LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 07-14-2012, 02:38 PM   #1
astrogeek
Senior Member
 
Registered: Oct 2008
Distribution: Slackware: 12.1, 13.1, 14.1, 64-14.1, -current, FreeBSD-10
Posts: 1,739

Rep: Reputation: 597Reputation: 597Reputation: 597Reputation: 597Reputation: 597Reputation: 597
Testing 1,2,3 - Slackware in User Agent?


In the dim past I added Slackware Linux to my Firefox user agent by adding a string named general.useragent.slackware (and a couple of others) via about:config.

I do not follow Firefox updates closely, but recently updated all my boxen to Firefox 11. But I just noticed that my little blue Slackware icon was missing from recent posts and found that Firefox no longer appended my extra user agent strings...

I found the current answer at http://www.linuxquestions.org/questi...x-11-a-935679/.

This post is a test of my updated user agent - am I officially a Slacker once more?

[EDIT]Ahhhh...[/EDIT]

Last edited by astrogeek; 07-14-2012 at 02:39 PM.
 
Old 07-14-2012, 05:22 PM   #2
ruario
Senior Member
 
Registered: Jan 2011
Location: Oslo, Norway
Distribution: Slackware
Posts: 1,812

Rep: Reputation: 817Reputation: 817Reputation: 817Reputation: 817Reputation: 817Reputation: 817Reputation: 817
You should have upgraded to 13.0.1.
 
Old 07-14-2012, 05:42 PM   #3
wildwizard
Member
 
Registered: Apr 2009
Location: Oz
Distribution: slackware64-14.0
Posts: 755

Rep: Reputation: 226Reputation: 226Reputation: 226
Hmmm wondering when mine broke ...

Should be fixed I hope

<- Checking
 
Old 07-14-2012, 06:02 PM   #4
astrogeek
Senior Member
 
Registered: Oct 2008
Distribution: Slackware: 12.1, 13.1, 14.1, 64-14.1, -current, FreeBSD-10
Posts: 1,739

Original Poster
Rep: Reputation: 597Reputation: 597Reputation: 597Reputation: 597Reputation: 597Reputation: 597
Quote:
Originally Posted by ruario View Post
You should have upgraded to 13.0.1.
Well, 11 was the "latest" when I upgraded - then I began to get "Your browser needs updating!" messages within about a week. That couldn't have been more than a couple of months ago, maybe three, I think.

Frankly, I don't worry about it too much and only "upgrade" when I have some good reason to do so.

BTW - I also use Opera on occassion - I think I am using 10.x now - thanks for your part with that! Maybe I'll update that while it is on my mind as well - what is the latest?
 
Old 07-14-2012, 06:07 PM   #5
astrogeek
Senior Member
 
Registered: Oct 2008
Distribution: Slackware: 12.1, 13.1, 14.1, 64-14.1, -current, FreeBSD-10
Posts: 1,739

Original Poster
Rep: Reputation: 597Reputation: 597Reputation: 597Reputation: 597Reputation: 597Reputation: 597
Quote:
Originally Posted by wildwizard View Post
Hmmm wondering when mine broke ...
HAHA! That's what I thought when I noticed mine was not working, and had to think about it for bit.

Its just something that you don't notice changes after you have set it.
 
Old 07-14-2012, 06:09 PM   #6
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,517
Blog Entries: 2

Rep: Reputation: 4018Reputation: 4018Reputation: 4018Reputation: 4018Reputation: 4018Reputation: 4018Reputation: 4018Reputation: 4018Reputation: 4018Reputation: 4018Reputation: 4018
Quote:
Originally Posted by astrogeek View Post
Frankly, I don't worry about it too much and only "upgrade" when I have some good reason to do so.
I would think that fixed security holes are one of the best reasons to upgrade.
 
Old 07-14-2012, 06:56 PM   #7
astrogeek
Senior Member
 
Registered: Oct 2008
Distribution: Slackware: 12.1, 13.1, 14.1, 64-14.1, -current, FreeBSD-10
Posts: 1,739

Original Poster
Rep: Reputation: 597Reputation: 597Reputation: 597Reputation: 597Reputation: 597Reputation: 597
Quote:
Originally Posted by TobiSGD View Post
I would think that fixed security holes are one of the best reasons to upgrade.
While I am security conscious, it seems to me that any given upgrade is about as likely to introduce some new security hole as it is to fix an existing one. Otherwise, by now there would be very few security holes left!

I think the biggest factor in browser security is how and where the browser is used, not the browser version number.
 
