list
chromium
Our great sponsors
| list | chromium | |
|---|---|---|
| 46 | 224 | |
| 1,854 | 17,522 | |
| 2.6% | 2.3% | |
| 8.7 | 10.0 | |
| 6 days ago | 2 days ago | |
| Go | ||
| Mozilla Public License 2.0 | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
list
-
Universities Lost the Internet
perfect use case for the public suffix list (https://github.com/publicsuffix/list)
-
How I Accidentally Made My Link Shortener into a Malware Honeypot
I just made up `blogger.com` as an example. I probably could have picked a better one. `blogspot.com` & its many TLD variations are on the list.
It looks like the repo where the list is maintained [1] is pretty active. YMMV, I'm not a maintainer or anything..
- The Public Suffix List
-
Ask HN: How does HN determine the site that a submission belongs to?
There's the Public Suffix List https://publicsuffix.org/ but it's limited to domain names, so your github.com/rails example isn't covered. I'm pretty sure HN simply has a manually coded list of URL patterns for popular domains.
-
Government URLs that don't end in .gov
Browsers use the public suffix list to determine cookie scope. You can even get your own domains added to it.
-
See this page fetch itself, byte by byte, over TLS
Are you sure? Looking at their website[1] I see:
> Highlight the most important part of a domain name in the user interface
Which is my suggestion above.
> If you are using it for something else, you are encouraged to tell us, because it helps us to assess the potential impact of changes
Which sounds cautiously supportive of additional use cases.
-
So this guy is now S3. All of S3
Sounds like Bluesky screwed up by not implementing the https://publicsuffix.org/ list
-
Adsense is bringing a bunch of policy changes that affect how your sites are monetized
Furthermore, what constitutes a "Site" will also change henceforth. You can only add a primary domain (such as example.com) and the subdomains which are listed on the public suffix list (such as github.io, blogspot.com, etc.). Thus, your own subdomains (such as xyz.example.com or www.example.com) won't be allowed in Adsense.
-
Chromium's impact on root DNS traffic (2020)
> In fact I think Firefox would have to implement a similar approach if it were popular enough
They implement an omnibox that works well. Why would they need to do this if they were more popular? I suppose they use the domain suffix list for this. It's probably not bulletproof, but it works well enough and doesn't hammer the root DNS servers.
-
Custom domain email issues?
Or they could use the list that's available at https://publicsuffix.org/
chromium
-
Demystifying the Shadow DOM
One of the unexpected use of shadow DOMs for me was a document generated for image resource URLs [1], because the HTML standard apparently specifies the exact DOM structure of the generated document except for the `` element [2].
[1] https://github.com/chromium/chromium/blob/f02ca73/third_part...
[2] https://html.spec.whatwg.org/multipage/document-lifecycle.ht...
-
Detect when your installed Chrome extensions have changed owners
Recently my favorite open source mouse gestures extension SmartUp Gestures was taken over by some shady entity (with github no longer being updated of course).
I opened Chrome ticket that they should ask to re-enable extension when ownership changes. They just closed the ticket replying with this link:
https://chromium.googlesource.com/chromium/src/+/main/extens...
:(
-
Supermium – Chromium fork for Win 2003 and newer
Hmm. It looks like files with the .lnk or .pif file extension can only be downloaded on a user gesture: https://chromium.googlesource.com/chromium/src/+/39841e54180...
So it can't be done silently. Although, I do wish the type was marked "DANGEROUS" a la dll files.
-
New Linux glibc flaw lets attackers get root on major distros
On Linux, Chromium uses setuid or user namespaces to restrict the access of sandboxed components and seccomp-bpf to reduce the kernel attack surface.
Check out the Chromium docs on this topic: https://chromium.googlesource.com/chromium/src/+/HEAD/docs/l...
-
Microsoft Edge ignores user wishes, slurps tabs from Chrome without permission
You can also disable JIT in Firefox by setting javascript.options.baselinejit to false in about:config, although you won't get CET.
[1] https://github.com/chromium/chromium/blob/12c232c43ce7324d30...
-
Apple Announces Changes to iOS, Safari, and the App Store in the European Union
Chromium targets iOS already: https://chromium.googlesource.com/chromium/src/+/main/docs/i...
