Re: [Bug-gnuzilla] Icecat SSL warning/error pages; what settings affect the production of these 'error' pages?
Hello again Thank you to both of you for the additional contributions. Nothing suggested has led to a resolution in my case. I have gone through Icecat and Firefox about:config looking for differences. There are a few but none that seemed to be significant with regard to the issue I have, or that I can fully understand their implication yet lets say (other than a good guess). I have found one that was different and I matched Icecat to Firefox and this allowed websites that were not displaying to be displayed without the error page I posted. That parameter/setting was: security.ssl.require_safe_negotiation Setting it to false as per Firefox's default, allowed the page to be displayed, but with lots of warnings and the ability to see what was wrong (insecure and weak keys etc being reported in my case). Regards Habs On 28 February 2017 at 02:20, jc_gargmawrote: > > 1) Sites that work well on a fast connection suddenly start to give me > this > > error when I'm on a poor connection - seems like a time-out of some sort. > > It gets worse if I try to load several such sites at once. > > > > 2) If I toggle "Query OCSP responder servers to confirm validity of > > certificates" in Preferences -> Advanced -> Certificates off and then > back > > on quickly (meaning, the box starts out checked, I uncheck it and then > > re-check it before doing anything else), then "Try Again" or a refresh > > brings up the site without any issues. > > > > 3) I am totally unable to reproduce this error in Iceweasel or any other > > Mozilla-based browsers, even while on a poor connection, so it's an > > Icecat-specific phenomenon. > This sounds like a combination of lost packets due to weak signal and > IceCat > having > security.OCSP.require > set to true by default. > This setting causes sites that fail to return an OCSP request to be > considered > unsafe. > IceWeasel and Firefox have this set to false by default, which likely > accounts > for their not reproducing this error. > > > -jc > > -- > http://gnuzilla.gnu.org > > -- http://gnuzilla.gnu.org
[Bug-gnuzilla] Icecat SSL warning/error pages; what settings affect the production of these 'error' pages?
Hello - not a bug, just a request for info really if any one can help please. Occasionally (or is it regularly) I get some ssl warning pages displayed instead of access to the site when browsing with Icecat 45.5.1 (on linux 64bit). An example message is pasted below. 'Trying again' does not help - the site is blocked. I do not get these pages returned for the same sites when browsed using Firefox. In some cases, Icecat reports an unsafe/unencrypted session and no valid or invalid certificate is available, when Firefox states for the same page it is ok (and I can browse the certificate details etc). I did notice during one of these scenarios, that Firefox was reporting TLS1.0. It led me wonder if it is a settings issue on what level of ssl components are acceptable. Is Icecat setup by default to be less forgiving towards what it receives SSL wise, bearing in mind I have not changed any ssl related settings in either browser? Thank you for any comments/ideas. Best wishes to all Habs Secure Connection Failed An error occurred during a connection to www.anexamplesitedonot follow.co.uk. Peer attempted old style (potentially vulnerable) handshake. Error code: SSL_ERROR_UNSAFE_NEGOTIATION The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. Try again. -- http://gnuzilla.gnu.org
Re: [Bug-gnuzilla] [VOTE] Tor code base
Hello all I'm not 'voting' as I do not fully understand what is going on to cause all the debate and argument. I started using Icecat as I felt I had a noticeable performance improvement over the over offerings. Since then it has not updated much and appears to be well behind the Firefox base at least. Just in general to the recent discussions on "what happens to Icecat next (if anything)" I like to choose what add-ons I want (or want to 'turn on'). Having them automatically built in does not seem 'correct'. Indeed, I believe it should be possible to have a performant browser that that is cleaned of all the crud (alleged spying, tracking, questionable code, etc) other versions may introduce and be announced as such and perhaps released with suggestions of approved/recommended addons to improve security/privacy. Users may