The officially official Devuan Forum!

You are not logged in.

#1 Re: Desktop and Multimedia » In search of a privacy oriented browser » 2018-09-20 16:08:53

chris2be8 wrote:

See https://www.schneier.com/blog/archives/ … o_tra.html for details of a big hole in most browsers cookei handling.

Chris

I opened it up. Will read it offline. But, speaking of Bruce Schneier, there was an opportunity to buy non-DRM e-books of his
Three of My Books Are Available in DRM-Free E-Book Format
https://www.schneier.com/blog/archives/ … y_boo.html :

Humble Bundle sells groups of e-books at ridiculously low prices, DRM free. This month, the bundles are all Wiley titles, including three of my books: Applied Cryptography, Secrets and Lies, and Cryptography Engineering. $15 gets you everything, and they're all DRM-free.

I would have been willing to pay, but it vanished within not much longer than a week... Anybody got those?

NOTE: that's a digression, and while I thought hard if it is appropriate to ask about it here, and believe it is within the permissible, I accept whatever the admins/moderators decide, if they decide to the contrary.. Even delete this digression... Or if the option is offered, move it in Off-topic...

#2 Re: Desktop and Multimedia » In search of a privacy oriented browser » 2018-09-20 16:00:07

msi wrote:
miroR wrote:

Another one would be: I want SSL-logging, as I always want to check what happened online.

Anybody knows that would be workable with Otter?

You should ask Emdek about that on Otter's IRC channel.

I'll remember your advice... If I go that route. (I'm also considering Iridium. Ah, on a longer run. I work pretty slow...)

miroR wrote:

[...]
UPDATE: I actually downloaded:
1d7058c1972442c72f0904c6b7f3ad9f25dbb11c257d918c857eb74ccb8031fe  otter-browser-0.9.99.3-rc12-x86_64.AppImage
(the SHA256 is in view of verification; how do AppImage's verify?)
and only then took notice my openssl is too new. A no go for me, not messing with such important packages as openssl.

The bigger problem is that Otter Browser requires at least Qt 5.10, which is not in ASCII. But if you had that, it would be possible to built it against openssl 1.1 as well, says the main developer. (I haven't tried that, though.)

Not a problem in testing (beowulf] that I run:

# apt-cache policy libqt5core5a
libqt5core5a:
  Installed: 5.11.1+dfsg-8
  Candidate: 5.11.1+dfsg-8
  Version table:
 *** 5.11.1+dfsg-8 500
        500 tor+http://devuanfwojg73k6r.onion/merged testing/main amd64 Packages
        100 /var/lib/dpkg/status
miroR wrote:

But why are there no Debian packages?

One reason is probably that, up to now, the project has only published release candidates.

On a non-privacy-related side note: Otter also doesn't depend on Pulseaudio.

Great to know smile ! Thanks!

#3 Re: Desktop and Multimedia » In search of a privacy oriented browser » 2018-09-18 22:11:58

siva wrote:
miroR wrote:

It's not clear how bad those "Replace URLs to Google services by URLs to our own server" was...

Not what I expected to read from someone so committed to projects like grsec.  Am I in a coma...? wink

You're fine.
Ah, grsec... I'm not an expert. And grsec really may be dying, the FOSS grsec, and Google taking over GNU/Linux security, which is a disaster. But the link in my signature is dead, because my participation in the thread is, for untold reasons, deleted... Where I was telling about it...
No geniuses to take up the FOSS grsec, or no way to get spender and pipacs to give us a boost... The meltdown and spectre are deadly flaws, and the FOSS grsec, the dappersec can't protect you from them...

Anyways,

...it's old.  And it's unsolved...Anybody knows of a follow-up where that issue was better explained, cleared up?

I wouldn't necessarily say unsolved so much as "probably unexplored."  The troublesome code, according to the user "skymt", is located in chrome/browser/history/web_history_service.cc.  I don't see that file in the source code anymore.  I skimmed through similarly-named files and didn't see any explicit URLs.
https://github.com/iridium-browser/irid … er/history
That's not to say that a similar function isn't embedded elsewhere in the source, though.

One thing I have not yet tried (which I assume someone has, by now) is opening up a tcpdump session with iridium.  I do have all telemetry disabled, to the best of my knowledge, so I'll be interested to see what can be found, and what happens when I use a blank config folder.

