gngr

This campaign runs from today to June 24. More details here:

https://fundoss.org/collective/gngr

Democratic funding works by matching contributions of individuals with funds from a collective pool. It is the number of contributors that matter more than the amount, hence the name.

The idea is that supporters can make a difference even if the amount of their individual contribution is small:

a. It helps monetarily (individual amount + pool amount), but more importantly

b. It helps show your support for the project's cause

This will make a huge difference in me being able to resume work on the project at the earliest

Thanks in advance!

That is a short-term choice based on circumstances; mostly a lack of resources. We plan to migrate to a more concise JVM based language soon. We are considering Scala, Kotlin and Ceylon.

Clojure also runs on JVM. It's good to know that the devs are willing to consider other languages. It will probably be very challenging to make such a change, and only get more difficult as the project matures.

/u/bogas04 added deflate support to gngr. This is great because it allows us to match Firefox's Accept header, thus reducing gngr's finger print.

/u/AtiqSayyed added unit tests to grinder. The image comparison routine, which is very critical for checking layouts, is now better tested.

/u/hrjet added ant build support and enabled Travis-CI. It is now possible to build and execute gngr completely from the command line.

So I wanted to make this a "weekly update" type of thing, but not sure if I can do it routinely. Hence calling it "project update".

/u/bogas04 fixed a number of usability problems:

• Ctrl-L now selects the URL text, apart from focusing the address bar.
• Ctrl-K now focuses the address bar and replaces the contents with ?. This is basically a shortcut for starting a search (with your preferred search engine).
• Many of the keyboard shortcuts now work on OsX as well.

/u/AtiqSayyed helped create our test suite, called grinder. We have got it running the nearly 5800 tests from the w3c's CSS2.1 test-suite, in both Firefox and gngr. By using this to run reference and regression tests, we will be able to improve the layouting algorithm quicker than before.

/u/hrjet has been cleaning up the code base. Adding nullness checks, for example, helped surface a number of wrong assumptions in the code, and they got fixed.

I want to contribute, but unfortunately this is a big project for me and I don't really understand the code structure just yet. Can someone walk me through all the folders and what they do ?

PS : This looks promising ! I want to learn

• Some serious coding in Java
• Implementation of Web Standards

and this seems to be a great project to contribute to!

We are relying on the Java runtime for building a safe browser. We have heard quite a few criticisms for our choice of the Java runtime because, we hear, there are a lot of vulnerabilities in this platform.

We would like to find out a complete list of known vulnerabilities in the newest released versions of Oracle JVM and OpenJDK. We will make sure this list is highlighted for the benefit of our users. We also hope that highlighting them will help speed up their resolution.

Our criteria for this list is: assume that there is a strict security manager with a strict policy set, before any exploit code can be executed. The exploit code needs to be in a .jar library form that will be loaded by a custom class loader. It won't be inside an applet context.

Please create a separate comment for each vulnerability.

Note: we are only trying to gather publicly available information here. If it's new knowledge, we urge you to follow responsible disclosure, and first contact appropriate upstream channels

Update As of Nov 28, at least one security researcher has confirmed that there are no public vulnerabilities known (or acknowledged) on the latest versions of the above JVMs.