exactly... but even desktop users... they can read private keys, passwords, authentication cookies, credit card info... anything that is stores in memory for each process. browsers are probably the most dangerous target here right now... and anything that may load plugins or external code
Sprectre fix is still not public, only the meltdown is! The meltdown fix (isolate the kernel and userland ram and flush the cache on switcthing) is knows because it was merged in the linux kernel... all OS should do a similar fix to the linux and this fix should be final.
the spectre, should be adding some random delays and some more checks, so it's hard to impossible to abuse it... but the data is still in the cache, so there might exist other calls/methods that may also need those delays and checks... that is why it may haunt you, as later someone may discover another method of doing the same side channel attack
the fix will mitigate the threat... for the intel, the fix will clear the cache after any jump between kernel and userland, so it gives a big performance hit when that happen... there is no microcode that can solve this, its the hardware design in the intel that is broken, it only check if the branch is invalid AFTER loading it. AMD is immune to the meltdown because the hardware detects the invalid branch BEFORE loading it
So without hardware change from intel, you will either have the full performance, but insecure system, or a secure system, but a big performance loss.
They may want to optimize, by avoiding the cache cleanup in some situations... but i'm not seeing any and if they exist, should be corner cases
while spectre fix aren't released yet, it should have simple workarounds (compared with the meltdown) that screw the timings and make THIS side channel attack lot harder if not impossible... what may haunt you is that there may exists OTHER methods of doing the side channel attacks, as the info is still there
5 years?! no, everything above and including pentium 4 should be vulnerable... so that excludes the all the XXX86, iX86, pentium, pentium 2, pentum III... and of course, itanium... or maybe not, probably that one is also vulnerable, but no one cares...
that encrypted RAM pages protect you from someone physically accessing the RAM and steal the data... it is a known weakness for all the hardware and only encrypting the RAM directly protect that.
on linux, you can disable it, if you want (at boot time)... but you do run code from internet all the time, you have javascript in browsers, you install updates and several other "minor" actions that actually run something in your machine
So if you want to be safe and still keep your performance, buy AMD;)
IF someone complains that taxes money is badly spend and that the governments are broken and corrupt, i would agree! IF someone complains that people should not country pay taxes, that the government is useless and that local taxes are better, they are looking only to their own belly and ignoring the reality and all the world history. I dare those that say that to live in any failed state for one year to understand why.
that is your problem, you want free stuff, you only look to yourself, and forget everything around you
1-if government didn't exist, companies where not forced to give electricity to everyone, there would be people without it just because there is not enough profit to build centrals or extend lines to "just few people"... you still have to pay, but at least you can have it... try going to Somalia and get some water and electricity, even paid, and check the end result 2-sure, sure, i'm sure that you pay your local cops, judge, buildings, prisions... try going to Somalia and ask for justice... they will give you a ak47 justice 3- again, you have roads because they are required by the government and you are forced to pay...without policy and justice, nobody would pay and you would have no maintained roads... check those somalia roads and highways! 4-just like the wild west, you pay the sherif... that many times is just a old bandit... or like south of Italy, where you pay the mafia... byt anyway, is that enough? if there is a riot, what you do? if there is a huge problem, fires, terrorist attack, would your tiny police be able to handle it? of course not. Security forces have a huge machine behind and you can always recruit call up the army... that you also pay
notice that i agree that most government are broken and waste too much money... but they are required and for it to work, everyone needs to pay taxes. The more people pay taxes, the lower taxes are. When rich companies and rich people avoid tax, is everyone else that needs to pay more and finally remember: "a stopped clock is right twice a day"
different fiscal IDs are awesome, you can have a local google company claim no profit for the datacenter... and that datacenter only have the expenses income from the USA google fiscal ID , so they pay low taxes... and having a external company with a different ID transferring money to that country, convert it to the local coin/make payments for fake service/"whatever is the financial loop of the year" and then transfer again to another (tax heaven) place. In this case, internal EU transfers between Ireland and Netherlands aren't taxed and converting the money pay only minimal taxes
yep, right, so you have no roads, no electricity, no laws, no justice, no security, no water, nothing... welcome to the wild west!! do you like living in a place like that? move to some war country, local war lord ruler or no ruler at all and see if you like it.
just because your government is broken, do not mean that all of then are... or that even a broken government maintain many things you take as granted. and no, private sector will not solve everything, that way you would only have water, electricity in big cities... mostly as you have now with the cable companies
Actually they can detect the same way... energy usage... small setups undetected, but they will mine little. Big setups will eat lot of energy, so they can be detected if they check that... mining also require more cooling than pot, so check who is buying AC systems when there is little food and you can find then too.