wish to employ there own solutions knowing they have a great base browser that is doing just what it should and nothing more. I have read that some people feel that users might not be competent enough to know what to 'add-on' for protection and therefore feel it ought to be built in as such. I do not subscribe to this and believe most people going down the linux route at least (setting it up, installing, configuring etc) will have a reasonable idea of security...especially if recommendations of what people can do comes with it. Just my two-penneth. Thank you for Icecat. Regards Habs On 15 November 2016 at 10:26, ng0wrote: > ng0 writes: > > > "Daniel Quintiliani" writes: > > > >> Should we use the Tor code as a basis for Icecat? > >> > >> 1. Yes > >> 2. No > >> > >> I vote #1 > > > > Assuming that you mean torbrowser code, where most of it is being > > upstreamed anyway, I vote #1 > > I change my vote to something between #1 and #2, I can't be > accurate at the moment. > In general it would not matter which browser derivation icecat > will be based on as long as more eyes are looking at its > code. Talk is cheap action is better, but I have no time to share > for icecat. > No matter which code base you choose, it would be a great > enhancement if the fingerprinting(? html5 canvas? something like > that) addon / code would be added to icecat. > > -- > http://gnuzilla.gnu.org > -- http://gnuzilla.gnu.org
Re: [Bug-gnuzilla] [Slackbuilds-users] icecat 38.8.0 crashes
Hello and good day to all reading this debate >From my perspective and without insinuating Icecat, Firefox, or any other software does or does not provide these things, I would see the requirement of the 'libre' browser like this: - the browser (Icecat in this case) should be performant and do its one job [of browsing] extremely well meeting any standards as required - the browser should be secure; as in bug/security-hole free and be part of a maintenance effort to ensure such - in line with the first requirement [listed above] the browser should be made available clean of any other 'addons', hidden marketing/feedback stuff etc - it should be possible to add-on other well designed and performant modules (example but not necessarily, HTTPS monitor/enforce, adblocker monitor/enforce and so on) I am not entirely clear what it is specifically at the heart of Firefox that has driven Icecat to exist, other than perhaps it has some undesirable things creeping into or existing in it. It would seem a good base to take Firefox and 'clean it up' (of any legitimate concerns and other code that stop it meeting the opinion requirements above) to leave a clean and performant browser; then to ensure some quality addons, that do not intrinsically need to be part of the core code, for providing additional requirements security and 'lock-down' are made available as a choice to employ. It is all about instruction and making it easy, for users to add on what they need to the browser and not necessarily doing the job for them by building it in. That is how I see it. >From saying all the above, I suppose I am more in line with having a good base line browser, clear and stripped down with regard to inbuilt functionality which can be provided better (and through choice) by addons/modules. I am presuming Firefox is a good base for Icecat to be the above 'vision' (as i see it as a user), but if it is not any more and the effort to 'clean it up' from concerns (if that is what Icecat has intended) is now not feasible, then I am not sure what the future for Icecat is. I do not believe Icecat should come with things built in, that can be added as choice. It does not detract from being able to claim the browser is 'libre' or whatever the claim is that is trying to be met. Long ago, I thought the intention of Firefox was to be all the things discussed above and that Icecat tries to/does do - what happened if anything and why! Thank you for allowing me to share my observation and opinion. Peace and goodwill to all. Habs On 27 August 2016 at 00:32,wrote: > I get what you mean, but alot of people out there aren't necessarily > idiots, but rather they don't have a specialty in technology. many people, > even many who use free software rather have a simple firefox/icecat browser > that just comes with the evil things removed and some good things added to > protect them so that they have to do the minimal amount of set up to just > get it