Skip to content

Add browser activity blog entry #37

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 25, 2024
Merged

Add browser activity blog entry #37

merged 4 commits into from
Oct 25, 2024

Conversation

seanvaleo
Copy link
Contributor

Add a browser activity blog entry.

QA Instructions

  • Review the document
  • Optionally, deploy the site locally to view the content (requires nvm):
nvm install 14.18.1
nvm use 14.18.1
npm ci
npm run develop
# Access the website at http://127.0.0.1:8000

@iapaddler iapaddler self-requested a review October 23, 2024 18:51
iapaddler
iapaddler reviewed Oct 23, 2024
View reviewed changes
website/src/pages/docs/browser-activity.md Outdated

Both of these browsers use a sandbox. It is a security feature, intended to isolate the browser processes. Neither of the sandboxes detect the AppView library. The intercept behavior utilized by the library does have undesirable effects on the browser, so we recommend an AppView of the browser without the use of the sandbox.The Chrome sandbox can be disabled from the command line.  The Firefox sandbox is disabled by use of 2 environment variables. 

The detection mechanisms employed by the library are intended to notify about potential security concerns in any given process (we should create a blog describing detection as a precursor to this?). There is behavior used by both browsers that are notified as potential security issues. For example, Chrome OS replaces most standard libc functions by modifying the GOT. The library detects this as a potential issue. It is a viable potential issue in many cases. The library is performing as expected. At the same time, this causes a large number of notifications to be generated. Therefore, these specific notifications can be disabled. Moreover, FIrefox emits a log warning when message queue functions are utilized. The library uses message queue to create a communication channel with an external appview CLI process. If we choose to disable these warnings we disable the use of message queues as an IPC by the library. One other behavior of note from Firefox relates to increased use of physical resources. Firefox processes increase limits on the number of pending signals, for example.  The limit is set to 50,000 and 200,000 max. These seem like large values. Makes sense that library detection would notify about this behavior. These notifications can be disabled if desired.  
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

delete: "we should create a blog describing detection as a precursor to this?)."
change FIrefox to Firefox

iapaddler
iapaddler reviewed Oct 23, 2024
View reviewed changes
Copy link
Collaborator

@iapaddler iapaddler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Couple of minor edits.

@seanvaleo seanvaleo marked this pull request as ready for review October 25, 2024 21:41
@seanvaleo seanvaleo merged commit be077e3 into master Oct 25, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iapaddler iapaddler iapaddler left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@seanvaleo @iapaddler