Testing 1,2,3 - Slackware in User Agent?
 

In the dim past I added Slackware Linux to my Firefox user agent by adding a string named general.useragent.slackware (and a couple of others) via about:config.

I do not follow Firefox updates closely, but recently updated all my boxen to Firefox 11. But I just noticed that my little blue Slackware icon was missing from recent posts and found that Firefox no longer appended my extra user agent strings...

I found the current answer at http://www.linuxquestions.org/questi...x-11-a-935679/.

This post is a test of my updated user agent - am I officially a Slacker once more?

[EDIT]Ahhhh...[/EDIT]

You should have upgraded to 13.0.1.

Hmmm wondering when mine broke ...

Should be fixed I hope

<- Checking

Well, 11 was the "latest" when I upgraded - then I began to get "Your browser needs updating!" messages within about a week. That couldn't have been more than a couple of months ago, maybe three, I think.

Frankly, I don't worry about it too much and only "upgrade" when I have some good reason to do so.

BTW - I also use Opera on occassion - I think I am using 10.x now - thanks for your part with that! Maybe I'll update that while it is on my mind as well - what is the latest?

HAHA! That's what I thought when I noticed mine was not working, and had to think about it for bit.

Its just something that you don't notice changes after you have set it.

I would think that fixed security holes are one of the best reasons to upgrade.

While I am security conscious, it seems to me that any given upgrade is about as likely to introduce some new security hole as it is to fix an existing one. Otherwise, by now there would be very few security holes left!

I think the biggest factor in browser security is how and where the browser is used, not the browser version number.

So you mean that it is better to have known but unfixed security holes that to have unknown security holes?

That is true, but it doesn't make the other factors disappear.

HAHA! Well, when I read that sentence out loud, I almost have to say yes!

But upgrading for security fixes implies that security-wise, each successive release is "better", and that is simply not true. So I stick with what is working, familiar and configured for my use.

I am paranoid about many things, but browser security on a Slackware box is not one of them.

This is the least logical argument I have ever seen. Congratulations.

WOW! I am sorry that my browser update habits seem to be so upsetting to some of you!

I know the internet is a nasty place, and through this thread I probably seem more naive about security than is the actual case. But what is so illogical about the reasons I have given?

Do you trust Mozilla or anyone else absolutely 100% to improve security with each releaase? No? Yes?

If not, then is there not some logic in being cautious about updates? No? Yes?

Things change and things break with each update - the use of my user agent string for example!

I count 4 releases since my last update no more than 3 months ago. For each of those releases, consider:

1. What immediate vectors-of-harm would each of those updates have saved me from?
2. What new immediate vectors-of-harm would each of those updates have exposed me to?

I say again, how and where I use a browser is the MAJOR security factor, incremental browser version is a relatively minor security factor by comparison (with some acknowledged exceptions).

Like Captain Dallas told Ripley, "I don't trust anybody". So I look after the major items myself, and monitor the minor ones as my own judgement dictates.

I do not jump under the covers when DHS screams "Terrorist!", and I don't auto-update software every time someone says "New and improved!".

It works for me.

It's easy to take a relaxed view of security while nothing happens. When something does happen, then it's too late. The browser is probably the one piece of software that should be kept as current as possible -- it is constantly being exposed to foreign content, containing client-side scripts and document formats that can act as a vehicle for attack. If there is a vulnerability in your browser, simply visiting a website could be enough to cause malicious activity. While such severe vulnerabilities are rare, the longer they go unpatched, the more time is available to really exploit the vulnerability to cause real damage. Every time a vulnerability is patched up, a new route of entry must be identified and re-exploited. It has been said many, many times that security is a process, not a product. It is much easier to produce an exploit based on a known vulnerability than to find an unknown one and exploit it (which requires at least twice the work, and usually more). Malware producers usually rely on poor system administrators that fail to update software -- the easy targets -- rather than trying to find 0-day vulnerabilities. I have personally seen a server (not mine) that was compromised due to unpatched software using a known vulnerability that had been fixed in newer versions. If it had been kept up to date, the server would not have been compromised.

I remember a severe bug in Uzbl (a goofy minimalist webkit browser) that allowed foreign code to be run just by visiting a specially crafted web page. Although most vulnerabilities are not *that* easy to exploit, I cannot believe that anyone could produce the sort of logic in this thread without an element of sarcasm. No one is saying that you are 100% secure when keeping software up to date, but at least the known vulnerabilities should be sealed up. Security is a cat-and-mouse game, and if the mouse just decides to relax and take a break...it won't survive for very long.

