dblohm7's recent activity

  1. Comment on Kanye West says he’s done with Trump—opens up about White House bid, damaging Biden and everything in between in ~news

    dblohm7
    Link
    Kanye seems to me like a kamikaze candidate. Trump doesn't need to go after Joe if Kanye does it instead!

    Kanye seems to me like a kamikaze candidate. Trump doesn't need to go after Joe if Kanye does it instead!

    6 votes
  2. Comment on Terrible, dangerous EARN IT act set to move forward in the senate; attack on both encryption and free speech online in ~tech

  3. Comment on Exploiting Bitdefender Antivirus: RCE from any website in ~comp

    dblohm7
    Link
    AntiVirus software is a dumpster fire. You wouldn't believe the kind of stunts that AV software pulls with web browsers. Most of it does the exact same kind of shit that malware does, only AV...

    AntiVirus software is a dumpster fire. You wouldn't believe the kind of stunts that AV software pulls with web browsers. Most of it does the exact same kind of shit that malware does, only AV claims to do it for benevolent reasons instead of malevolent ones.

    I encourage Windows users to just run Defender and stay the hell away from the third-party stuff.

    3 votes
  4. Comment on Incognito mode detection still works in Chrome despite promise to fix in ~tech

    dblohm7
    Link Parent
    Hard to say about the speed thing. We already had to artificially constrain the resolution of performance timers as a Spectre mitigation, so it’s hard to say how useful that would be as an attempt...

    Hard to say about the speed thing. We already had to artificially constrain the resolution of performance timers as a Spectre mitigation, so it’s hard to say how useful that would be as an attempt to distinguish between memory and disk.

    1 vote
  5. Comment on Incognito mode detection still works in Chrome despite promise to fix in ~tech

    dblohm7
    Link Parent
    I dunno, would Google be willing to do that to sites that also happen to spend big dough on ads?

    I dunno, would Google be willing to do that to sites that also happen to spend big dough on ads?

    1 vote
  6. Comment on A Facebook software engineer publicly resigned in protest over the social network's 'propagation of weaponized hatred' in ~tech

    dblohm7
    Link
    That's awesome, but I can't see this moving the needle unless we start to get either (a) resignations from really critical employees; or (b) large enough numbers of people resigning to make a...

    That's awesome, but I can't see this moving the needle unless we start to get either (a) resignations from really critical employees; or (b) large enough numbers of people resigning to make a difference.

    3 votes
  7. Comment on Incognito mode detection still works in Chrome despite promise to fix in ~tech

    dblohm7
    Link Parent
    I can't speak for Chromium, but we're dealing with the same thing in Gecko. I am not following the discussions about this super closely, but from what I've gathered just from observing discussions...

    I can't speak for Chromium, but we're dealing with the same thing in Gecko. I am not following the discussions about this super closely, but from what I've gathered just from observing discussions involving the developers who are in the know, it's a bit of a conundrum.

    Fundamentally the browser has to offer a semblance of the full DOM API in private/incognito contexts. In some cases, these APIs can just be no-ops. Things start to get thorny when you start involving APIs that preserve state or store data. If a site is feature testing for incognito and tries to store some data, you probably can't just send that data to /dev/null, as their feature test will likely then try to retrieve that same data to ensure that it worked. OTOH, you probably don't want that data to make it to disk in any way. Do you store that data in-memory? What if the site attempts to store a lot of data? How much should we care whether or not that data can be swapped to disk?

    Unfortunately the implementation of many of these DOM APIs likely did not foresee the necessity of needing to handle cases like this, so they need to go back and add special code paths for the private browsing case.

    8 votes
  8. Comment on Min: a minimalist web browser in ~comp

    dblohm7
    Link Parent
    That's great! Last weekend I witnessed a big fanboy fight on r/Firefox that had no upside. It's important to try to remain objective in these kinds of debates and try to acknowledge where the...

    That's great!

    Last weekend I witnessed a big fanboy fight on r/Firefox that had no upside. It's important to try to remain objective in these kinds of debates and try to acknowledge where the other side has merits.

    3 votes
  9. Comment on Why not add an option for that? in ~comp

    dblohm7
    Link Parent
    I am lucky that we can use Mercurial at work, because while I use Git when I need to, hg's command line experience is far superior, IMHO.

    I am lucky that we can use Mercurial at work, because while I use Git when I need to, hg's command line experience is far superior, IMHO.

