Secure: yes, Though Features Missing; and Bugs
Hi! To me it is most important to avail myself of the security that dillo pretty much provides to me. What I can say, and recommend to anybody who has problems with `bulk collection' that they see in typical kind of actions deployed inside or on the way to, or on the way from, their machines... Sadly with `bulk collection' (previously known as `mass surveillance'; it comprises data harvesting and more) often go even worse kind of actions in privacy-repressive regimes: intrusions, even attacks... What I can say, is: I have so much fewer cases of the aforementioned issues when browsing with dillo, then I do when I have to, due to Javascript haven't yet been implemented in dillo, [than when I have to] use SchmoogleFox. So much fewer of those kind of problems! And yes, the Google, the Octopus of the Internet and the Surveillance Engine of the World, yes the Schmoog is sitting in the Firefox, in most of the regular users' machines who little depart from default configuration, and I don't think Mozilla harvesting itself can be easily disabled (you may remove direct Google harvesting/spying/other, but the Mozilla cloud is there, rest assured, for Google to use, fully!), and you can not, not that I know of an easy way --disprove me somebody!-- easily disable harvesting in Firefox... The security of dillo is generally such that I can usually rest calmly when I browse with dillo. And so I can recommend dillo to anybody who has problems with censorship, and when censorship of an oppressive regime is revealed, usually some kind of intrusion attempts, and/or attacks, are made against the one who managed to reveal it. To see more in depth about this claim of mine, read about dillo in the topics where I mention it on Gentoo Forums (just search for `dillo'): Updating and keeping your Gentoo non-poetterized https://forums.gentoo.org/viewtopic-t-1012022-start-0.html (currently three pages, dillo mentioned in 1st and 2nd. Before I close this first message, I'd like to show you this page where I demonstrated not just how the first Firefox harvest looks like on a Chinese style censorship deployed on dissenters in Croatia (that part is already posted: Google - can not open any link - malware ?? https://forums.gentoo.org/viewtopic-t-912056-start-25.html#7715646 but that topic I plan to improve adn add more content to yet) You can see that while I'm not really a programmer, I dabble with some ideas. This is my proposal for a program: https://github.com/miroR/uncenz I've been having censorship and related issues for really quite a number of years, By this current stage in my necessity-imposed research about it, I'm just about always traffic capturing when online, and you can find real and undeniable clickjacking and other intrusions (and learn about the Chinese style censorship and more; but, WARNING, the presentation is not so well made, and is unfinished) at: Postfix smtp/TLS, Bkp/Cloning Mthd, Censorship/Intrusion https://forums.gentoo.org/viewtopic-t-999436.html I believe that an objective reader, with a little time to read from my research there, can see that my praising of dillo is based on my sufficient understanding and experience. I really wish that you dillo developers may gather enough developer power to make dillo happen in the sooner rather than later future, much more capable than it already is. I can imagine what tremendous work creating and developing of a browser is! With that aim and wish in mind, I'd like to write and send another message about another buggish behavior in dillo. But in this message I can explain more about what I wrote on page 2nd of the topic already mentioned: Updating and keeping your Gentoo non-poetterized: https://forums.gentoo.org/viewtopic-t-1012022-start-25.html#7713858
Other then one thing. dillo, which I used, has a little problem with cache, that can be easily circumvented, but the user needs to remember to refresh the page, and I inadvertently lost a little text...
The above behavior occurs sometimes on my system, it occurs rather erratically, but rather often, when posting on Gentoo Forums. Not when posting a completely new post, but after editing an already existing post. It is easy to circumvent it, by simply, after having posted the previously edited post in question, refreshing the page which the post appears in. You can often see text literally changing upon refreshing it. The bug often occurs `in reverse', concerning posting. What I mean, is if you open a post for at least the third time --yes it must be a problem related to dillo caching; I understand so much even though I'm not a programmer, but just an advanced user-- so [if you open a post for the third time for editing], unless you refresh the editing texarea, in the same fashion: by clicking on the "Reload" button, you miight find yourself inadvertently to be editing the text that you posted the time before last, and not the immediately previous edit to this third edit of that text (even though the last text, the immediately previous, has, obviously, also been already committed, and should have been shown to you). The other bug, or is it my misconfiguration, or is it something else, I will try and write about in my next post. I sure will try and prepare the next message sson, and send it in a matter of hours or maximally a day or two. But if it does not arrive, the likelihood is that it is waiting for spies at my providers' to read it, and decide whether to send it on, or filter it out and not send it to dillo mailing list at all. Should the latter happen, pls. find that message at not much later time than maximally a day or two from now, in the topic Google - can not open any link - malware ?? https://forums.gentoo.org/viewtopic-t-912056-start-25.html surely, as a new post (which will, in that case, be yet to be written and posted there), and share the link with others on this list, please). (This note NOT related to dillo: Censorship is really a hard issue to overcome. Have a look at: Recover partly overwritten luks volume? https://forums.gentoo.org/viewtopic-t-1004014.html#7724054 --even though I praised dillo in that topic too-- nobody helped me there!) -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr
On Wed, 1 Apr 2015 22:35:13 +0200, miroslav.rovis1 at zg.ht.hr wrote:
[...] The security of dillo is generally such that I can usually rest calmly when I browse with dillo.
