Hacker News new | past | comments | ask | show | jobs | submit | maverick74's comments login

Amazing!!!

I want this in my regular browser (you ear me Mozilla && Servo devs?!)


An Adobe Flash alternative that worked with CSS or SVG animations for the web


Yeah!!!

Having it side by side on the installer would be the right way to do it!!!

openSUSE guys also do it that way (no advanced button, however! just an extra step at the installer)


yes, but it's still hidden behind the "Spins" label.

The change means moving it into the "Editions" label!!!

(hopefully label it as Plasma Workstation vs Gnome Workstation)


yeah!!! I agree with you!


"And Linux isn't minimal effort."

I don't agree with this anymore!!! Linux, presently, it's an easy OS. You don't have to get to the CLI if you don't want to. If you're "just" a simple user you can just live in the GUI like in windows and get on with it!!!


Is it, really?

With Windows you can just download an app.

With MacOS you sometimes need to pick between Intel or Apple Silicon.

For Linux you invariably have to navigate list of Deb or RPM, perhaps TarGz files, maybe a torrent or two.

Sticking with apt can lead to a list of issues of ensuring you have the right dependencies.

Let’s start before that : With Windows the OS usually comes pre installed, with Macs, always.

Linux - with one to pick? Ubuntu, PopOS, Elementary?

Oh, so you picked Ubuntu - congratulations - now which DE? Or should you pick a derivative such as Mint first?

I’m a huge fan of Linux servers - I think they’re so easy to work with on a server level even with many of the same issues I described above and I’m actively ripping out every Windows server in our environment and replacing it with Linux.

But I still, after all these years, can’t seem to pick a Desktop Linux platform that I feel comfortable with. And this after 40 years in the industry.


Right, for ordinary users there's an inertia to Linux that Apple and Windows don't have.


not sure why you say it's a "controversial comment"...

What you say is well documented and you made a reasonable comment!

The bigger the software, the more likely it is to be exploited...


> Many security layers are counterproductive

Where is this part documented? I've read that security is best done as a layered approach


I was about to ask for the same thing. All best practices within the security domain point towards multiple layers of security, simply to have some fallback if one mechanism is compromised.


> Where is this part documented?

i don't have any example over this part. Maybe the OP has...

Still, a layered approach is great "on paper" (and probably the best actual solution we have atm), but it is only great in practice if it's well coded and the op is right that in lots of cases there are numerous flaws.

yes, you have failsafes on the layer bellow, but then again... it's just another "challenge" to find the flaw...

If we have a simple and effective code (à lá unix: do one thing, do it well), that has the possibility of becoming more effective that "flawed layers".

yeah... we can have multiple - simple - layers... but again... that will also raise the possibility of unforeseen flaws...

all in all: it's always a double-edged sword...

you're right and the op is right XP

(unless the layered approach is actually really really well coded!!! That's the ideal... but not many can do it!!! - i surely can't ahahah)


This is actually completely contrary to documented best practices. Best practices involve a lot of layers and processes. Defense-in-depth is best practice.

My experience is that only helps if each layer is carefully designed and analyzed at a level impractical for most real-world systems.

In most cases, unless you're designing Unix from the ground up, the better approach is KISS.


Let's not talk about privacy (because there is no point in talking about it: Firefox is eons more private than Chrome - or any of it's based browsers - can ever be)

About security: Chrome has a biggest workforce, yes. but let's think about this a bit...

First, let's not forget that chrome is also a bigger target.

let's imagine this: Consider that 90% of the users worldwide use chromium-based browsers, and you are an hacker who wants to steal peoples data or access their computers.

Would you bother targeting 10% of the users. Or would you just go after those 90%???

now add another detail into that thinking:

people who use Firefox are mostly techies, people who know about computers, gnu/linux users, developers, more security-conscientious users, people who actually know and care about the tech that goes bellow, people that knows what's happening in the IT world, and people that simple don't go with the flock without studding it's path first... now... would you really bother targeting those when you have 90% of people - where probably 85% don't know anything about computers or just don't give a #$%& about it???

Would you go easy bait, or would you try to outsmart those who might be at the same level you are???

(sure, there is always exceptions!!!)

but then again... maybe that's just me...


This is exactly it. I used Linux on PowerPC for the same reason: Literally nobody was targeting it, especially compared to Windows on x86. Even now, why would anyone waste their time targeting desktop Linux on x86. Basically unheard of, because it's pointless (Except in targeted attacks.)


Thing is, targeting Linux on x86 will target high value users. Either servers, developers, sysadmins and the like. Yes you will hit less people, but the value of each hit is magnitude higher. It’s the same reasons apps first target iOS rather than android: apple users have an easier wallet.


