Re: firefox > Preferences > When Firefox starts.

[Lee]

Hi David,

I think we're both going for
> I like to publicise it when I'm reminded that its use might help
> someone else fix any sort of problem.

so I snipped a lot; hopefully without messing up who wrote what.

On 4/27/19, David Wright  wrote:
> On Thu 25 Apr 2019 at 12:28:37 (-0400), Lee wrote:
>> On 4/25/19, David Wright  wrote:
>> > On Wed 24 Apr 2019 at 14:29:00 (-0400), Lee wrote:
>> >> On 4/24/19, David Wright  wrote:

>> >> > The value I get from Dan Pollock is the list of sites rather than
>> >> > the
>> >> > most elegant mechanism for handling that list. Looking at the
>> >> > comments
>> >> > in the list, and by comparing evolving versions, it does appear that
>> >> > Dan actively "opens holes" where people report interference or
>> >> > difficulties using certain legitimate sites.
>>
>> But the holes get opened only after someone reports a problem.  If
>> you're using a host file, how do you figure out which host name(s)
>> being blocked are causing the problem?
>
> I guess the people who report the problem figure that out. Looking at
> the comments, they're not services that I use.

Some of the services are things I've used, or at least wanted to take
a look at, which is why I brought up
>> I never figured out an easy way to troubleshoot hostfiles & switched
>> to something that logged what all was blocked and allowed.
>
> That would be easy to check. I build /etc/hosts with a commandline:
>
> # cat /root/hosts-[0-9]-*[^~] | sed -e
> "/^[[:space:]]*192.168.1.[0-9]\+[[:sp
> ace:]]\+$HOSTNAME.corp[[:space:]]\+$HOSTNAME\$/s/[[:space:]]*\([0-9.]\+\)[[:sp
> ace:]]\+\(.*\)\$/127.0.1.1\t\2\t# \1/" > /etc/hosts
>
> so I would hide Dan's file (whose final destination is a file that
> matches /root/hosts-[0-9]-*[^~]) before rerunning that command.

That looks like an all-or-nothing on/off switch for your
ad/malware/etc. hosts file.  Which isn't a problem if you've never had
a blacklist prevent you from getting to wherever it is you want to go,
but I've had blacklists block more than I want so I'd rather be able
figure out what needs to be allowed, fix the problem & keep everything
else blocked.

For a single host solution like /etc/hosts, I like
- privoxy so you can see what all is blocked/allowed
https://packages.debian.org/stretch/privoxy
- grab some blacklist files & turn them into a privoxy action files.
eg. something along the lines of
echo "{ +block{someonewhocares hosts file} }" > swc-hosts.txt
curl https://someonewhocares.org/hosts/hosts | grep '^127\.0\.0\.1 ' |\
sed -e 's/127\.0\.0\.1 //' >> swc-hosts.txt
# sanity checks, backup, whatever before
mv swc-hosts.txt  swc-hosts.action
- create a privoxy whitelist action file for sites you don't want
blocked even if they show up in one of your blacklists
echo "{-block}" > whitelist.action
echo "localhost" >> whitelist.action
- add swc-hosts.action and whitelist.action to the privoxy config
- tell your browser to use 127.0.0.1:8118 as it's http & https proxy

You can leave privoxy logging enabled all the time if you're curious
or just turn it on as needed to figure out what needs to be allowed to
unbreak some website.

And you can do things like
{ +block{TLDs I probably don't want} }
.ad/
.biz/
.cn/

I've got one exception for
 .cn/
three for
 .biz/
and none for
 .ad/


> I like to publicise it when I'm reminded that its use might help
> someone else fix any sort of problem.

Same here ;)

Regards,
Lee

Re: firefox > Preferences > When Firefox starts.

[David Wright]

On Thu 25 Apr 2019 at 12:28:37 (-0400), Lee wrote:
> On 4/25/19, David Wright  wrote:
> > On Wed 24 Apr 2019 at 14:29:00 (-0400), Lee wrote:
> >> On 4/24/19, David Wright  wrote:
> >> > On Tue 23 Apr 2019 at 10:38:41 (-0400), Lee wrote:
> >> >> On 4/22/19, David Wright  wrote:
> >> >> > On Sun 21 Apr 2019 at 20:30:53 (-0700), pe...@easthope.ca wrote:
> >> >> >> From: David Wright 
> >> >> >> Date: Sun, 21 Apr 2019 16:13:11 -0500
> >> >> >> > Does the behaviour reported in your OP cause you *great* concern?
> >> >> >>
> >> >> >> No.  Just wastes time.  Opening a simple local HTML home page
> >> >> >> requires
> >> >> >> roughly a minute rather than roughly a second.
> >> >> >
> >> >> > I tend to forget that, because my /etc/hosts file has ~14000 lines,
> >> >> > pages appear a lot faster here.
> >> >>
> >> >> Have you looked at bind's dns rpz?
> >> >
> >> > Just now.
> >> >
> >> >>   http://zytrax.com/books/dns/ch7/rpz.html
> >> >> It lets you do things like
> >> >> *.2o7.net   CNAME   .
> >> >> *.doubleclick.net   CNAME   .
> >> >>
> >> >> to block entire domains instead of having to list each and every
> >> >> hostname in the domain.
> >> >>
> >> >> And you can log what is blocked/allowed to make troubleshooting easier
> >> >
> >> > It might be a good *mechanism* for the diversion itself, but AFAICT
> >> > it's aimed at the *policy* implementers rather than the end-user.
> >>
> >> Just out of curiosity - do you think pi-hole is aimed at policy
> >> implementers or end users?
> >
> > I don't know about their policies, or whether they have any. I've not
> > found any description of how you would configure it, only how you
> > install it. Do they provide blacklists?
> 
> It looks like they give you a default list of lists that you can modify:
> https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh#L1181

Yes, and taking one of the sites mentioned, I see they explain their
policy at https://hosts-file.net/?s=policy
and that's what I want done for me.

> > It's also not clear to me where I should install it to. My router
> > uses the Google nameservers, and all my machines have the router
> > as their nameserver. The router is the only part of the network
> > that's always up and running.
> 
> I have a server that I leave running all the time;

… and I don't.

> reconfigure your
> router to use your dns server

… which doesn't exist …

> instead of google, add a firewall rule
> to block all outgoing tcp/udp traffic to port 53 except from the
> server & you're done.
> 
> > But let me explain what I mean by those terms I used earlier:
> >
> > Mechanism: Any method of modifying the result of trying to resolve
> > foo.bar to an IP address, irrespective of the specific domainnames
> > which somebody has to give to it. My mechanism is resolving to
> > localhost.
> >
> > Policy implementers: The people who make the decisions about which
> > domainnames should have their resolution modified. If you look
> > through the reference I gave for the source of my /etc/hosts, you
> > can see their policies listed as comments bracketing the sections,
> > and they are:
> >
[snipped]
> >
> > End-users: The people whose browsing experience are improved by
> > the policies selected, and implemented using the chosen mechanism.
> >
> >> > The value I get from Dan Pollock is the list of sites rather than the
> >> > most elegant mechanism for handling that list. Looking at the comments
> >> > in the list, and by comparing evolving versions, it does appear that
> >> > Dan actively "opens holes" where people report interference or
> >> > difficulties using certain legitimate sites.
> 
> But the holes get opened only after someone reports a problem.  If
> you're using a host file, how do you figure out which host name(s)
> being blocked are causing the problem?