[edit] There is a difference between using new, untested software just for the sake of using new, untested software, and using new software because it fixes security vulnerabilities. Many projects offer two lines of support -- new versions with new features and the latest security patches, and old versions that remain functionally immobile but are patched for security vulnerabilities. I don't think Firefox, or any other major web browsers, offer comprehensive security updates for older versions. If they did then maintaining the old version but keeping up with patches would be a viable alternative to keeping 100% current -- but since that is not really an option then it is advised that you keep up with current versions of Firefox even if there is a change in functionality.

Thanks for your comments T3slider, I did not intend this thread to be anything other than a test of my user agent - and certainly hope I have not seemed argumentative! I have just been a little surprised at the direction this took. I do appreciate the time you have taken to respond.

And I have used this time to re-consider my outlook on browser update urgency, but have arrived back where I started.

I am sure this does not apply to everyone, but for my use, habits, exposure, etc... I will probably continue to update every six months or so, or when a notable vulnerability comes to my attention. But for what it is worth, I'll update Firefox and Opera within the next few days - just because :-)

Of course, what will probably happen is that I will be severely compromised in the near future due to a lagging browser version, and it will be the worst exploit possible! If that happens, I'll be honest enough to post it here for my public flogging...

Thanks to everyone.

Opera 12.0 was a beta release in my opinion. Very, very poor. Too many problems to list. Very disappointed but it doesn't happen too often, although rumours about a Facebook takeover of Opera fill me with dread.

Don't bother with version 12.0 - wait until an update comes out.

Wow again! Thanks gezley!

Hmmm... this also kind of makes my point about lagging behind in updates, glad I did not automatically update to 12!

Something I have forgotten to say in earlier posts when it crossed my mind - one other reason, the main reason I do not try to stay current with browser releases is that I NEVER auto-update anything, and I ALWAYS try to validate everything front-to-back when I do update. In this context, I have judged that the consequences of too frequent updates are generally worse for me than the risk of less frequent updates.

I have enjoyed almost uninterrupted stability in my systems for so long that I am always reluctant to rock that boat!

Facebook huh? Yea, that would probably end my Opera use. I have the following lines in all my hosts files:

127.0.0.1 facebook.com
127.0.0.1 www.facebook.com

I hope that does not happen...

I'm using this User-Agent string:

Seems to work here, and tries to conform with https://developer.mozilla.org/en/Gec...ring_reference .

Though as the referenced URL says, it may be better to put the Slackware parts in a custom HTTP header upon sending requests.

I've now installed a Useragentswitcher in google-chrome...

Markus

Now another test...

[edit]still not working[/edit]

Markus

I think this is testament to the view most LQ members hold, which is to look beyond the members questions for other concerns. And for good reasons I see.


As always if you're not able to get a clear picture on vulnerabilities then it would be easy to look up a products CVE entries:
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=chrome
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=opera

and if you're not able to judge the impact of vulnerabilities and fixes over time take a look at the numbers:
http://www.cvedetails.com/product/15...vendor_id=1224
http://www.cvedetails.com/product/32...?vendor_id=452
http://www.cvedetails.com/vendor/1961/Opera.html

then drill down to where year equals 2012 and CVSS score equals-or-greater 9:
Chrome: 2012: total number of vulnerabilities: 26
Firefox: 2012: total number of vulnerabilities: 19
Opera: 2012: total number of vulnerabilities: 3

While there are provisions to be made for disclosure of bug tracking information, even without completely up to date information it should become clear that when it comes to vulnerabilities some browsers are created more equal than others.


If you can't quantify and won't clarify then I call that spreading FUD. So please do, please be as verbose as possible and please make a distinction between security issues, major usability issues crippling functionality and minor nuisances.



@All: if you want to test your UA then as you can see the last UA testing thread was in the /General forum: http://www.linuxquestions.org/questi...-issue-745067/ and that is where such threads belong. However there really is no reason to pollute LQ with this as you can easily test your UA elsewhere:
http://browserspy.dk/useragent.php
http://www.zytrax.com/tech/web/browser_id.shtml
or use any publicly accessible /env.cgi URI,
TIA

Thanks for providing the link to the testthread in General, I've now bookmarked it.

I'm aware that there are several sites where I can check my useragent, but I was not aware that the useragentswitcher sets the UA for every tab. Sorry for polluting the forums.

