im and video support

[dennky]

I install pidgin from updated port with cvsup and got pidgin 2.5.9. On the official site current version is 2.6.5. Is this 2.5.9 ok ? And i don't have video support for web camera. How to install that or so any other im who have video support?

[jggimi]

Quote:

Originally Posted by dennky

I install pidgin from updated port with cvsup and got pidgin 2.5.9. On the official site current version is 2.6.5. Is this 2.5.9 ok ?

Read FAQ 15.4.2.

Quote:

And i don't have video support for web camera. How to install that or so any other im who have video support?

Read FAQ 15.4.3. and 15.4.4.

If your web cam is supported by the kernel -- see the dmesg(8) man page -- it is possible that a camera capable application such as net/amsn can use it. As far as I know, Pidgin does not work with web cams.

[ocicat]

Quote:

Originally Posted by dennky

I have firefox 3.0.11 installed from ports but current version firefox-3.0.17 that there are a few security patches.

Firefox 3.5.7 is available to OpenBSD -current users. With the issues you have experienced, it is not advisable for you to move to -current. Nevertheless, this is an option. -current users are expected to understand the material in the FAQ, & have the skill set needed to run software which still has rough edges.

Quote:

Ok but do you think that the applications installed from openbsd ports secure?

Security is not a binary condition. Running the latest version does not instantly make one "secure". In fact, you may not even be "more secure". You should look at the entire environment in which you are connected to the Internet -- client system, firewall, & ISP -- and assess everything together. Fundamentally, "security" means managing & accepting the risks currently in place. Singling out only the browser & stating to yourself, "I've got to be running the latest browser, & then I will be secure!" without understanding what your ISP is doing, & controlling what reaches your home network with a firewall is not understanding security at all.

You are also advised to read Section 15.1 of the FAQ.

[dennky]

You are right for all, but on http://openports.se/www/mozilla-firefox there are a port 3.17. Why don't update with cvs -q -d anoncvs@someserver:/cvs up -r OPENBSD_4_6 -Pd?

[jggimi]

Read FAQ 15.4.1. Please.

[dennky]

The ports for stable and release is same ports updated with cvs -q -d anoncvs@someserver:/cvs up -r OPENBSD_4_6 -Pd only if i use current i have opportunity to use the latest ports?

[BSDfan666]

Stable ports have been reintroduced, packages will surface eventually.. at this time though, newer versions of mozilla-firefox/firefox35 are only available on -CURRENT.

There have been -STABLE security updates for pidgin, but no new features.

Support for audio/video in pidgin will not occur until after 4.7, the tree is in soft lock mode.. not major changes are likely to happen.

[ocicat]

Quote:

Originally Posted by dennky

only if i use current i have opportunity to use the latest ports?

Per Section 5.1 of the FAQ:

Quote:

Most users should be running either -stable or -release.

As cautioned before, users of -current are expected to have sufficient experience such that they can deal with the volatility and rough edges found when running development code which has not formally been released.

-current users are expected to have the experience and ability to study the manpages to resolve their own problems. Understanding the information found in the FAQ is considered necessary knowledge.

It is not recommended that you run -current at this time.

[dennky]

I successfully installed OpenBSD 4.6 release and update to stable and works very well. One reason was pf. I can not believe that is my version in ports firefox 3.11 and not 3.17. I know that the latest versions can be used only in current 3.5.7 but the 3.17 is old version and patched http://www.mozilla.org/security/known-vulnerabilities/firefox30.html. Do i maybe did not pretty well update ports? Are in your ports version 3.11 or 3.17?

[jggimi]

Quote:

Originally Posted by dennky

...I can not believe that is my version in ports firefox 3.11 and not 3.17...

The FAQ says:

Quote:

15.4.2 - The latest version of my Top-Favorite-Software is not available!
If you are using a release or stable version of OpenBSD, you will not find any package updates until the next release, or until security issues occur which justify an update of the port in the -stable branch, and of the corresponding package.

4.6-Release was built in early July, and heavily tested before its publication and release 18 October, two weeks ahead of schedule. Firefox 3.5, added to the tree 30 June, and Firefox 3.0.11, added to the tree June 11, are the -release and -stable versions of Firefox for OpenBSD.

Quote:

. I know that the latest versions can be used only in current 3.5.7 but the 3.17 is old version and patched http://www.mozilla.org/security/know...firefox30.html. Do i maybe did not pretty well update ports? Are in your ports version 3.11 or 3.17?

Newer releases of Firefox have not been deemed worthy of inclusion in -stable by the port maintainers.