- We build X.509 chains so you don't have to
-
Google Is Tracking You Even in Incognito Mode, New Disclaimer Is Up
For the sake of completeness, I've traced the evolution of the notice over time:
From 2008-07-26: "Going incognito doesn't affect the behavior of other people, servers, or software. Be wary of: / • Websites that collect or share information about you / • Internet service providers or employers that track the pages you visit / • Malicious software that tracks your keystrokes in exchange for free smileys / • Surveillance by secret agents / • People standing behind you" (https://chromium.googlesource.com/chromium/src/+/09911bf300f...)
From 2013-12-07: "Going incognito doesn't affect the behavior of other people, servers, software, or people standing behind you." (https://chromium.googlesource.com/chromium/src/+/c5e36c57178...)
From 2013-12-13: "However, you aren't invisible. Going incognito doesn't hide your browsing from your employer, your internet service provider, or the websites you visit." (https://chromium.googlesource.com/chromium/src/+/70821506825...)
From 2014-02-27: "However, you aren't invisible. Going incognito doesn't hide your browsing from your employer, your internet service provider, governments and other sophisticated attackers, or the websites you visit." (https://chromium.googlesource.com/chromium/src/+/ab54bd65701...)
From 2014-04-29: "Going incognito doesn't hide your browsing from your employer, your internet service provider, or the websites you visit." (https://chromium.googlesource.com/chromium/src/+/eb09a62ef40...)
From 2016-01-15: "However, you aren't invisible. Going incognito doesn’t hide your browsing from your employer, your internet service provider, or the websites you visit." (https://chromium.googlesource.com/chromium/src/+/b7dac1a6a79...)
From 2017-02-27: "Your activity might still be visible to: / • Websites you visit / • Your employer / • Your internet service provider" (https://chromium.googlesource.com/chromium/src/+/cfe102adddc...)
From 2017-03-29: "Your activity might still be visible to: / • Websites you visit / • Your employer or school / • Your internet service provider" (https://chromium.googlesource.com/chromium/src/+/7ca3ccf74e8...)
(Note that some of these were behind a feature flag for a few months.) Also, it looks like they've been intending to modify the new-tab page text for Incognito windows for some time, as part of the "Revamped Incognito NTP" project. You can view the modified text with 'chromium --enable-features=IncognitoNtpRevamp':
From 2021-08-13: "What Incognito doesn't do / Incognito does not make you invisible online: / • Sites know when you visit them / • Employers or schools can track browsing activity / • Internet service providers may monitor web traffic" (https://chromium.googlesource.com/chromium/src/+/e6ae57ba385...)
From 2022-01-25: "What Incognito doesn't do / Incognito does not make you invisible online: / • Sites and the services they use can see visits / • Employers or schools can track browsing activity / • Internet service providers can monitor web traffic" (https://chromium.googlesource.com/chromium/src/+/8b349f6c984...)
-
What Progressive Web App (PWA) Can Do Today
Blink can now be compiled for iOS, but without JIT or WASM:
https://chromium.googlesource.com/chromium/src/+/main/docs/i...
https://bugs.chromium.org/p/chromium/issues/detail?id=141170...
-
People like me are why you shouldn't run a hosting company
I think its weird that Vercel has this limit. There is no practical reason I can think of for having such a limit on URL characters that is so small. Chrome suggests a 2MB limit[0] for example. The platform itself doesn't have one, and Firefox I believe if memory serves (I can't find the source for this claim atm) is 1 MB effectively, and I don't think Safari is any lower than that either (and may well be more inline with Chrome on this, at 2 MB)
[0]: https://chromium.googlesource.com/chromium/src/+/master/docs...
What are some alternatives?
fingerprintjs - Browser fingerprinting library. Accuracy of this version is 40-60%, accuracy of the commercial Fingerprint Identification is 99.5%. V4 of this library is BSL licensed.
ungoogled-chromium - Google Chromium, sans integration with Google
brave-core - Core engine for the Brave browser for Android, Linux, macOS, Windows. For issues https://github.com/brave/brave-browser/issues
WebKit - Home of the WebKit project, the browser engine used by Safari, Mail, App Store and many other applications on macOS, iOS and Linux.
sansio-tld-parser - A top level domain parser with no builtin io.
termux-packages - A package build system for Termux.
bromite - Bromite is a Chromium fork with ad blocking and privacy enhancements; take back your browser!
psl-problems
brave-browser - Brave browser for Android, iOS, Linux, macOS, Windows.
nix-tests - A scratchpad for small experimental things I am doing with Nix.
gecko-dev - Read-only Git mirror of the Mercurial gecko repositories at https://hg.mozilla.org. How to contribute: https://firefox-source-docs.mozilla.org/contributing/contribution_quickref.html