Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Are you not using TweetDeck because you don't know about it, or because you don't like it? Because it hasn't changed appreciably in years and has for a long time been the only way you could control feeds with respect to whether you want to see retweets and a bunch of other nonsense that keeps timelines unreadable.

Adbot
ADBOT LOVES YOU

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Ola posted:

That's the one, I hated it. Not a major point, but it's not 3rd party, Twitter bought it ages ago. At least you can lose the noisy side menus and just look at your regular feed, but it's even narrower there: https://tweetdeck.twitter.com/

If there's some way of widening that beyond its maximum width in settings, it could be a replacement for the main view. I guess I'd want my PMs to have the same screen real estate as the main feed if I used it equally as much, but I don't so I don't. Same with notifications or following a particular search query or hashtag. It's an example of what I mentioned earlier, some weird GUI idea that someone fanatical enough to write their own client cares about.
Tweetdeck Costumer is a nice little userscript that I think maybe fixes your issue?

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Lakitu7 posted:

Tweetdeck doesn't have ads, just all on its own. I think it's worth it just for that even if you otherwise hate the interface.

The Better Tweetdeck extension can also customize the Tweetdeck width and add buttons to clear or roll-up each column right from the main screen.

Twitter restricted the API for third-party mobile clients from being able to do notifications, but one way third party clients get around this on Android (maybe IOS too?) is to have you also install the official client and turn its notifications on, and then they intercept those notifications and replace them with theirs instead. It sounds janky but it's completely seamless, so I wouldn't let the API changes stop you from considering third party clients.
Holy loving misuse of permissions, that add-on has all kinds of problems. No loving way I'm installing that.

Anyone who'sfigured out a way around the API limits that Twitter enforces are unlikely to share them because then they're gonna get closed.

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Im_Special posted:

Same question really, with this new API we have to use, what are the privacy implications of all this now? Is Google able to better track us now, I'm not a fan of making things easier for Google.
Anything Alphabet does is in the name of tracking people, as that's how they make the vast majority of their revenue.
Why do you think they invented QUIC rather than using SCTP(over UDP, optionally) when the reference implementation for that has existed in FreeBSD since version 7?

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Doesn't TorBrowser do everything that people are using Iridium and such for?

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Is there anything wrong with Thunderbird or SeaMonkey, out of curiosity?

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



rujasu posted:

I still see some activity:

https://blog.seamonkey-project.org/

I've never used it though. Can't imagine there's much interest in the 2019 version of Netscape Navigator.
The FreeBSD package was deleted just this July with a rather sensible though depressing reason.

EDIT: Found the issue being tracked by their BugZilla. It's not looking much better, either..

BlankSystemDaemon fucked around with this message at 22:05 on Aug 24, 2019

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Similar to how FreeBSD (and the other BSDs) is the OS of Theseus, SeaMonkey is the Browser of Theseus.
SeaMonkey (and Firefox, of course) has a direct lineage going back through Netscape Navigator and NCSA Mosaic to libwww, which is the first dynamic library written by Tim Berners Lee to build browsers upon.

Like the Ship of Theseus, not a single individual part that's in the code today can be traced back to the original versions of either FreeBSD or Firefox if you were to examine their sources as they are now (though with comments it's sometimes easier).
The only way to prove this is to do what I and other nerds have done, ie. manually go source code spelunking through version control systems (if they're available; if not you have to do a lot more footwork to compare source code).

BlankSystemDaemon fucked around with this message at 22:48 on Aug 24, 2019

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



I've said it before, but I'll say it again - the only fix for Twitter is Tweetdeck and hoping they'll keep not remembering that they own it.

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Klyith posted:

as in they are evil and steal your accounts: they are US-based and would go to prison
If you pay attention you'll note that in the US, companies which leak personal information that the state can benefit from don't get any form of punishment and barely get a slap on the wrist in the form of a class-action lawsuit that they can then get out of by making it extremely hard to claim (see: Equifax).
Also known as surveillance capitalism.

