Setting up a more secure browser environment

Matthew Dillon dillon at backplane.com
Sat Dec 17 12:19:31 PST 2016


I have created a new page in the handbook describing how to set up a secure
browser environment using isolation accounts.  We recommend running your
browser this way instead of running it directly from your main workstation
account.

https://www.dragonflybsd.org/docs/docs/handbook/RunSecureBrowser/

Currently chrome is considered to be the most secure.  Now that chrome 54
is in dports, it should generate a pretty good experience for users.  There
are some sites which still implode on it (and in FreeBSD too, that isn't a
DFly-specific problem), and for those you may have to run firefox.  My
personal preference is chrome with some adjustments to the setup.

For people running chrome on a 4K monitor, I recommend running chrome with
the "--force-device-scale-factor=1.5" option before you start messing with
font or other settings.  It will scale the UI a little closer to what you
probably want.

DragonFly master's support through Intel Skylake is now very good.  I am
running a Skylake box as my workstation now and it has been very stable.
Theoretically we have some Karby support in there too but no guarantees on
stability.  Radeon support has also seen some improvement though not at the
same pace as Intel GPU support has seen.

At this point, DragonFly runs extremely well even on mobile chipsets
(though on a mobile chipset, a 1920x1080 monitor is a better bet than 4K in
terms of performance).  I recommend a minimum of 4GB of ram if using X.
DragonFly will run X fine on 2GB, but if you do so you need a fast SATA or
NVMe SSD and a large swap partition to page to for decent browser
performance.  Browsers are still big memory hogs.  Eventually we will have
chrome 55 support which is supposed to eat much less memory, but not yet.
 chrome 54 is where we are now.

-Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20161217/e050f279/attachment.html>


More information about the Users mailing list