As of 2016-02-26, there will be no more posts for this blog. s/blog/pba/
Showing posts with label Chromium. Show all posts

About a few days ago:
~ $ glsa-check -d 201203-19 | head -12
            GLSA 201203-19: 
Chromium: Multiple vulnerabilities             
Synopsis:          Multiple vulnerabilities have been reported in Chromium,
                   some of which may allow execution of arbitrary code.
Announced on:      March 25, 2012
Last revised on:   March 25, 2012 : 01

Affected package:  www-client/chromium
Affected archs:    All
Vulnerable:        <17.0.963.83
Unaffected:        >=17.0.963.83

I noticed this GLSA issue, but I held up until I finally decided to upgrade Chromium, I don't really use Chromium (or V8).

~ $ sudo genlop -lu | egrep '(chromium|v8)' | tail -4
     Wed Mar 28 03:17:23 2012 <<< dev-lang/v8-
     Wed Mar 28 03:17:24 2012 >>> dev-lang/v8-
     Wed Mar 28 05:10:52 2012 <<< www-client/chromium-17.0.963.56
     Wed Mar 28 05:12:07 2012 >>> www-client/chromium-17.0.963.83
Just right now:

~ $ glsa-check -d 201203-24 | head -18
          GLSA 201203-24: 
Chromium, V8: Multiple vulnerabilities           
Synopsis:          Multiple vulnerabilities have been reported in Chromium
                   and V8, some of which may allow execution of arbitrary
Announced on:      March 30, 2012
Last revised on:   March 30, 2012 : 01

Affected package:  dev-lang/v8
Affected archs:    All
Vulnerable:        <
Unaffected:        >=

Affected package:  www-client/chromium
Affected archs:    All
Vulnerable:        <18.0.1025.142
Unaffected:        >=18.0.1025.142
I said "Oh, come on!"

~ $ sudo genlop -t -S '(chromium|v8)' | tail -6
     Wed Mar 28 03:17:24 2012 >>> dev-lang/v8v8
       merge time: 4 minutes and 44 seconds.

     Wed Mar 28 05:12:07 2012 >>> www-client/chromiumchromium
       merge time: 1 hour, 54 minutes and 43 seconds.
(I think I found a bug with -S in genlop, see the repeating package name?)

Only Chromium uses v8 and I don't run JavaScript scripts outside of browsers. I think I am going to unmerge Chromium.

If you primarily are a Chromium user, enjoy the merging! ;p

1   Firefox 4 and Opera

Just heard3 about this new benchmark Kraken4, so I tried it with FF4 beta and Opera 10.61. I only have two browsers on my system currently, its too bad that I dont have Chromium to compare because the results are quite interesting

TEST                         COMPARISON            FROM                 TO               DETAILS
                                                  (Opera 10.61)   (FF 4.0b7pre 20100914)

** TOTAL **:                 1.50x as fast     19627.2ms +/- 2.3%   13061.5ms +/- 1.1%     significant


  ai:                        1.41x as fast      3344.5ms +/- 13.0%    2371.8ms +/- 6.4%     significant
    astar:                   1.41x as fast      3344.5ms +/- 13.0%    2371.8ms +/- 6.4%     significant

  audio:                     1.55x as fast      6657.7ms +/- 1.2%    4307.2ms +/- 1.0%     significant
    beat-detection:          1.071x as fast     1301.8ms +/- 3.7%    1215.3ms +/- 2.0%     significant
    dft:                     2.54x as fast      2844.6ms +/- 2.8%    1119.4ms +/- 2.7%     significant
    fft:                     1.051x as fast     1137.7ms +/- 1.3%    1082.4ms +/- 3.0%     significant
    oscillator:              1.54x as fast      1373.6ms +/- 1.8%     890.1ms +/- 0.9%     significant

  imaging:                   2.30x as fast      7628.8ms +/- 1.4%    3318.3ms +/- 1.6%     significant
    gaussian-blur:           3.46x as fast      5256.8ms +/- 1.8%    1517.7ms +/- 0.8%     significant
    darkroom:                1.67x as fast       989.6ms +/- 1.9%     592.7ms +/- 0.8%     significant
    desaturate:              1.144x as fast     1382.4ms +/- 1.3%    1207.9ms +/- 3.8%     significant

