Off-Topic > Off-Topic - Tiny Core Lounge

Iffy BashBugs!

(1/3) > >>

osicore:
I was wondering what everyone else thought of all the leak's in the news about the state of spying going on in the online world?

For those who missed it, Google paid Mozilla 6 Million to include there tracking cookie's into the FireFox browser, Mozilla has then split from Google moving over to Yahoo in another lucrative deal, so I guess the real question is how could anyone miss out on the fact that the Government's spying program's highlighted in the press - seemed to focus exclusively on poor old Mozilla...

If you think google has been kindly removed from your default firefox install, you might want to download the latest version and type about:config and then search for the keyword "google" in the search pane provided.. See that little bit all about JSON & jQuery plugin's from Google, in-case you missed the epic naming convention it went Fox-Acid & Squeaky Dolphin

Now has anyone - ie: all us developers out there ever heard of an operating system called "Dolphin?"

The answer to that is yes indeed, it was the codename for Mozilla's flag-ship product "FireFox OS" for Mobile Phones!

So I guess the question to the CoreLinux dev's is how long they'll tollerate shipping the firefox browser with Google's JSON & jQuery intact, wouldnt it be better to go backwards and use a lightweight browser such as Dillo or dPlus? Granted the web-would look funky but I'd rather look at pages that dont render correctly than have some huge search giant stealing every single browser cookie and then making a mint selling it on.

Mozilla for there part under enormous presure to satisfy it's consumer base went the extra mile, they removed the DoD Certificates from the Mozilla browser, but in retrospect, that is going to solve absolutely nothing and just to prove the point of the larger issue.

Because it seems to me that if you goto the spy agency homepage and use Certificate Viewer Plus the spying birds (pun intended) prefer to use there own signer aka: Equifax CA.

Oh and in other news, in case you missed it, the newer Android OS from google codenamed Lollipop now ship's with SELinux enhancements enabled by default, what does this mean for you the end user, it means you can no longer Liberate your operating system and the default Java Engine was updated from Dalvik to ART which means when you go and treat yourself to another £600 buck's expensive crap spy phone you can look forwards to it being LOCK-ed in to Google for all time!

What is Prism? Well I've spent a great deal of time thinking about that issue and can hopefully clear the air and dispel some hokum and doubt's. What is a Prism54? It was a chipset manufactured by Intersil that was an open-source SoC or System on Chip - and the firmware for that particular device is - 2.13.25.0.arm <~ ARM

So is Java - really evil I hear you ask, saddly it's looking that way - https://www.gnu.org/software/librejs/

I work as a freelance developer in my spare time and have encountered numerous question's from concerned customers about the issue in general, the answer to that is if you like your Liberty and you like your freedom, perhaps you need to start looking at alternative browsers, because the last time I checked with the Microsoft Certificate Store certmgr.exe the certificates that where em-bedded with Windows 8 and 10 where not only out of date - they where invalid! Showing up as "No Liability Accepted!"

Oh and with regards to the ShellShock bash bug, that would be the very same Bug that now ships by default in the latest "android OS" from Google!

Food for thought!

Rich:
Hi osicore

--- Quote ---So I guess the question to the CoreLinux dev's is how long they'll tollerate shipping the firefox browser with Google's JSON & jQuery intact, wouldnt it be better to go backwards and use a lightweight browser such as Dillo or dPlus?
--- End quote ---
I don't know how familiar you are with Tinycore, but it does not get "shipped" with any web browsers. If you want a web browser, you
select which one you want from the repository and install it.

osicore:
Is dillo in the repository?

More to the point is JRE - the Java Runtime Environment?

I dont know about you, but seeing the Bash-Bug still operating in the ASH - Android Shell along with Javascript is like looking at a matador waving a red flag at a bull. Hey, china, hey lizard squad - Look at that! There just asking for the horns!

Cisco can't preach considering they where the one's who sold china the great firewall in the first place..

I guess the issue at heart now more than anything else is trust and now that it's gone, from NetScape of all Browser vendors, then I guess people are never going to look at the technology the same way ever again!

If they've got basestation's to intercept handset's and trust me they do they buy most of it from China, then doesnt it also stand to reason that a 128kb .js self replicating bug, that exploits the vulnerabilities of Bash would spread like wildfire over those handsets across every single telecommunications network at the speed of sound. Congrats - what an epic way to write an application!

But never fear the end user who's device has suddenly become virus laden with Ransomware can soon bypass the security contexts to fix it, by plugging it into there Windows PC and using the proprietary ADB debugging bridge...

That would be a slick move considering Windows itself uses Javascript as part of the active desktop!

Juanito:
If you want something small you could try the fifth web browser extension.

Rich:
Hi osicore

--- Quote ---Is dillo in the repository?
--- End quote ---
There are currently two versions available in TC4.

Navigation

[0] Message Index

[#] Next page