And so I can recommend dillo to anybody who has problems with censorship, and when censorship of an oppressive regime is revealed, usually some kind of intrusion attempts, and/or attacks, are made against the one who managed to reveal it.
Agreed! It is incredibly valuable in this regard. It's minimalist nature makes it far far more likely to be secure -- it presents a far smaller "attack surface". (I think the lack of JavaScript support is a feature, not a bug.)
[...] I've been having censorship and related issues for really quite a number of years, By this current stage in my necessity-imposed research about it, I'm just about always traffic capturing when online, and you can find real and undeniable clickjacking and other intrusions (and learn about the Chinese style censorship and more;
Of course, the centralized state-controlled nature of the "normal mainstream" internet makes this kind of censorship and hijacking inevitable. If we realistically expect free speech we should be migrating to censorship-proof darknets (like Tor or Freenet or I2P et cetera) and perhaps decentralized hardware infrastructure like meshnets.
[...]
Other then one thing. dillo, which I used, has a little problem with cache, that can be easily circumvented, but the user needs to remember to refresh the page, and I inadvertently lost a little text...
Yea that's happened to me a few times. Annoying. The input form will use the originally filled field data, rather than the newer data, unless the page is refreshed. Perhaps this is related to another annoyance where, for example, after filling a form but incorrectly guessing a captcha, there is no way to recover my original typed text. (I've gotten into the habit of typing my posts in a separate text editor to avoid this.)
[...] Zagreb, Croatia
Cool city :).
On Wed, 1 Apr 2015 22:35:13 +0200, miroslav.rovis1 at zg.ht.hr wrote:
[...] The security of dillo is generally such that I can usually rest calmly when I browse with dillo.
And so I can recommend dillo to anybody who has problems with censorship, and when censorship of an oppressive regime is revealed, usually some kind of intrusion attempts, and/or attacks, are made against the one who managed to reveal it.
Agreed! It is incredibly valuable in this regard. It's minimalist nature makes it far far more likely to be secure -- it presents a far smaller "attack surface". (I think the lack of JavaScript support is a feature, not a bug.) Yeah, except you need it often... (not everybody is FOSS oriented)...
[...] I've been having censorship and related issues for really quite a number of years, By this current stage in my necessity-imposed research about it, I'm just about always traffic capturing when online, and you can find real and undeniable clickjacking and other intrusions (and learn about the Chinese style censorship and more;
Of course, the centralized state-controlled nature of the "normal mainstream" internet makes this kind of censorship and hijacking inevitable. If we realistically expect free speech we should be migrating to censorship-proof darknets (like Tor or Freenet or I2P et cetera) and perhaps decentralized hardware infrastructure like meshnets. I wish I was there already! Late adopter. What I have achieved: only
( I really got this message from Dennis, not from dillo, aah, what can you when the provider is bad... ) On Thu, Apr 02, 2015 at 10:51:13AM -0400, Dennis New wrote: through terribly extensive effort and time.
[...]
Other then one thing. dillo, which I used, has a little problem with cache, that can be easily circumvented, but the user needs to remember to refresh the page, and I inadvertently lost a little text...
Yea that's happened to me a few times. Annoying. The input form will use the originally filled field data, rather than the newer data, unless the page is refreshed. Perhaps this is related to another annoyance where, for example, after filling a form but incorrectly guessing a captcha, there is no way to recover my original typed text. (I've gotten into the habit of typing my posts in a separate text editor to avoid this.)