I guess the people who report the problem figure that out. Looking at
the comments, they're not services that I use.

> I never figured out an easy way to troubleshoot hostfiles & switched
> to something that logged what all was blocked and allowed.

That would be easy to check. I build /etc/hosts with a commandline:

# cat /root/hosts-[0-9]-*[^~] | sed -e "/^[[:space:]]*192.168.1.[0-9]\+[[:sp
ace:]]\+$HOSTNAME.corp[[:space:]]\+$HOSTNAME\$/s/[[:space:]]*\([0-9.]\+\)[[:sp
ace:]]\+\(.*\)\$/127.0.1.1\t\2\t# \1/" > /etc/hosts

so I would hide Dan's file (whose final destination is a file that
matches /root/hosts-[0-9]-*[^~]) before rerunning that command.

> >> > Finally, I wouldn't know where to start to compile a list of sites
> >> > like that.
> >>
> >> https://dnsrpz.info/
> >> If you're a business, you can buy access to an rpz feed.
> >
> > I'm not, but I take it that different feeds have different policies on
> > which sites to include, and come at different prices.
> >
> >> If you're a [home?] network admin it's simple enough to enable logging
> >> & see what all is allowed that 

Re: firefox > Preferences > When Firefox starts.

[Lee]

On 4/25/19, David Wright  wrote:
> On Wed 24 Apr 2019 at 14:29:00 (-0400), Lee wrote:
>> On 4/24/19, David Wright  wrote:
>> > On Tue 23 Apr 2019 at 10:38:41 (-0400), Lee wrote:
>> >> On 4/22/19, David Wright  wrote:
>> >> > On Sun 21 Apr 2019 at 20:30:53 (-0700), pe...@easthope.ca wrote:
>> >> >> From: David Wright 
>> >> >> Date: Sun, 21 Apr 2019 16:13:11 -0500
>> >> >> > Does the behaviour reported in your OP cause you *great* concern?
>> >> >>
>> >> >> No.  Just wastes time.  Opening a simple local HTML home page
>> >> >> requires
>> >> >> roughly a minute rather than roughly a second.
>> >> >
>> >> > I tend to forget that, because my /etc/hosts file has ~14000 lines,
>> >> > pages appear a lot faster here.
>> >>
>> >> Have you looked at bind's dns rpz?
>> >
>> > Just now.
>> >
>> >>   http://zytrax.com/books/dns/ch7/rpz.html
>> >> It lets you do things like
>> >> *.2o7.net   CNAME   .
>> >> *.doubleclick.net   CNAME   .
>> >>
>> >> to block entire domains instead of having to list each and every
>> >> hostname in the domain.
>> >>
>> >> And you can log what is blocked/allowed to make troubleshooting easier
>> >
>> > It might be a good *mechanism* for the diversion itself, but AFAICT
>> > it's aimed at the *policy* implementers rather than the end-user.
>>
>> Just out of curiosity - do you think pi-hole is aimed at policy
>> implementers or end users?
>
> I don't know about their policies, or whether they have any. I've not
> found any description of how you would configure it, only how you
> install it. Do they provide blacklists?

It looks like they give you a default list of lists that you can modify:
https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh#L1181

> It's also not clear to me where I should install it to. My router
> uses the Google nameservers, and all my machines have the router
> as their nameserver. The router is the only part of the network
> that's always up and running.

I have a server that I leave running all the time; reconfigure your
router to use your dns server instead of google, add a firewall rule
to block all outgoing tcp/udp traffic to port 53 except from the
server & you're done.

> But let me explain what I mean by those terms I used earlier:
>
> Mechanism: Any method of modifying the result of trying to resolve
> foo.bar to an IP address, irrespective of the specific domainnames
> which somebody has to give to it. My mechanism is resolving to
> localhost.
>
> Policy implementers: The people who make the decisions about which
> domainnames should have their resolution modified. If you look
> through the reference I gave for the source of my /etc/hosts, you
> can see their policies listed as comments bracketing the sections,
> and they are:
>
>   #
>   #
>   #
>   #
>   #
>   #
>   #
>   #
>   #
>   #
>   #<2o7-sites>
>   #
>   #
>   #
>   #
>   #
>   #
>   #
>   #
>   #
>   #
>   #
>   #
>   #
>   #
>   #
>   #
>
> End-users: The people whose browsing experience are improved by
> the policies selected, and implemented using the chosen mechanism.
>
>> > The value I get from Dan Pollock is the list of sites rather than the
>> > most elegant mechanism for handling that list. Looking at the comments
>> > in the list, and by comparing evolving versions, it does appear that
>> > Dan actively "opens holes" where people report interference or
>> > difficulties using certain legitimate sites.

But the holes get opened only after someone reports a problem.  If
you're using a host file, how do you figure out which host name(s)
being blocked are causing the problem?

I never figured out an easy way to troubleshoot hostfiles & switched
to something that logged what all was blocked and allowed.

>> > Finally, I wouldn't know where to start to compile a list of sites
>> > like that.
>>
>> https://dnsrpz.info/
>> If you're a business, you can buy access to an rpz feed.
>
> I'm not, but I take it that different feeds have different policies on
> which sites to include, and come at different prices.
>
>> If you're a [home?] network admin it's simple enough to enable logging
>> & see what all is allowed that you'd rather have blocked.  And/or grab
>> things like Dan Pollock's list and turn them into an rpz file.
>
> Frankly, I don't want to be bothered with processing the list.

That makes it easy then, stay with what you've got :)

Regards,
Lee

Re: firefox > Preferences > When Firefox starts.

[David Wright]

On Wed 24 Apr 2019 at 14:29:00 (-0400), Lee wrote:
> On 4/24/19, David Wright  wrote:
> > [I presume that replying only to me was a mistake.]
> 
> Nope, responding to your "my /etc/hosts file has ~14000 lines" didn't
> seem all that germane to the thread.  & not that this is either, but
> if you'd prefer to keep it on the list I don't mind.

The OP posted a startup problem. Later they stated that their main
concern was the time taken to open pages, as quoted immediately
below. My 14000 line /etc/hosts is installed with the main purpose
of speeding up page rendering. So was using Opera, but I found it
had this major startup problem.

> > On Tue 23 Apr 2019 at 10:38:41 (-0400), Lee wrote:
> >> On 4/22/19, David Wright  wrote:
> >> > On Sun 21 Apr 2019 at 20:30:53 (-0700), pe...@easthope.ca wrote:
> >> >> From: David Wright 
> >> >> Date: Sun, 21 Apr 2019 16:13:11 -0500
> >> >> > Does the behaviour reported in your OP cause you *great* concern?
> >> >>
> >> >> No.  Just wastes time.  Opening a simple local HTML home page requires
> >> >> roughly a minute rather than roughly a second.
> >> >
> >> > I tend to forget that, because my /etc/hosts file has ~14000 lines,
> >> > pages appear a lot faster here.
> >>
> >> Have you looked at bind's dns rpz?
> >
> > Just now.
> >
> >>   http://zytrax.com/books/dns/ch7/rpz.html
> >> It lets you do things like
> >> *.2o7.net   CNAME   .
> >> *.doubleclick.net   CNAME   .
> >>
> >> to block entire domains instead of having to list each and every
> >> hostname in the domain.
> >>
> >> And you can log what is blocked/allowed to make troubleshooting easier
> >
> > It might be a good *mechanism* for the diversion itself, but AFAICT
> > it's aimed at the *policy* implementers rather than the end-user.
> 
> Just out of curiosity - do you think pi-hole is aimed at policy
> implementers or end users?

I don't know about their policies, or whether they have any. I've not
found any description of how you would configure it, only how you
install it. Do they provide blacklists?

It's also not clear to me where I should install it to. My router
uses the Google nameservers, and all my machines have the router
as their nameserver. The router is the only part of the network
that's always up and running.

But let me explain what I mean by those terms I used earlier:

Mechanism: Any method of modifying the result of trying to resolve
foo.bar to an IP address, irrespective of the specific domainnames
which somebody has to give to it. My mechanism is resolving to
localhost.

Policy implementers: The people who make the decisions about which
domainnames should have their resolution modified. If you look
through the reference I gave for the source of my /etc/hosts, you
can see their policies listed as comments bracketing the sections,
and they are:

  #
  #
  #
  #
  #
  #
  #
  #
  #
  #
  #<2o7-sites>
  #
  #
  #
  #
  #
  #
  #
  #
  #
  #
  #
  #
  #
  #
  #
  #

End-users: The people whose browsing experience are improved by
the policies selected, and implemented using the chosen mechanism.

> > The value I get from Dan Pollock is the list of sites rather than the
> > most elegant mechanism for handling that list. Looking at the comments
> > in the list, and by comparing evolving versions, it does appear that
> > Dan actively "opens holes" where people report interference or
> > difficulties using certain legitimate sites.
> >
> > Finally, I wouldn't know where to start to compile a list of sites
> > like that.
> 
> https://dnsrpz.info/
> If you're a business, you can buy access to an rpz feed.

I'm not, but I take it that different feeds have different policies on
which sites to include, and come at different prices.

> If you're a [home?] network admin it's simple enough to enable logging
> & see what all is allowed that you'd rather have blocked.  And/or grab
> things like Dan Pollock's list and turn them into an rpz file.

Frankly, I don't want to be bothered with processing the list.

And, of course, logging a site means that you must have already
encountered it, which defeats the object of having those "shock
sites" listed: the point is not to see them at all.

> I just
> don't like the size & the churn in curated host files - I'd rather
> have a single line
> *.advertisingdomain.tld
> and have them all blocked vs. the maybe hundreds of lines blocking
> each specific host.

I can see that one or two sections of Dan's list could be factorized
into a *.foo.bar pattern, but as compressing the file only gives 75%
reduction, there are still a lot of sites to be fed into whichever
mechanism you choose for resolving/diverting them.

And finally, I'm not sure whether it's been mentioned in this thread,
but there's a reason I wrote "Does the behaviour reported in your OP
cause you *great* concern?". I should then have 

Re: firefox > Preferences > When Firefox starts.

[David Wright]

On Wed 24 Apr 2019 at 16:20:21 (+), der.hans wrote:
> Am 24. Apr, 2019 schwätzte David Wright so:
> > On Tue 23 Apr 2019 at 18:15:03 (+), der.hans wrote:

[I agree with you replies, snipped]

> > > I currently run different browser instances for different tasks I want to
> > > isolate.
> > 
> > I'm not sure how to stop different browser commands jumping into an
> > existing browser instance. I presume there are ways, but I find it
> > simpler to just use different users.
> 
> Do you mean when an application launches a browser?

Yes. Usually I start a browser with a bash function as posted
earlier. Sometimes I use a bash function to open a Tab, even
where I could have done it with a corresponding bookmark.

But sometimes I'd start FF by pressing Return on an HTML in mc.
However, for a long time I've closed that off by having mc call
up lynx with localhost or w3m with -dump. Similarly, mutt only
uses lynx in the same manner.

But when I had used FF in such situations, the page always found a
running instance of FF (appropriate to the user concerned).

> I haven't found a way to specify the default browser for external apps.
> That would be useful.

If I'm understanding you, I think this came up here recently: the
links /etc/alternatives/{gnome-,x-,}www-browser should point to
the appropriate binary.

> > Interesting stuff: perhaps the making of a wiki.
> 
> I'm way behind on creating documentation.
> 
> I'll add that to my list of things for an upcoming trip.

You're very public-spirited.

Cheers,
David.

Re: firefox > Preferences > When Firefox starts.

[Lee]

On 4/24/19, David Wright  wrote:
> [I presume that replying only to me was a mistake.]

Nope, responding to your "my /etc/hosts file has ~14000 lines" didn't
seem all that germane to the thread.  & not that this is either, but
if you'd prefer to keep it on the list I don't mind.

> On Tue 23 Apr 2019 at 10:38:41 (-0400), Lee wrote:
>> On 4/22/19, David Wright  wrote:
>> > On Sun 21 Apr 2019 at 20:30:53 (-0700), pe...@easthope.ca wrote:
>> >> From: David Wright 
>> >> Date: Sun, 21 Apr 2019 16:13:11 -0500
>> >> > Does the behaviour reported in your OP cause you *great* concern?
>> >>
>> >> No.  Just wastes time.  Opening a simple local HTML home page requires
>> >> roughly a minute rather than roughly a second.
>> >
>> > I tend to forget that, because my /etc/hosts file has ~14000 lines,
>> > pages appear a lot faster here.
>>
>> Have you looked at bind's dns rpz?
>
> Just now.
>
>>   http://zytrax.com/books/dns/ch7/rpz.html
>> It lets you do things like
>> *.2o7.net   CNAME   .
>> *.doubleclick.net   CNAME   .
>>
>> to block entire domains instead of having to list each and every
>> hostname in the domain.
>>
>> And you can log what is blocked/allowed to make troubleshooting easier
>
> It might be a good *mechanism* for the diversion itself, but AFAICT
> it's aimed at the *policy* implementers rather than the end-user.

Just out of curiosity - do you think pi-hole is aimed at policy
implementers or end users?