Old 07-14-2012, 07:08 PM   #8
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,517
Blog Entries: 2

Rep: Reputation: 4018Reputation: 4018Reputation: 4018Reputation: 4018Reputation: 4018Reputation: 4018Reputation: 4018Reputation: 4018Reputation: 4018Reputation: 4018Reputation: 4018
Quote:
Originally Posted by astrogeek View Post
While I am security conscious, it seems to me that any given upgrade is about as likely to introduce some new security hole as it is to fix an existing one.
So you mean that it is better to have known but unfixed security holes that to have unknown security holes?

Quote:
I think the biggest factor in browser security is how and where the browser is used, not the browser version number.
That is true, but it doesn't make the other factors disappear.
 
Old 07-14-2012, 07:27 PM   #9
astrogeek
Senior Member
 
Registered: Oct 2008
Distribution: Slackware: 12.1, 13.1, 14.1, 64-14.1, -current, FreeBSD-10
Posts: 1,739

Original Poster
Rep: Reputation: 597Reputation: 597Reputation: 597Reputation: 597Reputation: 597Reputation: 597
Quote:
Originally Posted by TobiSGD View Post
So you mean that it is better to have known but unfixed security holes that to have unknown security holes?
HAHA! Well, when I read that sentence out loud, I almost have to say yes!

But upgrading for security fixes implies that security-wise, each successive release is "better", and that is simply not true. So I stick with what is working, familiar and configured for my use.

I am paranoid about many things, but browser security on a Slackware box is not one of them.
 
1 members found this post helpful.
Old 07-14-2012, 09:05 PM   #10
T3slider
Senior Member
 
Registered: Jul 2007
Distribution: Slackware64-14.1
Posts: 2,248

Rep: Reputation: 625Reputation: 625Reputation: 625Reputation: 625Reputation: 625Reputation: 625
This is the least logical argument I have ever seen. Congratulations.
 
Old 07-14-2012, 09:55 PM   #11
astrogeek
Senior Member
 
Registered: Oct 2008
Distribution: Slackware: 12.1, 13.1, 14.1, 64-14.1, -current, FreeBSD-10
Posts: 1,739

Original Poster
Rep: Reputation: 597Reputation: 597Reputation: 597Reputation: 597Reputation: 597Reputation: 597
WOW! I am sorry that my browser update habits seem to be so upsetting to some of you!

I know the internet is a nasty place, and through this thread I probably seem more naive about security than is the actual case. But what is so illogical about the reasons I have given?

Do you trust Mozilla or anyone else absolutely 100% to improve security with each releaase? No? Yes?

If not, then is there not some logic in being cautious about updates? No? Yes?

Things change and things break with each update - the use of my user agent string for example!

I count 4 releases since my last update no more than 3 months ago. For each of those releases, consider:

1. What immediate vectors-of-harm would each of those updates have saved me from?
2. What new immediate vectors-of-harm would each of those updates have exposed me to?

I say again, how and where I use a browser is the MAJOR security factor, incremental browser version is a relatively minor security factor by comparison (with some acknowledged exceptions).

Like Captain Dallas told Ripley, "I don't trust anybody". So I look after the major items myself, and monitor the minor ones as my own judgement dictates.

I do not jump under the covers when DHS screams "Terrorist!", and I don't auto-update software every time someone says "New and improved!".

It works for me.
 
1 members found this post helpful.
Old 07-14-2012, 11:01 PM   #12
T3slider
Senior Member
 
Registered: Jul 2007
Distribution: Slackware64-14.1
Posts: 2,248

Rep: Reputation: 625Reputation: 625Reputation: 625Reputation: 625Reputation: 625Reputation: 625
It's easy to take a relaxed view of security while nothing happens. When something does happen, then it's too late. The browser is probably the one piece of software that should be kept as current as possible -- it is constantly being exposed to foreign content, containing client-side scripts and document formats that can act as a vehicle for attack. If there is a vulnerability in your browser, simply visiting a website could be enough to cause malicious activity. While such severe vulnerabilities are rare, the longer they go unpatched, the more time is available to really exploit the vulnerability to cause real damage. Every time a vulnerability is patched up, a new route of entry must be identified and re-exploited. It has been said many, many times that security is a process, not a product. It is much easier to produce an exploit based on a known vulnerability than to find an unknown one and exploit it (which requires at least twice the work, and usually more). Malware producers usually rely on poor system administrators that fail to update software -- the easy targets -- rather than trying to find 0-day vulnerabilities. I have personally seen a server (not mine) that was compromised due to unpatched software using a known vulnerability that had been fixed in newer versions. If it had been kept up to date, the server would not have been compromised.

