Fx extension PDFreader - config advice?

General discussion about web technology.
saywot
Junior Member
Posts: 20
Joined: Wed Aug 03, 2011 4:36 am

Fx extension PDFreader - config advice?

Post by saywot »

http://www.geek.com/articles/news/this- ... -20111027/
This alpha native reader is a project I'd like to support.
But only if it doesn't need global font "allow".
It appears to render pdf stuff nice and quickly without needing any NS allows - although layout and printing is still not polished.
Any power user have an idea about its possible pitfalls for NS users?

EDIT: Trashed by side-issues. Closed for now and shall return a few months later for another attempt.
Last edited by saywot on Mon Oct 31, 2011 8:48 am, edited 1 time in total.
NS AMO Beta channel subscription.
Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Fx extension PDFreader - config advice?

Post by Tom T. »

Before worrying about pitfalls, I'd like to question the necessity.

From the page you linked:
No longer will you have to fight with an external PDF plug-in in Firefox. Huzzah!
Huh? :?:
I click a pdf link. I confirm in the dialog box whether to open or save to disk. If "open", it opens. I can zoom, print, just as if it were saved to disk and opened.
No plug-in required. How?
Mozilla’s PDF reader for Firefox is quite different from the one Google ships in Chrome. The Chrome PDF plug-in makes use of code written by the folks at Foxit.
Yep. My Firefox uses the Foxit reader that was installed on the machine anyway as an independent program. Which is about 1/100 the size of Adobe Reader, and is very easily configurable to disable executable content within the pdf, including JavaScript, Flash, etc.

btw, I cheated. I got v.2.0.2007, which has no native JS support at all; you have to download and add it. (I didn't.) But it's only good up through 32-bit Win XP and Linux.
Later versions, for the later OSs, boost the footprint from 4 MB up to a whopping 8-14 MB, compared to Adobe's hundreds of MB. As above, disable executable content by default, then enable if you really want to see Flash videos in your pdf, or find useful JS, such as form-completion.

I *personally* don't see the need to add this capability to Firefox. YMMV.

DISCLAIMER: I have no connection to the above product. There have been newer versions released, which I did not get. I can't speak to those versions. I can't control the product or your use of it, and therefore cannot take any responsibility or liability for your use of it, or the consequences of using it. This is not an official endorsement by this forum, its Admin/Developer, or anyone else. It is my own personal experience, offered in the hope that it may be of use. but comes with no guarantees or warranties, express or implied. IF YOU DO NOT AGREE TO THE ABOVE TERMS, DO NOT CONSIDER, HEED, OR USE THE ABOVE PERSONAL OPINION.

I suppose I should add another disclaimer that I have a bias against bloat and complexity, and in favor of simplicity and smaller footprint (= smaller attack surface), and against doing new things merely because you can, or for the sake of newness, or to have a longer list of "features" than the other guy. Again, YMMV.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.23) Gecko/20110920 Firefox/3.6.23
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Fx extension PDFreader - config advice?

Post by Tom T. »

Just wanted to add that the same older version of Foxit works equally well on Fx 7.01, even though I'm running the browser as a portable version, from a flash drive.

edited the typo of "Firefox" where "Foxit" was meant.
Last edited by Tom T. on Mon Oct 31, 2011 1:22 am, edited 1 time in total.
Reason: typo
Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
JustPassingBy

Re: Fx extension PDFreader - config advice?

Post by JustPassingBy »

Wow, can't believe how stupid you are Tom T. It's a development in progress. Did you installed the alpha xpi?
Development on PDF.js has progressed to the point now where you can take an early peek at it. The restart-free add-on is available from the GitHub repository — just download the .XPI in Firefox and click to install.
It's an extension, not a plugin. You need to install the extension, and they are hoping that it will be integrated with firefox.
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:7.0.1) Gecko/20111018 Firefox/7.0.1-x64 PaleMoon/7.0.1-x64
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Fx extension PDFreader - config advice?

Post by Tom T. »

JustPassingBy wrote:Wow, can't believe how stupid you are Tom T. It's a development in progress. Did you installed the alpha xpi?
Development on PDF.js has progressed to the point now where you can take an early peek at it. The restart-free add-on is available from the GitHub repository — just download the .XPI in Firefox and click to install.
It's an extension, not a plugin. You need to install the extension, and they are hoping that it will be integrated with firefox.
Thank you for the kind words.

My point was that I need to have a pdf reader on the desktop anyway, to open those that are saved to, or created on, the hard drive.
The browser already uses that reader perfectly well, so I see no need to create an extension to do something that is already being done.

I'm sorry that I was unable to make that clear enough for you to understand the first time.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.23) Gecko/20110920 Firefox/3.6.23
saywot
Junior Member
Posts: 20
Joined: Wed Aug 03, 2011 4:36 am

Re: Fx extension PDFreader - config advice?

Post by saywot »

Tom T. wrote: My point was that I need to have a pdf reader on the desktop anyway, to open those that are saved to, or created on, the hard drive.
The extension does turn Fx into a pdf handler - local files as well as web ones.
So at ideal development of this extension, Fx would become all the pdf handler a general web user's system will need.
The general usage case is that of reading pdfs online and having to print out pdfs for commerce and government reasons. Creation and interaction with pdfs is more specialised and I'd say this kind of development remains something for developers with funds to invest in their development - eg Adobe and Foxit.

For my money, having battled against the huge tide of security vulnerabilities in third-party closed-source dlls like Acrobat, bloat is way down on the list when I'm considering installing a pdf handler. I note that Foxit is closed source and I would indeed go along with your disclaimer and caution anybody against taking your recommendation as anything except one that will reduce install-bloat on a system.

Back from that hijack, does any NS power user have an opinion about any possible usability and security pitfalls of the PDF.js project, per my original question?
NS AMO Beta channel subscription.
Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Fx extension PDFreader - config advice?

Post by Tom T. »

The extension does turn Fx into a pdf handler - local files as well as web ones.
So at ideal development of this extension, Fx would become all the pdf handler a general web user's system will need.
I can use an axe to cut my steak as well as to chop down trees, but just a knife does fine for the steak, and with less risk.

I suppose one could also add extensions or native support that would turn Firefox into a reader and editor of .txt and .rtf documents on the HD, but why?

"Do one thing and do it well" -- Don't know the original author, but Giorgio Maone has said that about adding non-security-related functions to NoScript. It's a security tool, and adding the capability to cook your breakfast dilutes that value and invites vulns and bugs.
For my money, having battled against the huge tide of security vulnerabilities in third-party closed-source dlls like Acrobat, bloat is way down on the list when I'm considering installing a pdf handler.
Clearly, you don't understand some of the most important basic principles of safe coding, including the principle of "attack surface". Greater minds than mine have observed that on average, there is about one coding error for every 1000 lines of code written. Some are harmless. Some are bugs. Some are exploitable.
If Adobe has 100x the lines of code of Foxit, then it's expected that Adobe will have at least 100x the number of coding errors (given that greater complexity creates more paths of interaction, and also makes review more difficult). And in fact, Adobe Reader has been the subject of numerous documented attacks for quite a while. Look in their security updates and changelogs, and compare them to Foxit's. Bloat is directly correlated to that difference.

Another greater mind said, "One man's feature is another man's exploit."
*Every* new feature added to *anything* - browser, pdf reader, etc. -- creates more possible security vulns.

Has Firefox been immune from security vulnerabilities? OSS helps, but if it were perfect, there'd be no need for security updates. Clearly, I find Firefox to be the best choice of available browsers, but is there really any reason to believe that this *new* feature must of necessity be flawless? Have the browsers been?