  json:                      *1.32x as slow*     302.4ms +/- 1.4%     399.1ms +/- 0.7%     significant
    parse-financial:         *1.88x as slow*     134.9ms +/- 1.9%     253.9ms +/- 0.8%     significant
    stringify-tinderbox:     1.154x as fast      167.5ms +/- 2.1%     145.2ms +/- 1.0%     significant

  stanford:                  *1.57x as slow*    1693.8ms +/- 2.8%    2665.1ms +/- 0.6%     significant
    crypto-aes:              *1.93x as slow*     377.8ms +/- 9.8%     729.6ms +/- 0.6%     significant
    crypto-ccm:              *1.109x as slow*    473.2ms +/- 10.5%     524.7ms +/- 1.9%     significant
    crypto-pbkdf2:           *1.85x as slow*     634.3ms +/- 4.0%    1176.0ms +/- 0.7%     significant
    crypto-sha256-iterative: *1.126x as slow*    208.5ms +/- 1.1%     234.8ms +/- 1.6%     significant

As you can see FF4 is faster in three categories of tests: ai, audio and imaging; and slower in json and crypto categories. Last month, from results of SunSpider, Opera 10.61 is faster than FF4.0b5pre. Now, with tests above, FF4.0b7pre is faster.

[3]The original link was, but it returns 410 GONE.
[4]The original link was, the content was gone.

2   Firefox 3.6.9

RESULTS (means and 95% confidence intervals)
Total:                       27035.3ms +/- 1.2%

  ai:                         4529.0ms +/- 5.3%
    astar:                    4529.0ms +/- 5.3%

  audio:                      9842.9ms +/- 1.3%
    beat-detection:           2299.4ms +/- 2.2%
    dft:                      3488.6ms +/- 1.8%
    fft:                      2212.1ms +/- 3.0%
    oscillator:               1842.8ms +/- 4.0%

  imaging:                    7502.1ms +/- 1.5%
    gaussian-blur:            3481.2ms +/- 2.8%
    darkroom:                  834.8ms +/- 0.8%
    desaturate:               3186.1ms +/- 2.5%

  json:                        520.9ms +/- 1.2%
    parse-financial:           350.7ms +/- 1.4%
    stringify-tinderbox:       170.2ms +/- 1.9%

  stanford:                   4640.4ms +/- 1.0%
    crypto-aes:               1367.0ms +/- 0.9%
    crypto-ccm:               1028.7ms +/- 1.4%
    crypto-pbkdf2:            1676.7ms +/- 1.8%
    crypto-sha256-iterative:   568.0ms +/- 0.6%

I ran it four times, two of them crashed Firefox and this test used a lot of memory, more than 1 GB. I am also compiling Chromium for this benchmark, result will be added later.

3   Firefox ESR 17.0.2 with Kraken 1.1

RESULTS (means and 95% confidence intervals)
Total:                        6688.6ms +/- 1.4%

  ai:                          236.7ms +/- 3.7%
    astar:                     236.7ms +/- 3.7%

  audio:                      2528.1ms +/- 3.7%
    beat-detection:            610.8ms +/- 1.1%
    dft:                      1047.5ms +/- 6.1%
    fft:                       444.9ms +/- 0.6%
    oscillator:                424.9ms +/- 18.1%

  imaging:                    2505.4ms +/- 2.4%
    gaussian-blur:            1438.1ms +/- 4.1%
    darkroom:                  550.3ms +/- 0.2%
    desaturate:                517.0ms +/- 4.3%

  json:                        276.8ms +/- 2.7%
    parse-financial:           152.6ms +/- 3.6%
    stringify-tinderbox:       124.2ms +/- 4.4%

  stanford:                   1141.6ms +/- 1.4%
    crypto-aes:                263.0ms +/- 1.5%
    crypto-ccm:                199.5ms +/- 1.5%
    crypto-pbkdf2:             509.0ms +/- 1.7%
    crypto-sha256-iterative:   170.1ms +/- 3.7%