> The value I get from Dan Pollock is the list of sites rather than the
> most elegant mechanism for handling that list. Looking at the comments
> in the list, and by comparing evolving versions, it does appear that
> Dan actively "opens holes" where people report interference or
> difficulties using certain legitimate sites.
>
> Finally, I wouldn't know where to start to compile a list of sites
> like that.

https://dnsrpz.info/
If you're a business, you can buy access to an rpz feed.

If you're a [home?] network admin it's simple enough to enable logging
& see what all is allowed that you'd rather have blocked.  And/or grab
things like Dan Pollock's list and turn them into an rpz file.  I just
don't like the size & the churn in curated host files - I'd rather
have a single line
*.advertisingdomain.tld
and have them all blocked vs. the maybe hundreds of lines blocking
each specific host.

Regards,
Lee

Re: firefox > Preferences > When Firefox starts.

[der.hans]

Am 24. Apr, 2019 schwätzte David Wright so:

moin moin,


On Tue 23 Apr 2019 at 18:15:03 (+), der.hans wrote:

Am 23. Apr, 2019 schwätzte David Wright so:

On Tue 23 Apr 2019 at 15:53:50 (-), Curt wrote:

On 2019-04-23, der.hans  wrote:


I use different Firefox profiles for banking to improve isolation, so at
least they won't be attacked by a retailers tab.

I'm experimenting with Firefox containers for the isolation.



https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers


I can see some usefulness in having separate bookmarks and histories,
particularly the latter as it's not easy to classify in the same way
as bookmarks with its submenus. But I see only convenience, not
security.

What experiments have you devised? How do you define "isolation",


Thus far my experiments have only been for usability. When I first tried
Firefox containers some time ago I could only open one tab in each
container.

I'm just checking that they work and that I can use the same site multiple
times with different credentials from the same browser instance.


and what are the criteria by which you judge whether their scheme
is succeeding or not?


At some point I will need to dive into documentation to see if the design
is to isolate the containers sufficiently for me. Even if it is, I'm
still concerned about a bug allowing container escape or information
bleeding.  Should containers not be sufficient for me, they still look
like a significant improvement for those less tech minded.


My view is that it's easy to test whether unix permissions are working
as the walls are on the local host. But to test whether there's


Exactly! We have long-standing, testable capabilities :).


leakage between containers, you have to either be at the other end of
the connection or be monitoring all the traffic going out from the
local host.


It really needs inspection inside the browser and auditing via multi-site
testing.

But, $spouse isn't going to set up a bunch of different browser profiles.
If containers would be viable for that use case, then they could be an
improvement if the promise turns out to be at least mostly true.

They would also be an improvement for my generic browser use cases.


I currently run different browser instances for different tasks I want to
isolate.


I'm not sure how to stop different browser commands jumping into an
existing browser instance. I presume there are ways, but I find it
simpler to just use different users.


Do you mean when an application launches a browser?

I haven't found a way to specify the default browser for external apps.
That would be useful.


For instance,

[ snipped ]

As to experiments, I need to see if I can get tools like lightbeam to help
me audit isolation. I'll also passively test by checking for bleedover
from different sessions.

I want to see if I can enable and disable add ons per container. I presume
not, but that would be a useful feature.


Interesting stuff: perhaps the making of a wiki.


I'm way behind on creating documentation.

I'll add that to my list of things for an upcoming trip.

ciao,

der.hans
--
#  https://www.LuftHans.com   https://www.PhxLinux.org
#  "Luckily, this is a comic book, for which no idea is too complex."
#-- Larry Gonick from The Cartoon History of the United States

Re: firefox > Preferences > When Firefox starts.

[David Wright]

[I presume that replying only to me was a mistake.]

On Tue 23 Apr 2019 at 10:38:41 (-0400), Lee wrote:
> On 4/22/19, David Wright  wrote:
> > On Sun 21 Apr 2019 at 20:30:53 (-0700), pe...@easthope.ca wrote:
> >> From: David Wright 
> >> Date: Sun, 21 Apr 2019 16:13:11 -0500
> >> > Does the behaviour reported in your OP cause you *great* concern?
> >>
> >> No.  Just wastes time.  Opening a simple local HTML home page requires
> >> roughly a minute rather than roughly a second.
> >
> > I tend to forget that, because my /etc/hosts file has ~14000 lines,
> > pages appear a lot faster here.
> 
> Have you looked at bind's dns rpz?

Just now.

>   http://zytrax.com/books/dns/ch7/rpz.html
> It lets you do things like
> *.2o7.net   CNAME   .
> *.doubleclick.net   CNAME   .
> 
> to block entire domains instead of having to list each and every
> hostname in the domain.
> 
> And you can log what is blocked/allowed to make troubleshooting easier

It might be a good *mechanism* for the diversion itself, but AFAICT
it's aimed at the *policy* implementers rather than the end-user.

The value I get from Dan Pollock is the list of sites rather than the
most elegant mechanism for handling that list. Looking at the comments
in the list, and by comparing evolving versions, it does appear that
Dan actively "opens holes" where people report interference or
difficulties using certain legitimate sites.

Finally, I wouldn't know where to start to compile a list of sites
like that.

Cheers,
David.

Re: firefox > Preferences > When Firefox starts.

[David Wright]

On Tue 23 Apr 2019 at 18:15:03 (+), der.hans wrote:
> Am 23. Apr, 2019 schwätzte David Wright so:
> > On Tue 23 Apr 2019 at 15:53:50 (-), Curt wrote:
> > > On 2019-04-23, der.hans  wrote:
> > > > 
> > > > I use different Firefox profiles for banking to improve isolation, so at
> > > > least they won't be attacked by a retailers tab.
> > > > 
> > > > I'm experimenting with Firefox containers for the isolation.

> > > https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers
> > 
> > I can see some usefulness in having separate bookmarks and histories,
> > particularly the latter as it's not easy to classify in the same way
> > as bookmarks with its submenus. But I see only convenience, not
> > security.
> > 
> > What experiments have you devised? How do you define "isolation",
> 
> Thus far my experiments have only been for usability. When I first tried
> Firefox containers some time ago I could only open one tab in each
> container.
> 
> I'm just checking that they work and that I can use the same site multiple
> times with different credentials from the same browser instance.
> 
> > and what are the criteria by which you judge whether their scheme
> > is succeeding or not?
> 
> At some point I will need to dive into documentation to see if the design
> is to isolate the containers sufficiently for me. Even if it is, I'm
> still concerned about a bug allowing container escape or information
> bleeding.  Should containers not be sufficient for me, they still look
> like a significant improvement for those less tech minded.

My view is that it's easy to test whether unix permissions are working
as the walls are on the local host. But to test whether there's
leakage between containers, you have to either be at the other end of
the connection or be monitoring all the traffic going out from the
local host.

> I currently run different browser instances for different tasks I want to
> isolate.

