On Sat, Aug 01, 2020 at 11:08:47PM -0400, james wrote
> On 8/1/20 12:10 PM, Walter Dnes wrote:
> >
> > So a "palemoon-bin" ebuild is possible. But is it necessary? If
> > you pull down and extract the precompiled tarball to your home dir, it
> > can be set to check for, and do, updates (as long as you have write
> > permission to the Pale Moon directory). No need for portage to do it.
>
> Further security ideas with palemoon are of keen interest to me too. A
> set of local security testing tools/semantics etc etc would be useful;
> pointers to existing security tools are keen appreciated too.
The best security advice for the average user is to keep up with the
latest updates. See
http://www.palemoon.org/releasenotes.shtml for an
idea of feature updates and security and bug fixes with each release.
To keep up-to-date *ON AN OFFICIAL BINARY* follow the menu tree...
Tools ==> Preferences ==> Advanced ==> Update
...and select the appropriate option. See
http://www.palemoon.org/support/prefs-advanced-update for an explanation.
If you install the official binary manually in your home dir (or
anywhere else you have write permission), Pale Moon can do in-place
updates. If you do it "the official Portage way") the installed files
will end up somewhere in /usr/ and you, as regular user, cannot
authorize the update. Since you're talking about security, I assume
you're not browsing as root.
Another thing to note is that the Pale Moon devs are currently
"de-unifying the source". This means that over time, manual builds will
take longer and longer to compile, especially on older machines with low
ram. Unifying source speeds up compile-time, but... large monolithic
source files make bugs and error messages a lot harder to track down.
Run-time performance is not affected.
tldr; the quickest/dirtiest/securest way to deal with Pale Moon (e.g.
for 64-bit) is...
mkdir $HOME/pm
cd $HOME/pm
#
# Download the official tarball from http://linux.palemoon.org/download/mainline/
#
# Stop Pale Moon and "uninstall" and extract
killall palemoon
rm -rf palemoon
tar xf <tarball_file_name>
...and point your program launcher to
$HOME/pm/palemoon/palemoon ${*}
If you want to get fancy and run multiple profiles simultaneously you
can pass commandline parameters like...
$HOME/pm/palemoon/palemoon -new-instance -p 680_news
$HOME/pm/palemoon/palemoon -new-instance -p covid
$HOME/pm/palemoon/palemoon -new-instance -p dslr
$HOME/pm/palemoon/palemoon -new-instance -p slashdot
$HOME/pm/palemoon/palemoon -new-instance -p youtube
Note that these profiles have to already exist. To launch the profile
manager to enable profile creation...
$HOME/pm/palemoon/palemoon -new-instance -p
Multiple profiles have advantages...
1) You can get multiple specified webpages to open up on startup that
are related to one item. Hint; In "Tools ==> Preferences ==> General"
you can set "Home Page" like so...
http://bad.example.com |
ftp://blah.blah.blah.com |
https://youtube.com ...etc, etc. Multiple webpages are separated by {SPACE} {PIPE} {SPACE}.
I've got some really long lines on one or two profiles.
2) 3rd-party cookies in one profile cannot be accessed by webpages in
another profile. This reduces the effectiveness of tracking.
3) Add-ons only apply to the profile they're downloaded to. The only
one I use is ANM "Advanced Night Mode"
https://addons.palemoon.org/addon/advanced-night-mode/ Some webpages are run by idiot webmasters who set "low contrast" fonts
to something bordering on...
FONT FOREGROUND #FEFEFE
FONT BACKGROUND #FFFFFF
ANM cures that by forcing white text on black background. This
add-on is specific to Pale Moon. The add-on works only in profile(s)
it's downloaded to, so sane webpages can be left alone. Actually, even
sane webpages sometimes look better with ANM.
--
Walter Dnes <waltdnes@waltdnes.org>
I don't run "desktop environments"; I run useful applications