4   Chromium 7.0.517.5

RESULTS (means and 95% confidence intervals)
Total:                        22962.1ms +/- 0.6%

  ai:                          1220.5ms +/- 0.5%
    astar:                     1220.5ms +/- 0.5%

  audio:                       8739.2ms +/- 0.8%
    beat-detection:            2288.9ms +/- 1.1%
    dft:                       3169.9ms +/- 2.1%
    fft:                       2370.6ms +/- 0.5%
    oscillator:                 909.8ms +/- 0.6%

  imaging:                    11067.4ms +/- 0.9%
    gaussian-blur:             5549.8ms +/- 1.9%
    darkroom:                  2748.7ms +/- 1.7%
    desaturate:                2768.9ms +/- 1.1%

  json:                         890.2ms +/- 0.3%
    parse-financial:            507.0ms +/- 0.4%
    stringify-tinderbox:        383.2ms +/- 0.4%

  stanford:                    1044.8ms +/- 0.7%
    crypto-aes:                 229.3ms +/- 0.9%
    crypto-ccm:                 190.3ms +/- 0.5%
    crypto-pbkdf2:              435.0ms +/- 0.8%
    crypto-sha256-iterative:    190.2ms +/- 1.4%

5   Summary,0,30000&chxt=y&chbh=a&chs=628x240&cht=bvg&chco=FF9900,80C65A,76A4FB,FFCC33&chds=0,30000,0,30000,0,30000,0,30000&chd=t:13061.5|19627.2|22962.1|27035.3&chdl=Firefox+4|Opera+10|Chromium+7|Firefox+3.6&chdlp=b&chma=0,0,0,10|0,35
Browser   Version     Total Time   To FF4
Firefox    4.0b7pre   13061.5 ms  --------
Opera     10.61       19627.2 ms  + 50.27%
Chromium   7.0.517.5  22962.1 ms  + 75.80%
Firefox    3.6.9      27035.3 ms  +106.98%

I am using Firefox 64-bit beta 5 prerelease nightly build, it works well on my Gentoo. And Vimperator also works, well, from the repository, of course. I have to edit the install.rdf because it only sets up up to beta 4. I bumped the version and built the xpi, it works great!

Almost all addons are not compatible with beta 5, AdBlock is the only one has an update for beta 5 prerelease, but I disabled it later. The reason I dont want to use AdBlock is same as I have with Chrome. The speed has been improved, though it is still slower than Chrome.

I think I should get some numbers, so I tested it with first website I could find from search.

Before I show you the results, I must tell you that I just wanted to get a rough idea about how fast they could execute JavaScript, I didnt try to make sure my system is all ready for the benchmark test to run. I had some programs running behind but they were not heavy tasks. Firefox 3.6.8 (8 addons) and Chromium (2 extensions) have some addons installed, but I dont think it would make big difference if I disable them.

Now, here is the chart and numbers:|||(ms)|Time||&chxr=0,0,1400&chxt=y,y&chbh=a&chs=800x320&cht=bvg&chco=A2C180,FF9900,BBCCED,7777CC&chds=0,1400,0,1400,0,1400,0,1400&chd=t:447.4|480.8|719.4|1255.8&chdl=Chromium+6.0.490.1|Opera+10.61|Firefox+4.0b5pre|Firefox+3.6.8&chg=-1,7,4,0&chtt=Browsers+SunSpider+Tests"
Browser Total
Chromium 6.0.490.1 0447.4ms +/- 12.3%
Opera 10.61 0480.8ms +/- 01.4%
Firefox 4.0b5pre 0719.4ms +/- 01.9%
Firefox 3.6.8 1255.8ms +/- 01.2%

From the results, Fireforx 4.0b5pre is about 60.8% slower, but a benchmark is an intense test in different special cases. The real use might not result in such difference. When I just fired it up, I immediately felt the performance improved and I couldnt real tell if its faster or slower than Chromium. The memory usage also seems improved, though I havent used it thoroughly.

Vimperator is always something very important addon for me, I even tried to create a similar way to open bookmark in Chromium. Since its already in beta stage and stable enough for me, so I think I should probably go back to Firefox and Vimperator. Hope the future release could have more performance improvement. UI improvement is really useless to me since I use Vimperator.

