On Sat, Aug 01, 2020 at 11:08:47PM -0400, james wrote > On 8/1/20 12:10 PM, Walter Dnes wrote: > > > > So a "palemoon-bin" ebuild is possible. But is it necessary? If > > you pull down and extract the precompiled tarball to your home dir, it > > can be set to check for, and do, updates (as long as you have write > > permission to the Pale Moon directory). No need for portage to do it. > > Further security ideas with palemoon are of keen interest to me too. A > set of local security testing tools/semantics etc etc would be useful; > pointers to existing security tools are keen appreciated too.
The best security advice for the average user is to keep up with the latest updates. See http://www.palemoon.org/releasenotes.shtml for an idea of feature updates and security and bug fixes with each release. To keep up-to-date *ON AN OFFICIAL BINARY* follow the menu tree... Tools ==> Preferences ==> Advanced ==> Update ...and select the appropriate option. See http://www.palemoon.org/support/prefs-advanced-update for an explanation. If you install the official binary manually in your home dir (or anywhere else you have write permission), Pale Moon can do in-place updates. If you do it "the official Portage way") the installed files will end up somewhere in /usr/ and you, as regular user, cannot authorize the update. Since you're talking about security, I assume you're not browsing as root. Another thing to note is that the Pale Moon devs are currently "de-unifying the source". This means that over time, manual builds will take longer and longer to compile, especially on older machines with low ram. Unifying source speeds up compile-time, but... large monolithic source files make bugs and error messages a lot harder to track down. Run-time performance is not affected. tldr; the quickest/dirtiest/securest way to deal with Pale Moon (e.g. for 64-bit) is... mkdir $HOME/pm cd $HOME/pm # # Download the official tarball from http://linux.palemoon.org/download/mainline/ # # Stop Pale Moon and "uninstall" and extract killall palemoon rm -rf palemoon tar xf <tarball_file_name> ...and point your program launcher to $HOME/pm/palemoon/palemoon ${*} If you want to get fancy and run multiple profiles simultaneously you can pass commandline parameters like... $HOME/pm/palemoon/palemoon -new-instance -p 680_news $HOME/pm/palemoon/palemoon -new-instance -p covid $HOME/pm/palemoon/palemoon -new-instance -p dslr $HOME/pm/palemoon/palemoon -new-instance -p slashdot $HOME/pm/palemoon/palemoon -new-instance -p youtube Note that these profiles have to already exist. To launch the profile manager to enable profile creation... $HOME/pm/palemoon/palemoon -new-instance -p Multiple profiles have advantages... 1) You can get multiple specified webpages to open up on startup that are related to one item. Hint; In "Tools ==> Preferences ==> General" you can set "Home Page" like so... http://bad.example.com | ftp://blah.blah.blah.com | https://youtube.com ...etc, etc. Multiple webpages are separated by {SPACE} {PIPE} {SPACE}. I've got some really long lines on one or two profiles. 2) 3rd-party cookies in one profile cannot be accessed by webpages in another profile. This reduces the effectiveness of tracking. 3) Add-ons only apply to the profile they're downloaded to. The only one I use is ANM "Advanced Night Mode" https://addons.palemoon.org/addon/advanced-night-mode/ Some webpages are run by idiot webmasters who set "low contrast" fonts to something bordering on... FONT FOREGROUND #FEFEFE FONT BACKGROUND #FFFFFF ANM cures that by forcing white text on black background. This add-on is specific to Pale Moon. The add-on works only in profile(s) it's downloaded to, so sane webpages can be left alone. Actually, even sane webpages sometimes look better with ANM. -- Walter Dnes <waltd...@waltdnes.org> I don't run "desktop environments"; I run useful applications
