Re: [Trisquel-devel] [Testing] Abrowser 130.0.1 for testing
Hello again, En 24/09/24 21:50, Luis Guzman escribió: Note that we might be missing some security patches in our current 129 release, so I don't plan to wait too much on the release. I might as well fix the icons for the next maintenance release, and with Ruben's help fix the trisquel.info search plugin. As I've mentioned initially I plan to keep moving forward, so we don't lack security patches on our browser for too much. I'll wait 'til tonight to check any last message, then prepare and merge so we can have this week the 130.0.1 release. Thank you all for your participation o/ -- Cuanto más gente resista, más gente va a ser Libre, y más gente va a ser libre para ser Libre. Por tu propio bien, y en solidaridad a todos, elige la libertad. ¡Sé Libre! http://fsfla.org/selibre/ Luis A. Guzmán G. http://ark.switnet.org OpenPGP_0x35AD8DB3BE2C988C.asc Description: OpenPGP public key OpenPGP_signature.asc Description: OpenPGP digital signature ___ Trisquel-devel mailing list [email protected] https://listas.trisquel.info/mailman/listinfo/trisquel-devel
Re: [Trisquel-devel] [Testing] Abrowser 130.0.1 for testing
On 25.09.2024 05:50, Luis Guzman wrote: Hello all! [1] https://trisquel.info/en/wiki/enable-testing-repositories I tried to follow the documentation for adding the testing repo and it didn't seem to work for me. I can go to the the builds.trisquel.org url just fine. For whatever reason though apt fails to connect. I had resolved a similar problem with the Princeton repos, but I do not know how I made these errors. Ign:1 http://builds.trisquel.org/repos-testing/aramo aramo-updates InRelease Hit:2 http://builds.trisquel.org/repos-testing/aramo aramo-backports InRelease Err:3 http://builds.trisquel.org/repos-testing/aramo aramo-updates Release 404 Not Found [IP: 2001:470:142:5::51 80] Thanks! Sorry for the duplicate e-mail, Luis. ___ Trisquel-devel mailing list [email protected] https://listas.trisquel.info/mailman/listinfo/trisquel-devel
Re: [Trisquel-devel] [Testing] Abrowser 130.0.1 for testing
En 26/09/24 13:23, David Lecompte escribió: Hello, One small thing: when I start the test version, I have a message in my language (French) that literally says that my current default search engine DuckDuckGo HTML is no more supported and is replaced with DuckDuckGo HTML :) Well, regardless of sharing the name, they are not technically the same, they are v1 vs v2. I don't know what people who did not have DuckDuckGo HTML as default search engine see. Just as the first time that v128 replaced Trisquel's search engines pick for Google, Bing, etc.[1] DuckDuckGo will replace others for good, one last time, think of this release as v128_130.0.1 from the search engine perspective, as we where holding the old version while this migration got sorted out. By the way, this is not different from previous abrowser versions, but there is one behaviour that irritates me: I do had a search box next to the address bar and in the settings, for what happens with what is typed in the address bar, I always untick the use of search engines. Yet, when the address bar is empty, it shows "Search with DuckDuckGo HTML or enter an address" and, if I enter something, it does search with DuckDuckGo HTML, while I configured it not to do so. No comment on this one ^. [1] https://trisquel.info/en/forum/abrowser-settings-modified-last-update -- Cuanto más gente resista, más gente va a ser Libre, y más gente va a ser libre para ser Libre. Por tu propio bien, y en solidaridad a todos, elige la libertad. ¡Sé Libre! http://fsfla.org/selibre/ Luis A. Guzmán G. http://ark.switnet.org OpenPGP_0x35AD8DB3BE2C988C.asc Description: OpenPGP public key OpenPGP_signature.asc Description: OpenPGP digital signature ___ Trisquel-devel mailing list [email protected] https://listas.trisquel.info/mailman/listinfo/trisquel-devel
Re: [Trisquel-devel] [Testing] Abrowser 130.0.1 for testing
Hello, One small thing: when I start the test version, I have a message in my language (French) that literally says that my current default search engine DuckDuckGo HTML is no more supported and is replaced with DuckDuckGo HTML :) I don't know what people who did not have DuckDuckGo HTML as default search engine see. By the way, this is not different from previous abrowser versions, but there is one behaviour that irritates me: I do had a search box next to the address bar and in the settings, for what happens with what is typed in the address bar, I always untick the use of search engines. Yet, when the address bar is empty, it shows "Search with DuckDuckGo HTML or enter an address" and, if I enter something, it does search with DuckDuckGo HTML, while I configured it not to do so. ___ Trisquel-devel mailing list [email protected] https://listas.trisquel.info/mailman/listinfo/trisquel-devel
