Conversation
i'm glad i don't use firefox anymore, mozilla can suck you-know-what
2
0
2
@pixl_xip Pale Moon mostly and Librewolf when some website doesn't work on PM (aka being shit)
1
0
1
@getimiskon So does Pale Moon maintain a fork of Firefox? Is that how it works?
2
0
2

@pixl_xip @getimiskon it’s firefox without any of the improvements to its security architecture in over the past decade.

2
0
2

@Seirdy @getimiskon @pixl_xip oh right i remember this one reddit post by one of the contributors

i’ll see if i can find it

1
0
0

@Seirdy @getimiskon @pixl_xip okay nvm i’m pretty sure linking it publically may cause harassment

0
0
0
@Seirdy i don't see anything that works better to me that isn't chrome or firefox-based. Although i use Librewolf, but it still inherits some of the issues of firefox.
And no, unfortunately WebKit-based browsers have issues that break some of the websites i use.
I know it's not the best browser, but do i have a better choice? Not really.
@pixl_xip
1
0
0
@pixl_xip it is to Firefox what MATE is to GNOME, to put it simply.
0
0
0

【理论Full Flavor】τπεory verifyblack

Edited 2 months ago
@getimiskon I assume you moved to a firefox fork?
librewolf is peak comfy especially with the simple tab groups plugin (my daily driver)

but looks like another ff fork has hit the block and it looks interesting
https://github.com/zen-browser/desktop
2
0
1
@theorytoe i use Librewolf when a website is too broken on PM. It's alright, but as you may noticed, i hate modern firefox. As for the other fork, never heard of it, but may keep an eye.
1
0
1
@getimiskon it looks interesting
also it is the first browser that ive seen properly nail vertical tabs
1
0
1
@theorytoe holy shit, if they provide an appimage, i'm downloading it tomorrow
1
0
1
@theorytoe actually they provide appimages HOLY SHIT neocat_googly_shocked
0
0
1

@getimiskon @pixl_xip given that it has the worst community (full of bigots), the worst security (no sandboxing or site isolation, barely any security research, dependent on backports), the worst accessibility (accessibility features removed), the worst open-source citizen (making legal threats to downstream projects), and the worst support for web standards when compared with the other three browser engines I can’t in good conscience recommend it to anyone.

Other alternative engines like Servo are more independent, have less toxic communities, don’t actively remove accessibility features, aren’t hostile to basic mitigations like sandboxing and site isolation, and don’t threaten downstream projects.

1
0
0

@getimiskon @pixl_xip if you never enable the following features and run it in a sandbox that offers proper isolation from the rest of your system I suppose it’s not too risky:

  • JS, wasm, and JIT.
  • all third party content, especially iframes, framesets, the embed element, and scripts (for cross site attacks).
  • multimedia.
  • features that have been known to be vulnerable in Firefox before being rewritten or sandboxed (graphite font rendering, mathml, audio support on windows and linux, X11 support, printing, GPU acceleration).
  • PCRE JIT.
  • any independently implemented web platform features without any security research or fuzzing (web components and wasm again come to mind).
  • remote fonts.

If you stub out all the parts we know are burnt, you’re left with the rest which is a significant improvement at least. But at that point, you’ve traded so much usability for attack surface reduction that you may as well use the Tor Browser’s “Safest” security level.

1
0
0
@Seirdy @getimiskon Might as well use Lynx or something at that point
1
0
1

@pixl_xip @getimiskon TUI browsers should use an actual HTTP client library instead of rolling their own buggy ones IMO. Take a look at CVEs for w3m; one guy tried fuzzing it but quit because it was just that bad. I’m glad that at least Edbrowse uses libcurl, but I doubt lynx’ HTTP(S) stack is nearly as robust.

If it’s making HTTPS requests and parsing untrusted markup while positioning itself as something ready for browser-grade work, it needs to be continuously fuzzed, sandboxed, and welcoming to community research and contribution.

1
0
2
@Seirdy @getimiskon Yeah, I never actually considered the risks. Good to know, though.
1
0
0

@pixl_xip @getimiskon Personally I use w3m in a bubblewrap sandbox to pipe HTML email into, but I’m thinking about switching w3m out for Pandoc.

0
0
1