working. > > if it doesn't "just werk" many people just throw it right in the trash and > go to an easier option. what's so great about icecat is that it IS that > easier option and it's also better for security than a normal firefox > browser. take away the benefit to using it and it's just some boring > browser that does nothing special at all. > > I'm absolutely not in any way at all suggesting we take away the choice or > freedom from the user, but if all the good things about icecat are removed > and most smart people (who aren't good in tech) have to spend 10 million > frustrating headache hours pounding their head into their computer screen > searching for answers on dead forums with spiderwebs in the corners and > those weird mods who delete topics with answers to obsucure questions and > failing to find any answers and desperately trying to add those good > things back into firefox, they will simply just stop using icecat out of > frustration. > > smart people who can't figure out tech will just scream and cry at their > computer screens in frustration as the very last FOSS minimalistic browser > with some security features in existance becomes the "generic do-nothing > browser" that already exists all over the internet in many different > redundant and boring forms. there are loads of browsers out there already > that do "nothing but browse" so why should we de-specialize icecat? why > make it so normal that it's not worth using it? > > I love the fact that icecat is very minimalistic, but I'm very happy that > it comes what it comes with and many others are too. we shouldn't bloat > icecat to death because look at what happened to mainstream firefox, but we > shouldn't gut it to death until its a hollow shell that does nothing. > > -- > Securely sent with Tutanota. Claim your encrypted mailbox today! > https://tutanota.com > > 20. Aug 2016 16:11 by hjen...@gmx.de: > > Hi, > > On Thu, 18 Aug 2016 18:50:14 +0100 (BST) > wrote: > > sounds
Re: [Bug-gnuzilla] [Slackbuilds-users] icecat 38.8.0 crashes
Thank you for sharing your views Ivan. I just want to make clear as perhaps my previous post may have given a wrong impression. It was not my intention for what I said to be taken as criticism of Gnuzilla in any way. Peoples' efforts on projects such as Gnuzilla, SBo work and all similar I find truly amazing. I must admit I am not clear why Mozilla would not want the same as Gnuzilla and why that project would conflict with Gnuzilla ideas. Mind you, the complexities of the human condition are huge :-) Perhaps it is safe to say that it is better to just wait and see how it all pans out and what emerges. Thank you again. Peace and good will to all. Habs On 16 August 2016 at 19:05, Ivan Zaigralinwrote: > Personally, I am somewhat unhappy about the gnuzilla update/security > policy. > The move to forties apparently is not happening because it breaks saved > cookie > preferences or something, but I have to question the wisdom of withholding > fixes for remote code execution because of that. > > Having said that, I think we need to take a few factors into consideration. > First of all, it's not gnuzilla's fault firefox is so insequre, it's > mozilla's > fault. This browser has like a million holes in it, and may be the most > updated package in Slackware. Lagging a few releases behind sucks, > especially > when the bugs are made public, but at the same time it looks like every > firefox release in the last few years had terrible security holes in it, > so I > don't really feel that much safer using the latest version, and neither > should > you. If security is very important to a user, it may be prudent to switch > browsers. > > Also, gnuzilla has a mission and a goal, and mozilla is not making it easy. > They keep putting more and more ugly stuff into firefox and changing the > security policy, like with the cookies above, while gnuzilla team is > committed > to releasing a product which meets their rather high standards. As a > volunteer > effort, they've done great, and it would be completely unfair to chastise > them > for lagging behind mozilla, since gnizilla are not the ones breaking it it > every release cycle. > > Finally, I believe there is a niche opening up for a firefox-based browser > which is libre and meets free software distrubution guidelines like icecat, > but has no extra privacy features, and passes all the mozilla pearls onto > the > users. Such minimal deblobbing could be potentially more robust: that is, > new > releases could be churned out as quickly and reliably as linux-libre. > Looking > at Parabola's thunderbird & seamonkey builds, I imagine something like that > could be done for firefox as well. Anyone can step in and claim the glory > for > this one :) I don't have time to write a slackbuild like that and run it by > FSF, but if anyone did it, I think I would actually switch. > > On Tuesday, August 16, 2016 09:57:03 b...