On Tue, Mar 2, 2010 at 11:44 AM, <trustlevel-...@yahoo.co.uk> wrote: > Hey all > > Please don't dismiss me because what I have been doing is unsupported untill > you've read a little, I do realise you do far too much for too little as it is > and when I make enough money I'll hopefully become a donator and regular > merchandise/cd buyer. > > Whilst the subject of firefox on current is covered and I understand to a > reasonable degree why firefox only has the bugfixes in current when the tree > is open and don't have the time right now to look into backporting which I > imagine will be rather difficult for such a large port especially in meeting > ports standards. I feel the info currently in the mailing list archives could > be more complete to enable me and others to make more educated decisions. > > I've been running stable and have had the current firefox running seemingly > without problems (may be for months at a time and then obviously it will break > at some point and you upgrade and then it may be days, weeks or if your lucky > months before the build breaks and dependencies go too far out of sync. > > I imagine the answer is to install stable keep going for as long as possible > untill firefox breaks get a snapshot and test it. Upgrade to that snapshot > when needed and install the latest firefox port. Or just sync with current > every month and make a backup before upgrading. >
As I understand it stable is just something for people/companies which need something which is not changing a lot during time or have some type of "support". And from 4.6 there are security updates for ports. Anyway target of stable are mostly servers. You are using Firefox and so on and it's not needed on server so you have laptop/desktop and then use current/snapshots as stated in FAQ : It is worth pointing out that the name "-stable" is not intended to imply that -current is unreliable. Rather, -current is changing and evolving, whereas the operation and APIs of -stable are not going to change, so you shouldn't have to relearn your system or change any configuration files, or have any problem adding additional applications to your system. In fact, as our hope is to continually improve OpenBSD, the goal is that -current should be more reliable, more secure, and of course, have greater features than -stable. Put bluntly, the "best" version of OpenBSD is -current. > B B ======================================================================== > === > > I do have a few questions however. > > How much security would you lose by using say the opera linux browser or linux > firefox and installing the linux libs keeping an eye on libc6 vulns and others > compared to the openbsd firefox with pro police patches etc. How often might > these patches protect you from current vulnerabilities in firefox, usually in > javascript so I imagine not often, but then you can just just turn jscript > off?. I currently disable linux support when I don't intend to use it. It's > quite a good feeling, reading the latest vulnerability measures or stability > problems knowing you avoided it through a necessity policy. ipv6 + pf springs > to mind of many. (happens far less on OpenBSD of course but just using OpenBSD > gives that feeling when reading about Linux :) Why to do that? What's wrong with Firefox from packages? > > Does anyone have any info about the Miros mirzilla firetapir port which is > said to build for openbsd and kept upto date??? Searching shows up nothing but > a few Miros pages and it's not installed on their livecd, which wouldn't boot > anyway. I also tried to find what the dispute between Theo and the Miros > project leader was but Couldn't find much. Actual Firefox is 3.5.7 in current. It's quite up-to-date and there are other things which are protecting you in case of problems. See eg. http://homepages.laas.fr/matthieu/talks/openbsd-h2k9.pdf > > What browser (perhaps a simple open source one) would you use for important > stuff fullstop or whilst firefox has vulns. I know this question has been > asked before so have there been any new ones come on the block. Dillo w3m and > lynx seemed popular on the lists. I'm sure I installed a graphical w3m but > haven't really tried it yet. Lynx with improvements from OpenBSD which is in base if you need to find quickly some text informations. For GUI Firefox with AdBlock, NoScript and so on or in Private Browsing mode. Still all of this is useless in some cases https://www.eff.org/deeplinks/2010/01/tracking-by-user-agent which you can check here http://panopticlick.eff.org/ . In fact it's worse for you if you use OpenBSD and some modified browser without Flash and so on because then it's more easy to detect who you are. Same principle is in China. They don't need to know what's in encrypted traffic from disident. They just need to know that someone from this IP is sending encrypted traffic to this IP and then they have you. If you are using widely deployed stuff they there is better chance that you can hide in crowd. > > What's the most secure way of running java support occassionally within a > browser on openbsd and making sure it is disabled for the rest of the time. > It's Java so tweak its settings and if you don't need it then turn it off. > Does anyone have any tips on getting good rendering speed in browsers on > graphic laden sites. I read on this list that now the ati driver has been open > sourced it is quite decent on openbsd. I'm guessing that doesn't include older > ati graphics chips in old laptops? AdBlock, FlashBlock, NoScript in Firefox to cut the crap like ads and similar stuff. > > I thinks that's more than enough questions now, Thanks for your time > KeV > > -- http://www.openbsd.org/lyrics.html
