Just the Browser
100 points by Tenzer
100 points by Tenzer
On the surface this sounds more useful and easier to keep updated than the nth one-person browser fork.
And none of those forks support DRM protected AV players
Zen, Floorp, and Librewolf all support DRM video
Yeah, LibreWolf has it disabled by default but you literally just flick a single (clearly-marked) setting and it works.
Is anyone still needing those?
FWIW if you want a "hardened" Firefox, there's already https://github.com/arkenfox/user.js/ but I'm not sure how much it does improve the security and privacy.
Sigh, this is the tech world we live in now.
I remember when the teams building browsers (or at least some of them) were trying to compete on making the best tool for people to use. Not on rent seeking and market exploitation. the old days are gone and dead.
whatever it is I strongly suggest to no open PowerShell as Administrator and run a script from URL
Practically speaking, how is that different from downloading and running an installer?
for one thing, installer does not change with each run
you work at microsoft so you probably know MS forces you to buy a certificate, otherwise your installed will be flagged as malicious.
another thing is how you install things, most of OS nowadays run install under limited permissions
I can keep going why it's not secure to run random script from some HTTP server, especially from GitHub which is heaven for malware hosting.
for one thing, installer does not change with each run
That's not really relevant, given that most users open a website, download an installer and run it, without checking anything else. The installer might as well change every time you download it (and sometimes does).
MS forces you to buy a certificate, otherwise your installed will be flagged as malicious.
Yes. On the other hand, if someone is enough of a power user to run curl ... | sh, they probably also know how to skip the warning when running an unsigned binary.
another thing is how you install things, most of OS nowadays run install under limited permissions
Depends on the installer, many installers require admin permissions, many don't, users mostly learned that UAC prompts during installation are normal.
IMHO installers aren't completely analogous to piping scripts into a shell, but the principle still stands.
I wonder if it's possible to put the Firefox policy file in an XDG Base Directory that's newly supported in version 147? I've not found much on what is supported in that dir.
Why does it source from
https://raw.githubusercontent.com/corbindavenport/...
and not
https://github.com/corbindavenport/... ?
Malwarebytes chokes on the first version.
raw.githubusercontent.com/..., as the name implies, returns the file as raw text, without any of the page's HTML.
Meanwhile github.com/... returns a page from Github as if a browser loaded it. So you get not only source code, but all the UI-related HTML and whatnot.
That being said, piping random scripts into sh is generally considered not the safest thing to do, so if you're any worried about what you're loading, the best is to download the script manually, validate it yourself, and then run it afterwards.
There's some hair-splitting involved since even github.com URLs offer a /raw/ version (it's in the upper-right of the /blob/ view textarea and is https://github.com/corbindavenport/just-the-browser/raw/refs/heads/main/main.sh ) but that one involves a 302 which is not only another network round trip but some http clients, which includes curl, will not chase 30x locations without an explicit opt-in
Thus, I presume it just ends up being all around safer to just use the location that GH uses, since it has remained stable for as long as I can remember