    3 votes
  10. Comment on Why not add an option for that? in ~comp

    dblohm7
    Link Parent
    I am happy to hear that! :-) In the land of Firefox development, we have a cohort of very vocal users who complain very aggressively every time something is removed, arguing that we should just...

    It informed one of the areas of software development that I've never considered before, as far as reasoning through it.

    I am happy to hear that! :-)

    In the land of Firefox development, we have a cohort of very vocal users who complain very aggressively every time something is removed, arguing that we should just leave it in as an about:config option. Hopefully readers of this piece will have a better understanding of why it is just not feasible to do that every time.

    5 votes
  11. Comment on Min: a minimalist web browser in ~comp

    dblohm7
    Link Parent
    We did that for other reasons; having a permissions model was just a nice bonus. This is true. How it gets interpreted depends on who you talk to. At one extreme you have the security hardening...

    Their extensions API was much stricter than XUL, and that seemed to be the right call as Mozilla eventually copied their API.

    We did that for other reasons; having a permissions model was just a nice bonus.

    From what I've seen Chromium has a much more thorough sandboxing approach than Firefox, mostly as a benefit of being a younger browser.

    This is true. How it gets interpreted depends on who you talk to. At one extreme you have the security hardening maximalists (for the lack of a better term) who deem anything that has less hardening as "insecure." On the other, you have the Pale Moon crowd who for some reason refuse to believe that defense-in-depth offers any value. As with most things, the "right" or "best" way depends on multiple factors and usually is a point on a shade of gray somewhere in the middle.

    Google also has Project Zero on their side, which is one of the leading security research teams on the planet right now.

    Sure, but P0 does not focus exclusively on Google products.

    9 votes
  12. Comment on Analyzing the simplest C++ program in ~comp

    dblohm7
    Link
    Examining and manipulating the AST is really powerful. When you have compilers that expose this stuff to plug-ins, you can build some really cool tooling.

    Examining and manipulating the AST is really powerful. When you have compilers that expose this stuff to plug-ins, you can build some really cool tooling.

    3 votes
  13. Comment on Min: a minimalist web browser in ~comp

    dblohm7
    Link Parent
    You still have to be very careful when using electron to load untrusted content. There have been many security bugs in electron-based apps. Think of it like this: Even if you use somebody else's...

    You still have to be very careful when using electron to load untrusted content. There have been many security bugs in electron-based apps.

    Think of it like this: Even if you use somebody else's crypto library, you still need to use the tool correctly. (For example, Zoom encryption was using AES in ECB mode, which is a huge no-no).

    Using Electron means that they haven't rolled their own engine, but how they use it can still leave them vulnerable to security bugs.

    7 votes
  14. Comment on Celebrating 10 years of WebM and WebRTC in ~tech

    dblohm7
    Link
    I'm actually pretty disappointed with how WebRTC turned out. When Chrome and Firefox first got this working, they celebrated by connecting with one another over WebRTC. Both teams simultaneously...

    I'm actually pretty disappointed with how WebRTC turned out.

    When Chrome and Firefox first got this working, they celebrated by connecting with one another over WebRTC. Both teams simultaneously published blog posts containing the announcement.

    Years later we're in a state where Chromium went and added a bunch of stuff to WebRTC. Now many of the sites that use WebRTC follow what Chromium does and we've lost a lot of that original interoperability.

    7 votes
  15. Comment on What's the last piece of technology that truly impressed you? in ~tech

    dblohm7
    Link
    These are not consumer tech (they are either for software developers or from the realm of Computer Science research) but I have been very impressed by them: Ur/Web: a functional language for...

    These are not consumer tech (they are either for software developers or from the realm of Computer Science research) but I have been very impressed by them:

    • Ur/Web: a functional language for building web apps. See also this article from Communications of the ACM;
    • Intercooler.js: a simple framework for adding small AJAX enhancements to web pages;
    • Halide: a programming language specifically for codecs. See also this article from Communications of the ACM. I really want to see somebody implement AV1 using this!
    2 votes
  16. Comment on Have you tried degoogling your Android? in ~tech

    dblohm7
    (edited )
    Link Parent
    I have been meaning to reply to this, but I've been stressed out lately because of COVID-19 and other reasons, but anyway... I'll have to ask around about this, but my understanding is that this...

    I have been meaning to reply to this, but I've been stressed out lately because of COVID-19 and other reasons, but anyway...

