|
Post by rustleg on Feb 15, 2012 15:36:55 GMT -5
Another question about security I'm afraid. I almost feel like I should aplogise for asking multiple questions in your support forum, and I'm certain you would answer them if I emailed you direct but perhaps others have the same questions so hopefully it will help the KNOS community.
Thinking of Chromium and Firefox, are there any addons / extensions you would suggest could be useful as additional security measures in a KNOS system? I don't expect you to be an expert on these browsers but any suggestions to look into would be welcome.
Also maybe some other users could pipe up here and add some of their personal experience with such things, or refer me to a relevant resource somewhere.
Having said this, maybe I should make my own contribution. In Firefox I've used NoScript for a long time which disables javascript (also does other things) and this is one reason I haven't migrated to Chrome. However I've recently learned of a new similar Chrome extension called ScriptNo which I hear is much better then the NotScript which wasn't particularly good.
|
|
|
Post by Kevin McAleavey on Feb 15, 2012 20:37:51 GMT -5
Another question about security I'm afraid. I almost feel like I should aplogise for asking multiple questions in your support forum, and I'm certain you would answer them if I emailed you direct but perhaps others have the same questions so hopefully it will help the KNOS community. Thinking of Chromium and Firefox, are there any addons / extensions you would suggest could be useful as additional security measures in a KNOS system? I don't expect you to be an expert on these browsers but any suggestions to look into would be welcome. Also maybe some other users could pipe up here and add some of their personal experience with such things, or refer me to a relevant resource somewhere. Having said this, maybe I should make my own contribution. In Firefox I've used NoScript for a long time which disables javascript (also does other things) and this is one reason I haven't migrated to Chrome. However I've recently learned of a new similar Chrome extension called ScriptNo which I hear is much better then the NotScript which wasn't particularly good. I'll start in with this one before your other question ... first off, absolutely no apologies required, I'm PLEASED to have the opportunity to explain the nitty gritty as we're rather proud of our design and these questions give me the ability to explain WHY we built KNOS the way we did! As for our own usage here, we didn't feel the need for any extensions other than "Foxyproxy" which allows TOR to be turned on and off regularly without having to go through the laborious efforts of going through Firefox' proxy settings in their preferences menus. But other than that, we run it "straight out of the box" with javascript and all fully lit, and ads displaying. Worst thing that can happen is that a script might try to steal some cookies (I have Firefox set to nuke cookies along with everything else when it's closed so I don't have to reboot or anything - KNOS is set by default to nuke everything EXCEPT the cookies, so one would have to add cookies to the "clean on close" options if they want that). As far as javascript possibly dumping bad code into KNOS, it would be either Windows or OSX or Linux "bad code" and none of those will affect KNOS in any way. Buffer overflow attempts will at worst cause the browser to crash and again, code for any other platform does nothing in KNOS. So no worries about javascript running in KNOS although I can understand that folks might not want to and that's easily set in any of our browsers if there's any concern. As to other addons and extensions, most of those will work just fine in KNOS when they run inside the browser itself. The browsers all run inside a "jail" which is BSD's better concept of a "sandbox" but any extension that would want to run in the context of the OS itself (Flash comes to mind) won't work in KNOS because we don't allow anything to touch the kernel space. So if an extension or addon doesn't work, that'll be why. Otherwise, enjoy! I'd be quite curious to see what others recommend here and thanks for bringing it up!
|
|
|
Post by rustleg on Feb 17, 2012 3:49:03 GMT -5
Update on ScriptNo - tried this in KNOS9 beta and it failed to install quoting that it needed Chrome version 17. Current Chromium seems to be 15.
|
|
|
Post by Kevin McAleavey on Feb 17, 2012 18:41:02 GMT -5
Update on ScriptNo - tried this in KNOS9 beta and it failed to install quoting that it needed Chrome version 17. Current Chromium seems to be 15. OK ... that's Andryou's thing. Unfortunately, 15 version is the most current for BSD at this time and at the moment is what is in our next release unless there's a later one by the time we release. Just checked the source code tree for BSD, and they're not up to 16's sources yet as Linux code isn't at all the same and apparently there's not enough demand for Chromium in BSD world for them to do heavy maintenance on it. Therefore this is something we would have to maintain ourselves in order to keep up since there is no Chrome for BSD either. It's kind of strange that the author of that extension doesn't support recent versions of Chromium whilst all the others seem to be having no problem doing so. I wanted to look at his code to see why but apparently the way Chrome works, those plugins are delivered inside an odd json library that can't easily be gotten into in order to see why such restriction on something whose job is merely to filter script. Should be able to do that on any version including old ones. If I were involved in that project, that'd be one of the first things I'd be after the author to explain. So sorry to say, nothing we can do about the author's choices there. There are other script filter plugins available and I tried a couple of them to see if they would install, and all but his did without any issues at all.
|
|
|
Post by rustleg on Feb 18, 2012 16:13:02 GMT -5
Update on ScriptNo - tried this in KNOS9 beta and it failed to install quoting that it needed Chrome version 17. Current Chromium seems to be 15. OK ... that's Andryou's thing. Unfortunately, 15 version is the most current for BSD at this time and at the moment is what is in our next release unless there's a later one by the time we release. Just checked the source code tree for BSD, and they're not up to 16's sources yet as Linux code isn't at all the same and apparently there's not enough demand for Chromium in BSD world for them to do heavy maintenance on it. Therefore this is something we would have to maintain ourselves in order to keep up since there is no Chrome for BSD either. It's kind of strange that the author of that extension doesn't support recent versions of Chromium whilst all the others seem to be having no problem doing so. I wanted to look at his code to see why but apparently the way Chrome works, those plugins are delivered inside an odd json library that can't easily be gotten into in order to see why such restriction on something whose job is merely to filter script. Should be able to do that on any version including old ones. If I were involved in that project, that'd be one of the first things I'd be after the author to explain. So sorry to say, nothing we can do about the author's choices there. There are other script filter plugins available and I tried a couple of them to see if they would install, and all but his did without any issues at all. Happy to report that Andryou responded to a tweet from me about this which included a link to this thread and has now modified the code to remove the restriction. Scriptno now works in KNOS9 beta. He quotes in the update notes to v1.0.6.2 - fall-back to previous blocking methods implemented => no more requirement to be using Chrome v17 *nod to the KNOS Project*. Don't worry, the new reliable blocking features using the new APIs will still work, if supported!
|
|
|
Post by Kevin McAleavey on Feb 20, 2012 2:52:35 GMT -5
Happy to report that Andryou responded to a tweet from me about this which included a link to this thread and has now modified the code to remove the restriction. Scriptno now works in KNOS9 beta. He quotes in the update notes to v1.0.6.2 - fall-back to previous blocking methods implemented => no more requirement to be using Chrome v17 *nod to the KNOS Project*. Don't worry, the new reliable blocking features using the new APIs will still work, if supported! KEWL! I've heard that he's a pretty good guy, his enthusiasm proves it in my eyes. Definitely on our "recommended list" then and I extend my personal thanks to him for solving that ...
|
|