[...] Zagreb, Croatia
Cool city :). I see on http://dennisn.mooo.com/wiki/ you like some of our music. "Hladno pivo" are capable musicians, but ideologically I feel differently... Can't delve on this though.
And I promised the other bug or similar that it were, of dillo. Not immediately. I'm slow. Pls. allow time. Cheers dear people! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr
( This message, if it arrives, will be placed almost correctly in the thread, thanks to Dennis having helped me previously, I have not received any of the messages from the list; it's the bad provider and regime. If this, or any later message of mine doesn't arrive to dillo-dev list, pls remember I promised I would post, what doesn't show publically at SourceForge, on Gentoo Forums, under: Google - can not open any link - malware ?? https://forums.gentoo.org/viewtopic-t-912056-start-25.html around, or shortly after, the time that it would be expected at SourceForge. I apologize for this inconvenience. ) To show difficulties/buggish behavior/my lack of understanding (whatever the issue is, a bug or my ignorance), I'll start dillo from the command line: ukrainian at uabox ~ $ dillo & [2] 26348 ukrainian at uabox ~ $ Domain: Default accept. dillo_dns_init: Here we go! (threaded) Disabling cookies. ** WARNING **: preferred sans-serif font "DejaVu Sans" not found. ** WARNING **: preferred serif font "DejaVu Serif" not found. ** WARNING **: preferred monospace font "DejaVu Sans Mono" not found. ** WARNING **: preferred cursive font "URW Chancery L" not found. ** WARNING **: preferred fantasy font "DejaVu Sans" not found. Nav_open_url: new url='about:splash' And yet the fonts are there. I know I was able to find them. Have to remember how. Looking up: http://www.dillo.org/FAQ.html#q27 and pasting: Q: Why isn't Dillo3 finding the font that I set? fltk-1.3 is somewhat more restricted in its use of font names than fltk2 was. Please try the fc-list command as shown in the current dillorc configuration file to find the right form of the fontname to use. So, ukrainian at uabox ~ $ fc-list gives me too long list of fonts, I'll show it greeped for only DejaVu and URW, for brevity: ukrainian at uabox ~ $ fc-list | egrep 'URW|DejaVu' /usr/share/fonts/dejavu/DejaVuSerif-Bold.ttf: DejaVu Serif:style=Bold /usr/share/fonts/dejavu/DejaVuSerif-Italic.ttf: DejaVu Serif:style=Italic /usr/share/fonts/urw-fonts/p052004l.pfb: URW Palladio L:style=Bold /usr/share/fonts/urw-fonts/a010015l.pfb: URW Gothic L:style=Demi /usr/share/fonts/dejavu/DejaVuSansMono-BoldOblique.ttf: DejaVu Sans Mono:style=Bold Oblique /usr/share/fonts/dejavu/DejaVuSansCondensed-Oblique.ttf: DejaVu Sans,DejaVu Sans Condensed:style=Condensed Oblique,Oblique /usr/share/fonts/dejavu/DejaVuSansCondensed-Bold.ttf: DejaVu Sans,DejaVu Sans Condensed:style=Condensed Bold,Bold /usr/share/fonts/dejavu/DejaVuSansMono.ttf: DejaVu Sans Mono:style=Book /usr/share/fonts/urw-fonts/z003034l.pfb: URW Chancery L:style=Medium Italic /usr/share/fonts/urw-fonts/p052024l.pfb: URW Palladio L:style=Bold Italic /usr/share/fonts/dejavu/DejaVuSansMono-Bold.ttf: DejaVu Sans Mono:style=Bold /usr/share/fonts/urw-fonts/p052003l.pfb: URW Palladio L:style=Roman /usr/share/fonts/dejavu/DejaVuSans.ttf: DejaVu Sans:style=Book /usr/share/fonts/urw-fonts/p052023l.pfb: URW Palladio L:style=Italic /usr/share/fonts/urw-fonts/b018015l.pfb: URW Bookman L:style=Demi Bold /usr/share/fonts/urw-fonts/a010013l.pfb: URW Gothic L:style=Book /usr/share/fonts/dejavu/DejaVuSerifCondensed-BoldItalic.ttf: DejaVu Serif,DejaVu Serif Condensed:style=Condensed