    Usage of legacy storage: sharing files via URI has been obsolete since Android 4 and soft banned since Android 7. The rest of the Android app ecosystem cannot move on until apps like Firefox and Amaze use the proper storage scope. Firefox specifically disables the Android 7+ sanity check and forces other apps to request the legacy storage permissions to maintain compatibility (or else those other apps will face 1 star reviews simply for not working with the shared files from legacy storage).

    I'll have to ask around about this, but my understanding is that this is something that our front-end team can fix.

    Gecko doesn't have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one.

    That's kind of FUD-ish in my personal opinion. Nothing is stopping anybody from writing a WebView wrapper for GeckoView and shipping it as part of their ROM. Obviously Google isn't going to do that, but there is not a technical reason why not. And FWIW, you could make that argument with many apps, not just ones that include web engines.

    Worst of all, Firefox runs as a single process on mobile and has no sandbox beyond the OS sandbox. This is despite the fact that Chromium semantic sandbox layer on Android is implemented via the OS isolatedProcess feature, which is a very easy to use boolean property for app service processes to provide strong isolation with only the ability to communicate with the app running them via the standard service API.

    Fenix (aka Firefox Preview) now runs with one parent process and one content process. I personally am working on increasing that to full multiprocess. I do not disagree with Daniel Micay with respect to his concerns about hardening. As I mentioned in my previous comment, it is literally my job to get isolatedProcess turned on, tighten sandboxing rules and such. But let me point out that these kinds of comments make it sound that we are negligent in the sense that we "just" have to flip a boolean flag to fix this. As somebody who is actually in the trenches, I can tell you that it is much harder to activate these settings in practice.

    Remember that Gecko was originally written as a single-process engine, so there is so much code that just expects to have full access to OS interfaces. The hard part is taking that code and splitting it into the parts that can run in a sandbox, the parts that cannot, and then setting up the IPC so that those parts may safely communicate with one another. We need to get all of those pieces out of content before we can flip the switch.

    Even in the desktop version, Firefox's sandbox is still substantially weaker (especially on Linux, where it can hardly be considered a sandbox at all)

    Again, teams are constantly working on it, for the same reasons as I described above.

    and lacks support for isolating sites from each other rather than only containing content as a whole.

    That work is ongoing by a different and is also coming. [As an aside, keep in mind that Google had been working on site isolation for years; the emergence of Spectre was convenient timing for them to turn it on, but don't be misled that they built that in a week.]

    I would also point out that sandboxing is defense-in-depth, and as important as it is (and please don't misterpret this comment as me suggesting otherwise), web engines also have their own internal security features that work to stop intrusions. Gecko is unique in that it contains an object-capability system [1] [2] [3] [Sorry, those first two links used to be publicly accessible, I'm not sure if they still are or not due to changes in our AV playback system] and has many components written in JavaScript and Rust, making those bits memory-safe. As important as sandboxing is, I don't think it's quite fair to suggest that the engine is completely naked without it, either.

    Edit: Fixed layout

    3 votes
  17. Comment on Firefox Private Relay - Generate unique, random, anonymous email addresses in ~tech

    dblohm7
    Link
    (Calling myself out as a Mozilla employee) I'm super excited that we're doing this! I've been wanting to sign up for such a service for a long time. Knowing that it's Mozilla doing it, I trust...

    (Calling myself out as a Mozilla employee)

    I'm super excited that we're doing this! I've been wanting to sign up for such a service for a long time. Knowing that it's Mozilla doing it, I trust that it's going to be done the Right Way™

    7 votes
  18. Comment on Debugging Folklore in ~comp

    dblohm7
    Link Parent
    There are a few interesting ones over on Reddit too (shameless plug: mine is one of them).

    There are a few interesting ones over on Reddit too (shameless plug: mine is one of them).

    5 votes
  19. Comment on Have you tried degoogling your Android? in ~tech

    dblohm7
    Link Parent
    I agree with you on the state of our sandboxing. It’s literally my job to fix that. Unfortunately the rest of those points read to me more like a bunch of FUD.

    Firefox is too niche and badly implemented on Android (hacky fixes, pathetic sandboxing, lack of security etc)

    I agree with you on the state of our sandboxing. It’s literally my job to fix that.

    Unfortunately the rest of those points read to me more like a bunch of FUD.

    1 vote