I covered that in my post. Those users are targeted specifically. There have been news stories about it recently. People don't develop general malware for x86 Linux that also happens to catch those users though. That was the point. If someone with resources is targeting you, you don't stand a chance regardless of what you do.


> Linux on x86 will target high value users.

I'm not sure i agree with all you said.

Servers: mostly are not on x86. Also they are a lot more difficult to exploit due to the security nature of linux (yes, they go down very often and nothing is unhackable)

developers, sysadmins: tend to have the hardest configs and thus making it a lot more difficult to hack.

So, afaik, most of the hacks on this areas are more due to human flaws than the systems per se.

Now, i do agree that for a group of hackers with profound knowledge and that is trying to hit really big, servers are more attractive. devs and sysadms alone/personally not that much! ... unless ... they are targeting the servers managed by those devs and sysadms and in this case, targeting the devs and sysadms personally make more sense - which tend to be one of the best/easiest ways to hack the servers - again, exploiting human flaw instead of system flaw)

naturally, this is my personal view! I may be wrong here!


What architecture do you think servers use? Some graphs I found with a quick google ( https://www.itcandor.com/server-q219/ ) suggest >85% market share of x86, what else would they use? ARM is still not very widely used in servers, I think.


> Servers: mostly are not on x86.

Let's agree that we disagree. I'll just say that I work for a cloud provider and non-x86 servers are anecdotal :) but their media presence is not, as it's the new hot thing and that's free advertising.

> developers, sysadmins: tend to have the hardest configs and thus making it a lot more difficult to hack.

yet those people have a cognitive bias of "i'm too smart to fall". and those people will have some practices that are so detrimental to security it's laughable. how many developers will shutdown their laptop every day after work? compare this to the common practice of "just go to sleep" which will prevent browser updates, system updates, kernel updates, you name it. take a firefox that is months old with an unpatched ubuntu and you get the idea ground for a browser escape combined with an lpe. and even without lpe you'll grab many many credentials.

imho those still are harder to trick, but not because the config is hardened, but because there is a config at all. for example a phishing that imitates a floating browser window with a fake login page would not work on me. not because i'm smart, not because my config is hardened or whatnot, but because good luck to the scam for finding the specific window decorations I have on my linux system. oh, and the fact that I use a tiling wm and thus floating windows don't exist. it's a side effect of nerds being nerds.

> So, afaik, most of the hacks on this areas are more due to human flaws than the systems per se.

This is not incompatible. "normies" will get tricked in downloading invoice.pdf.exe, but that's windows only. The payout for invoice.pdf.sh or whatever may be very high, but you need your rat or stealer or whatever to know linux.

> unless ... they are targeting the servers managed by those devs and sysadms

That was the precise reason I talked about devs and sysadmins. Infrastructure credentials, aws keys, you name it.

And as a dev/sysadmin, you don't need targeted attacks to get pwned. A malicious package on npm/gems/cargo is all it takes. It's a spray and pray strategy, but if you catch even a handful of people this way it might be the jackpot.


Most servers use Linux so that’s probably a more valuable target than Windows.


What hardware are you on?


I find this to be a bit of a weak argument. What you make makes sense, but of for some reason a glaring security hole is noticed, people are going to take advantage of it.


naturally! There are always exceptions and there will always be people that will bother targeting those 10%.

Even more: if they could create something that targets both platforms that will be even better...

The question will always be of Work Vs Gain. Will your work result in gain. Does it justify targeting those 10%? (if it's an "easy thing to do" then we'll all get targeted)


> Firefox is eons more private than Chrome - or any of it's based browsers - can ever be

Some progress is made though...

Brave: https://brave.com

Thorium: https://github.com/Alex313031/thorium


Yes,

Specially Brave (within the Chromium-spectrum only) is probably one of the best choices (if we ignore some details, of course...)

Still, i actually have more faith in servo: https://servo.org


> i actually have more faith in servo: https://servo.org

Together with RedoxOS, COSMIC EPIC, and coreutils in Rust -- the future holds such great potential :)


RedoxOS, yes... I like that!!! :)

But i still prefer Genode/Sculpt + seL4 (https://genode.org)

they are doing amazing work there!!! If only they had a nice GUI (say... LXQt, for example)


Significantly more than just a nice GUI would be needed for general use, but it's certainly a fascinating proof of concept.


Going off the top comment’s simplicity is security paradigm, it’s hard to pitch Brave as a secure browser given its non-core complexity. (This would be as true if it were running a protein-folding simulation in the background as it is with its crypto bits.)


yeah... that's the "details" i talk about we have to ignore.

They take privacy and security seriously but then they have all this "extras" (ads, cryptocoins, rewards and a bunch of other things i don't like...)

All in all, i would say it's probably the best within the Chromium-based browsers, but i still don't use it!


