Linux kinda sucks. There's many reasons (some you can read at The Linux Haters Blog and Why Linux Sucks), but for me it's always been firefox. Everyone claims it's just the best browser ever, but I think it's possibly worse than Internet Exploder.
First there's the memory issues. Since about version 2.0, firefox has been incredibly bloated and slow, introducing god knows what under the covers to soak up as much RAM as possible and eventually stop working. It was so bad for a while they had official notices of when the new versions would come out to fix this persistent issue. To this day you cannot browse around a few websites without 500 megs worth of shit clogging up your system.
Then there's the cpu. Try viewing 3 or more myspace band profiles in a recent firefox on a 3GHz Pentium 4 without it slowing down your whole system. (My load average soars up to 4 or 5 at least) Opera with the same pages loaded is much more manageable, and the same goes for most websites with flash audio and video. Is Opera doing some mystical incantations to make flash faster? I doubt it.
Today was the final straw. My system was left completely immobile by firefox (3). I opened a webpage and the VM went berserk, sucking up all available memory and swapping until the system was completely unresponsive. I rebooted instead of waiting around for the OOM to realize the system was fucked and kill the erroneous process.
To (hopefully) prevent this from happening again I have done the only thing I could think of to still use a halfway-decent browser while not blowing up my box: install an old version. I downloaded and packaged the 0.8 release of firefox (really still phoenix at that point) *without gtk2 or xft support* and the 1.0.8 release of firefox. I also have the latest version (3.0.8) on stand-by if I reeeally need a webpage which is Web 2.0-only, but so far only facebook has required it, and facebook sucks. /usr/bin/phoenix will point to 0.8 and /usr/bin/firefox-old/firefox-1.0.8 will point to 1.0.8, while /usr/bin/firefox goes to 3.0.8.
This should work for most cases as firefox 0.8 still uses the $HOME/.phoenix directory for user settings while 1.0.8 uses $HOME/.mozilla. I should really recompile 1.0.8 with a new user settings directory so I can use firefox 3.0.8 without worrying about clobbering old files in .mozilla, but i'm going to wait it out and see what happens. Alternatively I could run them in a chroot jail or just use the newest release of Seamonkey or the debian-inspired really-truly-free version of firefox.
The end result is fantastic. Firefox 0.8 page rendering times scream and the user experience is incredibly snappy and responsive (as a gtk1 app should be). Using firefox 1.0.8 is much the same as firefox 3, but it is noticeably faster at page rendering and much snappier in general use. "Modern" pages such as yahoo! mail work just fine, with only one or two minor page errors (which really could have been avoided with a better design choice).
My browser probably resembles swiss cheese from a security standpoint, but i'm willing to take the risk of someone exploiting my desktop to steal my incredibly sensitive camera photos that didn't make it onto my facebook. Lord knows the hacker underground has been after my flickr account's session cookies for years.
(psst... don't try looking for archived releases on Mozilla's main page. you'll have to dig through the ftp to find them: ftp://ftp.mozilla.org/pub/firefox/releases/)
I'm a hacker and IT worker, and this is where I muse about broken enterprise networks, broken code and weird security holes (among other things)
Friday, April 3, 2009
Wednesday, April 1, 2009
some tricks to stay hidden
[1] If you're in a shell and typing some commands which you don't want to be preserved in your .bash_history, just run "kill -9 $$" when you're done with your shell. The parent process (shell) will be killed and not write anything to the .bash_history file.
[2] You want to log on to a box and use it interactively but don't feel like being monitored in the wtmp, use "ssh -v -T user@host" to log in. The verbose will tell you once you've successfully logged in. Now run 'last | head -n 5'. Your current login should not show up in the list. (Your login will probably still be logged by sshd in a separate file, but it's less noticeable)
[3] Encrypt your shell scripts: http://blogs.koolwal.net/2009/01/20/howto-encrypting-a-shell-script-on-a-linux-or-unix-based-system/
[3.1] Also use my script: http://themes.freshmeat.net/projects/encsh
[4] Encrypt all the files in a directory with cryptdir(1).
[2] You want to log on to a box and use it interactively but don't feel like being monitored in the wtmp, use "ssh -v -T user@host" to log in. The verbose will tell you once you've successfully logged in. Now run 'last | head -n 5'. Your current login should not show up in the list. (Your login will probably still be logged by sshd in a separate file, but it's less noticeable)
[3] Encrypt your shell scripts: http://blogs.koolwal.net/2009/01/20/howto-encrypting-a-shell-script-on-a-linux-or-unix-based-system/
[3.1] Also use my script: http://themes.freshmeat.net/projects/encsh
[4] Encrypt all the files in a directory with cryptdir(1).
Subscribe to:
Posts (Atom)