
Firefox Sync is now 100% Python - twapi
http://tarekziade.wordpress.com/2011/07/12/firefox-sync-python/
======
beaumartinez
Interesting remark from the author in a reply to one of the comments: "Most
server-side Mozilla projects are moving to a Python-based eco-system."[1]

[1] [http://tarekziade.wordpress.com/2011/07/12/firefox-sync-
pyth...](http://tarekziade.wordpress.com/2011/07/12/firefox-sync-
python/#comment-11602)

~~~
gkoberger
'Tis true! <https://github.com/mozilla>

------
unshift
total aside but i went to set up Firefox sync for someone the other day and
ended up ditching it all together.

in addition to a username/password for a sync account, you need to use an
(unretrievable) sync key to add a browser. i understand the desire for
security and privacy, but this is just horrible usability. i can get it all
working obviously but there's no way this person (who is 80 years old) is
going to be able to enter a key to set up the remote machines.

chrome's sync is much better. just use your gmail/google account credentials,
and you're all set.

~~~
sid0
And have fun telling Google all about where you get your porn. Chrome's sync
is not a reasonable option for anyone who cares about his privacy enough
(which should be everybody on Hacker News).

 _you need to use an (unretrievable) sync key to add a browser_

No you don't. You need a 12-character weak secret that shows up on one of the
computers.

~~~
Pewpewarrows
You seem to be horribly mis-informed about Chrome's sync features. The data
being synced is completely encrypted end-to-end, and you can provide a
personal passphrase aside from your Google credentials as an added level of
security if you'd like.

~~~
sid0
_The data being synced is completely encrypted end-to-end, and you can provide
a personal passphrase aside from your Google credentials as an added level of
security if you'd like._

I'm having trouble parsing this comment -- part of any "end-to-end" encryption
would be an additional passphrase not known or accessible to Google in any
form. Obviously Google knows about your Google credentials, so merely the
credentials are not sufficient to get "end-to-end" encryption.

Also last I checked the personal passphrase only encrypted passwords. I
haven't used Chrome in a long while, so has that been extended to all your
data yet?

~~~
Pewpewarrows
If you think Google has access to your raw, plaintext credentials logged
somewhere on their servers, I have a Nigerian banker to forward your way who'd
love to give you a million dollars if you help him up-front with a little
cash.

~~~
scrod
Nope, you're wrong. Google will _always_ be in a situation where they can read
your password. Otherwise authentication to the rest of their services would be
impossible.

~~~
nknight
I seriously doubt Google is dumb enough to store user passwords in plaintext.
There is absolutely no reason to. Passwords get stored as non-reversible
hashes.

~~~
scrod
>I seriously doubt Google is dumb enough to store user passwords in
plaintext...

And who said they'd need to _store_ anything? The only need access to them
_once_ in order to defeat any kind of local encryption scheme based on your
Google account password.

------
wizzard
They can write it in VB for all I care as long as they make it stop completely
screwing up and deleting my bookmarks.

------
tete
Ugh, Python?! It's so bad...

Just joking, I'm not a troll. ;)

I just wonder where they go with Sync. Closely watching the Mozilla community
I know there are (still? Has been a while) big plans, but think Firefox Sync
really needs a broader audience, both users and developers. I also have the
feeling this could somehow be connected with HTML5/HTTP(P2P) to create
something really great. Just have to figure out what it is.

------
ArtemZ
R.I.P

