undefined | Better HN

0 pointslcall6y ago0 comments

> Not sure when you last checked, but about:config is its own tab.

It was last I checked also, but felt awkward to use, and then you have to know what settings to look for, as opposed to having them in the UI (all can be easily overcome, but it is a little more work i think, maybe not enough to matter for some use cases or if I just forced myself to get used to it).

Is it possible to define ongoing exception lists there? How easy? And how many options to they allow for cookies (always, never, save until exit, ...)?

> Anything this offers over Linux containers / AppArmor / SELinux+permissions on a theoretical level, implementation nonwithstanding?

I don't know fully, but for any of those I definitely have to think more, as the user, and there is (probably?) more room for error due to complexity.

> I don't have any citation on hand (one would be welcome) but AFIAK Firefox typically has had less major 0-days than Chrome in the past, due to Chromium team's "move fast, break things, and don't communicate" policy.

Thanks for pointing that out.

0 comments

soulofmischief6y ago

about:preferences is a tab now, too. Cookie options could be maybe a wee bit more complex, however an addon will make up the difference.

> I don't know fully, but for any of those I definitely have to think more, as the user, and there is (probably?) more room for error due to complexity.

On a properly configured distribution, these things should all just work out of the box.

Honestly, barring the update frequency issues pointed out by another user, the OpenBSD Chromium experience is probably on par with the FF experience on major Linux distros.

lcallOP6y ago

Which Linux distributions configure any browsers (reliably, by default, without me having to know extra stuff) so that it cannot read or write files from any directories the user has access to (allowing, say, only /tmp and ~/Downloads and ~/.cache or the like), and so that if it makes inappropriate system calls (any except those on a whitelist) they fail?

As a longtime (and grateful) Debian user, I remain impressed with OpenBSD's relative lack of privilege escalation bugs in the base system, and "only 2 remote holes in the default install [since about 1996]": we can have different views of course but their constant auditing and general approach to correctness and security over adding features does make me feel better. :) Not trying to start a flamewar though (that would be bad; I fear I might be talking like a fanboy now...).

I appreciate your comment.

soulofmischief6y ago

I certainly don't meant to claim that Linux is more secure than OpenBSD. OpenBSD's security is better in several respects. I'm just trying to keep this about the browsers themselves.

1 more reply

j / k navigate · click thread line to collapse

0 pointslcall6y ago0 comments

> Not sure when you last checked, but about:config is its own tab.

Is it possible to define ongoing exception lists there? How easy? And how many options to they allow for cookies (always, never, save until exit, ...)?

> Anything this offers over Linux containers / AppArmor / SELinux+permissions on a theoretical level, implementation nonwithstanding?

I don't know fully, but for any of those I definitely have to think more, as the user, and there is (probably?) more room for error due to complexity.

Thanks for pointing that out.

0 comments

soulofmischief6y ago

about:preferences is a tab now, too. Cookie options could be maybe a wee bit more complex, however an addon will make up the difference.

> I don't know fully, but for any of those I definitely have to think more, as the user, and there is (probably?) more room for error due to complexity.

On a properly configured distribution, these things should all just work out of the box.

Honestly, barring the update frequency issues pointed out by another user, the OpenBSD Chromium experience is probably on par with the FF experience on major Linux distros.

lcallOP6y ago

I appreciate your comment.

soulofmischief6y ago

I certainly don't meant to claim that Linux is more secure than OpenBSD. OpenBSD's security is better in several respects. I'm just trying to keep this about the browsers themselves.

1 more reply

j / k navigate · click thread line to collapse