On Tue, Mar 2, 2010 at 11:44 AM,  <trustlevel-two@yahoo.co.uk> wrote:
quoted text
> Hey all
>
> Please don't dismiss me because what I have been doing is unsupported
untill
quoted text
> you've read a little, I do realise you do far too much for too little as it
is
quoted text
> and when I make enough money I'll hopefully become a donator and regular
> merchandise/cd buyer.
>
> Whilst the subject of firefox on current is covered and I understand to a
> reasonable degree why firefox only has the bugfixes in current when the
tree
quoted text
> is open and don't have the time right now to look into backporting which I
> imagine will be rather difficult for such a large port especially in
meeting
quoted text
> ports standards. I feel the info currently in the mailing list archives
could
quoted text
> be more complete to enable me and others to make more educated decisions.
>
> I've been running stable and have had the current firefox running seemingly
> without problems (may be for months at a time and then obviously it will
break
quoted text
> at some point and you upgrade and then it may be days, weeks or if your
lucky
quoted text
> months before the build breaks and dependencies go too far out of sync.
>
> I imagine the answer is to install stable keep going for as long as
possible
quoted text
> untill firefox breaks get a snapshot and test it. Upgrade to that snapshot
> when needed and install the latest firefox port. Or just sync with current
> every month and make a backup before upgrading.
>

As I understand it stable is just something for people/companies which
need something which is not changing a lot during time or have some
type of "support". And from 4.6 there are security updates for ports.
Anyway target of stable are mostly servers. You are using Firefox and
so on and it's not needed on server so you have laptop/desktop and
then use current/snapshots as stated in FAQ :

It is worth pointing out that the name "-stable" is not intended to
imply that -current is unreliable. Rather, -current is changing and
evolving, whereas the operation and APIs of -stable are not going to
change, so you shouldn't have to relearn your system or change any
configuration files, or have any problem adding additional
applications to your system.

In fact, as our hope is to continually improve OpenBSD, the goal is
that -current should be more reliable, more secure, and of course,
have greater features than -stable. Put bluntly, the "best" version of
OpenBSD is -current.


quoted text
> B  B 
========================================================================
quoted text
> ===
>
> I do have a few questions however.
>
> How much security would you lose by using say the opera linux browser or
linux
quoted text
> firefox and installing the linux libs keeping an eye on libc6 vulns and
others
quoted text
> compared to the openbsd firefox with pro police patches etc. How often
might
quoted text
> these patches protect you from current vulnerabilities in firefox, usually
in
quoted text
> javascript so I imagine not often, but then you can just just turn jscript
> off?. I currently disable linux support when I don't intend to use it. It's
> quite a good feeling, reading the latest vulnerability measures or
stability
quoted text
> problems knowing you avoided it through a necessity policy. ipv6 + pf
springs
quoted text
> to mind of many. (happens far less on OpenBSD of course but just using
OpenBSD
quoted text
> gives that feeling when reading about Linux :)

Why to do that? What's wrong with Firefox from packages?


quoted text
>
> Does anyone have any info about the Miros mirzilla firetapir port which is
> said to build for openbsd and kept upto date??? Searching shows up nothing
but
quoted text
> a few Miros pages and it's not installed on their livecd, which wouldn't
boot
quoted text
> anyway. I also tried to find what the dispute between Theo and the Miros
> project leader was but Couldn't find much.

Actual Firefox is 3.5.7 in current. It's quite up-to-date and there
are other things which are protecting you in case of problems. See eg.
http://homepages.laas.fr/matthieu/talks/openbsd-h2k9.pdf

quoted text
>
> What browser (perhaps a simple open source one) would you use for important
> stuff fullstop or whilst firefox has vulns. I know this question has been
> asked before so have there been any new ones come on the block. Dillo w3m
and
quoted text
> lynx seemed popular on the lists. I'm sure I installed a graphical w3m but
> haven't really tried it yet.

Lynx with improvements from OpenBSD which is in base if you need to
find quickly some text informations. For GUI Firefox with AdBlock,
NoScript and so on or in
Private Browsing mode. Still all of this is useless in some cases
https://www.eff.org/deeplinks/2010/01/tracking-by-user-agent which you
can check here http://panopticlick.eff.org/ . In fact it's worse for
you if you use OpenBSD and some modified browser without Flash and so
on because then it's more easy to detect who you are. Same principle
is in China. They don't need to know what's in encrypted traffic from
disident. They just need to know that someone from this IP is sending
encrypted traffic to this IP and then they have you. If you are using
widely deployed stuff they there is better chance that you can hide in
crowd.


quoted text
>
> What's the most secure way of running java support occassionally within a
> browser on openbsd and making sure it is disabled for the rest of the time.
>

It's Java so tweak its settings and if you don't need it then turn it off.


quoted text
> Does anyone have any tips on getting good rendering speed in browsers on
> graphic laden sites. I read on this list that now the ati driver has been
open
quoted text
> sourced it is quite decent on openbsd. I'm guessing that doesn't include
older
quoted text
> ati graphics chips in old laptops?

AdBlock, FlashBlock, NoScript in Firefox to cut the crap like ads and
similar stuff.

quoted text
>
> I thinks that's more than enough questions now, Thanks for your time
> KeV
>
>



--
http://www.openbsd.org/lyrics.html