@shroggslodge.freeserve.co.uk > wrote: > > Good morning > > > > Having got latest Icecat building with the -Os switch, it seems there are > > some reports of [serious?] security issues with it. > > > > Here is where I first read something: > > https://lists.gnu.org/archive/html/bug-gnuzilla/2016-08/msg0.html > > > > And I have seen further discussion and consternation about what to do > with > > Icecat and perhaps not using Firefox as base etc. I'm really relatively > > only a 'user' so to speak, so I'm interested to know what others > feelis > > there a serious security risk ? > > > > I realise this is SBo and not an Icecat forum, but I wonder what the > > contributors (and maintainer) on SBo feel about the reports being made; > > should it affect whether Icecat is on SBo if its known to be 'risky', or > > does it not matter, should comments be made [in the info] or is it up to > > anyone wanting to use it to be self-aware and generally any other > comments > > to share. > > > > If this list really is inappropriate for posts like this (whatever 'this' > > is), then just let me know.but I would be interested in what more > > knowledgeable people on SBo feel ? > > > > > > Thank you and good day to all. > > Habs > > > > On 8 August 2016 at 23:16, wrote: > > > hi there all > > > > > > I have tried the -Os switch and it does appear to remedy the problem. > > > Icecat no longer crashes in the scenario(s) I have documented. > > > > > > I wonder what the -O2 switch does differently to the -Os one. > > > > > > So for now that does appear to be the 'fix'. Thank you all. > > > > > > > > > Habs > > > > > > On 8 August 2016 at 20:36, Ryan P.C. McQuen wrote: > > >> On Monday, August 8, 2016, Ivan Zaigralin > wrote: > > >>> I still can't replicate any crash whatsoever, even in places where > > >>> others > > >>> report them. However, Matt tells me that crashes went away after he > > >>> rebuilt > > >>> with -Os. He also mentioned he's got an AMD
Re: [Bug-gnuzilla] [Slackbuilds-users] icecat 38.8.0 crashes
Hi Ivan Interesting. I have an AMD Phenom. I have built, rebuilt and tried earlier releases using the SBo scripts and on twitter.com (when logged in...that's crucial) it crashes out always when navigating away. I am not knowledgeable to know if it is an AMD related problem and I do not have an Intel chip to try, though I will seek one out :-) Please, for the less aware like me, what does the -O2 do and what is the difference to -Os ? Thank you for your interest and assistance. Habs On 8 August 2016 at 20:15, Ivan Zaigralinwrote: > I still can't replicate any crash whatsoever, even in places where others > report them. However, Matt tells me that crashes went away after he rebuilt > with -Os. He also mentioned he's got an AMD Phenom, whereas I am using > Intel > CPU, which may explain why I am unable to hit this snag. > > I can certainly submit a fixed SlackBuild if there's a consensus -Os is an > effective fix. Please let me know :) > > > Slackware 14.2 64bit > > > > Hello folks - I have been 'talking' on slackbuilds.org (SBo) about > icecat > > 38.8.0, which I use, about a problem I came across with it crashing. > > > > I've only noticed it when I was browsing the twitter.com website and > more > > specifically only when navigating away from that site. There may be other > > situations of course. > > > > Even more, it would seem it happens only when logged in to twitter > > account; if not logged in, then no crash when navigating away. > > > > Some contributors on SBo pointed out to me similar issues that they had > > found reported on other sites. > > > > There has been some suggestion to build using a different parameter (with > > '-Os' instead of '-O2' i do not know what that does or how?) as a > *work > > around*, but I have not tried it as yet. > > > > As this issue has been around for a while it would seem and affected > > earlier releases too, is there any knowledge as to what it might be, as > it > > seems Firefox does not appear to suffer the same problem from my > experience? > > > > I am sorry, but my skills do not allow me (yet) to provide the sort of > > detailed info that others produce, however there is a console output > below, > > though relating to an earlier build of Icecat. It may be of some use. > > Hopefully just raising this issue as I found it, is enough to help others > > understand. If there is anything I can do (bearing in mind I use others' > > build scripts [SBo] for these things), please let me know. > > > > If anyone has any info or if a bug report needs [re]creating, then how > to ? > > > > Peace and best wishes. > > Habs > > > > console.error: > > [CustomizableUI] > > Custom widget with id loop-button does not return a valid node > > > > 2016-08-06 08:08:01: range_map-inl.h:91: INFO: StoreRange failed, an > > existing range contains or extends higher than the new range: new > > 0x7f6ce0717000+0xbf798, existing 0x7f6ce05e3000+0x226168 > > 2016-08-06 08:08:01: basic_code_modules.cc:70: ERROR: Module > > /usr/lib64/icecat-38.5.2/libmozsqlite3.so could not be stored > > 2016-08-06 08:08:01: range_map-inl.h:91: INFO: StoreRange failed, an > > existing range contains or extends higher than the new range: new > > 0x7f6ce0803000+0x2bc0, existing 0x7f6ce05e3000+0x226168 > > 2016-08-06 08:08:01: basic_code_modules.cc:70: ERROR: Module > > /usr/lib64/icecat-38.5.2/libmozalloc.so could not be stored > > 2016-08-06 08:08:01: range_map-inl.h:91: INFO: StoreRange failed, an > > existing range contains or extends higher than the new range: new > > 0x7f6ce07dd000+0x1b860, existing 0x7f6ce05e3000+0x226168 > > 2016-08-06 08:08:01: basic_code_modules.cc:70: ERROR: Module > > /usr/lib64/icecat-38.5.2/components/libdbusservice.so could not be > stored > > 2016-08-06 08:08:01: range_map-inl.h:91: INFO: StoreRange failed, an > > existing range contains or extends higher than the new range: new > > 0x7f6ce06b+0x23720, existing 0x7f6ce05e3000+0x226168 > > 2016-08-06 08:08:01: basic_code_modules.cc:70: ERROR: Module > > /usr/lib64/icecat-38.5.2/components/libmozgnome.so could not be stored > > 2016-08-06 08:08:01: range_map-inl.h:91: INFO: StoreRange failed, an > > existing range contains or extends higher than the new range: new > > 0x7f6ce068d000+0x222e0, existing 0x7f6ce05e3000+0x226168 > > 2016-08-06 08:08:01: basic_code_modules.cc:70: ERROR: Module > > /usr/lib64/icecat-38.5.2/browser/components/libbrowsercomps.so could > not be > > stored > > 2016-08-06 08:08:01: stackwalker.cc:125: INFO: Couldn't load symbols for: > > /lib64/libc.so.6|B6662863DCEBA13A731B3DA192D023DF0 > > 2016-08-06 08:08:01: basic_code_modules.cc:88: INFO: No module at 0x0 > > 2016-08-06 08:08:01: stackwalker.cc:125: INFO: Couldn't load symbols for: > > /usr/lib64/icecat-38.5.2/libxul.so|41AD907282E15602EA526D1E50C673020 > > 2016-08-06 08:08:01: basic_code_modules.cc:88: INFO: No module at > > 0x7f6ccf736060 > > 2016-08-06 08:08:01: basic_code_modules.cc:88: INFO: No module at
[Bug-gnuzilla] Icecat 38.8.0 crashes/segementation fault
Slackware 14.2 64bit Hello folks - I have been 'talking' on slackbuilds.org (SBo) about icecat 38.8.0, which I use, about a problem I came across with it crashing. I've only noticed it when I was browsing the twitter.com website and more specifically only when navigating away from that site. There may be other situations of course. Even more, it would seem it happens only when logged in to twitter account; if not logged in, then no crash when navigating away. Some contributors on SBo pointed out to me similar issues that they had found reported on other sites. There has been some suggestion to build using a different parameter (with '-Os' instead of '-O2' i do not know what that does or how?) as a *work around*, but I have not tried it as yet. As this issue has been around for a while it would seem and affected earlier releases too, is there any knowledge as to what it might be, as it seems Firefox does not appear to suffer the same problem from my experience? I am sorry, but my skills do not allow me (yet) to provide the sort of detailed info that others produce, however there is a console output below, though relating to an earlier build of Icecat. It may be of some use. Hopefully just raising this issue as I found it, is enough to help others understand. If there is anything I can do (bearing in mind I use others' build scripts [SBo] for these