Re: [Trisquel-devel] [Testing] Abrowser 130.0.1 for testing
En 26/09/24 05:49, David Lecompte escribió: In previous versions of abrowser, by default abrowser is asking to save passwords. Is there a reason specific to v130 to remove that behaviour, or was it some todo thing already before that is just done now? The reason it became part of the default behavior is because it landed like any other feature on Firefox, not something the Trisquel team actively promoted, lately we are taking the time to go further and check stuff into more detail, maybe you have noticed that in the maintenance work done in the last couple of years. By default Mozilla thinks that if you enable store password on your browser, then by default you also want Firefox Relay service in it. Since it is a Mozilla-run service then they argue is best to have it enabled by default, no need for you to enable it. This is what rise a concern point for me, as it could mean that any "feature" could be used to "promo-force" services into the users and if the feature already have debatable security risks, I think this v130 release having several changes (coming since v128) would be a good starting point to avoid promoting it in particular. On the other hand, I would like to rise the awareness on Mozilla's Firefox approach on their design, and also bring awareness to improve the security when it comes to what options are better to store sensitive data, finally, as I keep reiterating, the feature is still there, anyone can use it if they want to, they are just one click away. Regards. -- Cuanto más gente resista, más gente va a ser Libre, y más gente va a ser libre para ser Libre. Por tu propio bien, y en solidaridad a todos, elige la libertad. ¡Sé Libre! http://fsfla.org/selibre/ Luis A. Guzmán G. http://ark.switnet.org OpenPGP_0x35AD8DB3BE2C988C.asc Description: OpenPGP public key OpenPGP_signature.asc Description: OpenPGP digital signature ___ Trisquel-devel mailing list [email protected] https://listas.trisquel.info/mailman/listinfo/trisquel-devel
Re: [Trisquel-devel] [Testing] Abrowser 130.0.1 for testing
> > Hello all, > > > * disable suggestion to save password in browser > > * removed deprecated options > > Wouldn't most e-mail clients like the Icedove package too have a > similar problem related to saving the password or is the security > different? It's possible to save e-mail account passwords on > Icedove without any security other than your user password to > enter the system. In previous versions of abrowser, by default abrowser is asking to save passwords. Is there a reason specific to v130 to remove that behaviour, or was it some todo thing already before that is just done now? In general, I am not sure what to recommend to enter passwords in abrowser. I use keepassxc to generate and store passwords. To enter passwords into abrowser, I don't know whether it is better to use autotype or the extension, and for the extension, whether to use the one in Trisquel repository or download the one from the extension page. ___ Trisquel-devel mailing list [email protected] https://listas.trisquel.info/mailman/listinfo/trisquel-devel
Re: [Trisquel-devel] [Testing] Abrowser 130.0.1 for testing
En 25/09/24 23:01, Eric escribió: Wouldn't most e-mail clients like the Icedove package too have a similar problem related to saving the password or is the security different? It's possible to save e-mail account passwords on Icedove without any security other than your user password to enter the system They do share some weak points in security, some can be addressed by encrypting your machine disk (available at the installation setup), using password authentication to start session, enable a master password usage on Icedove, even go further en use GPG encryption on every single message and basically don't leave your machine unattended. But the main difference is that Icedove /Thunderbird don't pretend to save passwords for all the possible accounts available on the internet, nor addresses / credit card information. There are better tools for such task, tools that comply with better security standards and policies. This doesn't mean that the feature to save passwords in Abrowser / Firefox is being removed, just not enabled. You can enable it back if you already use it, maybe take into account the recommendations above and check what else can be added to harden your setup. I hope that helped clear things up. Regards. -- Cuanto más gente resista, más gente va a ser Libre, y más gente va a ser libre para ser Libre. Por tu propio bien, y en solidaridad a todos, elige la libertad. ¡Sé Libre! http://fsfla.org/selibre/ Luis A. Guzmán G. http://ark.switnet.org OpenPGP_0x35AD8DB3BE2C988C.asc Description: OpenPGP public key OpenPGP_signature.asc Description: OpenPGP digital signature ___ Trisquel-devel mailing list [email protected] https://listas.trisquel.info/mailman/listinfo/trisquel-devel
Re: [Trisquel-devel] [Testing] Abrowser 130.0.1 for testing
On 25.09.2024 05:50, Luis Guzman wrote: Hello all! It took me a while to figure it out how the new search-config-v2.json is structured in comparison with the deprecated one. Now that I'm getting a hold to it, I've been working on tweaking and customizing Parabola's process-json-files.py updated version to match the behavior Trisquel has been offering for quite some time now. As of this version, I've been able to bring back all the search engines featuring on previous versions, here a small summary, Features * migrate to new search-config-v2 engine. * disabled request to save passwords in browser * disable Mozilla's Relay service * disable Machine Learning * tuned some branding details * disable suggestion to save password in browser * removed deprecated options Wouldn't most e-mail clients like the Icedove package too have a similar problem related to saving the password or is the security different? It's possible to save e-mail account passwords on Icedove without any security other than your user password to enter the system. I heard that secret keyrings can be insecure if someone has access to the user account. ___ Trisquel-devel mailing list [email protected] https://listas.trisquel.info/mailman/listinfo/trisquel-devel
[Trisquel-devel] [Testing] Abrowser 130.0.1 for testing
Hello all! It took me a while to figure it out how the new search-config-v2.json is structured in comparison with the deprecated one. Now that I'm getting a hold to it, I've been working on tweaking and customizing Parabola's process-json-files.py updated version to match the behavior Trisquel has been offering for quite some time now. As of this version, I've been able to bring back all the search engines featuring on previous versions, here a small summary, Features * migrate to new search-config-v2 engine. * disabled request to save passwords in browser * disable Mozilla's Relay service * disable Machine Learning * tuned some branding details * disable suggestion to save password in browser * removed deprecated options Known issues * missing icons on Trisquel search engines * limited support on trisquel.info website search You can follow up the MR at: https://gitlab.trisquel.org/trisquel/package-helpers/-/merge_requests/1513 This message is to invite you to test this WIP release available at the Testing Repo[1]. wgethttps://builds.trisquel.org/repos/signkey.asc -O /tmp/key.asc cat /tmp/key.asc | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/builds-repo-key.gpg >/dev/null echo "# Testing updates repository. debhttp://builds.trisquel.org/repos-testing/aramo aramo-updates main" | sudo tee -a /etc/apt/sources.list Then install the update package, sudo apt install abrowser *NOTE:* As a test release please make all the necessary backups to your production profile to avoid missing important details, or maybe test this on a VM. Please help us test this new release and report some privacy issue or third party service forced to users, that we could have skipped from this release. Note that we might be missing some security patches in our current 129 release, so I don't plan to wait too much on the release. I might as well fix the icons for the next maintenance release, and with Ruben's help fix the trisquel.info search plugin. Thank you for all your help, cheers! o/ [1] https://trisquel.info/en/wiki/enable-testing-repositories -- Cuanto más gente resista, más gente va a ser Libre, y más gente va a ser libre para ser Libre. Por tu propio bien, y en solidaridad a todos, elige la libertad. ¡Sé Libre! http://fsfla.org/selibre/ Luis A. Guzmán G. http://ark.switnet.org OpenPGP_0x35AD8DB3BE2C988C.asc Description: OpenPGP public key OpenPGP_signature.asc Description: OpenPGP digital signature ___ Trisquel-devel mailing list [email protected] https://listas.trisquel.info/mailman/listinfo/trisquel-devel
