Multiprocess and sandboxing design: PALEMOON BROWSER AT A CROSSROADS.

[smolnyn]

Multiprocess or E10S. I am aware of the problems inherent to adopt the multiprocess in PM. We should re-fork the entire code FF 52, with all the work that would bring with it. To separate the Web content from the browser interface involves a real advantage in terms of performance and stability? Already PM is stable even without E10S. Even under profile of the sandbox, I am not so sure that the new architecture represents a defense so effective. Pale Moon will go towards refork or continue to develop according to the current architecture? it would be useful to take a stand on an issue as strategic.

[Moonchild]

Not sure what your point of this post is...

[smolnyn]

Not sure what your point of this post is...

It seems clear that my question relates to your position about the multiprocess architecture that is implemented in Firefox and - for some time - in Edge and Chrome. I'm surprised you do not understand what the point.

[New Tobin Paradigm]

e10s isn't something that is desirable to this project and quite frankly is a god damned failure as implimented in mozilla's codebase.. Why else are they piece by piece killing gecko for servo?

[GMforker]

Moreover... The implementation of e10s... It is far from finished.

[New Tobin Paradigm]

It has been going for what.. 7 years.. It will NEVER be finished. Not before everything is Rust and Servo.. And that is the point. It can't be done properly in gecko without severe compromises. I argue it doesn't need to be done at all..

Google Chrome has already hit the limits of it and has over time scaled back on what it used to throw out into a separate process. Yeah it still does it but it is shifting to a balance between multi-threaded and multi-process to what they hope is a balance between them to achieve their goals.

Again, we are talking about SEVEN YEARS, TWO THOUSAND FIVE HUNDRED AND FIFTY some days for Mozilla to get it right and they haven't. All they have done is overcomplicated the code and produced no fruit anyone would want to sample. In the years to come, this project should make it a goal to untangle and cull e10s from its codebase. Things would be simpler to deal with and the code would be much cleaner for it.

At a cross-roads? I think not and even if that was true.. Not all issues can be solved by a platform refresh.. There would have to be some real tangible gains that far outweigh the costs for yet another one.

Remember, ES6 promises was the primary driving force for Tycho. Sure, there were other factors and we got quite a nice selections of stuff but also a hell of a lot of things that we didn't want and still aren't thrilled about. It took 8 months of development to even bring Tycho up to snuff for Pale Moon 27.0.0 and even then I think it was released a month or so too early. To throw away a year's worth now of development to redo much of it again JUST for never-finished e10s plus all that a platform refresh entails and also making our application code e10s compliant would indeed be an exercise in stupidity.

[Moonchild]

What people often forget about e10s is what needs to happen for the processes to talk to each other in a coherent way to be a single application. i.e.: IPC (inter-process communication). Look it up

[Moonraker]

Does anybody remember using a browsser prior to all this sandboxing malarky.?
i would sooner use full virtualisation like shadow defender or returnil.
I see absolutely no feasible and tangent reason why my browser should be sandboxed.

Take me for instance.
i use linux and download only from the repositries.Why on earth would I need sandboxing..........?

[New Tobin Paradigm]

There is a quote which I live by..

"The best antivirus/antimalware is a functioning brain" -Mark Minasi

But e10s isn't about sandboxing.. Sure, it is a consequence of the approach.. e10s is about (besides copying Google) fail safe.. What I mean is writing stable and working code is hard. So instead of working to make your code more stable with e10s you work to make your application more tolerant of crashes. Crashing tabs don't or aren't supposed to take down the entire program. I believe reliability through planned instability is a terrible plan for action. I think the code should just be made less likely to actually crash or hang up.

[Moonchild]

Look, all of this has already been discussed before. Please peruse the forum and check out the old thread for reading material. Pointless repeating it again.

[smolnyn]

There is a quote which I live by..

"The best antivirus/antimalware is a functioning brain" -Mark Minasi

But e10s isn't about sandboxing.. Sure, it is a consequence of the approach.. e10s is about (besides copying Google) fail safe.. What I mean is writing stable and working code is hard. So instead of working to make your code more stable with e10s you work to make your application more tolerant of crashes. Crashing tabs don't or aren't supposed to take down the entire program. I believe reliability through planned instability is a terrible plan for action. I think the code should just be made less likely to actually crash or hang up.

Thanks for the explanations. But I ask you something:
Without a sandboxing tool it is no longer difficult to self-defend from multi-platform scripts-attacks, unless you use extensions such as NoScript, useful but redundant and tedious to manage?

[New Tobin Paradigm]

To which script attacks are you referring? I have never been exploited through a Mozilla-style browser vulnerability since there has been such a thing. Additionally, in my 28 years of computer usage (yes I was 3 at the time I started using computers) I have only had 3 infections of any sort.

Once was in the early 2000s where I infected my self with a SubSeven Trojan I improperly configured when screwing with the technology. The second was mid-2000s when working on a computer I was fixing computer and transferred data temporarily to my system. The third was when I was on AT&T DSL for a year in protest of Comcast Data Transfer Caps during IPv6 day. AT&T DSL was not ready for IPv6 so they poisoned their DNS in order to keep users able to use the internet and one of the DNS Entries were compromised and I went and downloaded something that was infected. This adware was one of the most piss poor examples I had ever encountered and was easily removed manually by deleting the files and registry entries for it.

So.. Yeah, refer to the quote.

[smolnyn]

To which script attacks are you referring? I have never been exploited through a Mozilla-style browser vulnerability since there has been such a thing. Additionally, in my 28 years of computer usage (yes I was 3 at the time I started using computers) I have only had 3 infections of any sort.

Once was in the early 2000s where I infected my self with a SubSeven Trojan I improperly configured when screwing with the technology. The second was mid-2000s when working on a computer I was fixing computer and transferred data temporarily to my system. The third was when I was on AT&T DSL for a year in protest of Comcast Data Transfer Caps during IPv6 day. AT&T DSL was not ready for IPv6 so they poisoned their DNS in order to keep users able to use the internet and one of the DNS Entries were compromised and I went and downloaded something that was infected. This adware was one of the most piss poor examples I had ever encountered and was easily removed manually by deleting the files and registry entries for it.

So.. Yeah, refer to the quote.

Thank you very much. For my little little experience i quote totally. But your argumentation is also true for intrusions that aim to read the data on the file system passing through the browser, without installing specific viruses?

[New Tobin Paradigm]

Again I ask, to which specific attacks are you referring?

[Moonchild]

intrusions that aim to read the data on the file system passing through the browser

You think page content scripts have access to the file system the browser is on?...

[smolnyn]

Again I ask, to which specific attacks are you referring?

Cross Zone Scripting ?
Privilege escalation to file system ?
XSS attack ?
Man in the middle ?

[smolnyn]

intrusions that aim to read the data on the file system passing through the browser

You think page content scripts have access to the file system the browser is on?...

Because ? It 's impossible that this happens? Excuse my ignorance.

[New Tobin Paradigm]

And how does e10s prevent any of those assuming they worked the way you think they do?

[smolnyn]

And how does e10s prevent any of those assuming they worked the way you think they do?

So the sanboxing web content does not protect more than a traditional architecture (no multitasking with advanced sandboxing)?

[smolnyn]

intrusions that aim to read the data on the file system passing through the browser

You think page content scripts have access to the file system the browser is on?...

Because ? It 's impossible that this happens? Excuse my ignorance.

It means that there are no attacks browser client side can read and retrieve data on the file system?
In addition to smile it would be appropriate to explain to those who want to understand, dear moonchild