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Klyith posted:

Yeah, so the thing about the cloud-based password managers is that they can't leak your passwords, because the vault is encrypted with your master password. If you forget your password and ask them to reset it they can't do it (bitwarden as an example, but 1password keepass and lastpass are the same).

Security problems still exist, but they have been things like a flaw where the browser plugin could potentially be spoofed by an attack website to leak keys, or their sync could get intercepted by a highly complex and targeted MITM attack, or other mildly esoteric stuff. Not "oops we leaked our database and now all your passwords are known". That can't happen because they don't have your passwords, only an encrypted blob of data that is impossible* to recover.

*if you are using a high-strength passkey. and the NSA isn't using quantum computers or some poo poo.


LastPass is always an avoid rating by info-security goons, because lastpass had a meh response to security flaws in the past. (A well-known pro security researcher told them their browser plugin had a bug and they were like "nuh-uh".)

1password / keepass get gold stars. Apple keychain is good if you're apple all the time. Bitwarden doesn't have a long track record so it's hard to say how good they are, but they've done an independent audit which is nice.
With dtrace on FreeBSD with Xen (used by one of the major providers) or bhyve as a hypervisor for guest OS, it's not exactly difficult to find the passwords in memory once the database been unlocked at least once.
While Linux doesn't have dtrace in mainline, KVM (used by Google and Amazon) can presumably be traced with eBPF (which is the Linux equivalent of dtrace, and is based on Berkeley Packet Filters which came from BSD) so I don't see how that's any different.
Windows just recently added dtrace, and Hyper-V is used for Azure.
That covers just about every hypervisor.

The point of all of this isn't to scare anyone away from using the (well, this shouldn't be the only reason - there are plenty more reasons for that than just this), but to make it clear that they're not in any way magic.

Also, minor detail - but do you mean that Bitwarden had an independent audit done, or do you mean they did the audit? Because the latter isn't independent, and the sentence doesn't lead me to believe it's the former.

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Klyith posted:

I was replying to a guy worried about a cloud password manager doing the same thing as equifax and having everyone's passwords dumped, which can't happen. I made no claims about immunity to your pc being locally compromised, because they aren't. That's not a security flaw in your password manager, that's a security flaw in your entire universe.

(Though in fact some of them try their best to protect against that by not keeping the full plaintext password database in memory and only decrypting passwords as needed. But that's a race where the attacker has the inside track.)

third party
[snip]
So do they have a password store implemented in javascript when people are using just the browser to get their passwords? Otherwise, it seems like they'd have to decrypt it server-side. Although I wouldn't put it past them to do it in javascript, as it's the only way to not do it server-side and not require people to use a local app.

For the record, I use KeePass - I was exclusively talking about the ones using
KeePass with OTP and keyfiles is real nice, although I wish it could integrate into FreeBSDs PAM, so I could tie it to a local account like the Windows client can do.

And it's good to hear that it's independently audited, because anything else makes it sounds like OpenBSD developers.

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Megillah Gorilla posted:

Firefox: now breaking your poo poo, monthly.
Yeah, that's pretty much spot on. I'm likely to be moving to ESR if this is as bad as it seems.

Thank gently caress I got the hardware to do a proper build server, because building firefox + rust + spidermonkey takes loving ages even on 16 threads and 96GB memory - even with (hw.ncpu*2)-1 threads plus build objects and everything else in memory (thanks to poudriere and tmpfs on FreeBSD which can easily handle double the number of threads for multithreaded building).

BlankSystemDaemon fucked around with this message at 18:59 on Sep 17, 2019

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



The master passphrase should be for the generated keyfile which unlocks the password database, not the passphrase for the database itself.
An OPT USB dongle to read passwords out of the database on top of that would be even better.

That way, you type your master password to unlock and whenever you need a login for a website you just insert your dongle.

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Harik posted:

Mozilla can get hosed pushing their own built-in password manager after they locked everyone else out of the APIs to tie into the browser password store. That's the reason password managers are so janky now, they're all trying increasingly desperate workarounds as the browsers keep locking down more and more of the extensions API.