10% of a couple of billions users is still a massive absolute amount of users.


> Firefox is eons more private than Chrome

cough* safe browsing cough*. /s

Enabled by default.


My understanding of safe browsing is that a local database is maintained and lookups happen against that. Eg: no information about the sites you're visiting is leaked.

Is this not the case / am I misunderstanding something?

Ref: https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-...


Your understanding is not (entirely) up to date. At some point they switched to downloading only a list of (partial) hashes. If an URL matches a partial hash then the browser asks Google for a lists of URLs for that hash. This does can let google get some information about what websites you visit. And those requests as well as the updates of the initial hash lists still ping Google with all the tracking posibilities that entails.


> Let's not talk about privacy (because there is no point in talking about it: Firefox is eons more private than Chrome - or any of it's based browsers - can ever be)

Firefox with its default settings is both less private and less secure than Brave. On iOS, Firefox has refused for years to implement an adblocker.

It’s best to say nothing if you don’t know what you’re talking about.


Brave with its default settings is both less private and less secure than LibreWolf.

> On iOS, Firefox has refused for years to implement an adblocker.

Blame Apple.


Mozilla deserves some of the blame for misleading users into thinking that Firefox is available on iOS when all they really provide is a Safari reskin.


The average user doesn't care about the underlying browser engine. Why should Mozilla add that to their advertising when no other browser maker on iOS is?


Err.. most other browsers on iOS do have an adblocker built in. It’s solely Mozilla dumping their users out in the cold.

These days ads are an attack vector. I’d never let my parents browse the web without a blocker.


The two most popular browsers on iOS do not support ad blocking, unless there's something I'm not aware of. I've never seen an ad blocker in iOS Safari or Chrome. Firefox on iOS has tracking protection which can block some ads if you believe the description of the setting.


Not real adblocking. If you care about your parents, get them a better device.


Not really. That's all Apple. Mozilla wants to try and provide the UI and experience and are doing so as best they can to satisfy their users requesting it.


> Blame Apple.

Blame Mozilla. Most iOS browsers have built-in adblocking.


No. Exit the RDF please. Apple and only Apple prevent you having choice over what browser engine to install.


Yes. Like, you are a laughably wrong. I can literally see the Brave “shield” icon staring right back at me right there in the bottom right of the screen.


I guess you must be in the EU and on iOS 17.4 or later. I forgot the Apple were forced to allow other browser engines to be installed in the EU recently.

But aside from that recent exception, no one ever had anything except Safari on iOS, even if they thought otherwise.


Nope. Been adblocking on iOS in Brave since iOS.. 14? Maybe 13 or 15.

You should really do your research.


You've been hiding ads, sure.

You haven't been blocking them, because iOS with Safari didn't allow that.

Hiding, and blocking, are not the same thing. The former is far less secure than the latter.

As for blocking ads on iOS with Brave, well, it really doesn't work that well[0]. Why? Because iOS doesn't let you block ads, unless you are in the EU and on 17.4 or later.

You should exit the RDF and really do at least a bare minimum of research.

[0] https://community.brave.com/t/is-brave-even-blocking-ads-on-...


I.. what?

You really should read links you post.

Brave even has an option where you can choose to do:

- “aggressive” blocking (will refuse to connect to ad domains)

-“standard” blocking (will connect but block, to prevent breakage)

I will stop responding now because I’ve corrected you multiple times and you refuse to listen.


Jesus christ lol.

You're being fooled by marketing.

Just because Brave calls it blocking, doesn't mean it is blocking.

Again, just do some god-damn research. Really, the bare minimum. It isn't news to anyone educated on this stuff that Apple has never* allowed proper ad blocking until recently in the EU.

But, believe whatever you want. I get being too scared to leave that ever so comfy RDF you found yourself in.

Well, I tried.


yeap... i really don't know what i'm talking about, how would I...

I also don't like to go with the flock...

and... how cares about the defaults? You have the options you should care to configure things for yourself. if you don't know how you should search and instruct yourself to do it.

About iOS... Have you even considered that Apple has forced their rendering engine ( https://gprivate.com/6btxx ) and that alone makes it impossible to have an adblocker - yeah... apple is THAT great!!! (in fact, their products are the best of the best. You should keep using them...)

but then again... i don't know what i'm talking about, do I!!!

(also... you should learn how to be polite to others!!!)


You are misleading people into making insecure choices. Go check Brave on iOS right now and tell me that it doesn’t have adblocking.

Given that, telling you to be quiet is about as polite as it gets.


I'm not sure what to think of this.................

if it's 100% private (e.g.: users are not at all identifiable) then it's probably ok... but i'm not sure it will be 100% private...


My favorite music player is alive!


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: