firefox is not unix, it is something horrible

I can't wait for LibreWolf to get into ports, if ever..

Other non-Gecko or non-Blink browsers would be nice if uBlock Origin and other simple ways to block modern web garbage were present.
 
astyle said:
umm... ff doesn't care if it uses IPv4 or IPv6 - it can use either, transparently.
Click to expand...
And that is where it gets interesting: which one does it use? (I have 4 and 6 from different providers, with different infrastructure and different routing)

On FreeBSD we do normally steer this behaviour with ip6addrctl(8). There we can control which addresses should be preferred, and also, how the various site-local address ranges should play into this game.
Firefox, however, does not honor this configuration (probably because it is a FreeBSD feature; it appears that linux has something similar, but differently named and structured). Instead, firefox has it's own table, that is hardcoded and compiled into the binary. And that's the thing I wanted to adjust.
 
Hello everybody,

I read the discussion about the various levels of browser "spying".
I have seen that the ublock origin extension is also referred to.
I'm an average Freebsd user but I've been in cybersecurity for over 15 years and I wanted to ask you a question:
For the sake of privacy, why should I rightfully care which sites Firefox contacts and instead blindly trust an extension that can potentially filter anything within a web page using MITM techniques?
Why is his code freely parsable or what else makes you confident?

Thank you all for the interesting ideas.
 
fufukauliza said:
Why is his code freely parsable
Click to expand...
Kind of needs to be (so that the page can be rendered and displayed properly). Thing is, you gotta have a really good handle on browser design in order to exploit design features to your liking. Kind of like automotive tire engineering - a tire kind of has to fit the wheels of the car. And all other tire features are built around that simple idea of proper fit. Same with browser design - some things kind of have to be there, otherwise the whole thing is not working right. And that's the very thing that MITM exploits.
 
astyle said:
Kind of needs to be (so that the page can be rendered and displayed properly). Thing is, you gotta have a really good handle on browser design in order to exploit design features to your liking. Kind of like automotive tire engineering - a tire kind of has to fit the wheels of the car. And all other tire features are built around that simple idea of proper fit. Same with browser design - some things kind of have to be there, otherwise the whole thing is not working right. And that's the very thing that MITM exploits.
Click to expand...

Thanks for your answer but as I see it, extensions with certain features can intercept a lot of data and potentially establish connections to remote servers in the same way as Firefox.
So: why should I be more comfortable using an extension and more worried about using Firefox?
Real privacy maybe you could get by writing an operating system from scratch with its drivers and software while if you want the web pages to be cleaner and more linear ok I agree with you that an extension can help to clean them.

Thanks again.
 
Here is another annoying feature of firefox:

315714 - Running firefox using an X Client opens URLs in the local Firefox on the X Server system

RESOLVED (nobody) in Firefox - Security. Last updated 2005-11-13.
bugzilla.mozilla.org bugzilla.mozilla.org

I experienced it some years ago. I typed "firefox" on an xterm running on the remote machine and
displaying in the local machine, and get an instance of firefox on the local machine running the X server.

But how is this possible? How firefox tricks to do this?
 
kpedersen said:
A second instance of firefox doesn't open. Instead the program contacts the original instance (via dbus, unix socket or something) and tells it to spawn another window in that same instance.
Click to expand...
Kind of like, one tab is open on localhost (and is controlled by local hardware like your USB mouse), but the next tab is open on a remote host, and is pingable? ;)
 
kpedersen said:
Instead the program contacts the original instance (via dbus, unix socket or something)
Click to expand...
Yes, or something! It must happen through the ethernet cable. But how?!

The xterm running remote, but displayed local, communicates through X protocol. But how the firefox called in
the remote machine becomes a tab in the local machine?

Is the firefox browser (client) also a server?

