resources... Securing desktop PC features is secondary at best with them.

Its designed to run Windows 7 as a guest OS.

Its not FUD when a malware (or bug) with normal privs can open an avenue for physical attack.

If a website/MITM tricks your browser into putting up a tiny context menu, it can allow someone to walk up to your computer later and start messing with it.

Qubes graphics virtualization appears to prevent this attack, since there is no way a VM client can use specific X features (it can only report bitmap deltas to dom0) and it can't force a full-screen window (the user even has to jump through hoops to make that possible).

As entropy in the universe increases, so does the amount of space.

They're avoiding Vpro specifically because of security concerns.

They are looking into it... https://groups.google.com/d/ms...

The Qubes OS community is interested in this laptop, but without a TPM chip Qubes' AEM firmware guarding feature won't work on the Librem. So they are looking at accommodating us in another way by employing some kind of user-generated cert to protect the system firmware.

Purism did, however, switch their CPU to an i7-770HQ (along with HM87 chipset) specifically to satisfy Qubes' requirement for I/O virtualization. Pending proper support in Coreboot, Qubes should run and provide great protection from remote exploits on the Librem.

Given the track record of Fedora, the update will hit the mirrors in about 2 days.