That was really what was missing in the analysis. I regularly examine tcpdump (actually I run my https://github.com/miroR/uncenz program whenever I'm online) sessions, and for what I understand (I can't tell for all events, such as where Javascript goes really complex), Pale Moon behaves well, of course, thanks to addons NoScript, UBlockO and Decentraleyes at work, as well.

[ I leave the below even though I'm sure you know it, for other readers ]
But to do any proper dumpcap or tcpdump sessions analysis, you have to have the SSL-key logging on. Else it's all encrypted, and you see nothing really -- unless you browse in HTTP... But I guess you know it, and you do have it on.
Pity I'm out of time, but I think I wish to look much deeper into Iridium, and possibly try to install it and use it.

Also I noticed at https://iridiumbrowser.de/downloads/debian:
Currently, this is how they recommend doing it:

wget -qO - https://downloads.iridiumbrowser.de/ubuntu/iridium-release-sign-01.pub|sudo apt-key add -
cat <<EOF | sudo tee /etc/apt/sources.list.d/iridium-browser.list
deb [arch=amd64] https://downloads.iridiumbrowser.de/deb/ stable main
#deb-src https://downloads.iridiumbrowser.de/deb/ stable main
EOF
sudo apt-get update
sudo apt-get install iridium-browser

But that's wrong way to do it... The first line, the  "wget -qO ...". It's worth filing an issue on their Github or wherever they have it (writing in a rush, busy)...
The right way is...
It is how I explained in:
A repo serving Pale Moon
https://dev1galaxy.org/viewtopic.php?id=1972
(just: that Pale Moon is now too old, and not to be used that might be gotten from the links to my location there)
But I have not time to go and search... I't in the Debian Wiki how it needs to be done, with unofficial repos.

I suppose Iridium can be installed w/o D-Bus, can it?

Pity I'm very short on time for probably a few days...

Regards!

#4 Re: Desktop and Multimedia » In search of a privacy oriented browser » 2018-09-18 12:22:31

ChuangTzu wrote:

regarding Iridium browser, FYI
https://news.ycombinator.com/item?id=9482689

An interested read.

But it's old. And it's unsolved. It's not clear how bad those "Replace URLs to Google services by URLs to our own server" was... Maybe truly for the sake of fixing things...
Anybody knows of a follow-up where that issue was better explained, cleared up?
Anybody can show us what really happened by posting what s/he sniffed on the network while Iridium was contacting those servers? Did those really come up with 404 Not Found ?

Are packages from:
https://iridiumbrowser.de/downloads/debian
D-Bus free?
UPDATE/CORRECTION: I really meant: are they available for installing in a dbus-free system? Sorry.

UPDATE:
Ah, I see another thing is missing for me with the iridiumbrowser.de repo (*) linked above: can the repo be reached with tor? Anybody? I just can't tell how enjoyable the privacy of Tor is, for installing you packages. Wouldn't want to relinquish that...

(*)  BTW the .de is just fine with me, a few important FOSS people have indicated Germany as a possibly leader in privacy

#5 Re: Devuan Derivatives » Refracta no-dbus experiment » 2018-09-18 11:33:59

msi wrote:

Apropos compiling: Another web browser (and a rather promising one) that can now be built without dbus is Otter Browser.

See:

True. It would run without D-Bus, as that code says.

Just wrote:
In search of a privacy oriented browser
https://dev1galaxy.org/viewtopic.php?id=2260#p11849
in regard.

#6 Re: Desktop and Multimedia » In search of a privacy oriented browser » 2018-09-18 11:31:55

astheroth wrote:

Otter browser would be a good option. It's floss and  on qt5, but it's required to compile it and install from source, since there is no .deb package.
https://otter-browser.org/

I'm currently using Pale Moon, and it works fine. My own build, from Steve Pusser's repo. There are topics on Pale Moon forums, if anybody is interested.

But Otter browser would supply one of the requirements for me: sans-dbus, for which see:
Refracta no-dbus experiment
https://dev1galaxy.org/viewtopic.php?id=2158#p11846

Another one would be: I want SSL-logging, as I always want to check what happened online.

Anybody knows that would be workable with Otter?

