This works fine on Windows, so it might be an issue with the Gnome theme and Chromium
this is the most tested extension updater these days? https://github.com/NeverDecaf/chromium-web-store
it's also well maintained fwiw, I don't really know any semi-automatc updates alternatives
I want to bring attention to the following new issue with ungoogled-chromium on Arch: https://bbs.archlinux.org/viewtopic.php?id=271564 "icu was updated recently which requires a rebuild."
Good thread to fill up with helpful UG information, if you guys want: https://news.ycombinator.com/item?id=29384856
Bound to be a lot of misinfo spewn there so far
Ah the binary problem, again. We shall probably just remove that section completely when windows build is up.
Honestly I've not seen him active in this channel yet so uhm
1 reply
I might be wrong though, everyone basically only having a letter as their pfp doesn't help my memory
oh right
aw yea right, well removing platforms that have proper binaries already would be a good start I think
if only github actions weren't so damn slow
I think the problem is the text is deterring and we don't show our OBS builds first. I mentioned that before but didn't submit a fix. I will do one this weekend.
Well considering how much resource chromium needs to build..
How long does it to build the Windows version on Github btw?
oh yea I can imagine... 21 - 26h from quickly looking at the recent 3 runs or so
Oh that's even longer then Android..Maybe we can collectively do a bargin with Gandi.
They provide credits for my android version, also for Bromite.
On what bases to they provide credits? Do you get a VM to configure or is it some locked down system?
It's a VPS machine. They count costs on a hourly basis unlike others so you need to shutdown the machine when not using them.
But for me they give me like $150 once and I can use it for about 5 months.
What do you think is the best sandbox you can run UG in for the best protection? Perhaps have the profile folders mounted into a docker or podman environment that doesn't run as root?
I'd just use flatpak?
3 replies
not too sure how strong the sandboxing is tho
yea ik but that only complains about default permissions
1 reply
you can adjust those
Nicer, I think, to run the thinnest possible container with no root privs and files selectively mounted
But I wonder about dataloss if the docker service crashed (or something). Maybe the host is just backing up the profiles dirs for a bit to test.
I think the most common method is using com.github.tchx84.Flatseal to limit directory access
hi, is there a way to disable Progressive Web App install prompts?
Are there any security improvements to vanadium that could be applied to UG too?
I've looked through the patches quickly, seems to be mostly default settings and basic fixes
2 replies
https://theevilskeleton.gitlab.io/2021/02/11/response-to-flatkill-org.html -> gonna study this and look into the best config options for flatpak for running chromium, for now.
The topic can be expanded all the way to pages, and it is not a "right vs. wrong" thing. Some very quick points being: 1. bubblewrap is better in terms of security, failjail has better usability; 2. Like flatpak, failjail needs to be set-up correctly otherwise it's a placebo; 3. Linux desktop is inherently insecure, thus Qubes. However security is usually not the first priority in the choice of using Linux; 4. It is kind of unfair to blame flatpak because packages set their own permissions; it can be improved probably with a permission whitelist like Android but that's a design choice.