things), please let me know. If anyone has any info or if a bug report needs [re]creating, then how to ? Peace and best wishes. Habs console.error: [CustomizableUI] Custom widget with id loop-button does not return a valid node 2016-08-06 08:08:01: range_map-inl.h:91: INFO: StoreRange failed, an existing range contains or extends higher than the new range: new 0x7f6ce0717000+0xbf798, existing 0x7f6ce05e3000+0x226168 2016-08-06 08:08:01: basic_code_modules.cc:70: ERROR: Module /usr/lib64/icecat-38.5.2/libmozsqlite3.so could not be stored 2016-08-06 08:08:01: range_map-inl.h:91: INFO: StoreRange failed, an existing range contains or extends higher than the new range: new 0x7f6ce0803000+0x2bc0, existing 0x7f6ce05e3000+0x226168 2016-08-06 08:08:01: basic_code_modules.cc:70: ERROR: Module /usr/lib64/icecat-38.5.2/libmozalloc.so could not be stored 2016-08-06 08:08:01: range_map-inl.h:91: INFO: StoreRange failed, an existing range contains or extends higher than the new range: new 0x7f6ce07dd000+0x1b860, existing 0x7f6ce05e3000+0x226168 2016-08-06 08:08:01: basic_code_modules.cc:70: ERROR: Module /usr/lib64/icecat-38.5.2/components/libdbusservice.so could not be stored 2016-08-06 08:08:01: range_map-inl.h:91: INFO: StoreRange failed, an existing range contains or extends higher than the new range: new 0x7f6ce06b+0x23720, existing 0x7f6ce05e3000+0x226168 2016-08-06 08:08:01: basic_code_modules.cc:70: ERROR: Module /usr/lib64/icecat-38.5.2/components/libmozgnome.so could not be stored 2016-08-06 08:08:01: range_map-inl.h:91: INFO: StoreRange failed, an existing range contains or extends higher than the new range: new 0x7f6ce068d000+0x222e0, existing 0x7f6ce05e3000+0x226168 2016-08-06 08:08:01: basic_code_modules.cc:70: ERROR: Module /usr/lib64/icecat-38.5.2/browser/components/libbrowsercomps.so could not be stored 2016-08-06 08:08:01: stackwalker.cc:125: INFO: Couldn't load symbols for: /lib64/libc.so.6|B6662863DCEBA13A731B3DA192D023DF0 2016-08-06 08:08:01: basic_code_modules.cc:88: INFO: No module at 0x0 2016-08-06 08:08:01: stackwalker.cc:125: INFO: Couldn't load symbols for: /usr/lib64/icecat-38.5.2/libxul.so|41AD907282E15602EA526D1E50C673020 2016-08-06 08:08:01: basic_code_modules.cc:88: INFO: No module at 0x7f6ccf736060 2016-08-06 08:08:01: basic_code_modules.cc:88: INFO: No module at 0x5 2016-08-06 08:08:01: basic_code_modules.cc:88: INFO: No module at 0x7f6cb5eb3700 2016-08-06 08:08:01: stackwalker.cc:125: INFO: Couldn't load symbols for: /usr/lib64/libglib-2.0.so.0|7D36F9F9E95A6CA6B68E20EA6ABFC1940 2016-08-06 08:08:01: basic_code_modules.cc:88: INFO: No module at 0x7f6ccf736060 2016-08-06 08:08:01: basic_code_modules.cc:88: INFO: No module at 0x5 2016-08-06 08:08:01: basic_code_modules.cc:88: INFO: No module at 0x7f6cb5eb3700 2016-08-06 08:08:01: stackwalker.cc:125: INFO: Couldn't load symbols for: /usr/lib64/libglib-2.0.so.0|7D36F9F9E95A6CA6B68E20EA6ABFC1940 2016-08-06 08:08:01: basic_code_modules.cc:88: INFO: No module at 0x7f6cb98d7c00 2016-08-06 08:08:01: basic_code_modules.cc:88: INFO: No module at 0x1d95e0288 2016-08-06 08:08:01: basic_code_modules.cc:88: INFO: No module at 0x7ffef77011b0 2016-08-06 08:08:01: basic_code_modules.cc:88: INFO: No module at 0x1ef7fff 2016-08-06 08:08:01: basic_code_modules.cc:88: INFO: No module at 0x7ffef77011b0 2016-08-06 08:08:01: basic_code_modules.cc:88: INFO: No module at 0x7f6ccf736060 2016-08-06 08:08:01: basic_code_modules.cc:88: INFO: No module at 0x1 2016-08-06 08:08:01: basic_code_modules.cc:88: INFO: No module at 0x0 2016-08-06 08:08:01: basic_code_modules.cc:88: INFO: No module at 0x0
Re: [Bug-gnuzilla] icecat browser sources question
thank you! On 8 April 2016 at 14:49, Garywrote: > gnu1.tar.bz2 > contains the source > > the rest are binaries and accompanied by PGP signatures in the .sig files. > > -- > http://gnuzilla.gnu.org > > -- http://gnuzilla.gnu.org
[Bug-gnuzilla] icecat browser sources question
Hello and good morning (as it is where I am) As this question may identify, I am quite new to Icecat and building from source etc... Please can someone briefly explain the fundamental reason(s) for why there is a marked difference in size of source between the different versions. e,g,: at, http://www.mirrorservice.org/sites/ftp.gnu.org/gnu/icecat/38.7.1/ icecat-38.7.1-gnu1.tar.bz2 2016-04-08 03:45 224M icecat-38.7.1.en-US.linux-i686.tar.bz2 2016-04-08 03:38 45M Thank you for the insight. Habs -- http://gnuzilla.gnu.org