Stop funding weapons and wars and you will find that you have a lot more money available Tax rich people, specially if they try to avoid taxes!! Close the tax heavens and financial loop holes.
yep, at the Age of Discovery, many Portuguese sail boats departed, but only a few returned usually... Later Spanish navy had a high rate of death and the Magellan travel is a good example, only one boat returned with very few people from all boats. Travel required took a few months to near locations to 3 years.
Exploring was always a risky business, in the past, human lives might have been less important, but it was always a lost
Safebrowsing and geoip are features that can disable if you want, Safebrowsing is very useful for most people as they aren't tech experts to recognize a fake programs os sites... it's enabled by default and it should be. This is a trade between security and (a limited, as it's only download URLs) privacy lost. GeoIP DB is used when a site requests your location and YOU accept it (or enabled accept always)... it's not enabled by default
next, the external companies: - "Adjust" is the "newrelic" equivalent for mobile - "SalesForce Marketing Cloud" is their email provider for the marketing and email announcements... so it basically sends email... and yes, any email server will see your email. If you disable email notifications, you probably do not even share your email. - "Leanplum" looks its like Adjust/Newrelic, but for the internal firefox features. probably tells how many people uses webgl, pocket, add-ons, movies, audio, so they can understand better how differently people uses the mobile vs the desktop
none of then are a ad tracking service, they are just special use cases, 2 checking mobile usage , 2 global basic features, 1 ls for sending you emails. This is nothing even close to any site or even worst, google is doing.
netflix helps a lot, but... of course it not solve everything, not even close to that!
i do have netflix, but many movies or series or programs that i do want to view are not there. If it's not on the my fiber TV, nor on my netflix, i will search for alternatives.
Also, netflix now works in linux browsers, but when i go to vacations, i do not want to take a laptop so i can connect it to a random TV. my RPi3 with xbian is easy to carry and connect to almost all TVs... netflix needs to work there too (yes, there is progress there, but netflix must be able to run in any device)
Finally, netflix portfolio is shrinking, not expanding, big part because of studios limitations, greed and competing solutions... no one wants to pay or even manage different 5 accounts and platforms to see movies and series... so yeh, where is demand, there will exist piracy, as it is still much simpler than the few legal options.
Because i want to install add-ons and not let random sites, apps or other add-ons to be able to install add-on silently, just like the old activex in IE
> Why break old good ones?
Because old ones could touch and replace ANYTHING in the browser, so it was a huge security problem, performance problem and locked mozilla from making big changes, as it would break many extensions. They finally decided to break everything and define a proper add-on API, that can be stable, run in outside and locked processes and using multiple cpus. They didn't decide to break the add-on just to annoy you, they had very good reasons
> Why uncheck 5 boxes to get a blank new tab?
I do like the new start page... but if you do not, then the 5 boxes to disable all the start page features is not hard at all, you just need to do it once. Notice that all that info in local info, what you see It's flexible enough to please most people... and those that really want a empty page, it's there too. There is no default config that will make everyone happy
Thinks like this will make the browser better in the future! They have vision and want to be a leader in future tech solutions.
That future is not that far away, you have currently siri, alexa and friends growing up, you have mobile phones, where write is hard and speak is easier, you may have automatic voice translations, where the first step is of course, voice recognition.
When MS, Apple, Google release their browsers with build in screen reads, automatic translation and speech recognition, firefox also need something, then can not start researching and developing only after the other release it, that is a catch up game you can never win. On the other hand, if you prepare solutions and fine-tune them, you can import then in the browser, some times even first than others. If they are first to market in developing a speech recognition w3c standard, they can block closed and patented solutions
Welcome to the web 3.0 ! full of images, videos, css, javascript, web frameworks, ads, fonts, infinite loading pages, webapplications, etc
All that have a cost... in all browsers. If you do disable javascript and/or block ads, your memory usage will drop a lot
firefox have special problems with some animated gifs, that are all loaded and rebuild in memory and can eat lot of ram... but they trying to limit that and discard old frames. other than that, firefox is actually now the more friendly ram browser out there
Browsers are more complex than you imagine... also, mozilla have several research projects running in parallel, some take several years to even get to a working state to be able to test anything... just look at rust! took years to develop and stabilize, so it could be used to build servo, to develop code and solutions that would be imported in forefox (or better, replace old code). a small part of all that is this quantum release
Slashdot Mirror
exactly... but even desktop users... they can read private keys, passwords, authentication cookies, credit card info... anything that is stores in memory for each process. browsers are probably the most dangerous target here right now... and anything that may load plugins or external code
Sprectre fix is still not public, only the meltdown is!