I'm not sure how to stop different browser commands jumping into an
existing browser instance. I presume there are ways, but I find it
simpler to just use different users.

> For instance,
[ snipped ]
> As to experiments, I need to see if I can get tools like lightbeam to help
> me audit isolation. I'll also passively test by checking for bleedover
> from different sessions.
> 
> I want to see if I can enable and disable add ons per container. I presume
> not, but that would be a useful feature.

Interesting stuff: perhaps the making of a wiki.

Cheers,
David.

Re: firefox > Preferences > When Firefox starts.

[der.hans]

Am 23. Apr, 2019 schwätzte David Wright so:

moin moin,


On Tue 23 Apr 2019 at 15:53:50 (-), Curt wrote:

On 2019-04-23, der.hans  wrote:


I use different Firefox profiles for banking to improve isolation, so at
least they won't be attacked by a retailers tab.

I'm experimenting with Firefox containers for the isolation.


What experiments have you devised? How do you define "isolation",


Thus far my experiments have only been for usability. When I first tried
Firefox containers some time ago I could only open one tab in each
container.

I'm just checking that they work and that I can use the same site multiple
times with different credentials from the same browser instance.


and what are the criteria by which you judge whether their scheme
is succeeding or not?


At some point I will need to dive into documentation to see if the design
is to isolate the containers sufficiently for me. Even if it is, I'm
still concerned about a bug allowing container escape or information
bleeding.  Should containers not be sufficient for me, they still look
like a significant improvement for those less tech minded.

I currently run different browser instances for different tasks I want to
isolate.

For instance, I have a profile for one mastodon account and another for
the other mastodon account. My bank gets its own profile, as do my
utilities. Each of those is setup with uMatrix to disallow cookies and
JavaScript not necessary for the particular site to work.

I have over 50 profiles. Only two are allowed flash player and except for
work requirements, I haven't used flash in a long time.

Some profiles are inside containers.

For generic shopping I have an instance that is more lax on cookies and
JavaScript.

My initial use of containers is for that. I would like to have a container
per retailer ( or account required site ) that isolates each site and
where all information about the site is wiped when the container is
stopped/reset.

Banks and social media will certainly continue having their own profiles,
but a third of my profiles could move to containers ( if I start to trust
them ).

As to experiments, I need to see if I can get tools like lightbeam to help
me audit isolation. I'll also passively test by checking for bleedover
from different sessions.

I want to see if I can enable and disable add ons per container. I presume
not, but that would be a useful feature.

ciao,

der.hans


Looks interesting. I've just enabled it in 'about:config'

 privacy.userContext.enabled   true

I now have a contextual menu entry "Reopen in Container" when
left-clicking on a tab, which lists the four default containers. The
wiki doesn't explain the difference between these pre-defined
containers, though (Home, Work, Banking, and Shopping) or whether you
can create your own (apparently "custom" containers is a future option).

https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers


I can see some usefulness in having separate bookmarks and histories,
particularly the latter as it's not easy to classify in the same way
as bookmarks with its submenus. But I see only convenience, not
security.

Cheers,
David.



--
#  https://www.LuftHans.com   https://www.PhxLinux.org
#  Magic is science unexplained. - der.hans

Re: firefox > Preferences > When Firefox starts.

[der.hans]

Am 23. Apr, 2019 schwätzte Curt so:

moin moin,


On 2019-04-23, der.hans  wrote:


I use different Firefox profiles for banking to improve isolation, so at
least they won't be attacked by a retailers tab.

I'm experimenting with Firefox containers for the isolation.


Looks interesting. I've just enabled it in 'about:config'

privacy.userContext.enabled   true


Is it builtin now? I've been installing the add on.


I now have a contextual menu entry "Reopen in Container" when
left-clicking on a tab, which lists the four default containers. The
wiki doesn't explain the difference between these pre-defined
containers, though (Home, Work, Banking, and Shopping) or whether you
can create your own (apparently "custom" containers is a future option).


I ignore those and create my own. It looks like it's just a label with
options for specific color and icon. The key is whether or not each is
isolated from the others.

ciao,

der.hans


https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers

Thanks for the heads up.


ciao,

der.hans




--
#  https://www.LuftHans.com   https://www.PhxLinux.org
#  "If you want to build a ship, don’t drum up people to collect wood, and
#  don’t assign them tasks and work, but rather teach them to long for the
#  endless immensity of the sea." - Antoine de Saint-Exupéry

Re: firefox > Preferences > When Firefox starts.

[David Wright]

On Tue 23 Apr 2019 at 15:53:50 (-), Curt wrote:
> On 2019-04-23, der.hans  wrote:
> >
> > I use different Firefox profiles for banking to improve isolation, so at
> > least they won't be attacked by a retailers tab.
> >
> > I'm experimenting with Firefox containers for the isolation.

What experiments have you devised? How do you define "isolation",
and what are the criteria by which you judge whether their scheme
is succeeding or not?

> Looks interesting. I've just enabled it in 'about:config' 
> 
>  privacy.userContext.enabled   true
> 
> I now have a contextual menu entry "Reopen in Container" when
> left-clicking on a tab, which lists the four default containers. The
> wiki doesn't explain the difference between these pre-defined
> containers, though (Home, Work, Banking, and Shopping) or whether you
> can create your own (apparently "custom" containers is a future option).
> 
> https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers

I can see some usefulness in having separate bookmarks and histories,
particularly the latter as it's not easy to classify in the same way
as bookmarks with its submenus. But I see only convenience, not
security.

Cheers,
David.

Re: Browser usage; was "Re: firefox > Preferences > When Firefox starts."

[Reco]

Hi.

On Tue, Apr 23, 2019 at 11:33:45AM -0400, rhkra...@gmail.com wrote:
> On Tuesday, April 23, 2019 03:31:24 AM Curt wrote:
> > It's possible to modify the User-Agent header string in Firefox and pose
> > as a mobile browser (not necessarily an infallible maneuver).
> > 
> > https://addons.mozilla.org/en-US/firefox/addon/uaswitcher/
> 
> Do you or anyone else have an example header string?

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent/Firefox

You'll need Android UA.

Reco

Re: firefox > Preferences > When Firefox starts.

[Curt]

On 2019-04-23, der.hans  wrote:
>
> I use different Firefox profiles for banking to improve isolation, so at
> least they won't be attacked by a retailers tab.
>
> I'm experimenting with Firefox containers for the isolation.

Looks interesting. I've just enabled it in 'about:config' 

 privacy.userContext.enabled   true

I now have a contextual menu entry "Reopen in Container" when
left-clicking on a tab, which lists the four default containers. The
wiki doesn't explain the difference between these pre-defined
containers, though (Home, Work, Banking, and Shopping) or whether you
can create your own (apparently "custom" containers is a future option).

https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers

Thanks for the heads up.

> ciao,
>
> der.hans

Re: Browser usage; was "Re: firefox > Preferences > When Firefox starts."