Bold Italic,Bold Italic /usr/share/fonts/dejavu/DejaVuSerifCondensed-Bold.ttf: DejaVu Serif,DejaVu Serif Condensed:style=Condensed Bold,Bold /usr/share/fonts/dejavu/DejaVuSerif.ttf: DejaVu Serif:style=Book /usr/share/fonts/dejavu/DejaVuSansMono-Oblique.ttf: DejaVu Sans Mono:style=Oblique /usr/share/fonts/dejavu/DejaVuSans-Bold.ttf: DejaVu Sans:style=Bold /usr/share/fonts/urw-fonts/b018012l.pfb: URW Bookman L:style=Light /usr/share/fonts/dejavu/DejaVuSerifCondensed.ttf: DejaVu Serif,DejaVu Serif Condensed:style=Condensed,Book /usr/share/fonts/urw-fonts/a010033l.pfb: URW Gothic L:style=Book Oblique /usr/share/fonts/urw-fonts/b018032l.pfb: URW Bookman L:style=Light Italic /usr/share/fonts/dejavu/DejaVuSerifCondensed-Italic.ttf: DejaVu Serif,DejaVu Serif Condensed:style=Condensed Italic,Italic /usr/share/fonts/dejavu/DejaVuSansCondensed.ttf: DejaVu Sans,DejaVu Sans Condensed:style=Condensed,Book /usr/share/fonts/dejavu/DejaVuSerif-BoldItalic.ttf: DejaVu Serif:style=Bold Italic /usr/share/fonts/dejavu/DejaVuSans-ExtraLight.ttf: DejaVu Sans,DejaVu Sans Light:style=ExtraLight /usr/share/fonts/urw-fonts/a010035l.pfb: URW Gothic L:style=Demi Oblique /usr/share/fonts/dejavu/DejaVuSansCondensed-BoldOblique.ttf: DejaVu Sans,DejaVu Sans Condensed:style=Condensed Bold Oblique,Bold Oblique /usr/share/fonts/dejavu/DejaVuSans-Oblique.ttf: DejaVu Sans:style=Oblique /usr/share/fonts/urw-fonts/b018035l.pfb: URW Bookman L:style=Demi Bold Italic /usr/share/fonts/dejavu/DejaVuSans-BoldOblique.ttf: DejaVu Sans:style=Bold Oblique In other words, the fonts that dillo complained it could not find, are there: If I look up in the ".dillo/dillorc #------------------------------------------------------------------------- # RENDERING SECTION #------------------------------------------------------------------------- # Default fonts: # # If FLTK has been configured with Xft enabled (the default), you can use # scalable fonts such as DejaVu or Liberation (try running # "fc-list : family | cut -d ',' -f 2 | sort"). #font_serif="DejaVu Serif" #font_sans_serif="DejaVu Sans" #font_cursive="URW Chancery L" #font_fantasy="DejaVu Sans" #font_monospace="DejaVu Sans Mono" # and run the suggested commands, except adding a little, to make shorter message/post, ukrainian at uabox /Cmn/mr $ fc-list : family | cut -d ',' -f 2 | sort | egrep 'DejaVu Sans|URW Chancery L|DejaVu Sans|DejaVu Sans Mono' DejaVu Sans DejaVu Sans Condensed DejaVu Sans Light DejaVu Sans Mono URW Chancery L ukrainian at uabox /Cmn/mr $ ukrainian at uabox /Cmn/mr $ it's obvious that I got all the default fonts. And yet the fonts are not used by dillo for some reason. For the current time, I think I exposed the issue. I don't have much idea what I am missing, or whether it this is actually a bug. -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr
Miroslav wrote:
ukrainian at uabox /Cmn/mr $ fc-list : family | cut -d ',' -f 2 | sort | egrep 'DejaVu Sans|URW Chancery L|DejaVu Sans|DejaVu Sans Mono' DejaVu Sans DejaVu Sans Condensed DejaVu Sans Light DejaVu Sans Mono URW Chancery L ukrainian at uabox /Cmn/mr $ ukrainian at uabox /Cmn/mr $
it's obvious that I got all the default fonts.
And yet the fonts are not used by dillo for some reason.
If you go to dw/fltkplatform.cc and, in FltkFont::initSystemFonts(), remove the leading underscore in _MSG("Found font: %s%s%s\n", name, t & FL_BOLD ? " bold" : "", to get MSG("Found font: %s%s%s\n", name, t & FL_BOLD ? " bold" : "", and recompile, what does dillo say when you run it?
participants (3)
-
dennisn@dennisn.mooo.com -
eocene@gmx.com -
miroslav.rovis1@zg.ht.hr