Hi Raffaele,

On 4 February 2018 at 17:25, Raffaele Florio <raffaeleflo...@protonmail.com>

> > The "make firefox" rule uses wget to get a few files.  Is this because
> you don't want to distribute signatures on Github?  Ideally, it would use
> local files only.
> I was referring to the HTTPS statement. I'd like to deepen this statement.
> There are signatures and I also think that the GitHub clone reduce the
> complexity. I agree that the latter will be the default. However HTTPS is
> used both in the clone and in the process to get my public key.

It introduces an extra point of failure. I could owned by a corrupted "git
clone" operation.  I could also get cloned by a corrupted wget operation.
It's one extra thing to audit (if I want to be careful).

> >  Well, it crashed my machine... I had to reboot the whole thing.  It
> would be nice if it did something more graceful when presented with 20
> links at the same time, even if it is just asking for confirmation.
> Why 20? Why not 10, 30 or other numbers? However to avoid DOS attacks,
> very plausible, is useful to have a maximum requests per second. When this
> limit is reached the extension blocks other request and warns the user.
> This is a vital feature.. ;)

Yes, a lower number would be better.  I used 20 for dramatic effect,
because this is enough to crash a computer.

> > Also, I think your tool could be quite useful for several different use
> cases.  Perhaps it's better to have the default configuration being
> unobtrusive, but allow the user to switch on more defenses if they like.
> I think that the opposite is better.  *The user* sets as default "Open
> here mode" (not secure), and then, trough Quick Settings, it could switch
> to "redirection mode". Quick Settings has to be very flexible.
> More secure default, is better.. I repeat: the extension did its job.
> However why do you not whitelist these (20+) URLs (or related domains), if
> you consider them trustworthy?

My computer crashed before I had a chance to whitelist anything.  I would
actually rather open them inside a "session VM", but it isn't obvious how
to do it.

> (I think this idea needs a bit more thought!)
> I agree. It's something not, principally, related to this extension. I'm
> also waiting to try the stable 4.0.

It is a great use case though, which is very helpful when designing things.

Kind regards,

You received this message because you are subscribed to the Google Groups 
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-devel+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-devel@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to