[rhkramer]

On Tuesday, April 23, 2019 03:31:24 AM Curt wrote:
> It's possible to modify the User-Agent header string in Firefox and pose
> as a mobile browser (not necessarily an infallible maneuver).
> 
> https://addons.mozilla.org/en-US/firefox/addon/uaswitcher/

Do you or anyone else have an example header string?

(I looked at the URL above and see the addon, but didn't want to install it -- 
I didn't see any example header strings.)

Re: firefox > Preferences > When Firefox starts.

[der.hans]

Am 22. Apr, 2019 schwätzte Greg Wooledge so:


On Sun, Apr 21, 2019 at 08:30:53PM -0700, pe...@easthope.ca wrote:

Drifting off the subject, but the banking I use invokes javascript. I
would have thought that unnecessary.  Should be possible to accomplish
the results with processing on the server and HTML5 on the client.
Technology bloat?


It has been my experience that the more IMPORTANT a web site is
(government, bank, insurance, etc.), the WORSE it is.

Eventually I got to the point where I simply GAVE UP trying to use any
important web sites under Firefox + NoScript.  Even if I allowed all


Have you tried uMatrix? I love NoScript, but uMatrix also handles cookies
and has an easier to use UI.


the dozens of foreign Javascript domains that each web page relied on,
it would still fail due to  violations.


uMatrix doesn't have ABE. I don't know about CSRF attack protection, etc.

I am certain that rejecting 3rd party JavaScript and cookies reduces
tracking and attack surface.


Your dream of a banking site that uses competent, non-broken web technology
is going to have to remain a dream, I'm afraid.


Unfortunately :(.

I use different Firefox profiles for banking to improve isolation, so at
least they won't be attacked by a retailers tab.

I'm experimenting with Firefox containers for the isolation.

ciao,

der.hans
--
#  https://www.LuftHans.com   https://www.PhxLinux.org
#  "Eternal vigilance is not only the price of liberty;
#  eternal vigilance is the price of human decency." -- Aldous Huxley, 1965

Re: firefox > Preferences > When Firefox starts.

[Curt]

On 2019-04-22, pe...@easthope.ca  wrote:
>
>> I guess we can assume safely that you're closing your browser sessions
>> "normally."
>
> I close each tab with a click on the x symbol.

As FF has been known to handle SIGTERM ungracefully (which may account
for its periodic delusions of crash in your case), you might want to try
Ctrl+Q or quitting by the 3-bar menu instead. 

> Thanks,   ... P.
>


-- 
“Let us again pretend that life is a solid substance, shaped like a globe,
which we turn about in our fingers. Let us pretend that we can make out a plain
and logical story, so that when one matter is despatched--love for instance--
we go on, in an orderly manner, to the next.” - Virginia Woolf, The Waves

Re: Browser usage; was "Re: firefox > Preferences > When Firefox starts."

[Curt]

On 2019-04-22, pe...@easthope.ca  wrote:
>
> A mobile site can be accessible to firefox on a desktop and can be 
> more efficient than the desktop site.  Eg.
> https://www.envisionfinancial.ca/m/
> vs.
> https://www.envisionfinancial.ca/Personal/
>
> Can debian imitate a mobile system to a server?

It's possible to modify the User-Agent header string in Firefox and pose
as a mobile browser (not necessarily an infallible maneuver).

https://addons.mozilla.org/en-US/firefox/addon/uaswitcher/

> Thanks,  ... Peter E.

Re: firefox > Preferences > When Firefox starts.

[tomas]

On Mon, Apr 22, 2019 at 01:43:46PM -0500, David Wright wrote:

[...]

> The other way round: I bank as me, and browse as user "flash", hence

Aha. To add one data point: I chose a bank which doesn't require
me to browse to do electronic banking. Glad I did -- I just do
my transfers and fetch account info with a shell script.

Revenue services... alas [1]. For them I just have a separate
user (I do use browser profiles for other things, but I prefer
to trust Unix-style access controls for "important things".

cheers

[1] It's far more difficult to "choose" who you pay taxes
   to -- in the best case you "elect" them :-)
-- t


signature.asc
Description: Digital signature

Browser usage; was "Re: firefox > Preferences > When Firefox starts."

[peter]

From: David Wright 
Date: Mon, 22 Apr 2019 13:43:46 -0500
> Yes. Banks, like everyone else, seem to feel the need to indulge their
> graphics fantasies on their websites. I guess it's pandering to the
> smart phone generation. Speaking of which, I guess we're lucky to
> still have Internet banking on computers; so much is now aimed at
> mobiles. For a period, I had to login to Chase twice to get a
> proper interface—the first login would give me the mobile's site,
> with just two impotent buttons, period.

A mobile site can be accessible to firefox on a desktop and can be 
more efficient than the desktop site.  Eg.
https://www.envisionfinancial.ca/m/
vs.
https://www.envisionfinancial.ca/Personal/

Can debian imitate a mobile system to a server?

Thanks,  ... Peter E.






-- 
Message composed and transmitted by software designed to avoid the 
complication and vulnerability of antivirus software.

Re: firefox > Preferences > When Firefox starts.

[David Wright]

On Sun 21 Apr 2019 at 20:30:53 (-0700), pe...@easthope.ca wrote:
> From: David Wright 
> Date: Sun, 21 Apr 2019 16:13:11 -0500
> > I run two instances of FF, one as me (for banking etc) and one as
> > another user (for browsing).
> 
> Interesting.  Thanks.  For banking & etc. you have a dedicated user id 
> and login?

The other way round: I bank as me, and browse as user "flash", hence
$ my-deblis-on-flashfirefox
which looks after changing user and allowing flash to display on
the X display. (It also checks that I don't try to run a browser if
I'm not using the most recent Debian version on that particular host.)
Thus, my own files are inaccessible by the flash browser.

> Drifting off the subject, but the banking I use invokes javascript. I 
> would have thought that unnecessary.  Should be possible to accomplish 
> the results with processing on the server and HTML5 on the client.
> Technology bloat?

Yes. Banks, like everyone else, seem to feel the need to indulge their
graphics fantasies on their websites. I guess it's pandering to the
smart phone generation. Speaking of which, I guess we're lucky to
still have Internet banking on computers; so much is now aimed at
mobiles. For a period, I had to login to Chase twice to get a
proper interface—the first login would give me the mobile's site,
with just two impotent buttons, period.

> > I just checked out clean shutdowns and restarts with my own 
> > instance of FF and it's all OK.
> 
> OK, thanks.  The complaint at firefox startup here is probably only 
> following a crash of firefox.   Curt's suggestion to set 
> browser.sessionstore.max_resumed_crashes to 0 seems appropriate.
> 
> > Does the behaviour reported in your OP cause you *great* concern?
> 
> No.  Just wastes time.  Opening a simple local HTML home page requires 
> roughly a minute rather than roughly a second.