Adobe's mistake is trying to do too much. Foxit does one thing and does it well, with incremental improvements over time. Firefox should be a web browser, and continue to concentrate on doing it well, rather than being a do-it-all tool.
I note that Foxit is closed source and I would indeed go along with your disclaimer and caution anybody against taking your recommendation as anything except one that will reduce install-bloat on a system.
It's not just HD space, or wasted RAM and clock cycles, though those can add up pretty quickly if you have a machine full of bloatware. It's what's said above: it's easier to secure a small cave than a 100-room mansion with windows (no pun intended) in every room.

Speaking of Windows, it appears that you still use XP, as I do. Perhaps you have different reasons, but I like the fact that it's been around long enough to mature. Didn't get it until after SP 2, -- "never buy the first version of anything". I heard the bad buzz about Vista, and it proved to be valid. Terrible disaster for MS, dropped fairly quickly in favor of 7. So Vista never got a chance to mature. (poor design to begin with.) Now Win 8 was previewed last month (Sep. 2011), and although a statement of release in 2012 was later retracted, it would be in line with MS's typical 3-year release schedule. (Vista made it for only 2 1/2 years.) But XP is still supported ten years after release, the longest for any MS OS ever, including DOS. And if you look at the monthly security bulletins, the number affecting the core XP OS (i. e., not Office, Media Player, etc.) has indeed been declining over time.

So, why do *you* still stick with XP? Just a matter of money? -- certainly a valid reason. But the above are all true, regardless of whether you choose to acknowledge them.
Also, why do you choose a closed-source product like Windows when there are open-source Linux-based OSs to be had for the taking? -- and they are *not* free of security issues, either.
Back from that hijack,
You asked for opinions on a proposed new feature. How is questioning the necessity of the feature a hijack?

I'm on the support team of the world's best browser security tool, donating my time as do all of the rest of the unpaid volunteers who make up the support team. I think I can post my opinion about what is the safest course without that being regarded as a hijack. Others are free to disagree with my opinion (and yours).

But If the new feature isn't necessary, then any further discussion becomes moot. Which saves a lot of time, decision-making, and possible future security issues for those who decide for themselves that my opinion is valid.

So, no further discussion from this writer - you may have the last word, should you like.

And for those who *do* think that their browser needs to become a Swiss Army Knife that can do everything already done by other tools, do please feel free to respond to the OP's question about pitfalls, which in itself implies the possbility, if not probability, of same.

Cheers.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.23) Gecko/20110920 Firefox/3.6.23
saywot
Junior Member
Posts: 20
Joined: Wed Aug 03, 2011 4:36 am

Re: Fx extension PDFreader - config advice?

Post by saywot »

Tom T, I must apologise for my imprecision in the first post.
I was inviting opinions about any problems using an *already installed* PDF.js extension.
I believed this was implied by the post title and my observation of its behaviour as "nice and quick[...]" but can understand your disagreeing with my calling your extremely generous free contribution a hijack.

If you would like a little more to think about re plugins:
I don't think much of your metaphor about knives and choppers.
If HTML5 can render video natively - and very nicely, what's wrong with it doing pdf just as well.
Hint: browser doing video cuts out the NS-deprecated Adobe plugin
http://hackademix.net/2011/04/12/yet-an ... der-0-day/

Whatever, it seems this thread is not interesting to power users yet, so I'll return after a few months when I feel sure the project will have got a lot more attention.
Posting from work's desktop, as always, btw :-) I've never owned anything MS.
NS AMO Beta channel subscription.
Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
dhouwn
Bug Buster
Posts: 968
Joined: Thu Mar 19, 2009 12:51 pm

Re: [CLOSED]Fx extension PDFreader - config advice?

Post by dhouwn »

Instead of declaring this thread "closed", how about moving it to Web Tech for now?

Concerning the extension: Theoretically a great idea! Finally doing search, printing of web pages and PDF pages etc. from the same UI (although I must say that I would welcome Firefox to then also adopt the more advanced printing and search features PDF readers generally have).
But how does this extension work? Am I correctly assuming that it basically prints text using Canvas onto an image?! Thus making viewing a PDF resource-hungry, problematic for printing and currently non-selectable? Is this just because they want pixel-perfect rendering? I believe a simpler not-so-perfect solution might have been better in some regards, but I guess they felt like that pixel-perfectness was a markant feature of PDF and it's underlying formats.

Fun fact: Apparently they plan on implementing JPEG2000 support using pure JS. Am I too old-school in believing that this might not be the best idea?
Last edited by dhouwn on Mon Nov 14, 2011 9:42 am, edited 1 time in total.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0
Alan Baxter
Ambassador
Posts: 1586
Joined: Fri Mar 20, 2009 4:47 am
Location: Colorado, USA

Re: Fx extension PDFreader - config advice?

Post by Alan Baxter »

Topic renamed and moved as dhouwn suggested.
Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
NickP
Posts: 5
Joined: Mon Nov 14, 2011 6:09 am

Re: Fx extension PDFreader - config advice?

Post by NickP »

I have to agree with Tom T. on this one. Both from the security & necessity standpoint. DJB's paper on why Qmail was nearly bug-free after so many years puts plenty of weight on two points: reduce total amount of code & reduce trusted code. The more code, the more problems. Trusted code is code that is in the trusted computing base (e.g. can violate security policy).

Everything in kernel mode, all key underlying OS code, and [in Firefox's case] the browser itself make up the trusted computing base for anything running in a browser. The problem? That's a TON of trusted code & even the mighty FOSS label hasn't stopped FF from having a corresponding TON of bugs and vulnerabilities over the years. The principles outlined by Saltzer & Schroeder, along with the people who practically invented secure software engineering, emphasize very minimal TCB, non-bypassability of security mechanisms, code written in a verifiable way, and managing of covert information flows.

Unlike IEProtectedMode & Chrome, Firefox is quite overprivileged & a system is unlikely to survive a Firefox compromise. There's also a certain amount of trust & access that happens between it & its extensions. If we do PDF's in the browser, we must worry about: the PDF reader; the whole browser codebase; underlying large platform. If we use a PDF reader outside the browser, we must worry about: the PDF reader; the minimal interaction it has with the browser; the underlying platform. We get the additional benefit that the PDF reader can be isolated with minimal privileges, meaning it can be untrusted (or less trusted). Heck, with a hypervisor or microkernel, you could run it in its own tiny VM/runtime & all the user-facing bloatware in another w/out the user even knowing. (Some products & security schemes do exactly that.)

Some basic princples, in short, are principle of least privilege for any process, minimal code = minimal bugs, minimal trusted code = minimal "exploitable" bugs, make the system modular with protected interfaces, avoid complex code constructs where possible, & minimize covert channels of information or control. Following these mantra, Foxit integrated with Firefox+NoScript, one or both apps sandboxed, is a much safer bet than Firefox w/ PDF Reader & user's privilege level.

Another thing I like about Foxit, in particular, is its quality. It has all the important PDF features, great integration, and yet it is very fast & lean. Plenty of features, yet without size bloat or performance hit, indicates they are carefully engineering their software. They are taking the Toyota approach to the PDF market: win by quality. If you don't trust their source, deprivilege or sandbox them. In any case, OSS benefits security but doesn't equal better security: a friend pointed out to me that OpenOffice has an entire game hidden in it that most of its users (and some developers) neither knew about, nor wanted. OSS denotes potential, not actual quality.

I'd also note the most secure OS's ever designed were (and still are) proprietary & passed 2-5 years of NSA's best pentesting. Linux and Windows, along with apps they were running, are certified to EAL4: "protects against casual or inadvertent attempts to breach system security," not "attacks by hostile, sophisticated or well-funded attackers." (EAL6-7 territory) Shapiro paraphrased it nicely: "Don't hook this to the Internet, don't run email, don't install software unless you can 100% trust the developer, and if anybody who works for you turns out to be out to get you, you are toast."

So, you're asking if, from a security standpoint, it's smart to put an EAL1-3 quality feature in a very privilged, EAL3-4 quality browser running on an EAL4 quality OS? Instead of isolating that functionality in a deprivileged process directly on the OS, integrated with a sandboxed browser? I'd go with Option B if I were the average user who wanted the right mix of usability, performance, and security.

Nick P
of schneier.com fame
Mozilla/5.0 (Ubuntu; X11; Linux i686; rv:10.0a1) Gecko/20111106 Firefox/10.0a1
saywot
Junior Member
Posts: 20
Joined: Wed Aug 03, 2011 4:36 am

Re: Fx extension PDFreader - config advice?

Post by saywot »

While it's great to see all this serious advice about general security, I don't quite understand why the thread is still getting hijacked away from Web stuff - particularly because the work I want to put in on Firefox is to help make this highly privileged browser even more privileged and secure on the platform that really matters these days - the Web. I want as much control of content as is possible while I'm out there in web land. Giorgio has a post on this from way back in 2008 and it seems that it's taking such a long time for security mavens to acknowledge that the Web is *the* platform these days, not the OS.
http://hackademix.net/2008/01/12/malware-20-is-now/
2 quotes from that article:
“old school” belief that only local execution and privilege escalation are severe threats
And if today’s malware mostly runs on Windows because it’s the commonest executable platform, tomorrow’s will likely run on the Web, for the very same reason. Because, like it or not, Web is already a huge executable platform, and we should start thinking at it this way, from a security perspective.
HTML5 and scripting makes the Web deliciously enticing for real-time exploitation of browsers.

Anyone feel like arguing to the point and not away from it - namely that a third-party closed-source library running in Firefox is getting much more unsupervised leeway on the platform in question, the Web, than would an open-source extension of Firefox whose code is getting oversight from those most familiar with the guts of Firefox?
The pdf project by the way is rattling along very nicely and I'm very pleased to be supporting this kind of work in my very privileged browser.
NS AMO Beta channel subscription.
Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Fx extension PDFreader - config advice?

Post by Tom T. »

saywot wrote:While it's great to see all this serious advice about general security, I don't quite understand why the thread is still getting hijacked away from Web stuff
Because the Web stuff in question is unnecessary and dangerous, and this forum is security-oriented?

I'd be very careful in pitting your knowledge of security against NickP's, who once designed his own high-security browser. Can you do that? If so, it's a better use of your time than weakening existing ones. ;)
saywot wrote: particularly because the work I want to put in on Firefox is to help make this highly privileged browser even more privileged and secure
That's an oxymoron. (meaning, you just contradicted yourself). More privilege = less security, *always". Did you even *read* NickP's post, esp. the part about
NickP wrote:Some basic principles, in short, are principle of least privilege for any process,
... a principle that dates back practically to the beginning of computers, and is widely known by all security people, though ignored by many developers. Too bad they don't teach it in the CSci School or wherever you learned your programming. :evil:

Do you even know the meaning of the word "privilege" in the context of IT security? This quote and others tend to indicate you do not. Does "TCB" mean anything to you, other than an organic chemical or Elvis Presley's band?
saywot wrote:on the platform that really matters these days - the Web
To security-minded people, the platform that matters is the OS. (and even BIOS) They lock down their systems, and avoid running Web apps, as much as possible. OTOH, many developers seem to think that getting their name on a project, or claiming a longer list of "features", trumps security. Thus endangering the 99% of the user population that doesn't know any better.
it seems that it's taking such a long time for security mavens to acknowledge that the Web is *the* platform these days, not the OS.
STDs are extremely common these days. "An estimated 340 million new cases of syphilis, gonorrhea, chlamydia and trichomoniasis occurred throughout the world in 1999..." probably much higher rate today ... "At least one in four U.S. teenage girls has a sexually transmitted disease;... Among girls who admitted ever having sex, the rate was 40%". ... and yet, I still take every precaution to avoid them, no matter how common they are. ("Internet condom" -- "safe hex" -- lots of good puns around.)

Perhaps the "security mavens" were trying to *resist* the trend, rather than refuse to acknowledge it.
Giorgio Maone wrote:]And if today’s malware mostly runs on Windows because it’s the commonest executable platform, tomorrow’s will likely run on the Web, for the very same reason. Because, like it or not, Web is already a huge executable platform, and we should start thinking at it this way, from a security perspective.
The US Government requires all passenger cars sold in the US to have seat belts for all passengers, and shoulder harnesses for driver and front-seat passenger. State laws make it illegal not to use them, because many people are too stupid or foolhardy to protect themselves.

Giorgio is trying to keep users as safe as possible. Should he refuse to add protection against these Web-based exes, out of principle that they should not exist or people should not use them? Or should he do the best he can to mitigate dangers? (default-deny scripting, block Flash, Java, Silverlight, WebGL, etc.)
HTML5 and scripting makes the Web deliciously enticing for real-time exploitation of browsers.
And you want to add another enticement with the PDF add-on. While Giorgio offers script-blocking and the blocking of some of these enticing "features", like <audio>/<video> tags.
saywot wrote:Anyone feel like arguing to the point and not away from it - namely that a third-party closed-source library running in Firefox is getting much more unsupervised leeway on the platform in question, the Web, than would an open-source extension of Firefox whose code is getting oversight from those most familiar with the guts of Firefox?
Has that open-source oversight made Firefox, or any OSS operating system, for that matter, immune from critical, exploitable vulns?

Did you do as suggested before, and look at Foxit's security features and their list of security bulletins compared to Adobe's? Search results:
Adobe: "Results 1 - 20 of about 4250". Four thousand two hundred fifty vs. eleven (11) in the past three years for Foxit. Q.E.D.

Anyone can argue in your favor, so long as they wear the same rose-colored glasses. :roll:
saywot wrote:The pdf project by the way is rattling along very nicely and I'm very pleased to be supporting this kind of work in my very privileged browser.
I hope you'll be equally pleased as vulns are found in it and users get infected or pwned.

GL on your project, but I'm going to pass on installing it, thanks, and will recommend the same to anyone who asks.
Last edited by Tom T. on Sun Nov 27, 2011 1:23 am, edited 1 time in total.
Reason: typo
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.24) Gecko/20111103 Firefox/3.6.24
saywot
Junior Member
Posts: 20
Joined: Wed Aug 03, 2011 4:36 am

Re: Fx extension PDFreader - config advice?

Post by saywot »

Wow.
Moderator-as-troll-and-sock-puppeteer? - that's a new one on me.
Think I'll pass on any more "dialogue", thanks all the same.
NS AMO Beta channel subscription.
Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Fx extension PDFreader - config advice?

Post by Tom T. »

saywot wrote:Wow.
Moderator-as-troll-and-sock-puppeteer? - that's a new one on me.
Think I'll pass on any more "dialogue", thanks all the same.
Same here, on the dialogue.
Developer who isn't even aware of the Principle of least privilege? - that's a new one on me, even though many ignore it.
Citing facts is not "trolling".
Consulting a source who has spent a lifetime working on high-assurance (high-security) hardware and software for clients he isn't even allowed to name is not sock-puppetry, even if his opinions support mine.
If you are truly accusing me of making up the identity of "NickP", just come out and say so. Then search the web, and especially world-class cryptographer Bruce Schneier's blog, for comments by "NickP". Then you can apologize for that accusation or not, as you wish.

But don't think that denying facts makes them not true. And don't shoot the messenger for stating the truth.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.24) Gecko/20111103 Firefox/3.6.24
Post Reply