Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
slightwinder 12 hours ago

Does this support DRM? Like playing Netflix and other commercial streaming-sites. I remember this being a big problem with Firefox-forks. What about Firefox Sync?

Is RPC from external processes possible with this? For example, calling the URL of the open tab, or a list of open tabs and their URLs and/or content? Or remote control a tab, navigating to other URLs, etc? This would be interesting for integrating it with other apps and scripts, and Firefox is somewhat lacking in that field.

How secure is this?

probablyrobert 12 hours ago | parent [-]

DRM is not possible to support unfortunately: https://glide-browser.app/faq#why-can't-i-play-drm-content

Firefox Sync does work!

RPC is not currently supported but I agree it would be pretty interesting, tweety[0] was recently shared with me and that looks like it'd be quite nice, although I haven't tried it yet.

So far the only divergence from Firefox that could impact security is evaluating the config file, so I've described how that is sandboxed in the security[1] docs but I'm not super happy with the contents of that docs page; anything else you'd like to see mentioned?

[0]: https://github.com/pomdtr/tweety

[1]: https://glide-browser.app/security

slightwinder 10 hours ago | parent [-]

I've seen in the docs that the config does not support imports and also uses a special function for including config from other files. Will it stay this way? And does also prevent code from loading&eval via network? Maybe flesh this out more explicitly in the security-doc. It's not quite obvious from being in-between the docs.

Also, what about 3rd-partys? Can other webextensions access glides functions? Or even worse, websites? I guess this is prevented by Firefox itself, but explaining this more explicitly might be also an enhancement for the security-doc.

probablyrobert 9 hours ago | parent [-]

I'm not entirely sure what is going to happen with imports to be honest. My current thinking is that they'll be supported eventually but that imported modules should not have access to glide APIs. For anything that does need to use glide APIs, I would support that through a separate API.

Yes eval is blocked, and extensions / websites cannot access glide APIs.

Thanks that is very helpful! Agree those things should be mentioned in the security doc.