And then (currently on
https://github.com/OtterBrowser/otter-browser ):

Linux users can use the official AppImage version available on SourceForge. It is a single executable file that doesn’t need any dependencies to be installed. The AppImage version should run under any system installed after 2012 provided it has OpenSSL 1.0.x (not 1.1.x) and GStreamer 1.x (with codecs). The browser is also available in the repositories of a wide range of Linux distributions and *BSD systems. Read more on the dedicated wiki page.

(but I haven't reproduced all the links of the text)

And, I have:

# apt-cache policy openssl
openssl:
  Installed: 1.1.0h-4
  Candidate: 1.1.0h-4
  Version table:
 *** 1.1.0h-4 500
        500 tor+http://devuanfwojg73k6r.onion/merged testing/main amd64 Packages
        100 /var/lib/dpkg/status

UPDATE: I actually downloaded:
1d7058c1972442c72f0904c6b7f3ad9f25dbb11c257d918c857eb74ccb8031fe  otter-browser-0.9.99.3-rc12-x86_64.AppImage
(the SHA256 is in view of verification; how do AppImage's verify?)
and only then took notice my openssl is too new. A no go for me, not messing with such important packages as openssl.


Also why have some distros stopped packaging it? E.g. the last PPA on Launchpad is 3 months ago...
UPDATE: no that's not an issue; that's just packagers working ona  rare schedule, the thing is: some pages there ( https://launchpad.net/~otter-browser/+a … untu/daily ) are called daily. No worry...
But why are there no Debian packages?

Regards!

#10 Re: Devuan Derivatives » Refracta no-dbus experiment » 2018-08-17 10:28:15

fsmithred wrote:

Gentoo can be completely no-dbus because you get to compile ALL your packages.

Very true! I know that so well. Years building my Gentoo in different systems.

(Anyone is welcome to recompile all the debian/devuan packages that require libdbus*)

(The stress is again on: ALL [the debian/devuan packages].)
We are yet to see if a true non-dbus happens anywhere in the debian world of derivatives, or somewhere else, in such way that not such huge work is needed to accomplish that freedom, or if it does not happen anywhere in the whole GNU/Linuxdom, but only Gentoo.

#11 Re: Devuan Derivatives » Refracta no-dbus experiment » 2018-08-16 15:31:28

fsmithred wrote:

Refracta-nodbus has libdbus-1-3 and libdbus-glib-1-2. I don't think they do anything except satisfy some package dependencies.

]
But that's the core dbus... Something from the heart of Gnome/RedHat... for the world domination that was to be...

A search for 'dbus' in /var/log/* shows some errors in the refractainstaller log and in  Xorg.0.log.

Sometimes it downright spams the log in my beowulf Devuan. But I do hope those are innocuous.

refractainstaller_error.log:

D-Bus library appears to be incorrectly set up; failed to read machine uuid: Failed to open "/etc/machine-id": No such file or directory
See the manual page for dbus-uuidgen to correct this issue.

Yeah, I see these all the time, such as when I start Wireshark...

Xorg.0.log:

(EE) dbus-core: error connecting to system bus: org.freedesktop.DBus.Error.FileNotFound (Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory)

I'm not sure what question I'm supposed to answer from stevepusser's post.
This? libgtk-3-dev is installable in ascii. I tried to install it, but I already have the latest version.

Looking up more closely, my fault to have wandered there too much... and for not having a clear question about it myself...

I did install successfully libgtk-3-dev, and it did bring in libqt5dbus5 and not much more... (And I did build Pale Moon successfully, after bannishing gconf from build time dependencies...)
Ah... I thought we'd be having full sans-dbus in Devuan like Gentoo have (as option)...

Thanks for your always useful reply!

#12 Re: Devuan Derivatives » Refracta no-dbus experiment » 2018-08-16 11:53:34

I've learned from Devuan DNG ML about this sans-dbus Refracta when it was released, and have been using it as rescue system. It works just fine!

Talking about dbus, I had issues evading to introduce dbus into my non-dbus system
( somewhat non-dbus, see:
sans-dbus in Devuan: low level core install of dbus remains
https://dev1galaxy.org/viewtopic.php?id=1825 )
about which Pale Moon build issues see at:
Building Pale Moon on Devuan fails 2
https://forum.palemoon.org/viewtopic.php?f=37&t=19763
but just search for Refracta, as I mentioned it a few times.

@fsmithred, is this no-dbus Refracta also libdbus-free as well?
(And also see there, in particular stevepusser was wondering about things that you could possibly known the answer too:
[ same topic as the of the already given link ]
https://forum.palemoon.org/viewtopic.ph … 94#p147227 )

#14 Re: Documentation » Grsecurity/Pax installation on Devuan GNU/Linux » 2018-07-27 18:01:14

https://www.croatiafidelis.hr/gnu/deb/l … 180727-10/ (under https://www.croatiafidelis.hr/gnu/deb/l … -current/)
Tested on three machines (but MBO are of only two kinds). No issues.
Refer to previous post for tips if needed.

#15 Re: Documentation » Grsecurity/Pax installation on Devuan GNU/Linux » 2018-07-11 12:28:24

New stable packages:
https://www.croatiafidelis.hr/gnu/deb/l … 180710-21/
( https://www.croatiafidelis.hr/gnu/deb/l … c-current/ )
Any difficulty installing, pls. review previous long posts... (I'm probably too short on time currently)

#16 Re: Other Issues » Strange Bash under grsecurity's exec logging » 2018-06-16 18:44:05

It is the same info that I have, as I just posted at:

Re: Grsecurity/Pax installation on Debian GNU/Linux
http://forums.debian.net/viewtopic.php? … 41#p675341

(or would it be better that I simply paste it here, I don't know... The link, this time, should suffice).

#17 Re: Documentation » Grsecurity/Pax installation on Devuan GNU/Linux » 2018-06-01 13:29:13

The offered packages in the previous post (no issues have I had so far) are for any system hardware (well: x86_64 arch only).

The best way is surely, to compile. Nothing wrong with the other option. It's only that tailoring the compiled kernel for only your hardware reduces the huge attack surface.

While Dapper Secure Kernel Patchset  (
https://github.com/dapperlinux/dapper-s … e/releases
) is still grsecurity, my script for newbies has changed to help new GNU-Debianers/Devuaners who want to look into kernel compiling.

So pls. look up:

https://github.com/miroR/grsec-dapper-compile/

I'm not sure, you might need to get dapper-linux PGP key from:

https://dapperlinux.com/contact.html
https://dapperlinux.com/matthew_gpg_public_key.asc

Regards!

#18 Re: Documentation » Grsecurity/Pax installation on Devuan GNU/Linux » 2018-06-01 11:50:35

The:
https://www.croatiafidelis.hr/gnu/deb/l … c-current/
now points to:
https://www.croatiafidelis.hr/gnu/deb/l … 180601-06/
That is the kernel package for Debian/Devuan that _may_ be worth trying out, bearing in mind the caveats of Dapper Linux patchset:
https://dapperlinux.com/
I.e. no meltdown protection, no spectre protection, currently no retpoline.

However, all the othe usual protection that grsec offered are there. And the kernel is up to date.

I am testing that kernel right now, it appears to be fine.

If you want to use it, pls. see previous posts, there are a lot of info how to dowload it, how to verify it, etc.

Regards!

#19 Re: Installation » Legal on Pale Moon potential packaging and distribution » 2018-04-04 16:28:22

It's Wed  4 Apr 16:26:28 UTC 2018 UTC...
No replies on https://forum.palemoon.org/viewtopic.ph … 50#p138438
And maybe nothing untill morning comes to the U.S. if they went to sleep. Hours of uneasy waiting...

EDIT: I can't believe I calculated as if the Earth revolved the opposite direction around the Sun than it does... It wasn't night, but it was morning or even early morning in the U.S. when I posted that question about mozconfig... (BTW, I can do complex things, but I sometimes fail on binary stuff, or completely simple stuff, such as I failed my driving exam 42 yrs ago on driving backwards smile ...Aarrgh!...)

IOW, it's full daytime still in the U.S, while night is drawing over Europe where I live... Just why not answer... How can I compile if I don't know I can at least get some of the options to the liking of a good part (and to no detriment to others) of Devuan users?

I'm not going to be compiling a dbus- nor pulseaudio- Pale Moon... They hopefully will support those options...

