Share this page!

Alex Russell Profile picture
Twitter logo
7 Oct, 7 tweets, 2 min read
Oh-boy...

Might need to be off Twitter while @fugueish and @justinschuh *ahem* digest this press release.
Big reveal: it's Chromium!

But secure?
/me checks their website

*surely* they must be a description of how this thing improves sandboxing, allocators, control-flow hardening...something?

Hrmmm.

talon-sec.com/blog/
Looking forward to a fuller technical description of the hardening they apply. There's legit stuff you can do! The tradeoffs are complex.
Like, you can turn off JITs! It'd be cool to see a security-focused browser go all the way with this approach.

microsoftedge.github.io/edgevr/posts/S…

And maybe you can early adopt MiraclePtr?

docs.google.com/document/d/e/2…
...but the scale of investment needed to move the needle in ways that aren't being moved by others already?

In a codebase this vast?

With no published details?
You could do *really* aggressive stuff like saying "we don't run on boxes without CFI/CET"...I'd love to see someone go there.

Need the details.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Alex Russell

Alex Russell Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @slightlylate

Alex Russell Profile picture
8 Oct
So @maxlynch hit me right in the feels with this one:



I have deep, deep regrets that I have not been able to convince browser makers to refuse to load 2.7MB of JS, critical path, served uncompressed.
Browser teams (the folks who work on UI) don't think of content as "their problem". For historical reasons, they care about TLS and that has helped them make common cause with security interests.
But no such enlightenment has occurred around performance...and in particular, perf so bad that it endangers accessibility.

Platform teams, meanwhile, focus on making the runtime faster, rather than building common cause between users on high-end and low-end devices.
Read 13 tweets
Alex Russell Profile picture
11 Aug
F: is he saying "super moms"?
me: I think he is?
<stares>
I don't know how @ErrataRob is dealing with this...the stuff on the live stream is *UNHINGED*.
@ErrataRob The sincere stupidity is arresting and terrifying in equal measure.
Read 7 tweets
Alex Russell Profile picture
10 Aug
Your shopping website is not an SPA.

I repeat: your shopping website is not an SPA.

Stop trying to sculpt David with a JS chainsaw and get yourself an HTML/CSS chisel.
Like, it *could* be an SPA, in the same sense that one *could* use a solid rocket booster to power one's car.
How do I know it's ridiculous to apply this much JS to the problem?

Because I helped build e-commerce sites with similar features (filtering, carts, etc.) that had to work on 4.0 browsers over 33.6 modems to WebTV boxes in 1999.
Read 6 tweets
Alex Russell Profile picture
16 Jul
"$120 smartphone being sold for $500" you say? Why yes, cheap Androids *are* my beat.

A quick 🧵 on the technical specs of the UMIDIGI A9 Pro (a.k.a. "Freedom Phone") and how it stacks up against vs. legit $500USD devices.
The chip inside is the 8-core MediaTek Helio P60 (a.k.a., MT6771). It was initially released in early *2018* and was not a competitive part even then:

en.wikichip.org/wiki/mediatek/…

By modern standards it's a pile of 💩; no device above ~$200 should use it.
Looking at the headline specs, this thing's a dog. There are 8 cores, but as with most Android devices, that's less than half the picture.

The *fast* cores (4 x A73's) are a design from *2016*:

en.wikipedia.org/wiki/ARM_Corte…

The slow cores are 2012's A53:

en.wikipedia.org/wiki/ARM_Corte…
Read 19 tweets
Alex Russell Profile picture
8 Jul
There's a lot of cultural rot packed into this and, per usual, California's *messed up* land use and tax policies are the backdrop.

To recap: Prop 13 means housing gets cheaper the longer you hold, not just 'cuz feds subsidize mortgages, but also property taxes.
Combined with now-rampant NIMBY-ism from the last generation to enjoy tax-funded higher ed, spiraling property costs mean the dream of owning a reasonable home and starting a family is a receding vision.

How bad is it?

sfchronicle.com/local/article/…

washingtonpost.com/opinions/2021/…
The "way up" is "supposed to be" tech -- one of the few industries often paying enough to get you a slice of California. And for the lucky few, it absolutely is.

But the path to that is brutal.
Read 12 tweets
Alex Russell Profile picture
8 Jul
I take this blog post to mean that Play will provide WebAPKs to competing browsers and that I'll be able to install other stores on my Pixel.

Do I have that right?
My contention for something like a decade has been that if your tree is closed for half the year, you're "kept source", regardless of the license code eventually drops with:

One quick point and then a longer one.

Quickly, the distance between Play's mission and Google's mission has always been both obvious and disappointing.

So why does it persist? To grok that, we have to understand the origin stories.

Read 15 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @slightlylate has new unrolls!

Check out other threads from @slightlylate!

Read all threads by @slightlylate

:(