I remember a severe bug in Uzbl (a goofy minimalist webkit browser) that allowed foreign code to be run just by visiting a specially crafted web page. Although most vulnerabilities are not *that* easy to exploit, I cannot believe that anyone could produce the sort of logic in this thread without an element of sarcasm. No one is saying that you are 100% secure when keeping software up to date, but at least the known vulnerabilities should be sealed up. Security is a cat-and-mouse game, and if the mouse just decides to relax and take a break...it won't survive for very long.

[edit] There is a difference between using new, untested software just for the sake of using new, untested software, and using new software because it fixes security vulnerabilities. Many projects offer two lines of support -- new versions with new features and the latest security patches, and old versions that remain functionally immobile but are patched for security vulnerabilities. I don't think Firefox, or any other major web browsers, offer comprehensive security updates for older versions. If they did then maintaining the old version but keeping up with patches would be a viable alternative to keeping 100% current -- but since that is not really an option then it is advised that you keep up with current versions of Firefox even if there is a change in functionality.

Last edited by T3slider; 07-14-2012 at 11:05 PM.
 
1 members found this post helpful.
Old 07-15-2012, 12:16 AM   #13
astrogeek
Senior Member
 
Registered: Oct 2008
Distribution: Slackware: 12.1, 13.1, 14.1, 64-14.1, -current, FreeBSD-10
Posts: 1,739

Original Poster
Rep: Reputation: 597Reputation: 597Reputation: 597Reputation: 597Reputation: 597Reputation: 597
Thanks for your comments T3slider, I did not intend this thread to be anything other than a test of my user agent - and certainly hope I have not seemed argumentative! I have just been a little surprised at the direction this took. I do appreciate the time you have taken to respond.

And I have used this time to re-consider my outlook on browser update urgency, but have arrived back where I started.

I am sure this does not apply to everyone, but for my use, habits, exposure, etc... I will probably continue to update every six months or so, or when a notable vulnerability comes to my attention. But for what it is worth, I'll update Firefox and Opera within the next few days - just because :-)

Of course, what will probably happen is that I will be severely compromised in the near future due to a lagging browser version, and it will be the worst exploit possible! If that happens, I'll be honest enough to post it here for my public flogging...

Thanks to everyone.
 
Old 07-15-2012, 12:38 AM   #14
gezley
Member
 
Registered: Sep 2009
Location: Ireland
Distribution: Slackware64, NetBSD
Posts: 495

Rep: Reputation: 207Reputation: 207Reputation: 207
Quote:
Originally Posted by astrogeek View Post
BTW - I also use Opera on occassion - I think I am using 10.x now - thanks for your part with that! Maybe I'll update that while it is on my mind as well - what is the latest?
Opera 12.0 was a beta release in my opinion. Very, very poor. Too many problems to list. Very disappointed but it doesn't happen too often, although rumours about a Facebook takeover of Opera fill me with dread.

Don't bother with version 12.0 - wait until an update comes out.
 
1 members found this post helpful.
Old 07-15-2012, 12:48 AM   #15
astrogeek
Senior Member
 
Registered: Oct 2008
Distribution: Slackware: 12.1, 13.1, 14.1, 64-14.1, -current, FreeBSD-10
Posts: 1,739

Original Poster
Rep: Reputation: 597Reputation: 597Reputation: 597Reputation: 597Reputation: 597Reputation: 597
Wow again! Thanks gezley!

Hmmm... this also kind of makes my point about lagging behind in updates, glad I did not automatically update to 12!

Something I have forgotten to say in earlier posts when it crossed my mind - one other reason, the main reason I do not try to stay current with browser releases is that I NEVER auto-update anything, and I ALWAYS try to validate everything front-to-back when I do update. In this context, I have judged that the consequences of too frequent updates are generally worse for me than the risk of less frequent updates.

I have enjoyed almost uninterrupted stability in my systems for so long that I am always reluctant to rock that boat!

Facebook huh? Yea, that would probably end my Opera use. I have the following lines in all my hosts files:

127.0.0.1 facebook.com
127.0.0.1 www.facebook.com

I hope that does not happen...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
User Agent string EliasAlucard Linux - General 3 05-15-2012 03:22 AM
user agent icon? gymnart LQ Suggestions & Feedback 4 10-21-2009 09:45 AM
bash: all --user-agent for "wget --user-agent " frenchn00b Programming 1 07-07-2009 05:25 AM
Mail User Agent Discussion trashbird1240 Slackware 2 04-11-2009 04:23 PM
Default mail user agent raananb Linux - Software 1 04-02-2008 04:15 AM


All times are GMT -5. The time now is 05:17 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration