search

ungoogled-software / ungoogled-chromium

Google Chromium, sans integration with Google
BSD 3-Clause "New" or "Revised" License
19.79k stars 806 forks source link

DNS-lookup(and https connect) of single-word searches done in omnibar is happening #814

Open ghost opened 4 years ago

ghost commented 4 years ago

Describe the bug single-word searches from omnibox are being DNS looked up

To Reproduce Steps to reproduce the behavior:

  1. make sure to move out your current/old profile(while the browser is closed, obviously), so that on next browser startup a new one will be created
  2. place the following policies file in /etc/chromium/policies/managed/policies.json (and make sure no other files are in /etc/chromium/policies/managed/ dir, or they can overwrite policies, I think) (I'm on ArchLinux) (note: this step should be optional if you can disable all relevant options from Settings manually) (each policy is explained here, or seen in chrome://policy and the url that looks like https://ch40m1um.qjz9zk/administrators/policy-list-3#AbusiveExperienceInterventionEnforce would in reality need to be https://www.chromium.org/administrators/policy-list-3#AbusiveExperienceInterventionEnforce)
```json { "SSLVersionMin": "tls1.2", "NativeMessagingUserLevelHosts": false, "NativeMessagingBlacklist": [ "*" ], "DefaultCookiesSetting": 4, "DefaultImagesSetting": 1, "DefaultJavaScriptSetting": 1, "DefaultPluginsSetting": 2, "DefaultPopupsSetting": 2, "DefaultNotificationsSetting": 2, "DefaultGeolocationSetting": 2, "DefaultWebBluetoothGuardSetting": 2, "DefaultWebUsbGuardSetting": 2, "CookiesSessionOnlyForUrls": [ "[*.]protonmail.com", "[*.]protonmail.ch" ], "DefaultSearchProviderEnabled": true, "DefaultSearchProviderName": "ddg", "DefaultSearchProviderSearchURL": "https://duckduckgo.com/?q={searchTerms}", "DefaultSearchProviderKeyword": "ddg", "ExtensionInstallBlacklist": [ "mhjfbmdgcfjbbpaeojofohoefgiehjai" ], "ExtensionInstallForcelist": [ "dcdgednjjolocbomjlgdpipdcbojhili;/home/user/build/2nonpkgs/browser.stuff/chromium.stuff/uBO-Extra/", "kfdplnkefedajkeljlimidjpnnfjiipd;/home/user/build/2nonpkgs/browser.stuff/both/uMatrix/uMatrix/dist/build/uMatrix.chromium/", "jmpgadnbdoeolhpodiboiphhlmbghkfo;/home/user/build/2nonpkgs/browser.stuff/chromium.stuff/hsts-hacky", "ncpljnfcopgfchnkbfcfdhngnfnmojgb;/home/user/build/2nonpkgs/browser.stuff/chromium.stuff/sloth", "ffmdfgaeibjbkmimnkdmmbcmcmoifmop;/home/user/build/2nonpkgs/browser.stuff/both/uBlock/uBlock/dist/build/uBlock0.chromium", "jfjgpeegpokkphcelgamjeeichpoonbc;/home/user/build/2nonpkgs/browser.stuff/chromium.stuff/videospeed" ], "ExtensionAllowInsecureUpdates": false, "EnableMediaRouter": false, "ShowCastIconInToolbar": false, "AuthSchemes": "basic", "DisableAuthNegotiateCnameLookup": true, "EnableAuthNegotiatePort": false, "AllowCrossOriginAuthPrompt": false, "NtlmV2Enabled": false, "AlternativeBrowserPath": "/home/user/bin/fox", "BrowserSwitcherEnabled": true, "BrowserSwitcherKeepLastChromeTab": true, "BrowserSwitcherUrlList": [ "!mail.protonmail.com", "protonvpn.com" ], "BrowserSwitcherUrlGreylist": [ "protonmail.com", "mail.protonmail.com" ], "PasswordManagerEnabled": false, "PrintingEnabled": false, "CloudPrintProxyEnabled": false, "CloudPrintSubmitEnabled": false, "DisablePrintPreview": true, "PrintPreviewUseSystemDefaultPrinter": false, "RemoteAccessHostClientDomainList": [ "so-basically-no-one.blah" ], "RemoteAccessHostFirewallTraversal": false, "RemoteAccessHostDomainList": [ "so-basically-no-one.blah" ], "RemoteAccessHostTalkGadgetPrefix": "RemoteAccessHostTalkGadgetPrefix.hostdisabled", "RemoteAccessHostRequireCurtain": true, "RemoteAccessHostAllowClientPairing": false, "RemoteAccessHostAllowGnubbyAuth": false, "RemoteAccessHostAllowRelayedConnection": false, "RemoteAccessHostUdpPortRange": "12400-12401", "RemoteAccessHostMatchUsername": true, "RemoteAccessHostTokenValidationCertificateIssuer": "invalid cert auth so no one can connect", "RemoteAccessHostAllowFileTransfer": false, "SafeBrowsingEnabled": false, "SafeBrowsingExtendedReportingEnabled": false, "PasswordProtectionWarningTrigger": 0, "ShowHomeButton": true, "HomepageLocation": "about:blank", "HomepageIsNewTabPage": false, "NewTabPageLocation": "about:blank", "RestoreOnStartup": 1, "AbusiveExperienceInterventionEnforce": true, "AdsSettingForIntrusiveAdsSites": 2, "AllowDeletingBrowserHistory": true, "AllowDinosaurEasterEgg": false, "AllowFileSelectionDialogs": true, "AllowOutdatedPlugins": false, "AllowPopupsDuringPageUnload": false, "AlternateErrorPagesEnabled": false, "AlwaysOpenPdfExternally": true, "AudioCaptureAllowed": false, "AudioCaptureAllowedUrls": [], "AutofillAddressEnabled": false, "AutofillCreditCardEnabled": false, "AutoplayAllowed": true, "AutoplayWhitelist": [ "[*.]youtube.com", "[*.]googlevideo.com" ], "BackgroundModeEnabled": false, "BlockThirdPartyCookies": false, "BookmarkBarEnabled": true, "BrowserAddPersonEnabled": true, "BrowserGuestModeEnabled": false, "BrowserGuestModeEnforced": false, "BrowserNetworkTimeQueriesEnabled": false, "BrowserSignin": 0, "BuiltInDnsClientEnabled": false, "CloudManagementEnrollmentMandatory": false, "CloudPolicyOverridesPlatformPolicy": false, "CommandLineFlagSecurityWarningsEnabled": true, "ComponentUpdatesEnabled": false, "DefaultBrowserSettingEnabled": false, "DefaultDownloadDirectory": "/home/user/Downloads/", "DownloadDirectory": "/home/user/Downloads/", "DeveloperToolsAvailability": 1, "Disable3DAPIs": true, "DisableSafeBrowsingProceedAnyway": true, "DisableScreenshots": true, "DiskCacheDir": "/tmp/chromiumcache/", "DownloadRestrictions": 0, "EditBookmarksEnabled": true, "EnableOnlineRevocationChecks": false, "EnterpriseHardwarePlatformAPIEnabled": false, "ForceEphemeralProfiles": false, "ForceGoogleSafeSearch": false, "ForceYouTubeRestrict": 0, "FullscreenAllowed": true, "HardwareAccelerationModeEnabled": false, "HideWebStoreIcon": true, "ImportAutofillFormData": false, "ImportBookmarks": false, "ImportHistory": false, "ImportHomepage": false, "ImportSavedPasswords": false, "ImportSearchEngine": false, "IncognitoModeAvailability": 0, "IsolateOrigins": "https://protonmail.com/,https://protonmail.ch,https://github.com/", "MaxConnectionsPerProxy": 32, "MediaRouterCastAllowAllIPs": false, "MetricsReportingEnabled": false, "NetworkPredictionOptions": 2, "PromotionalTabsEnabled": false, "PromptForDownloadLocation": false, "ProxyMode": "direct", "ProxySettings": { "ProxyMode": "direct" }, "QuicAllowed": false, "RelaunchNotification": 2, "RequireOnlineRevocationChecksForLocalAnchors": false, "RunAllFlashInAllowMode": false, "SSLErrorOverrideAllowed": true, "SafeSitesFilterBehavior": 0, "SavingBrowserHistoryDisabled": false, "SearchSuggestEnabled": false, "ShowAppsShortcutInBookmarkBar": false, "SignedHTTPExchangeEnabled": false, "SitePerProcess": true, "SpellCheckServiceEnabled": false, "SpellcheckEnabled": true, "SpellcheckLanguage": [ "en-US" ], "SuppressUnsupportedOSWarning": false, "SyncDisabled": true, "TaskManagerEndProcessEnabled": true, "TranslateEnabled": false, "UrlKeyedAnonymizedDataCollectionEnabled": false, "UserFeedbackAllowed": false, "VideoCaptureAllowed": false, "WPADQuickCheckEnabled": false, "WebDriverOverridesIncompatiblePolicies": false, "WebRtcEventLogCollectionAllowed": false, "WebRtcUdpPortRange": "10000-10001" } ```
  1. start browser
  2. focus omnibar (Alt+d or Ctrl+L)
  3. type more than one word to search for, then press Enter
  4. no DNS lookups using the entered words; so far so good.
  5. do step 4
  6. type only one word (ie. no spaces), then press Enter
  7. observe how it tried to DNS lookup that word using gethostbyname2_r (that's REENTRANT_NAME (as per glibc64:../sysdeps/posix/getaddrinfo.c:2201/getaddrinfo)

Expected behavior no DNS lookups, because all the settings for predicting stuff and preloading and what not are off (due to policies).

Screenshots If applicable, add screenshots to help explain your problem.

Environment (please complete the following information):

Additional context I'm actually not using any DNS servers (ie. /etc/resolv.conf doesn't have a nameserver 1.1.1.1 entry for example), so every host is already present in /etc/hosts instead. I'm catching the DNS lookups by having patched glibc, however for anyone using DNS servers, I think tcpdump or wireshark should help to notice this! also chrome://net-export/

I also have a bunch of extensions like uBlock Origin and uMatrix(with all blocked by default, whitelisting only what's needed), and some sites manage to sneak other DNS lookups when loaded, bypassing at least uBlock and I'm guessing if the DNS lookups wouldn't fail they would also actually load that content! But this should be a different issue.