Markus

The latest 12.00. Though I should point out that 10.x tells me very little. We released 8 versions of 10 (10.00, 10.01, 10.10, 10.11, 10.60, 10.61, 10.62 and 10.63). Some of these changed significantly. It is not unusual for an Opera .1 release to be a far bigger update than a major release of other browsers. Out small/security releases are those which bump on the second minor number. The 10.XX series also included the biggest change that the *nix version has ever experienced. Between 10.11 and 10.60, not only did we include a truly massive update to our rendering engine (including a brand new JavaScript engine, Carakan) we rewrote most of the interface and stripped out our Qt dependency.

Unfortunately I have to completely disagree with you on this. Whilst I'll agree that updates often introduce new bugs (hard to avoid given that browsers are horribly complex, e.g. Opera is many millions of lines of code), I don't have a single doubt in my mind that Opera 12.00 is more secure than any of our browsers from the 10.x line. If you think otherwise perhaps you should have a look at what we actually fixed in terms of security issues between now and then.


Security fixes for 10.01:

http://www.opera.com/support/kb/view/938/
http://www.opera.com/support/kb/view/939/

Security fixes for 10.10:

http://www.opera.com/support/kb/view/941/
http://www.opera.com/support/kb/view/942/
http://www.opera.com/support/kb/view/943/

Security fixes for 10.11:

http://www.opera.com/support/kb/view/955/

Security fixes for 10.60:

http://www.opera.com/kb/search/view/944/
http://www.opera.com/kb/search/view/958/
http://www.opera.com/kb/search/view/959/
http://www.opera.com/kb/search/view/961/

Security fixes for 10.61:

http://www.opera.com/support/kb/view/966/
http://www.opera.com/support/kb/view/967/
http://www.opera.com/support/kb/view/968/

Security fixes for 10.63:

http://www.opera.com/support/kb/view/971/
http://www.opera.com/support/kb/view/972/
http://www.opera.com/support/kb/view/973/
http://www.opera.com/support/kb/view/974/
http://www.opera.com/support/kb/view/976/

Security fixes for 11.00:

http://www.opera.com/support/kb/view/977/
http://www.opera.com/support/kb/view/979/
http://www.opera.com/support/kb/view/981/
http://www.opera.com/support/kb/view/999/

Security fixes for 11.01:

http://www.opera.com/support/kb/view/982/
http://www.opera.com/support/kb/view/983/
http://www.opera.com/support/kb/view/984/
http://www.opera.com/support/kb/view/986/

Security fixes for 11.10:

http://www.opera.com/support/kb/view/1001/

Security fixes for 11.11:

http://www.opera.com/support/kb/view/992/

Security fixes for 11.50:

http://www.opera.com/support/kb/view/1006/
http://www.opera.com/support/kb/view/995/
http://www.opera.com/support/kb/view/996/

Security fixes for 11.51:

http://www.opera.com/support/kb/view/1000/

Security fixes for 11.52:

http://www.opera.com/support/kb/view/1002/

Security fixes for 11.60:

http://www.opera.com/support/kb/view/1003/
http://www.opera.com/support/kb/view/1004/
http://www.opera.com/support/kb/view/1005/

Security fixes for 11.61:

http://www.opera.com/support/kb/view/1007/
http://www.opera.com/support/kb/view/1008/

Security fixes for 11.62:

http://www.opera.com/support/kb/view/1010/
http://www.opera.com/support/kb/view/1011/
http://www.opera.com/support/kb/view/1012/
http://www.opera.com/support/kb/view/1013/
http://www.opera.com/support/kb/view/1014/
http://www.opera.com/support/kb/view/1015/

Security fixes for 11.64:

http://www.opera.com/support/kb/view/1016/

Security fixes for 12.00:

http://www.opera.com/support/kb/view/1018/
http://www.opera.com/support/kb/view/1019/
http://www.opera.com/support/kb/view/1020/
http://www.opera.com/support/kb/view/1021/
http://www.opera.com/support/kb/view/1022/

That would seem to make sense but it simply isn't true. All of the browsers have to move forward and add new code all the time, as we add support for new standards. Sure, we could say "hey let's forget about HTML5" but in reality if we did this our user base would drop to nothing within a year or two and we would be considered irrelevant and quite likely out of business.

Then I think you are making a truly serious mistake. The browser is probably the single biggest attack vector for those wanting to cause harm to your PC when using it in a desktop configuration. By navigating to any given website, you are instructing the browser to render completely unknown code on your machine. When else do you just download random code, run it (without checking it) and just hope for the best? Add to that the complexity of the HTML and JavaScript standards and it is no wonder that all of the browser manufacturers are pushing out updates on a very regular bases.