I tend to forget that, because my /etc/hosts file has ~14000 lines,
pages appear a lot faster here.

> > I tried Opera on a slow laptop ...
> 
> Thanks for mentioning that.

Yes, disappointing. The fix, for me, was /etc/hosts:
http://someonewhocares.org/hosts/
The only downside (which I don't understand) is that
# scp -p 
threatens to list ~14000 filename completions
(IOW every hostname in /etc/hosts), but *only* as root.

Cheers,
David.

Re: firefox > Preferences > When Firefox starts.

[Greg Wooledge]

On Sun, Apr 21, 2019 at 08:30:53PM -0700, pe...@easthope.ca wrote:
> Drifting off the subject, but the banking I use invokes javascript. I 
> would have thought that unnecessary.  Should be possible to accomplish 
> the results with processing on the server and HTML5 on the client.
> Technology bloat?

It has been my experience that the more IMPORTANT a web site is
(government, bank, insurance, etc.), the WORSE it is.

Eventually I got to the point where I simply GAVE UP trying to use any
important web sites under Firefox + NoScript.  Even if I allowed all
the dozens of foreign Javascript domains that each web page relied on,
it would still fail due to  violations.

Your dream of a banking site that uses competent, non-broken web technology
is going to have to remain a dream, I'm afraid.

Re: firefox > Preferences > When Firefox starts.

[peter]

From: David Wright 
Date: Sun, 21 Apr 2019 16:13:11 -0500
> I run two instances of FF, one as me (for banking etc) and one as
> another user (for browsing).

Interesting.  Thanks.  For banking & etc. you have a dedicated user id 
and login?

Drifting off the subject, but the banking I use invokes javascript. I 
would have thought that unnecessary.  Should be possible to accomplish 
the results with processing on the server and HTML5 on the client.
Technology bloat?

> I just checked out clean shutdowns and restarts with my own 
> instance of FF and it's all OK.

OK, thanks.  The complaint at firefox startup here is probably only 
following a crash of firefox.   Curt's suggestion to set 
browser.sessionstore.max_resumed_crashes to 0 seems appropriate.

> Does the behaviour reported in your OP cause you *great* concern?

No.  Just wastes time.  Opening a simple local HTML home page requires 
roughly a minute rather than roughly a second.

> I tried Opera on a slow laptop ...

Thanks for mentioning that.

Regards,   ... Peter E.


-- 
Message composed and transmitted by software designed to avoid the 
complication and vulnerability of antivirus software.

Re: firefox > Preferences > When Firefox starts.

[peter]

From: Curt 
Date: Sun, 21 Apr 2019 16:08:49 - (UTC)
> I've read that setting "Clear history when Firefox closes" is one way to
> obviate the problem (you might not want to lose your history, though).

Losing the history wouldn't be so bad but I don't see how firefox would 
have a chance to clear history when crashing.

> Another is to set "browser.sessionstore.max_resumed_crashes" to false in
> 'about:config'.

The default value is 1.  Changing it to 0 seems reasonable.

> I guess we can assume safely that you're closing your browser sessions
> "normally."

I close each tab with a click on the x symbol.

Thanks,   ... P.

-- 
Message composed and transmitted by software designed to avoid the 
complication and vulnerability of antivirus software.

Re: firefox > Preferences > When Firefox starts.

[David Wright]

On Sun 21 Apr 2019 at 07:11:36 (-0700), pe...@easthope.ca wrote:
> From: Cindy Sue Causey 
> Date: Fri, 19 Apr 2019 12:41:45 -0400
> > * Is that the only live tab for each new session, ...
> 
> Sorry to say, I don't understand the question.  I don't understand "live tab".
> Firefox should just open the static local page.  Shouldn't take more than a 
> second or two even when the system is bogged.

AIUI, the "correct" behaviour when starting FF is a Home Page (your
choice), a blank page (mine), or the situation that pertained when you
last closed down (perhaps Cindy's choice). This last might involve
?hundreds of Tabs judging by Cindy's posts in the past.

> > * Can you tell if this has something to do with Firefox crashing, ...
> 
> Will consider that, thanks.  It would imply two bugs.  The first causing 
> firefox to crash.  Failure to open the specified page at startup would 
> be a 2nd bug.

I run two instances of FF, one as me (for banking etc) and one as
another user (for browsing). I just checked out clean shutdowns
and restarts with my own instance of FF and it's all OK.

As for my browsing, I always crash it at close down, either by
terminating X (Ctrl-Alt-Backspace) or by   sudo /root/shutdown.
The effect of either is the same: FF started with "firefox" produces
a single Tab saying "Sorry. We're having trouble getting your pages
back" as you reported. Pressing Return (or clicking the button)
restores (inactively) all the Tabs that were present in the last
session: just what I want. (I don't want to have to dig them all out
of the browser History.)

> > * Can you try opening it via a terminal over your next few browsing
> > session startups ...
> 
> I need to make a habit of starting it from a terminal until this is solved.
> Otherwise will miss the incident too often.

Not running a DE, I always start it from a little xterm that's there
for just that purpose and for receiving any error messages. The jessie
version of FF spewed errors constantly, but stretch is much quieter.

I have a load of bash functions for suchlike, eg:
$ my-aptitude-doc-on-flashfirefox
$ my-deblis-on-flashfirefox
$ my-forecast-on-flashfirefox
$ my-hotmail-on-flashfirefox
$ my-python-doc-on-flashfirefox
$ my-radar-on-flashfirefox
$ my-weather-on-flashfirefox
and the effect of these is to produce two Tabs, the one requested here
and the one with "Sorry. …". (Any of the bash functions will take a
URL argument that overrides the default address.

> > ... STILL be "alive" after a full reboot.
> 
> To my knowledge the only thing running on an unpowered PC is the clock.  
> Some exotic machines might be able to run the BIOS or a Forth 
> PROM from the backup battery or cell.  I don't know about that.
> 
> On most machines, no process survives a cold reboot.  If that appeared 
> to happen, the process number must have been saved in a non-volatile store
> and applied to a new process after the reboot.  Seems perverse.

It's possible to set up the system so that it restarts all the
sessions automatically when you reboot. I think one calls it a
"kiosk" system, and I remember someone on this list wanting to
set one up. The process numbers aren't saved. If they are, it's
likely a suspend/hibernation has been misdiagnosed.

> Firefox now has too much automation and it's causing trouble.  We 
> need a way to disable some of this paraphernalia.  Or a simpler browser.

It's a compromise. The more paraphernalia you cut out, the more pages
that will not work. Does the behaviour reported in your OP cause you
*great* concern? There is a button with a little house on it if you
specially want your Home Page (available at any time).

As you can read here, I'm perfectly happy with the behaviour described.¹

> Can the automatic search capability of the URL bar be disabled?
> Other ideas?

Sure: Edit→Preferences→Search→Provide search suggestions.