#20 Re: Installation » Legal on Pale Moon potential packaging and distribution » 2018-04-04 14:33:13

chillfan wrote:

I'm not an expert but I think this would do it:

Change --enable-official-branding to --disable-official-branding and rename your package in debian/control to whatever name you like. I think so long as you don't use their artwork and don't call it palemoon you should be fine.

lf I remember the browser will call itself "New Moon" by default. That would seem ok in the meantime, but you'd want to rename eventually I think.

Otherwise just use the mozconfig they provide, but it will limit you to the defaults.

I see, but the better way is to try and get Moonchild and his friends confident of my packages and get them to allow the official branding to remain...

In case the few options that I'm pretty unwilling to change, and they're not so many, get a PASS from New Tobin Paradigm, see:

A Pale Moon repo for Devuan/Debian
https://forum.palemoon.org/viewtopic.ph … 38#p138438

which I hope they will, I am motivated to work more. Else... time wasted...

As far as changing the licence: The Iceweasel story is a sad example. It lost support completely (IIRC) from Mozilla.

And you don't get geniuses available for some core issues in any complex project just so easily (remember how the https://github.com/minipli/linux-unofficial_grsec/ still hasn't moved passed the specter/meltdown mitigations, geniuses to solve it missing or, being late to do it; if only it is the latter...). Some things about really complex projects, there's only a few people in the world who are able to do it (well, in real time, I mean)...

The support by Moonchild and his team is very close to indispensable. (Especially because we are not huge as Debian.)

I'm on edges. Reloaded that Pale Moon link above a few times only while writing here...

#21 Re: Installation » Legal on Pale Moon potential packaging and distribution » 2018-04-04 12:28:03

I also asked at:
A Pale Moon repo for Devuan/Debian
https://forum.palemoon.org/viewtopic.ph … 22#p138422
I hope this can be worked out. This is a browser that does not impose pulseaudio nor dbus, is fast, and they don't seem to work behind people's back with intrusional purposes.

#22 Re: Installation » A repo serving Pale Moon » 2018-04-04 11:43:24

There is probably not (but I'm not good at legal stuff) any non-compliance issue with Pale Moon license with my repo, but still, some already and more discussion might be at (or linked from):

Legal on Pale Moon potential packaging and distribution
https://dev1galaxy.org/viewtopic.php?id=1974

#23 Re: Installation » Legal on Pale Moon potential packaging and distribution » 2018-04-04 11:32:14

Is my mozconfig legal?

From publicly available sources at:

https://www.croatiafidelis.hr/foss/dev1miro/

/some/where/$ cat  palemoon-27.8.3~repack/debian/mozconfig 
export MOZILLA_OFFICIAL=1
export CC=gcc-4.9
export CXX=g++-4.9
mk_add_options MOZ_CO_PROJECT=browser
ac_add_options --enable-official-branding
ac_add_options --enable-application=browser
ac_add_options --enable-release
ac_add_options --disable-installer
ac_add_options --disable-updater
ac_add_options --enable-optimize="-O2 -msse2 -mfpmath=sse"
ac_add_options --disable-debug
ac_add_options --with-pthreads
ac_add_options --enable-shared-js
ac_add_options --enable-jemalloc
ac_add_options --enable-strip
ac_add_options --x-libraries=/usr/lib
ac_add_options --prefix=/usr
ac_add_options --enable-devtools
ac_add_options --disable-necko-wifi
ac_add_options --disable-gstreamer
ac_add_options --with-pthreads
ac_add_options --disable-precompiled-startupcache
ac_add_options --disable-accessibility
ac_add_options --disable-b2g
ac_add_options --disable-dbus
ac_add_options --disable-gamepad
ac_add_options --disable-omx-plugin
ac_add_options --disable-parental-controls
ac_add_options --disable-profiling
ac_add_options --disable-pulseaudio
ac_add_options --disable-safe-browsing
ac_add_options --disable-telemetry
ac_add_options --disable-webrtc
ac_add_options --disable-webspeech
ac_add_options --enable-alsa
ac_add_options --enable-ffmpeg
ac_add_options --enable-fmp4
ac_add_options --enable-freetype
ac_add_options --enable-gnu-ld
ac_add_options --enable-install-strip
ac_add_options --enable-jemalloc
ac_add_options --enable-jemalloc-lib
ac_add_options --enable-libjpeg-turbo
ac_add_options --enable-multithread
ac_add_options --enable-ogg
ac_add_options --enable-optimize
ac_add_options --enable-opus
ac_add_options --enable-png
ac_add_options --enable-pthreads
ac_add_options --enable-raw
ac_add_options --enable-shared-js
ac_add_options --enable-strip
ac_add_options --enable-svg
ac_add_options --enable-threads
ac_add_options --enable-threadsafe
ac_add_options --enable-wave
ac_add_options --enable-webgl
ac_add_options --enable-webm
/some/where/$ 