To me, for a machine configured for desktop use, ensuring your browser(s) are up to date and running supported versions is more important than just about anything else.

Keep in mind that with any given release there will be some breakage. I wish this wasn't true but sadly it is. Often, specifically for security reasons we have to push a browser out sooner than we would ideally like. We can't and won't just leave our users with an insecure environment. However, with any code change you always introduce the chance of making something else worse.

Rather than say that 12.00 is worse, I would argue it is worse for you but better for many other users because some bug or other that affects you may not have any impact on another user (or may be relatively minor). It really depends on how you use your browser day to day and what sites you visit. What problems are you facing exactly? It would help if you listed them and I can then make sure we are aware of them and working to fix them.

I may also be able to give you a work around or link you to a development build that fixes the issue(s).

Getting back to astrogeek. If I were you I would try 12.00. You might find it works for you, even if that was not gezley's experience. If you are truly concerned about breakage, back up the ~/.opera directory. This stores your profile. That way if 12.00 causes you issues, you can always downgrade and not have to worry about your profile being upgraded into a new format that is not supported by older Opera releases. I would also add that if 12.00 does not work for you, consider using the most recent version you can and read the security links I sent you above to see which, if any, you can work around. If they seem too severe and not something you can work around, I would personally prefer you used an up to date rival browser than take a risk. In that case however I would ask that you report any issues you had with 12.00 and be kind enough to consider Opera again in the future when these are resolved.

Regarding facebook. It is a rumour at this stage. Nobody has confirmed anything. Sure it could happen but you shouldn't base decisions at this stage on rumours. Wait and see. Otherwise I could start a rumour that PatV was going off to work for Canonical and cause havoc in the Slackware community. :P

Back on topic. For Opera you would insert Slackware in opera:config#ISP|Id, then click save and restart.

Thanks Ruarí (Irish name?): this isn't the place but I'll mention two briefly. First, starting up offline - I get a dialog-box flood asking me if I want to go online for each tab I had open in the last session. I usually start up with multiple (too many to count) tabs so as you can imagine this one is driving me nuts. Second, the status bar randomly appears half-way up the web page!
And the move from skins to themes didn't appeal to me either.
LOL! True, but look what happened Nokia after that ex-Microsoft guy took over! I do wish corporate America would resist the urge to buy out all those niche products they're not able to develop themselves. I would HATE to see Opera lose its distinctive identity and become just another bland browser.

Thanks to everyone who replied - I'll respond to things that come to mind here in order to not generate many more posts.

BTW - I am writing this through my new, improved, updated Firefox 13.0.1 browser! I hope they do not release another one later today! ;)

@unSpawn - Thanks for the helpful response and the cve links and "how-to" tips. One problem with chasing browser updates is that I neither know nor for the most part understand what actual threat many of the vulnerabilities represent. As such, I am back in the boat of having to implicitly 100% trust the browser makers to absolutely improve with each version - a mental leap that I cannot make! Hence... see my previous comments... I'll try to learn to make effective use of the cve data within my available time.

@ruario - Thanks for the thoughtful and in depth reply, and the links on Opera updates. I will put as much effort into reviewing it as it must have taken for you to write it! I am interested to see the new javascript and rendering engines in Opera and will give 12.0 a try. I have always liked opera on some level, but never found it suitable for my primary browser for whatever reason. My main use of it has been to validate UI implementations on various projects. Perhaps Opera 12 will reset my perspective - I'll let you know!

I also would like to "correct" a comment I made earlier, about not being concerned about browser security on a Slackware box. That made it seem that I think the somehow Slackware magically protects against browser vulnerabilities, and is certainly not the case!

What I had in mind when I typed that line was something like, "After all, this is NOT Internet Exploder on Vista! This is Firefox on Slackware!". While I think that is a very important distinction, it is not really relevant to the current discussion - apologies.

Thanks to all who replied! In future, I'll try to update my browsers in a manner worthy of the name, "Slacker"!

At the very least, I will never again mention my browser version in a casual post! :doh:

Here I go again...

Testing my user agent from my shiny new Opera 12.0 browser...

[EDIT]
Looks like it worked!

Thanks ruario. I installed using SBo script (on Slackware 12.1).

I like the improved rendering but find a few things a little confusing on first look. I just need to find my way around.

Loaded my Firefox bookmarks - is there a way I can put those one-click away instead of down the Menu >> Bookmarks >> Firefox Bookmarks >> Bookmarks tree?

The Opera menu icon upper left corner seems to be cut off by my window title bar too. Not sure if that is intended.

But first impression overall is OK! Thanks.
[/EDIT]

I use the old school menu bar so then it's just ALT+B or clicking on "bookmarks". You can also use CTRL+1 (panel, focus bookmarks) but that view isn't as useful to me as ALT+B. Then there's the "manage bookmarks" CTRL+ALT+B key combo and if that ain't enough you are free to bind any key combo you can come up with to make Opera show bookmarks.

There are some really nice features native to Opera but you have to dig around to find them. Here's one of my favourites: go to a website - slackbuilds.org, for example. Right-click inside the search box and "Create search ... " Give the search a name and a shortcut - sb, for example. Now you can search slackbuilds directly from any web page, or you can put the search box in your bookmarks bar. Another feature which comes in handy with some of the barely-legible websites around is accessibility layout. Another great feature is mouse navigation - press left shift and navigate through links on the page with the arrow keys.

I'm sure you can do all of this with other browsers if you get plugins but to my mind plugins are a security risk. Who knows what vetting goes on?

At least the custom searches are native to Firefox/Seamonkey also (quite handy in conjunction with Pentadactyl).

Ok - just a test from 11.64

I too have had issues with Opera 12.0, and it's a shame, because otherwise it would be my default browser on my netbook. The most irritating thing is that the way it positions page elements seems off to me. For instance, in the LQ Slackware forum main page, the titles of the threads are all squashed up on the left and the "Main Menu" and "My LQ" boxes on the right take up a full third of the page. In Firefox, they are nice little small side panels the way I think they should be. If there were a way to change that, I would certainly like to know.

Also, my theme downloads will not complete, which is a minor annoyance.

I also have ads on LQ while logged in on Opera, which I don't on Firefox.

That describes what I am looking for. I had the bar showing but it was not obvious how to add a "bookmarks" option to the bar - but I got it now!

I added a dark theme to fit my Fluxbox desktop theme and have it mostly looking and working the way I want.

While I have your attention: Can I disable the "Speed dial" stuff when I open a new tab? Just an empty tab or some sensible default would be nice. And switch to new tab automatically...

I also have a problem with one site I use frequently giving me their mobile page by default, but that is probably a bad configuration on their end.

My user agent looks strange to me: Opera/9.80 (X11; Linux i686; U; Slackware; en) Presto/2.10.289 Version/12.00
Opera/9.80? Although it says Version/12.00 to the right this looks odd. But not causing any problems I am aware of.

I might grow to like this... thanks!

I definitely agree there! I generally avoid browser plugins, but use FlashBlock and Oldbar in Firefox.

Just to be awkward... ;)

I'd advise against adding any superfluous information to your user agent string. Ultimately the only thing web developers need to know is the name and version of the rendering engine your browser's using, so they can serve you a page that'll be displayed correctly. The aim is to make it as difficult as possible for attackers to footprint your machine - by revealing the operating system you're using, it allows them to make assumptions about other software installed on your machine. Granted, on Slackware it's more difficult because it's unlikely that two installations will be identical, but leaking as little information as possible is a good habit to get into, in the same way that portscanning your own machine and disabling unused services is a good habit to get into.

Incidentally, this is one reason I don't like the .NET Framework browser extension on Windows, because it does things like this to the user agent string (this example taken from What's My User Agent? five minutes ago):

Instantly you know that this person's using a beta version of the .NET Framework 1.1, which is vulnerable to a whole host of attacks. (I think the JRE used to modify the user agent string too - thankfully it doesn't any more.)

Don't make their lives easy. ;)

Bit late, haven't been following replies. Location bar > "opera:config" > enter "Speed Dial State" in the search box. Values:
0 = Folded ("Show speed dial" message)
1 = Normal view
2 = ReadOnly (as in kiosk mode with -kioskspeeddial)
3 = Disabled (as in kiosk mode)


ALT+P (or "Menu bar > Tools > Preferences") > Advanced > Tabs > tick "Open new tab next to active".


Could submit it to Opera? They're always on the lookout for potential problems.


As long as it says "Version/12.00" it's OK. Maybe ruario knows what the "Opera/9.80" stands for.

Thanks unSpawn! No problem, I was content to let this thread fade away...

I think I found most things (except Speed Dial - Thanks for that!).

The site that gives me the mobile page is a private site that requires login, but I have contacted them about it.

FWIW - I have actually been using Opera 12 for much of my normal online activity the last few days and like it very much! Once I got the tool bars, bookmarks and fonts set up it began to work my way!

This is the first time that I have been able to use Opera all day without hitting some snag or other! Thanks to all, especially ruario, I have been reading his posts for some time!