Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bug tracking - self destructs in 10 seconds #2

Open
Thorin-Oakenpants opened this issue Jun 19, 2017 · 16 comments
Open

bug tracking - self destructs in 10 seconds #2

Thorin-Oakenpants opened this issue Jun 19, 2017 · 16 comments

Comments

@Thorin-Oakenpants
Copy link

Thorin-Oakenpants commented Jun 19, 2017

[bleep] [censored] [top secret] [redacted] [classified] [witchhunt] [russia]

@Thorin-Oakenpants
Copy link
Author

they're tracking you bro .. amazon drones are in the air

@earthlng
Copy link
Owner

earthlng commented Oct 4, 2020

lol. have you seen the spaceX satellites in the night sky yet? I only saw them once when I went out for a smoke late at night.
I was equally shocked and amazed. kinda spooky :)

https://www.youtube.com/watch?v=l58nWIvyYs0

@Thorin-Oakenpants
Copy link
Author

not seen em, but fuck Elon Musk ruining my view

@earthlng
Copy link
Owner

earthlng commented Oct 4, 2020

don't worry, you'll see them when they have all 12000 planned satellites up there!!!

@Thorin-Oakenpants
Copy link
Author

Thorin-Oakenpants commented Oct 4, 2020

fu....uuuuck ... I'll have to stick pebbles in my shoes to hide my gait, and mask up like trump, and wear tinfoil and reflectacles so they can't FP my biometrics .. maybe stop my heart beating or make it super irregular

@Thorin-Oakenpants
Copy link
Author

is that video time lapsed? Anyway, can;t see shit down here, we're too remote, practically on the edge of the flat disc

@earthlng
Copy link
Owner

earthlng commented Oct 4, 2020

is that video time lapsed?

nope, that's pretty much how I saw it too. Only difference was that I only saw them in a limited space "window", like the ones at the front went out of view at a certain point and new ones came into view from the back. They were pretty low on the horizon and I guess the sun only reflected them into view in that limited space window

@Thorin-Oakenpants
Copy link
Author

Thorin-Oakenpants commented Oct 4, 2020

so I basically reset my system fonts

here's RFP only in FF81 (note I have 9 styles in Arial, 6 in calibri) .. 68 fonts detected

Arial, Arial Black, Arial Narrow, Calibri, Calibri Light, Calibri Light Italic, Cambria, Cambria Math, Candara, Comic Sans MS, Consolas, Constantia, Corbel, Courier, Courier New, Ebrima, Gabriola, Georgia, Helvetica, Impact, Lucida Console, Lucida Sans Unicode, Malgun Gothic, Marlett, Microsoft Himalaya, Microsoft JhengHei, Microsoft New Tai Lue, Microsoft PhagsPa, Microsoft Sans Serif, Microsoft Tai Le, Microsoft YaHei, Microsoft Yi Baiti, MingLiU_HKSCS-ExtB, MingLiU-ExtB, Mongolian Baiti, MS Gothic, MS PGothic, MS Pゴシック, MS Sans Serif, MS Serif, MS UI Gothic, MS ゴシック, MV Boli, NSimSun, Palatino Linotype, PMingLiU-ExtB, Roman, Segoe Print, Segoe Script, Segoe UI, Segoe UI Light, Segoe UI Semibold, Segoe UI Symbol, SimSun, SimSun-ExtB, Small Fonts, Sylfaen, Symbol, Tahoma, Times, Times New Roman, Trebuchet MS, Twemoji Mozilla, Verdana, Webdings, Wingdings, 宋体, 微软雅黑

what is the diff from yours: Arial Narrow and is there anything else?

Here's pantopticlick (so yeah, it picked up a few more like Consolas etc that you pointed out, now my system fonts are "normal")

Arial, Arial Black, Arial Narrow, Calibri, Cambria, Cambria Math, Comic Sans MS, Consolas, Courier, Courier New, Georgia, Helvetica, Impact, Lucida Console, Lucida Sans Unicode, Microsoft Sans Serif, MS Gothic, MS PGothic, MS Sans Serif, MS Serif, Palatino Linotype, Segoe Print, Segoe Script, Segoe UI, Segoe UI Light, Segoe UI Semibold, Segoe UI Symbol, Tahoma, Times, Times New Roman, Trebuchet MS, Verdana, Wingdings

@earthlng
Copy link
Owner

earthlng commented Oct 5, 2020

68 fonts detected

I get 65

what is the diff from yours

I don't have Arial Narrow, Calibri Light, Calibri Light Italic. The other 65 are the same as yours

@Thorin-Oakenpants
Copy link
Author

hah, I just guessed as much in the other thread

@Thorin-Oakenpants
Copy link
Author

It looks pretty solid to me if there's only a few extra styles to create entropy. 220 million FF users with RFP on, one day .. ... maybe ... Of course it would be better if they move away from families and actually use individual styles

@earthlng
Copy link
Owner

earthlng commented Oct 5, 2020

Of course it would be better if they move away from families and actually use individual styles

yeah totally. It looks like if a user or another software installs additional styles of a font in the allowlist then that gets allowed too. That should not be happening. Fe in your case, Arial Narrow is not in the list and should not be allowed.

@Thorin-Oakenpants
Copy link
Author

Thorin-Oakenpants commented Oct 5, 2020

I don't know how all that plays out in Linux or Mac, but I think we could open a ticket with some evidence: i.e issue at user.js and ask windows users to post results - and then you and I can keep a list of diffs - e.g. me being a control set, or something?

edit: we would post a hash and detail the results .. and ask users only to post both hash and the list if it's a new hash - capsice?

@Thorin-Oakenpants
Copy link
Author

A ticket at bugzilla for jfkthame to follow up on his ToDo on line 7

@earthlng
Copy link
Owner

earthlng commented Oct 5, 2020

sounds good 👍

@Thorin-Oakenpants
Copy link
Author

hah, so it's easy to detect if you're gecko based (< 1ms), its easy to detect if you're running RFP (1ms), and now (assuming a whitelist isn't used, and obviously you allow for doc fonts blocked) it's probably easy to infer Win7 vs Win10 based on some fonts: although you could have done that anyway, I guess.

They're not going to bother with win7 - I suspect the number of users will drop and they'll end support maybe in the next ESR (probably the next one after: i.e in two years)

I can see the list being tightened up in several ways

  • drop some most-likely not needed crap that causes entropy (i.e move into kLangPacks or create another section, or drop them (comment them out)), like HoloLens MDL2 Assets (there's another MDL2 there but they both have it: seems part of a family)
  • reduce the number (this is not to make win7 and win10 more alike, just to eliminate potential entropy within win10): e.g. I'm sure RFP users can get along without some of those fonts (win7 doesn't have Bahnschrift or all those Sitka / Yu Gothic sets for example and we get along fine)
  • family styles <-- this

Only some decent data will tell the story. Moz are collecting telemetry on this. Wish I could get a data set

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants