LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   Testing 1,2,3 - Slackware in User Agent? (http://www.linuxquestions.org/questions/slackware-14/testing-1-2-3-slackware-in-user-agent-4175416730/)

astrogeek 07-14-2012 02:38 PM

Testing 1,2,3 - Slackware in User Agent?
 
In the dim past I added Slackware Linux to my Firefox user agent by adding a string named general.useragent.slackware (and a couple of others) via about:config.

I do not follow Firefox updates closely, but recently updated all my boxen to Firefox 11. But I just noticed that my little blue Slackware icon was missing from recent posts and found that Firefox no longer appended my extra user agent strings...

I found the current answer at http://www.linuxquestions.org/questi...x-11-a-935679/.

This post is a test of my updated user agent - am I officially a Slacker once more?

[EDIT]Ahhhh...[/EDIT]

ruario 07-14-2012 05:22 PM

You should have upgraded to 13.0.1.

wildwizard 07-14-2012 05:42 PM

Hmmm wondering when mine broke ...

Should be fixed I hope

<- Checking

astrogeek 07-14-2012 06:02 PM

Quote:

Originally Posted by ruario (Post 4728218)
You should have upgraded to 13.0.1.

Well, 11 was the "latest" when I upgraded - then I began to get "Your browser needs updating!" messages within about a week. That couldn't have been more than a couple of months ago, maybe three, I think.

Frankly, I don't worry about it too much and only "upgrade" when I have some good reason to do so.

BTW - I also use Opera on occassion - I think I am using 10.x now - thanks for your part with that! Maybe I'll update that while it is on my mind as well - what is the latest?

astrogeek 07-14-2012 06:07 PM

Quote:

Originally Posted by wildwizard (Post 4728224)
Hmmm wondering when mine broke ...

HAHA! That's what I thought when I noticed mine was not working, and had to think about it for bit.

Its just something that you don't notice changes after you have set it.

TobiSGD 07-14-2012 06:09 PM

Quote:

Originally Posted by astrogeek (Post 4728232)
Frankly, I don't worry about it too much and only "upgrade" when I have some good reason to do so.

I would think that fixed security holes are one of the best reasons to upgrade.

astrogeek 07-14-2012 06:56 PM

Quote:

Originally Posted by TobiSGD (Post 4728235)
I would think that fixed security holes are one of the best reasons to upgrade.

While I am security conscious, it seems to me that any given upgrade is about as likely to introduce some new security hole as it is to fix an existing one. Otherwise, by now there would be very few security holes left!

I think the biggest factor in browser security is how and where the browser is used, not the browser version number.

TobiSGD 07-14-2012 07:08 PM

Quote:

Originally Posted by astrogeek (Post 4728263)
While I am security conscious, it seems to me that any given upgrade is about as likely to introduce some new security hole as it is to fix an existing one.

So you mean that it is better to have known but unfixed security holes that to have unknown security holes?

Quote:

I think the biggest factor in browser security is how and where the browser is used, not the browser version number.
That is true, but it doesn't make the other factors disappear.

astrogeek 07-14-2012 07:27 PM

Quote:

Originally Posted by TobiSGD (Post 4728270)
So you mean that it is better to have known but unfixed security holes that to have unknown security holes?

HAHA! Well, when I read that sentence out loud, I almost have to say yes!

But upgrading for security fixes implies that security-wise, each successive release is "better", and that is simply not true. So I stick with what is working, familiar and configured for my use.

I am paranoid about many things, but browser security on a Slackware box is not one of them.

T3slider 07-14-2012 09:05 PM

This is the least logical argument I have ever seen. Congratulations.

astrogeek 07-14-2012 09:55 PM

WOW! I am sorry that my browser update habits seem to be so upsetting to some of you!

I know the internet is a nasty place, and through this thread I probably seem more naive about security than is the actual case. But what is so illogical about the reasons I have given?

Do you trust Mozilla or anyone else absolutely 100% to improve security with each releaase? No? Yes?

If not, then is there not some logic in being cautious about updates? No? Yes?

Things change and things break with each update - the use of my user agent string for example!

I count 4 releases since my last update no more than 3 months ago. For each of those releases, consider:

1. What immediate vectors-of-harm would each of those updates have saved me from?
2. What new immediate vectors-of-harm would each of those updates have exposed me to?

I say again, how and where I use a browser is the MAJOR security factor, incremental browser version is a relatively minor security factor by comparison (with some acknowledged exceptions).

Like Captain Dallas told Ripley, "I don't trust anybody". So I look after the major items myself, and monitor the minor ones as my own judgement dictates.

I do not jump under the covers when DHS screams "Terrorist!", and I don't auto-update software every time someone says "New and improved!".

It works for me.

T3slider 07-14-2012 11:01 PM

It's easy to take a relaxed view of security while nothing happens. When something does happen, then it's too late. The browser is probably the one piece of software that should be kept as current as possible -- it is constantly being exposed to foreign content, containing client-side scripts and document formats that can act as a vehicle for attack. If there is a vulnerability in your browser, simply visiting a website could be enough to cause malicious activity. While such severe vulnerabilities are rare, the longer they go unpatched, the more time is available to really exploit the vulnerability to cause real damage. Every time a vulnerability is patched up, a new route of entry must be identified and re-exploited. It has been said many, many times that security is a process, not a product. It is much easier to produce an exploit based on a known vulnerability than to find an unknown one and exploit it (which requires at least twice the work, and usually more). Malware producers usually rely on poor system administrators that fail to update software -- the easy targets -- rather than trying to find 0-day vulnerabilities. I have personally seen a server (not mine) that was compromised due to unpatched software using a known vulnerability that had been fixed in newer versions. If it had been kept up to date, the server would not have been compromised.

I remember a severe bug in Uzbl (a goofy minimalist webkit browser) that allowed foreign code to be run just by visiting a specially crafted web page. Although most vulnerabilities are not *that* easy to exploit, I cannot believe that anyone could produce the sort of logic in this thread without an element of sarcasm. No one is saying that you are 100% secure when keeping software up to date, but at least the known vulnerabilities should be sealed up. Security is a cat-and-mouse game, and if the mouse just decides to relax and take a break...it won't survive for very long.

[edit] There is a difference between using new, untested software just for the sake of using new, untested software, and using new software because it fixes security vulnerabilities. Many projects offer two lines of support -- new versions with new features and the latest security patches, and old versions that remain functionally immobile but are patched for security vulnerabilities. I don't think Firefox, or any other major web browsers, offer comprehensive security updates for older versions. If they did then maintaining the old version but keeping up with patches would be a viable alternative to keeping 100% current -- but since that is not really an option then it is advised that you keep up with current versions of Firefox even if there is a change in functionality.

astrogeek 07-15-2012 12:16 AM

Thanks for your comments T3slider, I did not intend this thread to be anything other than a test of my user agent - and certainly hope I have not seemed argumentative! I have just been a little surprised at the direction this took. I do appreciate the time you have taken to respond.

And I have used this time to re-consider my outlook on browser update urgency, but have arrived back where I started.

I am sure this does not apply to everyone, but for my use, habits, exposure, etc... I will probably continue to update every six months or so, or when a notable vulnerability comes to my attention. But for what it is worth, I'll update Firefox and Opera within the next few days - just because :-)

Of course, what will probably happen is that I will be severely compromised in the near future due to a lagging browser version, and it will be the worst exploit possible! If that happens, I'll be honest enough to post it here for my public flogging...

Thanks to everyone.

gezley 07-15-2012 12:38 AM

Quote:

Originally Posted by astrogeek (Post 4728232)
BTW - I also use Opera on occassion - I think I am using 10.x now - thanks for your part with that! Maybe I'll update that while it is on my mind as well - what is the latest?

Opera 12.0 was a beta release in my opinion. Very, very poor. Too many problems to list. Very disappointed but it doesn't happen too often, although rumours about a Facebook takeover of Opera fill me with dread.

Don't bother with version 12.0 - wait until an update comes out.

astrogeek 07-15-2012 12:48 AM

Wow again! Thanks gezley!

Hmmm... this also kind of makes my point about lagging behind in updates, glad I did not automatically update to 12!

Something I have forgotten to say in earlier posts when it crossed my mind - one other reason, the main reason I do not try to stay current with browser releases is that I NEVER auto-update anything, and I ALWAYS try to validate everything front-to-back when I do update. In this context, I have judged that the consequences of too frequent updates are generally worse for me than the risk of less frequent updates.

I have enjoyed almost uninterrupted stability in my systems for so long that I am always reluctant to rock that boat!

Facebook huh? Yea, that would probably end my Opera use. I have the following lines in all my hosts files:

127.0.0.1 facebook.com
127.0.0.1 www.facebook.com

I hope that does not happen...


All times are GMT -5. The time now is 03:12 AM.