#24 Re: Installation » Legal on Pale Moon potential packaging and distribution » 2018-04-04 11:19:43

So this is the reply to this post:

Palemoon installation from source
https://dev1galaxy.org/viewtopic.php?id=616#p8206

moved here because it isn't to do with just compilation for a single person which that topic is about.
---

chillfan wrote:

Nice posts but I should point to this though (for your own benefit) which recently came up on the maling list.

https://github.com/jasperla/openbsd-wip/issues/86

I wasn't aware of that... Studying it carefully... However, I was compiling my Pale Moon since I started that topic:
Building Pale Moon on Devuan fails
https://forum.palemoon.org/viewtopic.php?f=57&t=15751
which is Fri, 07 Jul 2017, 19:03 and this is the first time somebody draws my attention to this...

A quick idea (to get free from the need to peruse that notification ): would it suffice that I remove the

export MOZILLA_OFFICIAL=1

or stick:

export MOZILLA_OFFICIAL=0

and what are the implications thereof?

But wait... See (if you or other gentle reader download the source as I explained how it can be done in my previous post):

$ grep with-system palemoon-27.8.3~repack/debian/mozconfig 
$

it's empty string. None! I don't have any --with-system-<whatever>! So I'd hope my Pale Moon repo is legit.

Do correct me if I'm wrong!

So, no for this (but do correct me if I'm wrong):

It would seem it's best to rebrand or disable branding when packaging, especially if you want to make changes to the build process.

and the changes that I made are not to do with anything --with-system-<whatever> options.

Also, I notice you mentioned grsecurity (the unofficial forward ports I guess). When I last looked they can't yet integrate meltdown/kpti, is much different there now?

Yeah, that's a thorny issue... No genius to help out there... Or the good few who are willing have not come to their full potential yet... Sad as can be... But that's a separate issue... If you want to discuss it more (just in case), pls. let's move to some of the grsec topic (of mine already on the forums, or create a new one if you prefer... Only saying, there's not much news there...)

Back to the licensing issue now.

I read more carefully on the OpenBSD attempt to package Pale Moon and the near "cease and decease" discussion as one of the BSD guys called it... Wow!... Hard stuff too... And sad, this issue is, too...

Dunno...

But thanks! (And do correct me if I'm wrong!)

#25 Installation » Legal on Pale Moon potential packaging and distribution » 2018-04-04 11:14:47

miroR
Replies: 6

I have put up a repo with one binary-amd64 package and one set of source: palemoon :

https://www.croatiafidelis.hr/foss/dev1miro/

It's provisional really at this time, but it's working.

I presented it at:
A repo serving Pale Moon
https://dev1galaxy.org/viewtopic.php?id=1972

With time, not yet, I might become knowledgeable enough to package Palemoon for Devuan... I might...

And I'd like to figure out about these legalities first. There is a fragment of a discussion over right after:

Palemoon installation from source
https://dev1galaxy.org/viewtopic.php?id=616#p8206

but I am moving my reply to here, because it is an issue that deserves a separate topic.

I'm not very good at legal issues at all, and the time to figure out all the parts of the licenses and read all the relevant discussions is adding to the hardship of it...

And advice is welcome... Do express your thoughts, it might help for the future. Pale Moon seems to me a really good browser, and maybe the licensing is eventually acceptable...

Also, pls look up my mozconfig that I used. You can easily download the sources (at least currently) from my:

https://www.croatiafidelis.hr/foss/dev1miro/

(even the less advanced in compilation) by reading the above linked "A repo serving Pale Moon" topic.

Is that mozconfig legal, as I think (for which read the next post in this topic)?

Board footer

Forum Software