Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    networkException
    @networkexception:chat.upi.li
    [m]
    Try starting chromium with --force-dark-mode
    Daniel
    @dly:matrix.org
    [m]
    Figured it out - for anyone wondering: flathub/com.github.Eloston.UngoogledChromium#8
    covid-1984
    @covid-1984:matrix.org
    [m]
    this is the most tested extension updater these days? https://github.com/NeverDecaf/chromium-web-store
    bachoseven
    @bachoseven:matrix.org
    [m]
    it's the reccomended solution, and it works
    it's also well maintained fwiw, I don't really know any semi-automatc updates alternatives
    questionaskarch
    @questionaskarch:matrix.org
    [m]
    I want to bring attention to the following new issue with ungoogled-chromium on Arch: https://bbs.archlinux.org/viewtopic.php?id=271564 "icu was updated recently which requires a rebuild."
    networkException
    @networkexception:chat.upi.li
    [m]
    The package mentioned was already rebuilt
    covid-1984
    @covid-1984:matrix.org
    [m]
    Good thread to fill up with helpful UG information, if you guys want: https://news.ycombinator.com/item?id=29384856
    Bound to be a lot of misinfo spewn there so far
    wchen342
    @wchen342:matrix.org
    [m]
    Ah the binary problem, again. We shall probably just remove that section completely when windows build is up.
    networkException
    @networkexception:chat.upi.li
    [m]
    section?
    3 replies
    networkException
    @networkexception:chat.upi.li
    [m]
    Honestly I've not seen him active in this channel yet so uhm
    1 reply
    networkException
    @networkexception:chat.upi.li
    [m]
    yea
    patience 🏳️‍🌈
    @hypokeimenon:tchncs.de
    [m]
    i saw them a while ago
    1 reply
    networkException
    @networkexception:chat.upi.li
    [m]
    I might be wrong though, everyone basically only having a letter as their pfp doesn't help my memory
    oh right
    aw yea right, well removing platforms that have proper binaries already would be a good start I think
    if only github actions weren't so damn slow
    wchen342
    @wchen342:matrix.org
    [m]
    I think the problem is the text is deterring and we don't show our OBS builds first. I mentioned that before but didn't submit a fix. I will do one this weekend.
    Well considering how much resource chromium needs to build..
    networkException
    @networkexception:chat.upi.li
    [m]
    yea true
    wchen342
    @wchen342:matrix.org
    [m]
    I can't tell you details but Brave has a server farm for CI so.
    How long does it to build the Windows version on Github btw?
    networkException
    @networkexception:chat.upi.li
    [m]
    oh yea I can imagine... 21 - 26h from quickly looking at the recent 3 runs or so
    wchen342
    @wchen342:matrix.org
    [m]
    Oh that's even longer then Android..Maybe we can collectively do a bargin with Gandi.
    They provide credits for my android version, also for Bromite.
    networkException
    @networkexception:chat.upi.li
    [m]
    On what bases to they provide credits? Do you get a VM to configure or is it some locked down system?
    wchen342
    @wchen342:matrix.org
    [m]
    It's a VPS machine. They count costs on a hourly basis unlike others so you need to shutdown the machine when not using them.
    But for me they give me like $150 once and I can use it for about 5 months.
    networkException
    @networkexception:chat.upi.li
    [m]
    Ah I see
    covid-1984
    @covid-1984:matrix.org
    [m]
    What do you think is the best sandbox you can run UG in for the best protection? Perhaps have the profile folders mounted into a docker or podman environment that doesn't run as root?
    networkException
    @networkexception:chat.upi.li
    [m]
    that sounds quite complicated
    I'd just use flatpak?
    3 replies
    not too sure how strong the sandboxing is tho
    covid-1984
    @covid-1984:matrix.org
    [m]
    Idk about flatpak security
    networkException
    @networkexception:chat.upi.li
    [m]
    yea ik but that only complains about default permissions
    1 reply
    you can adjust those
    covid-1984
    @covid-1984:matrix.org
    [m]
    Nicer, I think, to run the thinnest possible container with no root privs and files selectively mounted
    But I wonder about dataloss if the docker service crashed (or something). Maybe the host is just backing up the profiles dirs for a bit to test.
    networkException
    @networkexception:chat.upi.li
    [m]
    I think the most common method is using com.github.tchx84.Flatseal to limit directory access
    jason1923
    @jason1923:matrix.org
    [m]
    hi, is there a way to disable Progressive Web App install prompts?
    covid-1984
    @covid-1984:matrix.org
    [m]
    Are there any security improvements to vanadium that could be applied to UG too?
    networkException
    @networkexception:chat.upi.li
    [m]
    I've looked through the patches quickly, seems to be mostly default settings and basic fixes
    2 replies
    covid-1984
    @covid-1984:matrix.org
    [m]
    Would be curious to know if Eloston & wchen342 think running UG in (a well-configured) firejail would provide another layer of protection (between attacker & your filesystem) in the case of chromium 0-days.
    2 replies
    covid-1984
    @covid-1984:matrix.org
    [m]
    :point_up: Edit: Would be curious to know if Eloston & wchen342 think running UG in (a well-configured) firejail or bubblewrap would provide another layer of protection (between attacker & your filesystem) in the case of chromium 0-days.
    covid-1984
    @covid-1984:matrix.org
    [m]
    https://theevilskeleton.gitlab.io/2021/02/11/response-to-flatkill-org.html -> gonna study this and look into the best config options for flatpak for running chromium, for now.
    wchen342
    @wchen342:matrix.org
    [m]
    The topic can be expanded all the way to pages, and it is not a "right vs. wrong" thing. Some very quick points being: 1. bubblewrap is better in terms of security, failjail has better usability; 2. Like flatpak, failjail needs to be set-up correctly otherwise it's a placebo; 3. Linux desktop is inherently insecure, thus Qubes. However security is usually not the first priority in the choice of using Linux; 4. It is kind of unfair to blame flatpak because packages set their own permissions; it can be improved probably with a permission whitelist like Android but that's a design choice.
    wchen342
    @wchen342:matrix.org
    [m]
    It depends on what the package maintainer did for the package. Is it rany ?
    rany
    @rany:fairydust.space
    [m]
    wchen342: I haven't hardened the permissions too much in an effort to reduce bug reports related to broken functionality. By default I allow access to the read-write access to the home directory and all devices (webcam, GPU, etc)