I found this documentation about the feature:

Dissecting Firefox's -no-remote option

A look into Firefox's -no-remote option. What it does, why we use it to start multiple instances of Firefox, and the history of how it came to be.
www.brycevandyk.com
 
Remote computer sends X commands to draw rectangles, text, etc. on local X client. Firefox uses X protocol to draw its GUI and you can redirect the output. Unfortunately this cannot work good (fast enough) if remote server is too remote.
 
6502 said:
Remote computer sends X commands to draw rectangles, text, etc. on local X client. Firefox uses X protocol to draw its GUI and you can redirect the output. Unfortunately this cannot work good (fast enough) if remote server is too remote.
Click to expand...
This is not the behaviour I remember and what is described in the bug report.

And how does the remote firefox detect the local firefox?!

The "feature" is annoying. There is somewhere an exchange of data, probably misusing some channel.
 
I think no matter the faults of Firefox, that for its function while ignoring faults, it's more usable than other browsers, and considering those faults, it gives freedoms to override those faults. These freedoms have to do with Mozilla licenses, which comes from them, and gives the freedom for forks that don't have those faults. A problem with that is that, it takes a lot of initiative for a new product to be made from it.

The Mozilla licenses from the organization of the same name are better than GPL, yet are a little complicated, because of the way MPL2.0 is made compatible with GPL. There may be little or no other way to do that. The core principle of Mozilla licenses are great though. It gives freedoms for software on how it can be used, and what it can be used with. It's somewhere between a BSD license and GPL, and the best part is that it's non-viral, except where the parts make it usable with GPL. MPL1.1 is funny though, because it allows an upgrade to MPL2.0, if the authors choose, and that brings it into the odd GPL sphere.

Because of the freedom of the license made by the developing organization, I don't think it in itself can be evil or horrible at its core, but it can have deep rooted faults. I think the license speaks to the principles for Firefox. Evil contributions can be made, but the core purpose by Mozilla wouldn't seemingly be against the principles of the license of that browser and the steward organization.

Firefox may not be Unix, it's something between Unix, Sun/Oracle (CDDL) and GNU (GPL). I'm not sure what "it is something horrible" implies. I'd like to see an ecosystem between BSD, CDDL, LGPL and GPL that's simplified, even if it makes it incompatible with GPL (and in my mind, that incompatibility won't be by much and it will be the fault of GPL's viralness than the more ideal license, as it would almost be compatible), and even if it's not Unix, but it would be very Unix-like or Posix-like.

Functionally, to protect code in necessary ways and allow freedoms of use, Mozilla licenses work for that. I think there's a better way, even if that way is barely incompatible with the GPL due to if its viralness forces other licenses to be submitted to GPL for them to be compatible with GPL. If that's the only way to make them compatible, it's better to work with existing compatible licenses, such using a better license in conjunction with CDDL code. LGPL is functional in this way too, except until its license says it can be re-licensed into GPL in a one way street (ironically, many permissive licenses fall under that). The Faq says, this re-licensing makes LGPL compatible with GPL, which is the only reason I would make a license compatible with GPL, except for the relicensing part. If you want to relicense to GPL, you already have LGPL and you also have some complex compatibility with Mozilla2.0.
 
hruodr said:
Do you agree?

If you find with google a pdf file, you cannot get the URL, because it downloads the file and presents a local URL to the downloaded file. In particular, you cannot do a bookmark to the original URL.

Copy with mouse key1 in the results of google and trying to paste with key 2 bring troubles.

It is highly configurable, one can configure a lot of stupidities, but it is from time to time unusable.

Well, a lot of strange things, in some way strange for a unix user with simple X11 with twm
Click to expand...

Firefox was initially a really neat application and a good alternative to the non-free junk out there. Unfortunately over time it got bloated, it filled with lots of spyware with the active participation of its developers and it very successfully enslaved its users. I am so sorry for this happening, I really loved it in the beginning.
Now it came to be that the platform is as insecure as any other major browsers, it leaks information in all directions, it calls home withouth you wanting (telemetry) etc. The default installation needs hours of tweaking before it becomes somewhat secure and you never know when they are going to introduce further trojans and backdoors with each new version.
Extensions have been broken for many years now. Furthermore, extensions that were meant to keep your privacy, turned on their users and removed powerful settings as if we are idiots (e.g. NoScript or AdBlock).
One really annoying nag is when you try to load your website per HTTP as developer and the browser always rewrites this to HTTPS.
A really bad design decision by Firefox is to store the Bookmarks in a DB with an obfuscated object model, so that nobody can actually synchronize their bookmarks via textfiles and git merge! But hey, more users for their cloud so why the hell not send all your metadata to Google?

Firefox is a big disappointment, unfortunately most websites are specifically written to run on one of the major browsers and using them without Javascript is impossible. The whole Web is broken. And why? The developers sacrificed our freedom and privacy for the sake of a little bit more responsiveness and slick animations. Shame on us for accepting this.

One of these days I will be mad enough to go ahead and implement a real browser.
 
D-FENS said:
One of these days I will be mad enough to go ahead and implement a real browser.
Click to expand...
Nice, but unfortunately not the solution, unless you want to continuously write a browser able to satisfy the demands
of most websites syncing with chrome and firefox.

The best would be to continuously deplete chrome or firefox from features and making it scriptable (at best with tcl),
so that anyone can configure it with scripting.

With scripting one could for example manage bookmarks a he wants, I like the idea of using sqlite3 for it
(and tcl combines very good with it).

Or perhaps scriptable with javascript?

For that I asked if the rendering engine and javascript was enough.
 
hruodr said:
No, many databases:

Code: 
# ll *sqlite*
-rw-r--r--  1 x  x    950272 Jun 14 11:49 content-prefs.sqlite
-rw-r--r--  1 x  x   2097152 Jun 19 20:24 cookies.sqlite
-rw-r--r--  1 x  x    787040 Jun 19 20:50 cookies.sqlite-wal
-rw-r--r--  1 x  x  45514752 Jun 19 19:56 favicons.sqlite
-rw-r--r--  1 x  x   2065928 Jun 19 20:50 favicons.sqlite-wal
-rw-r--r--  1 x  x    851968 Jun 19 20:00 formhistory.sqlite
-rw-r--r--  1 x  x    229376 Jun 19 20:45 permissions.sqlite
-rw-r--r--  1 x  x  36700160 Jun 19 20:45 places.sqlite
-rw-r--r--  1 x  x   4096000 Jun 19 20:50 places.sqlite-wal
-rw-r--r--  1 x  x     65536 Jun 19 18:52 protections.sqlite
-rw-r--r--  1 x  x    274944 Jun 19 15:29 storage.sqlite
-rw-r--r--  1 x  x  67600384 Jun 19 20:50 webappsstore.sqlite
Click to expand...
So do you prefer a text file, json or xml data file to keep all application data? is it?
I can tell that sqlite database can be properly indexed and application data IO will be faster and also data is not clear text in filesystem.
 
rmomota said:
So do you prefer a text file, json or xml data file to keep all application data? is it?
I can tell that sqlite database can be properly indexed and application data IO will be faster and also data is not clear text in filesystem.
Click to expand...
The overhead of SQLite will likely only start to become worthwhile if you have a *lot* of bookmarks.
The convenience of plain-text will always be an advantage compared to a binary format.

... but for common web browsers, that ship has sailed. They are cesspits of bad ideas so I suppose we should just let them be ;)
 
kpedersen said:
The overhead of SQLite will likely only start to become worthwhile if you have a *lot* of bookmarks.
The convenience of plain-text will always be an advantage compared to a binary format.

... but for common web browsers, that ship has sailed. They are cesspits of bad ideas so I suppose we should just let them be ;)
Click to expand...
but if they have other config settings to keep and decided to use sqlite so i believe they normalized it and bookmarks got included.
 
You must log in or register to reply here.
Back
Top