It's the direct cause of lastpass getting owned repeatedly, for example.
I think you might be mixing up a few things here: XUL got deprecated which took a lot of extensions with it in favour of the WebExtensions API - but there has since been at least one add-on made for KeePassXC for example, and Mozilla are in the process of extending WebExtensions to provide the same functionality as XUL did while still retaining the sandboxing, as well as speeding up things which I'm pretty sure couldn't be done with the old methods.
They're even letting developers program add-ons in WebAseembly for maximum fasts per hour.

BlankSystemDaemon fucked around with this message at 21:30 on Sep 18, 2019

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Holy poo poo piss, yes!

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



In hindsight, I do wonder how things would've turned out had Mozilla further refined everything to the point that it's reached today (where it can supply most of the functionality that XUL offered), instead of forcing developers and users to switch before it was fully mature (but "good enough" for browsing and basic add-ons).
Not that it makes any lick of difference, but FreeBSD still and Firefox previously has gotten me used to expecting POLA - so it was kind of a rough awakening, even if I stuck it out (long ago I decided never to use Chromium, partly because they rejected Robert Watsons capabilities sandboxing patches for it, and partly because back then Flash was still around and Chromium couldn't block ads in Flash whereas Firefox could).

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



isndl posted:

Firefox would have been bleeding market share as people continued to complain about how slow and bloated it was, probably. The addonpocalpse sucked but the performance improvements were a big deal.
True.
Performance improvements aren't done, either. Next major version of SpiderMonkey should have big improvements to the JavaScript engine (supposedly making it faster than V8 in Chromium?)

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Klyith posted:

The big sin wasn't moving to webextensions before they had all the extra API additions to cover old functionality. It was forcing addon authors to re-write XUL extensions for multiprocess compatibility, then saying they were gonna abandon XUL a few months later.

Trying to keep XUL limping along as changing architecture underneath it made it worse and worse was a negative. If they'd planned their roadmap better they would have moved to webextensions sooner.
Ah, you're spot on - I'd forgotten about that particular part.

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



I just remembered that I really miss the addon-bar that used to be in Firefox, which would default to being at the bottom of Firefox's UI - so the awesome-bar takes up the entire area next to the burger menu.

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Nth Doctor posted:

Android firefox can run themes.
Source: A theme I published got popular for no apparent reason, with no effort made to publicize it.

What's the theme called, so I can be your sole FreeBSD user?

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Wheany posted:

I just tried to save an image using the "Save Image As..." context menu.

The download failed, but succeeded when I clicked retry.

Is there a way to make Firefox automatically retry downloads initiated by "Save Image As..."

Alternative question: Is there a way to make Firefox to just loving save the image it is showing on the screen because it has already downloaded it and not download it again?
You may wanna grab DownThemAll, since it can retry downloads like you want, and has also recently been made into a WebExtension to work on the new version of Firefox (as was covered quite recently ITT).

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Klyith posted:

As with all , using Bitwarden does mean depending on someone else to stay a going concern. If the bitwarden company goes bust (or has some security nightmare that's worth fleeing from), it's a chore to move to some other service. With Keepass + whatever cloud, even if dropbox goes bust it's relatively easy to move to a different provider and continue on.


For the average user that isn't worth dealing with the higher difficulty of keepass. But for those that can set up keepass, a cloud storage, and wrangle a bunch of plugins, it's a consideration.
And if you got 35 bux, reasonably stable internet, and a free weekend, most people posting in SHSC and who are able to setup keep-rear end should be able to set up a raspberry pi with nextcloud on it and use that.

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Hipster_Doofus posted:



Haha well gently caress me.
The name is like 49.95% of the charm!

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Not gonna lie, that's pretty impressive.