ghost commented 4 years ago
unsure if `~/.config/chromium-flags.conf` has any effect(on this issue), but here are its contents: (click me) ```conf # 25 feb 2016, changing flags here, has no effect seeing them inside chrome://flags which is maybe odd?! regardless of clearing ~/.config/chromium/ dir or not. # See them with chrome://version # # Default settings for chromium. This file is sourced by /bin/bash from # the chromium launcher. # Options to pass to chromium. #CHROMIUM_FLAGS="" # https://code.google.com/p/chromium/codesearch#chromium/src/chrome/common/chrome_switches.cc&q=kDisableBackgroundNetworking&sq=package:chromium&type=cs&l=227 --enable-one-copy #^ is this even valid?! can't find it in chrome://flags --disable-zero-copy #--enable-zero-copy #XXX: if the screen is black then change --enable-one-copy to --disable-one-copy #--disable-zero-copy might need to be --enable on bare metal (non virtualbox) #--flag-switches-begin --flag-switches-end These two flags are added around the switches about:flags adds to the command line. This is useful to see which switches were added by about:flags on about:version. They don't have any effect. #src: http://peter.sh/experiments/chromium-command-line-switches/ --disk-cache-dir=/tmp/chromiumcache #to disable cache: #--disk-cache-dir=/dev/null --disable-sync-preferences --disable-plugins --cipher-suite-blacklist=0x0001,0x0002,0x0004,0x0005,0x0017,0x0018,0xc002,0xc007,0xc00c,0xc011,0xc016,0xff80,0xff81,0xff82,0xff83 --disable-component-extensions-with-background-pages --disable-background-networking --disable-webgl --disable-internal-flash --disable-bundled-ppapi-flash --disable-flash-3d --disable-flash-stage3d #^ src: content/public/common/content_switches.cc --disable-default-apps --ssl-version-min=tls1 #^ overriden by SSLVersionMin in /etc/chromium/policies/managed/policies.json --disallow-autofill-sync-credential --disable-device-discovery-notifications --disable-media-source --disable-ntp-other-sessions-menu --disable-prefixed-encrypted-media --disable-touch-adjustment --disable-views-rect-based-targeting --disable-account-consistency --enable-async-dns --enable-deferred-image-decoding --enable-download-resumption --enable-drop-sync-credential --disable-material-design-ntp --disable-new-avatar-menu --disable-new-profile-management --enable-offline-auto-reload-visible-only --disable-offline-auto-reload #--enable-offline-load-stale-cache #^ obsolete due to renamed, apparently, to: #--show-saved-copy=disable --show-saved-copy=primary #primary,secondary,disable --enable-panels --disable-password-generation --enable-permissions-bubbles --disable-extensions-on-chrome-urls --disable-pinch-virtual-viewport --disable-pinch --disable-save-password-bubble --enable-session-crashed-bubble --disable-settings-window #orig: #--use-simple-cache-backend=off #temp: #--use-simple-cache-backend=on # chrome://flags seen as: #enable-simple-cache-backend # XXX: not setting on/off, allowing a default #--enable-smooth-scrolling --disable-smooth-scrolling #^ disabled for tests on minds.com (eg. maybe it's faster?) --disable-sync-app-list --disable-sync-synced-notifications --disable-touch-editing --enable-web-based-signin #// Cause the OS X sandbox write to syslog every time an access to a resource #// is denied by the sandbox. --enable-sandbox-logging --log-gpu-control-list-decisions --log-level=2 #// Sets the minimum log level. Valid values are from 0 to 3: #// INFO = 0, WARNING = 1, LOG_ERROR = 2, LOG_FATAL = 3. #shows javascript console on console:)) if ==0 --enable-logging --enable-logging=stderr #see content/public/common/content_switches.cc --enable-harfbuzz-rendertext --enable-impl-side-painting --enable-lcd-text #^ will render with RGB subpixel, unless overridden by X I suppose. #--disable-lcd-text #^ will render with gray subpixel #Without setting these 3 (but untested yet!) the first time chromium gets started (eg. --user-data-dir=/tmp/$RANDOM ) blacklist entries do not get applied(even tho chrome://gpu reports them as such!); only subsequent times the entries do get blacklisted; https://bugs.chromium.org/p/chromium/issues/detail?id=718630 #--gpu-testing-gl-vendor="X.Org" #--gpu-testing-gl-renderer="Gallium 0.4 on AMD SUMO (DRM 2.50.0 / 4.12.0-rc1-g2ea659a9ef48, LLVM 4.0.0)" #--gpu-testing-gl-version="3.3 (Core Profile) Mesa 17.0.5" #^ from gpu/config/gpu_switches.cc #XXX: untested! --enable-native-gpu-memory-buffers #--disable-native-gpu-memory-buffers #XXX: disable these if system locks up, they used to be disabled! #They still show up(in a list) as being software only! in chrome://gpu at the end of page under GpuMemoryBuffers Status #// Disable async GL worker context. #--enable-gpu-async-worker-context #--enable-low-res-tiling --ui-prioritize-in-gpu-process --canvas-msaa-sample-count=0 #// The number of MSAA samples for canvas2D. Requires MSAA support by GPU to #// have an effect. 0 disables MSAA. --gpu-rasterization-msaa-sample-count=0 #// The number of multisample antialiasing samples for GPU rasterization. #// Requires MSAA support on GPU to have an effect. 0 disables MSAA. #^ none of these 2 (when == 0) affects the value of 8 for chrome://gpu Max. MSAA samples --disable-accelerated-video-decode #^ src content/public/common/content_switches.cc #this is already disabled by default --enable-gpu-compositing #--disable-gpu-compositing #^ this will stop the mouse cursor blinking with caret updates! (happens when mouse hovers on links, only with Mesa) #^ also stops this issue from happening(blank white+black pages, black drop down lists): https://bugs.chromium.org/p/chromium/issues/detail?id=718630#c14 --enable-gpu-vsync #^ no effect unless --enable-gpu-compositing ! #// Disable proactive early init of GPU process. --disable-gpu-early-init #// Specify that all compositor resources should be backed by GPU memory buffers. #--enable-gpu-memory-buffer-compositor-resources #^XXX: black scrollbar in chrome://gpu when enabled! and lots of: [9874:9874:0514/100826.808570:ERROR:gles2_cmd_decoder.cc(2518)] : [.RenderCompositor-0x23230333da20]GL ERROR :GL_INVALID_OPERATION : GLES2DecoderImpl::DoBindTexImage2DCHROMIUM: <- error from previous GL command --disable-gpu-memory-buffer-compositor-resources #^ // Do not force that all compositor resources be backed by GPU memory buffers. #--disable-gpu-memory-buffer-video-frames #// Disable GpuMemoryBuffer backed VideoFrames. --enable-gpu-memory-buffer-video-frames #// Enable GpuMemoryBuffer backed VideoFrames. --num-raster-threads=4 --force-gpu-rasterization --enable-accelerated-2d-canvas #--disable-accelerated-2d-canvas #--use-gl=swiftshader #^ default when running these kind of binaries: https://www.googleapis.com/download/storage/v1/b/chromium-browser-snapshots/o/Linux_x64%2F469394%2Fchrome-linux.zip?alt=media #^ that also doesn't make the mouse cursor blink when keyboard caret blinks! #--use-gl=angle # ^ fail, it's libGLESv2.so #--use-gl=angle #--use-gl=egl #^ same as 'desktop' #see: vim ui/gl/gl_switches.cc +14 in $HOME/build/1packages/chro/4_chromium-dev-git/fetch_gclient_base/checkout_root/src --use-gl=desktop #^ '--use-gl=desktop' that is the default(on my builtbydaddy chromium!) when not specified, unless you download chromium binary from https://www.googleapis.com/download/storage/v1/b/chromium-browser-snapshots/o/Linux_x64%2F469394%2Fchrome-linux.zip?alt=media THEN it's swiftshader and can't be gpu accelerated!(and thus mouse cursor doesn't blink with the keyboard caret!) --disable-origin-chip --disable-overlay-scrollbar --remember-cert-error-decisions=-1 --enable-search-button-in-omnibox-always --disable-spelling-auto-correct --tab-capture-downscale-quality=fast --tab-capture-upscale-quality=fast --touch-events=disabled --wallet-service-use-sandbox=0 --show-component-extension-options --disable-hyperlink-auditing #^ apparently that --disable-hyperlink-auditing became --no-pings ? I could be wrong! --no-pings --enable-vertical-tabs --disable-audio-support-for-desktop-share --disable-nostate-prefetch --disable-es3-apis #04 may 2017, realized each arg can be in one line, as opposed to all in one line #18 apr 2017, removed: --disable-gpu so that I have vsync, but I expect system lockups... sadly; also removed --disable-gpu-rasterization or else pages wouldn't show. (added: --enable-gpu-rasterization ); 04 may 2017: no lockups just lots of mouse cursor blinking when paint happens(eg. keyboard caret blinking) see: https://bugs.chromium.org/p/chromium/issues/detail?id=718630 #20 feb 2017, added: --disable-features=NoStatePrefetch #07 july 2016, removed --disable-gpu yep no more OS crashes since then btw(almost 1 year later)!//we'll see if OS crashes! put it back if it does! because it certainly doesn't crash with it! --- grrr added back because chrome://anything are just white !!11 like chrome://plugins chrome://flags #the following are removed from above: #--enable-lcd-text-aa --ignore-gpu-blacklist #the following are changed(toggled) from above, here's what they were originally: #--disable-quic #//gotfixed!: ^re-disabling until this is fixed: https://bugs.chromium.org/p/chromium/issues/detail?id=733196#c11 --enable-quic # # --show-cert-link #--disable-capture-thumbnail-on-navigating-away #--disable-delay-reload-stop-button-change #^these may not work like this, but instead only inside the --disable-features= --enable-async-image-decoding --enable-checker-imaging #^is added when async image decoding is Enabled in chrome://flags --disable-module-scripts --disable-picture-in-picture --disable-heap-profiling --disable-md-feedback --disable-webvr --enable-threaded-scrolling --disable-cast-streaming-hw-encoding --disable-webgl-draft-extensions --disable-spelling-feedback-field-trial --disable-navigation-tracing --disable-javascript-harmony --disable-fast-unload --disable-experimental-canvas-features #--extensions-on-chrome-urls=disabled #seems to think it's enabled anyways --data-reduction-proxy-lo-fi=disabled --disable-offer-upload-credit-cards --enable-clear-browsing-data-counters --enable-display-list-2d-canvas --disable-es3-apis --disable-input-ime-api --disable-offer-store-unmasked-wallet-cards --disable-password-generation #XXX: ^ see IsPasswordGenerationEnabled in file: components/autofill/core/common/password_generation_util.cc currently patched to always be false! --disable-push-api-background-mode --site-per-process #^ yes, that is this chrome://flags/#enable-site-per-process (and it doesn't need the enable prefix!) - "Chrome users are advised to turn on site isolation, which can help prevent a site from stealing data from another site. " src: https://blog.barkly.com/meltdown-spectre-patches-list-windows-update-help --enable-site-settings #^ https://cs.chromium.org/chromium/src/chrome/browser/ui/page_info/page_info.cc?l=157&rcl=e7ed96a3b921d9780929d297d501cf16ed74f8dc --force-text-direction=ltr --force-ui-direction=ltr --enable-lcd-text --load-media-router-component-extension=0 --mark-non-secure-as=non-secure --reduced-referrer-granularity --secondary-ui-md --top-chrome-md=material --touch-events=disabled --wallet-service-use-sandbox=0 --enable-features=BackgroundVideoTrackOptimization,ExpensiveBackgroundTimerThrottling,FetchKeepaliveTimeoutSetting,FramebustingNeedsSameOriginOrUserGesture,HttpFormWarning,IdleTimeSpellChecking,MaterialDesignExtensions,MemoryAblation,NewAudioRenderingMixingStrategy,OffMainThreadFetch,SiteDetails,VibrateRequiresUserGesture,top-document-isolation --disable-features=NoStatePrefetch,CaptureThumbnailOnNavigatingAway,AccountConsistency,CaptureThumbnailOnLoadFinished,ClientLoFi,EnableUsernameCorrection,ExperimentalKeyboardLockUI,FeaturePolicy,GamepadExtensions,GenericSensor,IPH_DemoMode,ImageCaptureAPI,MaterialDesignIncognitoNTP,MediaRemoting,MidiManagerDynamicInstantiation,NewRemotePlaybackPipeline,OmniboxSpeculativeServiceWorkerStartOnQueryInput,OneGoogleBarOnLocalNtp,SafeSearchUrlReporting,ServiceWorkerNavigationPreload,SharedArrayBuffer,SpeculativeResourcePrefetching,TranslateLanguageByULP,TranslateUI2016Q2,UseGoogleLocalNtp,UseSuggestionsEvenIfFew,WebPayments,WebPaymentsModifiers,WebUSB,affiliation-based-matching,enable-manual-password-generation,enable-password-force-saving #XXX on 24.dec.2017 Removed AsmJsToWebAssembly,WebAssembly,WebAssemblyStreaming from --disable-features above #SharedArrayBuffer was already disabled, as seen on: https://github.com/speed47/spectre-meltdown-checker/issues/133#issuecomment-375965840 was also already enabled --site-per-process somewhere in this file (search for it) #it's only for memory dumps (from a profiler) --disable-memory-coordinator --disable-webfonts-intervention-trigger #^ https://stackoverflow.com/questions/40143098/why-does-this-slow-network-detected-log-appear-in-chrome --disable-speech-api #^ speech recognition --disable-speech-dispatcher #^ Allows sending text-to-speech requests to speech-dispatcher, a common Linux speech service. Because it's buggy, the user must explicitly enable it so that visiting a random webpage can't cause instability. --disable-component-update #^ see RegisterComponentsForUpdate() in chrome/browser/chrome_browser_main.cc #^ that also disables updating/downloading (and even just loading from disk) of the CRLSet ! CRLSets (background) are primarily a means by which Chrome can quickly block certificates in emergency situations. As a secondary function they can also contain some number of non-emergency revocations. These latter revocations are obtained by crawling CRLs published by CAs --disable-domain-reliability #^ Disables Domain Reliability Monitoring. --component-updater=url-source=https://localhost #^ otherwise it's this: kUpdaterDefaultUrl[] = "https://clients2.google.com/service/update2"; https://cs.chromium.org/chromium/src/components/component_updater/component_updater_url_constants.cc?l=17&rcl=d6c6e08aad8b026aa0c4b5cf4219e52e3bf1d2ab --vmodule=device_event_log*=1 #^ All events can be logged to the main chrome log using vlog. src: components/device_event_log/README.md #XXX can only have one: #--v8-cache-options=parse --v8-cache-options=code #Caching mode for the V8 JavaScript engine. #none = none #parse = Cache V8 parser data. #code = Cache V8 compiler data. #https://cs.chromium.org/chromium/src/chrome/browser/about_flags.cc?l=569-576&rcl=889aca57994d3d398e588e5d2b0f3a75af52e8c5 #actually can only choose one! as seen by chrome://flags/#v8-cache-options #Asm.js and WebAssembly are two experimental programming languages, which aim to improve the processes undertaken by JavaScript. #Enabling this flag identifies references to Asm and implements through WebAssembly, which is newer and theoretically faster. #This change will not affect all websites that you visit, but you will have a faster Chrome on specific pages that incorporate these new technologies. #XXX: temporarily set to disabled, on 16 may 2018 (since not using protonmail! Use `~/bin/chro3 proton` to auto-enable asmjs for protonmail 01April2019): --disable-asm-webassembly --js-flags=--noexpose_wasm #^ from https://github.com/stevespringett/disable-webassembly#disabling-guidance #this one ^ also has no effect anymore! actually, unsure! because this conclusion was based on protonmail login still working but it works due to asmjs instead! #XXX: original value: #--enable-asm-webassembly #ok ^ this should always be true, or else protonmail login will take 40 sec instead of 1.2sec (note: has no effecct on the slow hashing speed of virustotal, when using my modified/compiled chromium) #added 30 june 2018: --disable-features=AsmJsToWebAssembly #^ XXX: comment out this when you set --enable-asm-webassembly back! #i was wrong://nvmXXX: WAIT!!! passing this enabled all 3!! and the subsequent --disable-features=WebAssembly,WebAssemblyStreaming WILL NOT disable the 2!!! to test, type WebAssembly in devtools (aka ctrl+shift+j) and notice the two extra things when using this: (nope they aren't there anymore! therefore i was wrong! since I cannot reproduce it) #--enable-webassembly #--enable-webassembly-streaming #^ unsure about this last one; but all were disabled until now as --disable-features=AsmJsToWebAssembly,WebAssembly,WebAssemblyStreaming #I don't have webgl, but this would work: https://webassembly.org/demo/ #--disable-features=AsmJsToWebAssembly,WebAssembly,WebAssemblyStreaming #^XXX: so, this is why protonmail login was taking 40+ seconds (twice, because they try a fallback) instead of 1.2sec !!! yeah this line works, tested! #--disable-features=AsmJsToWebAssembly #XXX: actually this ^ is the only one that if disabled, protonmail login takes 40+ sec! but if only --disable-features=WebAssembly,WebAssemblyStreaming are disabled, then it will still work as 1.2sec!!! --disable-features=WebAssembly,WebAssemblyStreaming #^ maybe I should leave these to their defaults? TODO: if something is slow, we'll do! ONLY if --enable-asm-webassembly was already true AND these are slow, then consider defaults. --disable-features=WebAssembly,WebAssemblyBaseline,WebAssemblyCodeGC,WebAssemblySimd,WebAssemblyThreads #^ no effect; actually, unsure! because this conclusion was based on protonmail login still working but it works due to asmjs instead! # https://en.wikipedia.org/wiki/WebAssembly#Use_by_malware # protonmail works because asmjs is enabled unconditionally on chromium, diff between asmjs and wasm: https://stackoverflow.com/questions/31502563/what-is-the-difference-between-asm-js-and-webassembly/31510156#31510156 #--enable-tcp-fastopen #once is enough --enable-tcp-fastopen #^ what teh, I had this and it was wrong?! it's fast-open now? actually both are used in the sources :) #notvalid: --enable-tcp-fast-open #actually this is only visible as #enable-tcp-fast-open in chrome://flags --enable-experimental-canvas-features #Usually, the browser loads pages in a predetermined, transparent drawing canvas. In essence, it loads all elements of a page, even those non-visible to the user. #by activating the experimental canvas features, Chrome will become faster. #src: https://www.download3k.com/articles/Part-1-2-How-To-Make-Chrome-Faster-By-Configuring-Flags-01904 --disable-databases #kDisableDatabases in content/public/common/content_switches.cc idea from: https://github.com/brave/browser-laptop/commit/1d7cc9418271de6a547534185e9f4c78d6430c9a this avoids https://blade.tencent.com/magellan/index_en.html https://worthdoingbadly.com/sqlitebug/ # #added: #--disable-gpu --enable-vertical-tabs #^ apparently this doesn't exist: --disable-gpu but it's disabled from Settings (hardware acceleration!) # #New stuff (01April2019): --disable-renderer-accessibility #XXX: can manually disable 'Discover USB devices' and 'Discover network targets' in chrome://inspect/#devices #TODO: #chrome://interventions-internals/ #chrome://flags/ # #XXX: more switches in content/public/common/content_switches.cc ```
ghost commented 4 years ago

this patch doesn't fix this issue though.

ghost commented 4 years ago

giving up for now, because I can't find a stacktrace(since it's run on a new thread as a job or something)

...
[1:1:0826/150829.837942:VERBOSE2:thread_state.cc(496)] [state:0x55bc2abbbea0] ScheduleGCIfNeeded
[2014:2062:0826/150829.911135:VERBOSE1:network_delegate.cc(33)] NetworkDelegate::NotifyBeforeURLRequest: https://aaaaaaaaaaaaaaadddddddddddd/
#0 0x55b2cdef9319 [1:1:0826/150829.916033:VERBOSE2:thread_state.cc(496)] [state:0x55bc2abbbea0] ScheduleGCIfNeeded
[1:1:0826/150829.916319:VERBOSE2:thread_state.cc(496)] [state:0x55bc2abbbea0] ScheduleGCIfNeeded
[1:1:0826/150829.916885:VERBOSE2:thread_state.cc(496)] [state:0x55bc2abbbea0] ScheduleGCIfNeeded
[1:1:0826/150829.917185:VERBOSE2:thread_state.cc(496)] [state:0x55bc2abbbea0] ScheduleGCIfNeeded
[1:1:0826/150829.917522:VERBOSE2:thread_state.cc(496)] [state:0x55bc2abbbea0] ScheduleGCIfNeeded
[1:1:0826/150829.919501:VERBOSE2:thread_state.cc(496)] [state:0x55bc2abbbea0] ScheduleGCIfNeeded
base::debug::CollectStackTrace()
[2014:2062:0826/150829.921245:VERBOSE1:network_delegate.cc(33)] NetworkDelegate::NotifyBeforeURLRequest: https://aaaaaaaaaaaaaaadddddddddddd/
#0 0x55b2cdef9319 [1:1:0826/150829.921054:VERBOSE2:thread_state.cc(496)] [state:0x55bc2abbbea0] ScheduleGCIfNeeded
[1:1:0826/150829.923842:VERBOSE2:thread_state.cc(496)] [state:0x55bc2abbbea0] ScheduleGCIfNeeded
base::debug::CollectStackTrace()
...
[1:1:0826/150830.027487:VERBOSE2:thread_state.cc(496)] [state:0x55bc2abbbea0] ScheduleGCIfNeeded
[2014:2062:0826/150830.038800:VERBOSE1:network_delegate.cc(33)] NetworkDelegate::NotifyBeforeURLRequest: https://duckduckgo.com/?q=aaaaaaaaaaaaaaadddddddddddd
#0 0x55b2cdef9319 base::debug::CollectStackTrace()
[2014:2062:0826/150830.048664:VERBOSE1:network_delegate.cc(33)] NetworkDelegate::NotifyBeforeURLRequest: https://duckduckgo.com/?q=aaaaaaaaaaaaaaadddddddddddd
#0 0x55b2cdef9319 base::debug::CollectStackTrace()
[1:1:0826/150830.088164:VERBOSE2:thread_state.cc(442)] [state:0x55bc2abbbea0] ScheduleV8FollowupGCIfNeeded: v8_gc_type=MinorGC
[1:1:0826/150830.106913:VERBOSE2:thread_state.cc(496)] [state:0x55bc2abbbea0] ScheduleGCIfNeeded
[1:1:0826/150830.118527:VERBOSE2:thread_state.cc(496)] [state:0x55bc2abbbea0] ScheduleGCIfNeeded
[1:1:0826/150830.120619:VERBOSE2:thread_state.cc(496)] [state:0x55bc2abbbea0] ScheduleGCIfNeeded
[1:1:0826/150830.153768:VERBOSE2:thread_state.cc(496)] [state:0x55bc2abbbea0] ScheduleGCIfNeeded
[1:1:0826/150830.155511:VERBOSE2:thread_state.cc(496)] [state:0x55bc2abbbea0] ScheduleGCIfNeeded
...

I think there was a way to emulate this behaviour in firefox (not just for single words?) but can't remember exactly how (maybe just disabling search?) // found it

ghost commented 4 years ago

What I've found out so far is that, if the DNS lookup succeeds, then the browser will connect to that keyword hostname. But I've yet to find a way to locally host a https server that shows me what the browser is sending, since the connection is apparently always https (not http!).

some resources: https://stackoverflow.com/questions/16646557/verify-incoming-ssl-using-openssl-s-server https://stackoverflow.com/questions/8169999/how-can-i-create-a-self-signed-cert-for-localhost

ghost commented 4 years ago

ah, yes, to emulate this in Firefox, one needs to about:config browser.fixup.dns_first_for_single_words to true

(but I haven't yet checked if firefox also attempts to https connect, if the DNS succeeds!)

ghost commented 4 years ago

fixed by:

https://github.com/Eloston/ungoogled-chromium/issues/814

it's a HEAD(instead of GET or POST) request for the single-word keyword that you typed(!) in the searchbar/omnibox/omnibar even if it autocompleted to something longer(only what you typed is getting looked up and if successfully connected to and HEAD requested), without any request content, just headers(seen via mitmproxy):
HEAD https://localhostd/
Host:             localhostd
Connection:       keep-alive
Sec-Fetch-Site:   none
User-Agent:       Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36
Accept-Encoding:  gzip, deflate, br
Accept-Language:  en-US,en;q=0.9
No request content (press tab to view response)
ok if pressing 'z' to decode/encode content, getting two more fields:
content-length:    8
content-encoding:  deflate
[decoded deflate] No content

Response(tab) is:
No response (that's from running 'sudo openssl s_server ...')

Detail:
Server Connection:
    Address           127.0.0.1:443
    Resolved Address  127.0.0.1:443
Server Certificate:
    Type         RSA, 2048 bits
    SHA1 digest  24:1F:55:98:62:F6:1D:4F:97:08:34:C4:8E:95:9A:36:FB:57:1D:17
    Valid to     2020-08-30 22:51:12
    Valid from   2019-08-31 22:51:12
    Serial       603546662908072705223238074548540983069975469728
    Subject      CN  localhostd
    Issuer       CN  localhostd
Client Connection:
    Address                 127.0.0.1:50904
    HTTP Version            HTTP/1.1
    TLS Version             TLSv1.3
    Server Name Indication  localhostd
    Cipher Name             TLS_AES_256_GCM_SHA384
    ALPN                    http/1.1
Timing:
    Client conn. established    2019-09-01 00:56:44.382
    Server conn. initiated      2019-09-01 00:56:44.395
    Server conn. TCP handshake  2019-09-01 00:56:44.396
    Server conn. TLS handshake  2019-09-01 00:56:44.417
    Client conn. TLS handshake  2019-09-01 00:56:44.435
    First request byte          2019-09-01 00:56:44.437
    Request complete            2019-09-01 00:56:44.447

(confirmed(via mitmproxy) that this patch gets rid of it)

--- a/chrome/browser/ui/omnibox/chrome_omnibox_navigation_observer.cc   2019-08-26 21:02:08.000000000 +0200
+++ b/chrome/browser/ui/omnibox/chrome_omnibox_navigation_observer.cc   2019-09-01 01:06:51.622685330 +0200
@@ -85,8 +85,8 @@ ChromeOmniboxNavigationObserver::ChromeO
       shortcuts_backend_(ShortcutsBackendFactory::GetForProfile(profile)),
       load_state_(LOAD_NOT_SEEN),
       fetch_state_(FETCH_NOT_COMPLETE) {
-  if (alternate_nav_match_.destination_url.is_valid())
-    CreateLoader(alternate_nav_match_.destination_url);
+//  if (alternate_nav_match_.destination_url.is_valid())
+//    CreateLoader(alternate_nav_match_.destination_url);

   // We need to start by listening to AllSources, since we don't know which tab
   // the navigation might occur in.
@@ -286,7 +286,7 @@ void ChromeOmniboxNavigationObserver::On
   delete this;
 }

-void ChromeOmniboxNavigationObserver::CreateLoader(
+/*void ChromeOmniboxNavigationObserver::CreateLoader(
     const GURL& destination_url) {
   net::NetworkTrafficAnnotationTag traffic_annotation =
       net::DefineNetworkTrafficAnnotation("omnibox_navigation_observer", R"(
@@ -327,4 +327,4 @@ void ChromeOmniboxNavigationObserver::Cr
   loader_->SetAllowHttpErrorResults(true);
   loader_->SetOnRedirectCallback(base::BindRepeating(
       &ChromeOmniboxNavigationObserver::OnURLRedirect, base::Unretained(this)));
-}
+}*/
--- a/chrome/browser/ui/omnibox/chrome_omnibox_navigation_observer.h    2019-08-26 21:02:08.000000000 +0200
+++ b/chrome/browser/ui/omnibox/chrome_omnibox_navigation_observer.h    2019-09-01 01:09:20.710811038 +0200
@@ -126,7 +126,7 @@ class ChromeOmniboxNavigationObserver :

   // Creates a URL loader for |destination_url| and stores it in |loader_|.
   // Does not start the loader.
-  void CreateLoader(const GURL& destination_url);
+  //void CreateLoader(const GURL& destination_url);

   const base::string16 text_;
   const AutocompleteMatch match_;

also note this bug: if what you're typing gets autocompleted(and you see that selected) then pressing Enter only dns looks up what you typed, unless you deselect that by pressing left/right arrows or home/end keys(for example) dnslookup_of_l_instead in this above ^ picture, where l was typed and ocalhostd was autocompleted and remains selected, pressing Enter at this point will only dns lookup l. To cause it to lookup the whole word, just deselect the autocompleted stuff(as already mentioned).

With the above patch though, no dns-lookup and no HEAD connect is attempted! (I'd close this issue (just like I did that one ) but already deleted my OP account, oops; why close? because this patch(and the other one) seem to be out of the scope of ungoogling chromium, but privacy-minded individuals might want to apply both)

ghost commented 4 years ago

unrelated but while here, on the topic of omnibar searching, I might as well mention how annoying it is (to me) that there are only like 6 hints in the omnibar when I type something (those hints/suggestions from my history and bookmarks, as per my modified settings), and so if I want 26 listed things instead, here's the patch that I use(for 76.0.3809.132-1 (or .100-1)):

--- a/components/omnibox/browser/autocomplete_result.cc 2019-08-09 16:47:46.000000000 +0200
+++ b/components/omnibox/browser/autocomplete_result.cc 2019-08-29 10:29:46.066398612 +0200
@@ -45,12 +45,13 @@ struct MatchGURLHash {

 // static
 size_t AutocompleteResult::GetMaxMatches() {
-  constexpr size_t kDefaultMaxAutocompleteMatches = 6;
+  constexpr size_t kDefaultMaxAutocompleteMatches = 26; //was 6, this needs to be double the value of default_max_matches_per_provider from components/omnibox/browser/omnibox_field_trial.cc

-  return base::GetFieldTrialParamByFeatureAsInt(
-      omnibox::kUIExperimentMaxAutocompleteMatches,
-      OmniboxFieldTrial::kUIMaxAutocompleteMatchesParam,
-      kDefaultMaxAutocompleteMatches);
+  return //base::GetFieldTrialParamByFeatureAsInt(
+//      omnibox::kUIExperimentMaxAutocompleteMatches,
+//      OmniboxFieldTrial::kUIMaxAutocompleteMatchesParam,
+      kDefaultMaxAutocompleteMatches//);
+  ;
 }

 AutocompleteResult::AutocompleteResult() {
--- a/components/omnibox/browser/omnibox_field_trial.cc 2019-08-09 16:47:46.000000000 +0200
+++ b/components/omnibox/browser/omnibox_field_trial.cc 2019-08-29 10:30:37.455752560 +0200
@@ -352,7 +352,8 @@ void OmniboxFieldTrial::GetDemotionsByTy

 size_t OmniboxFieldTrial::GetProviderMaxMatches(
     AutocompleteProvider::Type provider) {
-  size_t default_max_matches_per_provider = 3;
+  size_t default_max_matches_per_provider = 13; // was 3; this needs to be half the value of kDefaultMaxAutocompleteMatches from components/omnibox/browser/autocomplete_result.cc
+  return default_max_matches_per_provider;

   std::string param_value = base::GetFieldTrialParamValueByFeature(
       omnibox::kUIExperimentMaxAutocompleteMatches,

maybe someone will need/finduseful.

Eloston commented 4 years ago

These are interesting changes; I wouldn't mind these changes behind flags.

csagan5 commented 4 years ago

maybe someone will need/finduseful.

I am triaging both patches for Bromite, but the only credits I could provide is the URL to the comments.