As a -stable user, you should be using 3.11 or 3.5. If this is unacceptable, you have four choices:

1. Build your own port of a newer Firefox. Realize that if you do so, you are running unsupported. That means, on your own. There is no guarantee you will be able to get a port working, and to be honest, no users here will be very interested in helping you. Reread 15.4.1 and 15.4.2 several times, and if you insist, read all of FAQ 5 and FAQ 15. Carefully. Based on the questions you have posted to this forum, I think it might take you many months of trial and error.
2. Run -current. As Ocicat has mentioned, you likely do not have the skills to do this. Yes, you could install a snapshot, but it is the management of ports and packages that may not be in sync with the snapshot that will probably be beyond your skills to manage.
3. Post an extremely polite request to the ports@ mailing list, asking that a -stable port/package of a newer Firefox be developed for you. This is unlikely to work, but you could try.
4. Use a different OS.

[dennky]

Thanks for the detailed reply. I now see one picture of OpenBSD but when read i see another. As a priority of OpenBSD is security and that prove their projects. But if i use OpenBSD in secure network and have application who is old that can be insecure. Do you think so? Now I'm confused what got when update ports? Do openbsd developers think that the 3.11 version secure to use or not have time to update ports to secure version?

[jggimi]

Quote:

Originally Posted by dennky

... I now see one picture of OpenBSD but when read i see another....

You are misreading, or misinterpreting, or misunderstanding OpenBSD and its goals.

Quote:

... As a priority of OpenBSD is security and that prove their projects.

Let us go through OpenBSD's goals, together, shall we? These are listed in detail at http://www.openbsd.org/goals.html, and I have highlighted what I think you misunderstand:

• Provide the best development platform possible.
• Integrate good code from any source with acceptable copyright....We strive to make our software robust and secure.
• Pay attention to security problems....Try to be the #1 most secure operating system.
• Greater integration of cryptographic software.
• Track and implement standards.
• Work towards a very machine independent source tree.
• Be as politics-free as possible.
• Focus on being developer-oriented in all senses.
• Do not let serious problems sit unsolved.
• Provide a good cross compile/development platform.
• Import external packages with minimal modifications.
• Make a CDROM-based release approximately every six months.

Note the goal of a secure OS. There is no attempt here to create a secure graphical workstation with any 3rd party program, Firefox included. Only what is delivered by the OpenBSD Project directly is audited and tested for security.

If you read about the ports tree in FAQ 15, you will learn that -none- of these 3rd party applications are audited for security by the Project. Ever. The only time one of these programs gets such an audit is when it is added to the base OS. In which case, it is no longer a 3rd party product, but instead, is part of the OS delivery.

If you spend any time at all reading about Firefox and its history in either the ports@ and misc@ mailing list archives, you will see that the general consensus of the Project's developers is that they consider Firefox to be a poorly architected, insecure application. Any release of it, new or old.

Quote:

...But if i use OpenBSD in secure network and have application who is old that can be insecure. Do you think so?

You are confusing "newer release" with "more secure release". That is rarely the case. Newer versions of software may correct known problems, but they usually also introduce new ones.

As for Firefox, I am generally in agreement with the developers of OpenBSD. I don't believe Firefox can be made secure, at any release. However, one can mitigate the risks and limit the possible extent of damage, through careful network and workstation administration.

Quote:

Now I'm confused what got when update ports? Do openbsd developers think that the 3.11 version secure to use or not have time to update ports to secure version?

I believe the effort is not easy, due to the level of backporting of dependent ports that would be required. See this thread about making a -stable port for 3.0.13, and the effort required. Note carefully the comments from Martynas, he is the lead port maintainer for Firefox.

http://marc.info/?t=125105961900002&r=1&w=2

As for running insecure applications on a secure OS, see what the developers have to say in the ports@ archives yourself, and draw your own conclusions. For example, note this comment about insecure applications, including Firefox, from developer Stuart Henderson:

http://marc.info/?l=openbsd-ports&m=123840240926907&w=2


Dennky, the more work you do to try to understand the OpenBSD Project, the less you will ask these cultural questions here, and then be dissatisfied with the answers and need repeated clarifications.

[ocicat]

Quote:

Originally Posted by jggimi

• Import external packages with minimal modifications.

Per Section 15.1 of the FAQ:

Quote:

The packages and ports collection does NOT go through the same thorough security audit that is performed on the OpenBSD base system. Although we strive to keep the quality of the packages collection high, we just do not have enough human resources to ensure the same level of robustness and security.

dennky, please take the time to study the FAQ in its entirety. The continued frustration you are exhibiting comes from not understanding the information that is freely available & created specifically for newcomers.

[jggimi]

For goals, though, the external packages being referenced are all of the integrated components from other development projects, outlined in FAQ 1.8. The goal is minimal change, though many of these integrated components have significant enhancements. Examples: GCC (ProPolice), Apache (default chrooting, priv revocation), BIND (chroot operation), lynx (https). The goal is minimal modification. However, even when there are major enhancements, the overriding goal is to allow the basic configuration files to be imported from similar systems without change -- an operational similarity, to minimize admin difficulties.