MarionWheeler

joined 1 year ago
 

Ublock Origin Lite is the version of Ublock Origin tailored to work within Manifest V3, so it's interesting to see it come to firefox where it's not absolutely needed (as I understand it).

  • Firefox: Download the uBOLite_1.0.[...].firefox.mv3.xpi package below, navigate to about:debugging#/runtime/this-firefox in your browser, click "Load Temporary Add-on..." and pick the downloaded xpi file.
    • At the moment it is not possible to sign an extension for Firefox Nightly because AMO refuses to sign when minimum version is 113a1. As soon as AMO allows, a signed version of the extension will be published.
    • See commit message to find out what currently does not work in Firefox. Do not open issues about this.

And here is the commit detailing what's not working:

What does not work at the time of commit:

Cosmetic filtering does not work:

The content scripts responsible for cosmetic filtering fail when trying to inject the stylesheets through document.adoptedStyleSheets, with the following error message:

XrayWrapper denied access to property Symbol.iterator (reason: object is not safely Xrayable). See https://developer.mozilla.org/en-US/docs/Xray_vision for more information. ... css-declarative.js:106:8

A possible solution is to inject those content scripts in the MAIN world. However Firefox scripting API does not support MAIN world injection at the moment.

Scriptlet-filtering does not work:

Because scriptlet code needs to be injected in the MAIN world, and this is currently not supported by Firefox's scripting API, see https://bugzilla.mozilla.org/show_bug.cgi?id=1736575

There is no count badge on the toolbar icon in Firefox, as it currently does not support the DNR.setExtensionActionOptions method.

Other than the above issues, it does appear uBO is blocking properly with no error reported in the dev console.

The adoptedStyleSheets issue though is worrisome, as the cosmetic filtering content scripts were designed with ISOLATED world injection in mind. Being forced to inject in MAIN world (when available) make things a bit more complicated as uBO has to ensure it's global variables do not leak into the page.

[–] MarionWheeler@beehaw.org 0 points 1 year ago (1 children)

I don't really care about Windows copilot, so long as there's an easy group policy to disable it.

[–] MarionWheeler@beehaw.org 4 points 1 year ago

AtlasOS is not designed with security in mind. It's only after everyone criticized them that they added back stuff such as Windows Update and UAC.

[–] MarionWheeler@beehaw.org 1 points 1 year ago* (last edited 1 year ago)

While I can see what the author was going for, I still don't think it's worth it to give yet another third party app admin access in order to make managing settings slightly easier.

That’s not how it works, actually. Its more sophisticated.

How does it work then?

And no, it is more robust than that. This tool doesn’t lead to breakage. IT admins use this tool.

A sysadmin would usually use group policies to manage settings and install apps automatically, especially since they would likely be using Windows Pro or Enterprise in a work environment.

[–] MarionWheeler@beehaw.org 5 points 1 year ago (2 children)

This is…not the best idea, imo. If I had to guess, I would say that it is attempting to disable diagnostic data by setting a registry key — only on Windows Home or Pro, that’s ineffective and doesn’t have any extra benefit compared to just disabling optional telemetry in the settings app. It also seems to pointlessly duplicate things the user already has control of (why does there need to be a toggle for Hyper V and Windows Subsystem Linux?) Last I checked they were pretty simple enough to turn on and off in the base system. Same goes for stuff such as Location Tracking and Activity History, which I’m fairly sure are literally already in the privacy settings.

Attempting to do large scale “debloating” will inevitably lead to system breakage and things not working. Start Menu shortcuts? They’re one click away from being uninstalled. OEM Bloat such as random third party antiviruses? You should be doing a clean install to get rid of those. Apps such as Cortana? winget uninstall. You also don’t need a third party program to manage your app updates, that’s literally what winget upgrade --all is for.

[–] MarionWheeler@beehaw.org 2 points 1 year ago

Safari with Adguard plus a few bookmarklets for convenience.

[–] MarionWheeler@beehaw.org 1 points 1 year ago

Not on iOS it doesn’t. They explicitly opt out of even iTunes backups made locally.

[–] MarionWheeler@beehaw.org 5 points 1 year ago

Even better, there’s been a case where Microsoft Support has used it themselves.

[–] MarionWheeler@beehaw.org 1 points 1 year ago

Well for one thing matrix clients on mobile are...not the best. Element X is looking promising, but it's currently still in beta. Element misorders messages and crashes often, and most other clients are not as feature complete. Whereas in my experience Signal tends to just work. Plus for the average person it makes for a dead simple drop in replacement to WhatsApp or iMessage. Yes, the phone number requirement has led to issues with governments just blocking the sign up SMSes, but that is a tradeoff they make for convenience.

Matrix also leaks more metadata in comparison to Signal (this is just how decentralization works). Not to mention that the recent vulnerabilities seem to suggest (in my opinion at least) that matrix cryptography is not as battle tested as the Signal protocol.

Besides the observed implementation and specification errors, these vulnerabilities highlight a lack of a unified and formal approach to security guarantees in Matrix. Rather, the specification and its implementations seem to have grown “organically” with new sub-protocols adding new functionalities and thus inadvertently subverting the security guarantees of the core protocol. This suggests that, besides fixing the specific vulnerabilities reported here, the Matrix/Megolm specification will need to receive a formal security analysis to establish confidence in the design.

Real world example: The university I study at promoted matrix as a way for students to chat at the start of the semester, and pushed them to use Element. Practically no one uses it, but I've met a few people who do chat with Signal.

[–] MarionWheeler@beehaw.org 4 points 1 year ago

I don’t believe they can provide firmware updates once the chipset loses support, which is bad for security. (The same also applies for every other manufacturer, but Fairphone claims to update their phones for a longer time).

[–] MarionWheeler@beehaw.org 3 points 1 year ago (1 children)

It’s unfortunate that Fairphone sucks in other ways (such as having limited firmware updates due to using an old SoC, as I understand it).

[–] MarionWheeler@beehaw.org 4 points 1 year ago

You could try OnlyOffice, I believe it has better compatibility with .docx files in comparison to LibreOffice.

[–] MarionWheeler@beehaw.org 2 points 1 year ago

I hate how they blow fuses to permanently disable security features when the bootloader is unlocked.

view more: next ›