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



SIGSEGV posted:

about Firefox using a lot of memory
I have Firefox 69.0.2 (and will probably upgrade both the base system and all my packages later today), but I noticed just when I got up that top was claiming pretty unreasonable memory loads for a bunch of Firefox processes:
code:
last pid: 67321;  load averages:  1.51,  1.01,  0.49                                           up 14+15:21:07  08:04:33
356 threads:   1 running, 354 sleeping, 1 zombie
CPU: 21.3% user,  0.0% nice,  8.8% system,  0.2% interrupt, 69.8% idle
Mem: 878M Active, 2735M Inact, 190M Laundry, 11G Wired, 221M Buf, 957M Free
ARC: 7621M Total, 4292M MFU, 2576M MRU, 32K Anon, 84M Header, 669M Other
     6109M Compressed, 11G Uncompressed, 1.86:1 Ratio
Swap: 18G Total, 18G Free

  PID   JID    UID      PRI NICE   SIZE    RES STATE    C   TIME    WCPU COMMAND
60664     0   1001       20    0    21G   407M select   1   9:15   0.24% /usr/local/lib/firefox/firefox -contentproc -c
60664     0   1001       20    0    21G   407M uwait    2   0:20   0.04% /usr/local/lib/firefox/firefox -contentproc -c
60664     0   1001       20    0    21G   407M uwait    0   0:05   0.01% /usr/local/lib/firefox/firefox -contentproc -c
60664     0   1001       20    0    21G   407M kqread   1   0:45   0.01% /usr/local/lib/firefox/firefox -contentproc -c
74590     0   1001       20    0  2936M   630M select   0  52:49   1.92% firefox{firefox}
74590     0   1001       20    0  2936M   630M kqread   3  14:00   1.26% firefox{Gecko_IOThread}
74590     0   1001       20    0  2936M   630M select   3   9:48   0.66% firefox{GLXVsyncThread}
74590     0   1001       20    0  2936M   630M uwait    2   3:18   0.39% firefox{VsyncIOThread}
74590     0   1001       20    0  2936M   630M uwait    2   4:43   0.34% firefox{IPDL Background}
74590     0   1001       20    0  2936M   630M select   2   0:08   0.03% firefox{DOM Worker}
74590     0   1001       20    0  2936M   630M uwait    3   0:35   0.01% firefox{Timer}
74590     0   1001       20    0  2936M   630M uwait    3   0:02   0.00% firefox{JS Watchdog}
57888     0   1001       22    0  2808M   514M select   1  48:07   3.86% /usr/local/lib/firefox/firefox -contentproc -c
57888     0   1001       20    0  2808M   514M kqread   3  11:26   1.93% /usr/local/lib/firefox/firefox -contentproc -c
24615     0   1001       21    0  2781M   504M select   3   4:23   2.92% /usr/local/lib/firefox/firefox -contentproc -c
24615     0   1001       20    0  2781M   504M kqread   3   0:19   1.44% /usr/local/lib/firefox/firefox -contentproc -c
24615     0   1001       20    0  2781M   504M uwait    1   0:02   0.00% /usr/local/lib/firefox/firefox -contentproc -c
63018     0   1001       23    0  2700M   461M CPU3     3   0:18   6.90% /usr/local/lib/firefox/firefox -contentproc -c
63018     0   1001       21    0  2700M   461M kqread   0   0:02   2.67% /usr/local/lib/firefox/firefox -contentproc -c
63018     0   1001       20    0  2700M   461M uwait    0   0:00   0.01% /usr/local/lib/firefox/firefox -contentproc -c
63018     0   1001       20    0  2700M   461M uwait    2   0:00   0.00% /usr/local/lib/firefox/firefox -contentproc -c
65768     0   1001       33    0   553M   326M uwait    3  94:36  21.72% /usr/local/lib/firefox/firefox -contentproc -p
65768     0   1001       31    0   553M   326M uwait    2 127:30  17.82% /usr/local/lib/firefox/firefox -contentproc -p
65768     0   1001       23    0   553M   326M uwait    2   9:47   5.91% /usr/local/lib/firefox/firefox -contentproc -p
65768     0   1001       23    0   553M   326M uwait    0   9:39   5.88% /usr/local/lib/firefox/firefox -contentproc -p
65768     0   1001       23    0   553M   326M uwait    3   9:42   5.83% /usr/local/lib/firefox/firefox -contentproc -p
65768     0   1001       23    0   553M   326M uwait    1   9:39   5.68% /usr/local/lib/firefox/firefox -contentproc -p
65768     0   1001       21    0   553M   326M kqread   0  13:32   3.70% /usr/local/lib/firefox/firefox -contentproc -p
65768     0   1001       21    0   553M   326M uwait    3  12:31   2.87% /usr/local/lib/firefox/firefox -contentproc -p
65768     0   1001       20    0   553M   326M uwait    0   5:02   0.28% /usr/local/lib/firefox/firefox -contentproc -p
65768     0   1001       20    0   553M   326M uwait    2   0:46   0.17% /usr/local/lib/firefox/firefox -contentproc -p
65768     0   1001       20    0   553M   326M select   3   3:03   0.04% /usr/local/lib/firefox/firefox -contentproc -p
65768     0   1001       20    0   553M   326M uwait    1   0:03   0.01% /usr/local/lib/firefox/firefox -contentproc -p
However, things are not as dire as they may seem, because it's the RES column that indicates how much of the memory is part of the resident set, ie. what's actually in use in the VM itself.
Also, despite the fact that there's a lot of processes, all the ones that have the same number are sharing the resident set, so they aren't taking up any more memory.

I guess my point with this is to ask whether you're sure you were looking at the resident set or not?

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



SIGSEGV posted:

It was definitely real memory use enough that the OS wouldn't claw it back in my case. It kinda sucked but FF has stopped doing it without giving me a single hint as to what was going on and without changing anything.
I'm fairly certain it was fixed by this pull request for jemalloc since that's a fix for a critical virtual memory leak on Windows platforms according to the changelog.
Obviously it hasn't hit FreeBSD directly, but Jason Evans (the creator, and a FreeBSD commiter) found that jemalloc 5.2.1 breaks compilations on non-llvm hardware platforms in the FreeBSD tree.

All that being said, the Javascript Baseline Interpreter makes a noticable difference on javascript-heavy websites, so it's definitely a good update!

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Firefox is already more than twice the size of FreeBSD in terms of lines of code, why would you want to add a mail client to it?!

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Sab669 posted:

According to this website Firefox is roughly 8% of internet users. Presumably power users / enthusiasts for the most part. Who, I imagine, also mostly have better-than-average hardware? Maybe that's niave of me?
Market share has nothing to do with how much something is used, it is only says something about how many new instances of something (in this case, browsers) starts being used in the last three months.

Also, even if they did measure the right things (which we don't know, because they might as well have pulled those numbers out of their rear end for how well their sampling systems are documented), they would only be measuring stuff on the public web, not the deep web and everything behind corporate firewalls.

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Wheany posted:

Firefox updated and Stylus lost all my styles. Again.
Use tampermonkey with the javascripts that userstyles.org also lets you download?

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Megillah Gorilla posted:

Is there any functional difference between tampermonkey and violentmonkey?
ViolentMonkey used to have issues with its privacy, but that appears to no longer be the case. There have also been accusations of obfuscated code against ViolentMonkey, but I don't know how to interpret that given that they don't link to the obfuscated part, that it could just be smart coding (use of just-in-time generation as well as minification are permitted), or that AMO now bans obfuscated code.
TamperMonkey is effectively-closed source, but is also the most optimized in terms of fasts/second that I've been able to suss out with some very limited testing. TamperMonkey being closed-source is less than ideal, but for what it's worth the developer is German and has a company which is subject to GDPR with respect to TamperMonkey - so that's something?
GreaseMonkey is fully opensource, but doesn't have a very fast update schedule - though it's still kept up-to-date, and is probably the oldest as I believe it's the original.

EDIT: There is apparently a new API that the various monkey scripts can benefit from using (in multiple ways, including easier sandboxing), and there's even a newly-written closed-source(?) browser extension which takes advantage of them.

EDIT 2: FireMonkey is not yet ready for prime-time, it seems.

BlankSystemDaemon fucked around with this message at 10:26 on Dec 8, 2019

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Mozilla has a long history of deprecating old OIDs in about-config in favour of adding new, rather than exposing new features under existing OIDs with new values and optional handling of old values.

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



isndl posted:

This actually makes sense because it's by far safer when it comes compatibility with old profiles. And old profiles already run into a ton of weird behavior as it is.

I can also see scenarios where an old add-on expects certain values and new code adds values that the add-on does not know how to handle and everything goes to poo poo.
This is text we're talking about, not binary data which has to deal with endianness or similar silliness. So far as I remember, FreeBSD hasn't had any problems parsing old OIDs for sysctls when going from a period with one implementation until a new one has been implemented and the old deprecated to allow for a period of switching over to avoid breaking POLA.
Firefox has never had a concept of POLA. If anything, it's the opposite: if it can be broken during an upgrade, Mozilla will break it.

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Klyith posted:

There is zero difference between a password composed out of random alphanumeric characters and a phrase from a bunch of words, as long as they have the same entropy (aka randomness) value. One word from a diceware list has about the same value as 2 alphanumeric characters. If 6 random words is easier to remember than 12 random characters, that's fine and you should feel great using words. But words do not have any inherent value.
Dictionary attacks are the exact reason why words should be avoided.

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



FRINGE posted:

I saw a security hardware vid on that kind of stuff once. They have made some creepy things. Like unpowered radio reflective inserts into video cables that someone transmit data to the remote scanning device. (More or less, thats my vague memory)
The NSA TAO catalog has that very thing, from 2008.

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



I suppose all of us could also be talking out of our asses if someone were to reveal a quantum computer, that can handle more than a handful of qubits, tomorrow.

Although I still don't think any of us would be the first targets to be attacked. There's a pretty good chance we're just too boring for that.

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



SMILLENNIALSMILLEN posted:

in firefox im having an issue with the forums when i click on links to a quoted post like this


the loading images and tweets push the page down and the post off the screen. is there some way i can fix this?

e: actually it does it when going to last read post in a thread as well
Well, scroll anchoring was supposed to have fixed it, but it evidently hasn't since it still happens all the loving time on every webpage.

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Butt Savage posted:

Am I overreacting?
As others have said, absolutely. The only useful thing that you can learn from security announcements is how well the people involved handle it - and in that area, Firefox could do a lot worse (and probably a bit better).

Here's a fun thing to consider: One of the very first things anyone learns to write, helloworld, can lead to system exploits because on most systems it issues +65 syscalls and it only takes a few bugs in the kernel to suddenly lead to privilege escalation - although it's mostly theoretical, even if there's quite a few avenues.

And in the only-slightly-less-simple-than-helloworld case, there was once a remote code execution attack with priviledge escalation against fingerd (and that exploit is not why nobody uses it anymore).

Even things that some people reckon are "safer" have issues.

BlankSystemDaemon fucked around with this message at 15:12 on Jan 23, 2020

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



I'm seeing the weirdest issue where one of firefox's threads called Socket Thread is taking up 100% of one core, and another called Timer is taking up 50%.
Here's a log of what the firefox PID is doing, grabbed via dtruss, although it's an absolute mystery to me what's happening with those stack traces.

What's especially weird is that it also does it in safe-mode where all add-ons are supposed to be turned off, which means that unless I can figure out exactly what preference is doing it, it seems as if I have no solution but to create a new profile and migrate all of the extensions over manually (since naturally I can't risk copying the preferences) - or so it seems to me?
I would really appreciate some ideas.

Adbot
ADBOT LOVES YOU

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



astral posted:

Anything strange in about :debugging?
Nope, nothing.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply