Re: [CentOS] el7: Thunderbird?
On 07/19/2014 10:02 AM, Ned Slider wrote: On 19/07/14 13:25, Chris Pemberton wrote: On 07/18/2014 02:19 PM, Ned Slider wrote: I note EPEL has a thunderbird package but it seems very out of date at version 24.5.0. Version 24.6.0 was released 10 June, nearly 6 weeks ago, and fixed 3 critical security issues. Is this normal for EPEL to be so far behind on security updates? So what is everyone else using? I'm using the EPEL package for my personal laptop. The odds of me getting bit by a 6 week old exploit are probably almost non-existent. The odds of me forgetting to keep a custom install of thunderbird updated outside of yum is very high. Yes, the power of a centralized packaging system where everything can be updated in one hit can not be understated. Firefox and Thunderbird do have a built in updating mechanism and are supposed to update themselves (this is disabled in packaged versions). I've no idea how well it currently works - I'll let you know when the next update comes out. I am using the tarball for firefox and it notifies me when an update is available and ask if I want to install it. If I say yes it downloads it untars it and starts it up. So far it has worked great. I assume it is the same for thunderbird. I'm far from any kind of security expert, but here are two things I do to keep my browser/email client safe: 1. I only use gmail - as Google likes to scrub all of my data clean before they steal it 2. I install a custom hosts file ( http://someonewhocares.org/hosts/ ). This protects all applications in one swoop, not just the browser. Yes, great advice. There's another popular variant here: http://winhelp2002.mvps.org/hosts.htm I don't use any adblock browser/email plugins because I've never investigated where the list of re-directs are stored on the machine. Perhaps they are harmless... but it would be easy to place a few re-directs in there and get millions of machines to do bad things real fast. ~ Chris ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Stephen Clark *NetWolves Managed Services, LLC.* Director of Technology Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.cl...@netwolves.com http://www.netwolves.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] el7: Thunderbird?
On 07/19/2014 05:30 AM, g wrote: On 07/19/2014 06:25 PM, Chris Pemberton wrote: 2. I install a custom hosts file ( http://someonewhocares.org/hosts/ ). This protects all applications in one swoop, not just the browser. or so it is claimed. i saw post about it. pulled it. backed up my custom list. added custom list to it. copied it to new name. fired up wireshark. fired up firefox. surfed 10 sites. wireshark show it did not work. deleted it and temp file. re installed my list. To test, I added the following to the long list: 127.0.0.1 google.com I was then unable to ping or browse to google.com; but www.google.com worked just fine. Anyone know if you place wildcards in /etc/hosts? Something like: *google.com Chris ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] el7: Thunderbird?
On 07/20/2014 04:18 PM, Chris Pemberton wrote: On 07/19/2014 05:30 AM, g wrote: On 07/19/2014 06:25 PM, Chris Pemberton wrote: 2. I install a custom hosts file ( http://someonewhocares.org/hosts/ ). This protects all applications in one swoop, not just the browser. or so it is claimed. i saw post about it. pulled it. backed up my custom list. added custom list to it. copied it to new name. fired up wireshark. fired up firefox. surfed 10 sites. wireshark show it did not work. deleted it and temp file. re installed my list. To test, I added the following to the long list: 127.0.0.1 google.com I was then unable to ping or browse to google.com; but www.google.com worked just fine. Anyone know if you place wildcards in /etc/hosts? Something like: *google.com Chris ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Hi, you need to setup your own dns server, i may suggest dnsmasq (google for it) as it is lightweight, hosts file dont support wildcards. regards ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] el7: Thunderbird?
On 07/18/2014 02:19 PM, Ned Slider wrote: I note EPEL has a thunderbird package but it seems very out of date at version 24.5.0. Version 24.6.0 was released 10 June, nearly 6 weeks ago, and fixed 3 critical security issues. Is this normal for EPEL to be so far behind on security updates? So what is everyone else using? I'm using the EPEL package for my personal laptop. The odds of me getting bit by a 6 week old exploit are probably almost non-existent. The odds of me forgetting to keep a custom install of thunderbird updated outside of yum is very high. I'm far from any kind of security expert, but here are two things I do to keep my browser/email client safe: 1. I only use gmail - as Google likes to scrub all of my data clean before they steal it 2. I install a custom hosts file ( http://someonewhocares.org/hosts/ ). This protects all applications in one swoop, not just the browser. I don't use any adblock browser/email plugins because I've never investigated where the list of re-directs are stored on the machine. Perhaps they are harmless... but it would be easy to place a few re-directs in there and get millions of machines to do bad things real fast. ~ Chris ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] el7: Thunderbird?
On 19/07/14 13:25, Chris Pemberton wrote: On 07/18/2014 02:19 PM, Ned Slider wrote: I note EPEL has a thunderbird package but it seems very out of date at version 24.5.0. Version 24.6.0 was released 10 June, nearly 6 weeks ago, and fixed 3 critical security issues. Is this normal for EPEL to be so far behind on security updates? So what is everyone else using? I'm using the EPEL package for my personal laptop. The odds of me getting bit by a 6 week old exploit are probably almost non-existent. The odds of me forgetting to keep a custom install of thunderbird updated outside of yum is very high. Yes, the power of a centralized packaging system where everything can be updated in one hit can not be understated. Firefox and Thunderbird do have a built in updating mechanism and are supposed to update themselves (this is disabled in packaged versions). I've no idea how well it currently works - I'll let you know when the next update comes out. I'm far from any kind of security expert, but here are two things I do to keep my browser/email client safe: 1. I only use gmail - as Google likes to scrub all of my data clean before they steal it 2. I install a custom hosts file ( http://someonewhocares.org/hosts/ ). This protects all applications in one swoop, not just the browser. Yes, great advice. There's another popular variant here: http://winhelp2002.mvps.org/hosts.htm I don't use any adblock browser/email plugins because I've never investigated where the list of re-directs are stored on the machine. Perhaps they are harmless... but it would be easy to place a few re-directs in there and get millions of machines to do bad things real fast. ~ Chris ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] el7: Thunderbird?
On 07/18/2014 02:19 PM, Ned Slider wrote: Hi Folks, Just wondering what Thunderbird users are doing on el7 now it's been removed from the distro? I note EPEL has a thunderbird package but it seems very out of date at version 24.5.0. Version 24.6.0 was released 10 June, nearly 6 weeks ago, and fixed 3 critical security issues. Is this normal for EPEL to be so far behind on security updates? The other alternative seems to be running the tarball from Mozilla, but that is only available in 32-bit and I don't really want to install a whole bunch of 32-bit libs just to run one program. So what is everyone else using? Hopefully they will keep it updated better when EPEL 7 is out of beta ... at least I hope so. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] el7: Thunderbird?
On 07/19/2014 06:25 PM, Chris Pemberton wrote: 2. I install a custom hosts file ( http://someonewhocares.org/hosts/ ). This protects all applications in one swoop, not just the browser. or so it is claimed. i saw post about it. pulled it. backed up my custom list. added custom list to it. copied it to new name. fired up wireshark. fired up firefox. surfed 10 sites. wireshark show it did not work. deleted it and temp file. re installed my list. -- peace out. in a world with out fences, who needs gates. tc.hago. g . ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] el7: Thunderbird?
On 07/19/2014 05:30 AM, g wrote: On 07/19/2014 06:25 PM, Chris Pemberton wrote: 2. I install a custom hosts file ( http://someonewhocares.org/hosts/ ). This protects all applications in one swoop, not just the browser. or so it is claimed. i saw post about it. pulled it. backed up my custom list. added custom list to it. copied it to new name. fired up wireshark. fired up firefox. surfed 10 sites. wireshark show it did not work. deleted it and temp file. re installed my list. in addition; ]$ uname -a Linux hp.snipes.org 2.6.32-431.20.3.el6.x86_64 #1 SMP Thu Jun 19 21:14:45 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux mozilla firefox and thunderbird 24.6.0 last full system updates = Jul 10 09:12:11 -- peace out. in a world with out fences, who needs gates. tc.hago. g . ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] el7: Thunderbird?
On Fri, 18 Jul 2014 20:19:23 +0100 Ned Slider wrote: Just wondering what Thunderbird users are doing on el7 now it's been removed from the distro? I don't use thunderbird but am wondering if you have tried compiling a Fedora 20 src.rpm? I've installed a number of things on this C7 system that way over the past few days. -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] el7: Thunderbird?
Ned Slider wrote: The other alternative seems to be running the tarball from Mozilla, but that is only available in 32-bit and I don't really want to install a whole bunch of 32-bit libs just to run one program. Mozilla do have 64 bit builds: http://ftp.mozilla.org/pub/mozilla.org/thunderbird/releases/24.6.0/linux-x86_64/ James Pearson ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] el7: Thunderbird?
On 18/07/14 21:22, James Pearson wrote: Ned Slider wrote: The other alternative seems to be running the tarball from Mozilla, but that is only available in 32-bit and I don't really want to install a whole bunch of 32-bit libs just to run one program. Mozilla do have 64 bit builds: http://ftp.mozilla.org/pub/mozilla.org/thunderbird/releases/24.6.0/linux-x86_64/ James Pearson Many thanks James, I didn't know they existed! I'll give that a try. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