A few hours ago, Gmail announced a new video and chat plugin for Linux users. I am a 64-bit user, pure one, there is no 32-bit library on my system. I wasnt going to try because 1) I am not into online IM chatting not to mention this voice and video chatting and 2) I dont believe that Google would release a 64-bit stuff.

But you know curiosity killed the cat, so I went to download, just to file to find out if they are 64-bit build or just 32-bit as my expectation. I ran

ar -x google-talkplugin_current_amd64.deb
tar xf data.tar.gz
cd opt/google/talkplugin

Now, its about to see the truth:

% file * */*
GoogleTalkPlugin:         ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.8, stripped
cron:                     directory
lib:                      directory     ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, stripped ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, stripped
cron/google-talkplugin:   POSIX shell script text executable
lib/             ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, stripped
lib/           ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, stripped</pre>

(Side note: you can see there is a cron, Google installs a cron job to update .deb package, so this plugin would never get outdated. I really can not agree with this automatic method. (I assume that its automatic, I didnt read that script))

I was shocked, twice! First shock was there did have 64-bit shared library and the second shock was why the hell this GoogleTalkPlugin is a 32-bit build? I couldnt understand. As far as I know, the browser plugin uses shared library, so that 32-bit stuff shouldnt be a problem, it must be some kind of desktop manager for the plugin, its worth trying. (I was wrong. :()

So, I tried to install it:

chmod +x *.so lib/*.so
cp *.so ~/.mozilla/plugins/
sudo cp lib/* /usr/lib64/

I installed them in Mozillas (Firefoxs) plugin directory, so Chromium can also use it. After restarted browser, I got a good sign from Chromium and Firefox.

So, I recompiled my kernel with required modules. Rebooted, got into Gmail in Chromium, went to setting. Nothing!? Switched to Firefox, still nothing.

Then, I ran Chromium from command-line, I got this log:

[000:017] Warning( Unreadable or no port file.  Could not initiate GoogleTalkPlugin connection
[000:022] Warning( Could not initiate GoogleTalkPlugin connection
[000:022] Warning( Load: Could not open file
[000:022] Warning( Failed to get GoogleTalkPlugin path. Trying default.
[000:025] Started GoogleTalkPlugin, path=/opt/google/talkplugin/GoogleTalkPlugin
[000:025] Waiting for GoogleTalkPlugin to start...
[001:098] Warning( Unreadable or no port file.  Could not initiate GoogleTalkPlugin connection
[001:099] Warning( Could not initiate GoogleTalkPlugin connection
[001:099] Waiting for GoogleTalkPlugin to start...
[002:190] Warning( Unreadable or no port file.  Could not initiate GoogleTalkPlugin connection
[002:191] Warning( Could not initiate GoogleTalkPlugin connection
[002:191] Waiting for GoogleTalkPlugin to start...

I could only say !#$%^, Google!

If your system is multilib, I think you have good chance to get it running, just move that 32-bit stuff to /opt/google/talkplugin/GoogleTalkPlugin.

Google, please re-build GoogleTalkPlugin for 64-bit! Pretty please?

Few days ago (2010-07-16), Arch Linux Forums started to redirect unencrypted connection to encrypted connection, in other words, it is now SSL connection only.

My current web browser is Chromium and it told me is not trusted, the certificate issuer that Arch Linux Forums uses. It only takes one click for a browsing session to get rid of that message. Before this, I sometimes stumbled upon Gentoo Bugs redirected via Gentoo Packages.

I am not actually a reader of Arch Linux Forums, but I read it regularly. So its time to get rid of it once for all.

Its fairly simple. Firstly, you need certutil tool from NSS package, if you dont have then add the following line to your /etc/portage/packages.use:

dev-libs/nss utils

Re-emerge NSS. Next step is to add the root certificate:

certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n cacert -i /etc/ssl/certs/

Then check if we add successfully with:

% certutil -d sql:$HOME/.pki/nssdb -L

Certificate Nickname                                         Trust Attributes

cacert                                                       C,,

Restart browser and say hello to that little green lock.

The steps are actually from this Chromium wiki page

Note that the root certificate /etc/ssl/certs/ is a symbolic link to /usr/share/ca-certificates/, which is a file part of ca-certificates package and your Gentoo system should already have it because OpenSSL depends on it and openssl is unlikely not installed.