The meltdown fix (isolate the kernel and userland ram and flush the cache on switcthing) is knows because it was merged in the linux kernel... all OS should do a similar fix to the linux and this fix should be final.
the spectre, should be adding some random delays and some more checks, so it's hard to impossible to abuse it... but the data is still in the cache, so there might exist other calls/methods that may also need those delays and checks... that is why it may haunt you, as later someone may discover another method of doing the same side channel attack
the fix will mitigate the threat... for the intel, the fix will clear the cache after any jump between kernel and userland, so it gives a big performance hit when that happen... there is no microcode that can solve this, its the hardware design in the intel that is broken, it only check if the branch is invalid AFTER loading it.
AMD is immune to the meltdown because the hardware detects the invalid branch BEFORE loading it
So without hardware change from intel, you will either have the full performance, but insecure system, or a secure system, but a big performance loss.
They may want to optimize, by avoiding the cache cleanup in some situations... but i'm not seeing any and if they exist, should be corner cases
while spectre fix aren't released yet, it should have simple workarounds (compared with the meltdown) that screw the timings and make THIS side channel attack lot harder if not impossible... what may haunt you is that there may exists OTHER methods of doing the side channel attacks, as the info is still there
5 years?! no, everything above and including pentium 4 should be vulnerable... so that excludes the all the XXX86, iX86, pentium, pentium 2, pentum III ... and of course, itanium... or maybe not, probably that one is also vulnerable, but no one cares...
that encrypted RAM pages protect you from someone physically accessing the RAM and steal the data... it is a known weakness for all the hardware and only encrypting the RAM directly protect that.
on linux, you can disable it, if you want (at boot time)... but you do run code from internet all the time, you have javascript in browsers, you install updates and several other "minor" actions that actually run something in your machine
So if you want to be safe and still keep your performance, buy AMD ;)
IF someone complains that taxes money is badly spend and that the governments are broken and corrupt, i would agree!
IF someone complains that people should not country pay taxes, that the government is useless and that local taxes are better, they are looking only to their own belly and ignoring the reality and all the world history. I dare those that say that to live in any failed state for one year to understand why.
that is your problem, you want free stuff, you only look to yourself, and forget everything around you
1-if government didn't exist, companies where not forced to give electricity to everyone, there would be people without it just because there is not enough profit to build centrals or extend lines to "just few people"... you still have to pay, but at least you can have it... try going to Somalia and get some water and electricity, even paid, and check the end result ... that many times is just a old bandit... or like south of Italy, where you pay the mafia... byt anyway, is that enough? if there is a riot, what you do? if there is a huge problem, fires, terrorist attack, would your tiny police be able to handle it? of course not. Security forces have a huge machine behind and you can always recruit call up the army... that you also pay
2-sure, sure, i'm sure that you pay your local cops, judge, buildings, prisions... try going to Somalia and ask for justice... they will give you a ak47 justice
3- again, you have roads because they are required by the government and you are forced to pay...without policy and justice, nobody would pay and you would have no maintained roads... check those somalia roads and highways!
4-just like the wild west, you pay the sherif
notice that i agree that most government are broken and waste too much money... but they are required and for it to work, everyone needs to pay taxes. The more people pay taxes, the lower taxes are. When rich companies and rich people avoid tax, is everyone else that needs to pay more
and finally remember: "a stopped clock is right twice a day"
different fiscal IDs are awesome, you can have a local google company claim no profit for the datacenter... and that datacenter only have the expenses income from the USA google fiscal ID , so they pay low taxes... and having a external company with a different ID transferring money to that country, convert it to the local coin/make payments for fake service/"whatever is the financial loop of the year" and then transfer again to another (tax heaven) place. In this case, internal EU transfers between Ireland and Netherlands aren't taxed and converting the money pay only minimal taxes
do you think that google do not do the same thing in the USA? google "delaware tax havens"
yep, right, so you have no roads, no electricity, no laws, no justice, no security, no water, nothing... welcome to the wild west!! do you like living in a place like that? move to some war country, local war lord ruler or no ruler at all and see if you like it.
just because your government is broken, do not mean that all of then are... or that even a broken government maintain many things you take as granted.
and no, private sector will not solve everything, that way you would only have water, electricity in big cities... mostly as you have now with the cable companies
Actually they can detect the same way... energy usage ...
small setups undetected, but they will mine little. Big setups will eat lot of energy, so they can be detected if they check that...
mining also require more cooling than pot, so check who is buying AC systems when there is little food and you can find then too.
Easy response: managing windows and windows users!
Stop funding weapons and wars and you will find that you have a lot more money available
Tax rich people, specially if they try to avoid taxes!! Close the tax heavens and financial loop holes.
yep, at the Age of Discovery, many Portuguese sail boats departed, but only a few returned usually... Later Spanish navy had a high rate of death and the Magellan travel is a good example, only one boat returned with very few people from all boats.
Travel required took a few months to near locations to 3 years.
Exploring was always a risky business, in the past, human lives might have been less important, but it was always a lost
Its just me...or we are getting threads from other (random) topics
AMD is supporting their open source drivers, they are the main work force in the radeon mesa drive!!
Care to explain better what you mean by that
this is mostly FUD
Safebrowsing and geoip are features that can disable if you want,
Safebrowsing is very useful for most people as they aren't tech experts to recognize a fake programs os sites... it's enabled by default and it should be. This is a trade between security and (a limited, as it's only download URLs) privacy lost.
GeoIP DB is used when a site requests your location and YOU accept it (or enabled accept always)... it's not enabled by default
next, the external companies:
- "Adjust" is the "newrelic" equivalent for mobile
- "SalesForce Marketing Cloud" is their email provider for the marketing and email announcements... so it basically sends email... and yes, any email server will see your email. If you disable email notifications, you probably do not even share your email.
- "Leanplum" looks its like Adjust/Newrelic, but for the internal firefox features. probably tells how many people uses webgl, pocket, add-ons, movies, audio, so they can understand better how differently people uses the mobile vs the desktop
none of then are a ad tracking service, they are just special use cases, 2 checking mobile usage , 2 global basic features, 1 ls for sending you emails. This is nothing even close to any site or even worst, google is doing.
So yes, your comment is nothing more than FUD
netflix helps a lot, but... of course it not solve everything, not even close to that!
i do have netflix, but many movies or series or programs that i do want to view are not there. If it's not on the my fiber TV, nor on my netflix, i will search for alternatives.
Also, netflix now works in linux browsers, but when i go to vacations, i do not want to take a laptop so i can connect it to a random TV. my RPi3 with xbian is easy to carry and connect to almost all TVs... netflix needs to work there too (yes, there is progress there, but netflix must be able to run in any device)
Finally, netflix portfolio is shrinking, not expanding, big part because of studios limitations, greed and competing solutions ... no one wants to pay or even manage different 5 accounts and platforms to see movies and series... so yeh, where is demand, there will exist piracy, as it is still much simpler than the few legal options.
some users != all users
Again, it's not easy to make everyone happy
> Why so many OK OK's to install an add-on?
Because i want to install add-ons and not let random sites, apps or other add-ons to be able to install add-on silently, just like the old activex in IE
> Why break old good ones?
Because old ones could touch and replace ANYTHING in the browser, so it was a huge security problem, performance problem and locked mozilla from making big changes, as it would break many extensions. They finally decided to break everything and define a proper add-on API, that can be stable, run in outside and locked processes and using multiple cpus. They didn't decide to break the add-on just to annoy you, they had very good reasons
> Why uncheck 5 boxes to get a blank new tab?
I do like the new start page... but if you do not, then the 5 boxes to disable all the start page features is not hard at all, you just need to do it once. Notice that all that info in local info, what you see It's flexible enough to please most people... and those that really want a empty page, it's there too. There is no default config that will make everyone happy
Thinks like this will make the browser better in the future! They have vision and want to be a leader in future tech solutions.
That future is not that far away, you have currently siri, alexa and friends growing up, you have mobile phones, where write is hard and speak is easier, you may have automatic voice translations, where the first step is of course, voice recognition.
When MS, Apple, Google release their browsers with build in screen reads, automatic translation and speech recognition, firefox also need something, then can not start researching and developing only after the other release it, that is a catch up game you can never win.
On the other hand, if you prepare solutions and fine-tune them, you can import then in the browser, some times even first than others. If they are first to market in developing a speech recognition w3c standard, they can block closed and patented solutions
Welcome to the web 3.0 ! full of images, videos, css, javascript, web frameworks, ads, fonts, infinite loading pages, webapplications, etc
All that have a cost... in all browsers. If you do disable javascript and/or block ads, your memory usage will drop a lot
firefox have special problems with some animated gifs, that are all loaded and rebuild in memory and can eat lot of ram... but they trying to limit that and discard old frames. other than that, firefox is actually now the more friendly ram browser out there
Browsers are more complex than you imagine...
also, mozilla have several research projects running in parallel, some take several years to even get to a working state to be able to test anything... just look at rust! took years to develop and stabilize, so it could be used to build servo, to develop code and solutions that would be imported in forefox (or better, replace old code). a small part of all that is this quantum release