Conversation

Notices

Embed this notice
:mima_rule: Mima-sama (mima@makai.chaotic.ninja)'s status on Friday, 12-Apr-2024 13:22:08 JST :mima_rule: Mima-sama

Wow so the "insecure" slander being put out against #Firefox back in the day by #Chrome shills is a fucking lie... :reimu_sigh:

RE: https://tilde.zone/users/job/statuses/112256280949946497
In conversation about 8 months ago from makai.chaotic.ninja permalink
Attachments
1. No result found on File_thumbnail lookup.
  
  Job Bautista (@job@tilde.zone)
  
  from Job Bautista
  
  Ok wtf. So you're telling me that #Google #Chrome's #V8 #JavaScript engine was more #insecure than #Mozilla's #Spidermonkey after all these years? Because I'm pretty sure SM has been already doing plenty of the things mentioned in this article (I've touched on SM code plenty of times, so much more than I wanted because I worked on separating Spidermonkey from the monolithic #libxul, it's still hurting my brain...), even before the #Quantum rewrite. So even #PaleMoon which has been commonly trashed for being "old and insecure" is apparently more secure than Chrome, but most crucially it also disproves the long-standing blind belief by security freaks out there that Chrome is "more secure" than #Firefox when it's the other way around on many fronts... https://thehackernews.com/2024/04/google-chrome-adds-v8-sandbox-new.html #web #webbrowser #browser #browsers #openweb
- Embed this notice
  :blobancap: :blobcattrans: :blobancap: :blobcattrans: :blobancap: :blobcattrans: (allison@hidamari.apartments)'s status on Friday, 12-Apr-2024 13:22:06 JST :blobancap: :blobcattrans: :blobancap: :blobcattrans: :blobancap: :blobcattrans:
  in reply to
  
  @mima I think that was more to do with Firefox being single process and promiscuously passing around internal data structures, so if you could compromise one part of it, you had the entire thing, meanwhile Chrome from day 1 was heavily privilege separated with an eye to using things like seccomp (and later pledge on OpenBSD) with it
  
  In conversation about 8 months ago permalink
  
  Haelwenn /элвэн/ :triskell: likes this.
- Embed this notice
  :blobancap: :blobcattrans: :blobancap: :blobcattrans: :blobancap: :blobcattrans: (allison@hidamari.apartments)'s status on Friday, 12-Apr-2024 13:26:17 JST :blobancap: :blobcattrans: :blobancap: :blobcattrans: :blobancap: :blobcattrans:
  in reply to
  - :blobancap: :blobcattrans: :blobancap: :blobcattrans: :blobancap: :blobcattrans:
  @mima https://invidious.uknow.moe/watch?v=Er44ur7wkXQ somewhere in this video Theo de Raadt trashes on Firefox as an example of what not to do for architecting a secure program
  In conversation about 8 months ago permalink
  Attachments
  1. Domain not in remote thumbnail source whitelist: invidious.uknow.moe
    
    Hoisting: lessons learned integrating pledge into 500 programs - Theo de Raadt
    
    Description: I would like to focus on lessons learned integrating pledge into 500 programs. Probably emphasize how programs were subtly modified to fit the restrictive model, with some examples. For instance, we further strengthened existing privsep designs along the way because pledge showed the way. Another conversation is about a dev process we call “hoisting”, invariant code found in the main loop was pulled into pre-pledge initialization. Speaker biography: Theo is the founder and long time contributor to the OpenBSD project.
  Haelwenn /элвэн/ :triskell: likes this.

Public

Conversation

Notices

Feeds