This *might* only stop locally generated suggestions. To stop, say,
Google from suggesting as well, you might have to set an option
on Google's search page. ("Other search engines are available.")

You might find other options in Edit→Preferences that can give
you a "simpler" browsing experience.

¹ I tried Opera on a slow laptop as it's reported to be faster.
It was, in normal use. However, when you started it the next day,
it would try and restore all the active Tabs as soon as you
started it, which was a disaster. I'd sit there waiting for the
weather forecast to appear while, say, 20 Tabs from yesterday
were clogging it up.
OTOH, FF only restores each Tab when you actually switch to it,
so my-forecast-on-flashfirefox gives me what I want immediately.

Cheers,
David.

Re: firefox > Preferences > When Firefox starts.

[Curt]

On 2019-04-21, pe...@easthope.ca  wrote:
> From: Cindy Sue Causey 
> Date: Fri, 19 Apr 2019 12:41:45 -0400
>> * Is that the only live tab for each new session, ...
>
> Sorry to say, I don't understand the question.  I don't understand "live tab".
> Firefox should just open the static local page.  Shouldn't take more than a 
> second or two even when the system is bogged.
>
>> * Can you tell if this has something to do with Firefox crashing, ...
>
> Will consider that, thanks.  It would imply two bugs.  The first causing 
> firefox to crash.  Failure to open the specified page at startup would 
> be a 2nd bug.

The message "Sorry. We're having trouble getting your pages back" means
exactly that Firefox believes it crashed or failed to recover
successfully from a crash, AFAIK, in which case it tries to restore the
state of the browser at crash time (and does not load the user's home
page, local or not, as if it hadn't crashed and was starting up
normally).

I've read that setting "Clear history when Firefox closes" is one way to
obviate the problem (you might not want to lose your history, though).
Another is to set "browser.sessionstore.max_resumed_crashes" to false in
'about:config'.

I guess we can assume safely that you're closing your browser sessions
"normally."

Good luck.

Re: firefox > Preferences > When Firefox starts.

[peter]

From: Cindy Sue Causey 
Date: Fri, 19 Apr 2019 12:41:45 -0400
> * Is that the only live tab for each new session, ...

Sorry to say, I don't understand the question.  I don't understand "live tab".
Firefox should just open the static local page.  Shouldn't take more than a 
second or two even when the system is bogged.

> * Can you tell if this has something to do with Firefox crashing, ...

Will consider that, thanks.  It would imply two bugs.  The first causing 
firefox to crash.  Failure to open the specified page at startup would 
be a 2nd bug.

> * Can you try opening it via a terminal over your next few browsing
> session startups ...

I need to make a habit of starting it from a terminal until this is solved.
Otherwise will miss the incident too often.

> ... STILL be "alive" after a full reboot.

To my knowledge the only thing running on an unpowered PC is the clock.  
Some exotic machines might be able to run the BIOS or a Forth 
PROM from the backup battery or cell.  I don't know about that.

On most machines, no process survives a cold reboot.  If that appeared 
to happen, the process number must have been saved in a non-volatile store
and applied to a new process after the reboot.  Seems perverse.

Firefox now has too much automation and it's causing trouble.  We 
need a way to disable some of this paraphernalia.  Or a simpler browser.

Can the automatic search capability of the URL bar be disabled?
Other ideas?

Thanks,  ... Peter E.
-- 
Message composed and transmitted by software designed to avoid the 
complication and vulnerability of antivirus software.

Re: firefox > Preferences > When Firefox starts

[mick crane]

On 2019-04-19 15:36, pe...@easthope.ca wrote:

Hello again,

The configuration mentioned in the subject line is set to "Show your
home page".   Here the home page is file:///home/peter/html, a
local page. Nevertheless startup sometimes displays "Sorry.  We're
having trouble getting your pages back."

Ideas?

Thanks, ... P.


not relevant but I just learnt that CTRL + "clicking on the home page 
icon" brings up the home page in a new tab which I hadn't been able to 
see how to do.


mick
--
Key ID4BFEBB31

Re: firefox > Preferences > When Firefox starts

[Cindy Sue Causey]

On 4/19/19, pe...@easthope.ca  wrote:
> Hello again,
>
> The configuration mentioned in the subject line is set to "Show your
> home page".   Here the home page is file:///home/peter/html, a
> local page. Nevertheless startup sometimes displays "Sorry.  We're
> having trouble getting your pages back."
>
> Ideas?


I'm doing that, too (with Opera), to slow down pages automatically
opening on each reboot... Mine is a #toDo #shoppingList. :)

I ended up thinking of several questions that *might* help others help you..

* Is that the only live tab for each new session, or are there varying
numbers based on each last time you websurfed?

* Can you tell if this has something to do with Firefox crashing,
maybe? I've received similar messages when various of my browsers have
fallen victim to my laptop overheating and suddenly shutting down,
etc.. :)

* Can you try opening it via a terminal over your next few browsing
session startups to see if any error messages pop up? That might tell
you what's not happening that's causing THAT to happen.

Depending on how you installed Firefox, opening via terminal might
take using the whole execute (/bin or /usr/bin or
/usr/lib/firefox/firefox OR) path to get it to work. If you
installed via a dotDEB, my fading memory is that you should be able to
just type in "firefox".

* You know, this is a little bit reminding me of that period of time
that I went through with Thunar (Xfce4 file manager) never completely
shutting down AND STILL be "alive" after a full reboot.

BEFORE you start each Firefox session, you could see if that might be
the case by checking something like "ps" to see what's running. For
something like this, *I* use

ps aux|grep firefox

That simple command *should* only shout back that the grep command
just ran. If anything else does pop up, you have to dissect each line
to see if it answers anything.

There's a slightly longer way to quiet that echo of the grep command,
but I wouldn't even know where to start looking in my notes. Someone
here on Debian-User once shared that.

If anything about a Firefox executable'ish kind of thing comes back at
you when you run something like "ps", Firefox isn't shutting all the
way down for some reason.

* THAT lastly just triggered the memory of stumbling over where we at
least USED to have a toggle on/off switch that prevented website apps
from still running in the background after we closed our browsers. If
that was running just wrong in the background, it might have enough
juice to interfere with a clean new Firefox startup.

Those apps would be things that are (presumably) "safely" installed
locally by the various websites we visit. We would hope those apps are
trustworthy. On new upgrades, I always sought that feature out and
toggled it off because I don't have the resources for something like
that to elbow its way into the mix. :)

Cindy :)
-- 
Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

* runs with birdseed *

firefox > Preferences > When Firefox starts

[peter]

Hello again,

The configuration mentioned in the subject line is set to "Show your 
home page".   Here the home page is file:///home/peter/html, a 
local page. Nevertheless startup sometimes displays "Sorry.  We're 
having trouble getting your pages back."

Ideas?

Thanks, ... P.

-- 
Message composed and transmitted by software designed to avoid the 
complication and vulnerability of antivirus software.