[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Tunnel iceweasel?

Hash: SHA1

Joost Witteveen wrote:
> On 24/03/2008, Douglas A. Tutty <dtutty@porchlight.ca> wrote:
>> On Mon, Mar 24, 2008 at 11:46:56AM +0100, Joost Witteveen wrote:
>>  > On 23/03/2008, Rich Healey <healey.rich@gmail.com> wrote:
>>>>         I'm trying to tunnel an iceweasel instance via ssh from one
>>  > >         of my boxes at my house to remember the name of an add-on i
>>  > >         installed.
>>  > >
>>  > >         The problem is that i create a ssh session (ssh -XC
>>  > >         ssh.psychotik.info), login and run iceweasel at the bash
>>  > >         prompt, which takes forever, but then finally *opens a local
>>  > >         iceweasel!!!*
>>  >
>>  > I suppose that iceweasel -P uniqueprofilename would do what you want?
>>  >
>>  > Also, it's *much* faster use vnc (tunnel through ssh): on the remote
>>  > host, start: vnc4server on your localhost, start (and login to) ssh -L
>>  > 5900:server:5901 server
>>  >
>>  > and then on the localhost (different window) vncviewer localhost:5900
>>  >
>>  > The 5901 portnumer is assuming the vncserver opens a X11 screen on :1.
>>  > When I start epiphany diretly over X11, it takes about 30 min to show
>>  > a page; when I do it using VNC as above, it takes seconds.
>> I run iceweasel over ssh all the time, however, I don't have it
>>  installed locally so there's no local version to run.  It may take a few
>>  seconds to give the initial window, but then it displays as fast as the
>>  box can swap.  The network is 100 MB/s ethernet, the box I'm sitting at
>>  is a P-II with 64 MB ram, the box I'm sshing into to run iceweasel is an
>>  AMD Athlon64 with 1 GB ram.  It doesn't even take 30 minutes to show a
>>  page when I ssh from my 486 with 32 MB ram so something is wrong there.
>>  Why would VNC be faster if both are encrypted?
> No, over a 100Mb/s ethernet, running iceweasel over VNC probably
> wouldn't be much faster than directly over ssh (and running over an
> ssh-tunneled VNC connection would of course be slower than straigt
> VNC).
> But the OP complained iceweasel was very slow. So I suppose he didn't
> run it over a direct 100Mb/s connection, but over something slower,
> probably with larger ping times, ping times of 10-30 ms are enough to
> make it slow, and with slow, I mean that it can take over 20 min for
> iceweasel to even start showing the home page.
> I notice that when that happens, starting iceweasel on the remote site
> on a VNC X server an watching the output via a VNC viewer is a lot
> faster. And a lot here means just a couple of seconds to show the home
> page, instead of 20 min.
> As the OP reported using ssh, I assumed he didn't want to connect
> unencrypted (somethign VNC as far as I know does), so I suggested
> using an ssh tunnel.
Hi, the issue here isn't the speed, and besides, i prefer to have it
directly connected to my Xserver, rather than runnign in VNC.

The point here isn't eh startup time though, it's that it starts a local

In trying to build FF from source on my new 64 bit machine i
accidentally wound up with a ff3 beta, but running that now also opens

Somehow the binary has managed to associate EVERYTHING with itself.

The real thing that does my head in is when i launch FF on another box..
it still creates a local iceweasel? this should happen AFAIK.. my
starting a command on that box via should not be able to cause commands
to be run on my local?

Does this constitute a security issue? i'll see if i can get a PoC
during the week, even if one couldn't get arbitrary code, one could
still point the new iceweasel on the host machine to a site witha FF

Now that i think of it.. it would be simple enough to create a free
shellserver with busybox aliased to a malicious FireFox call in the
system bashrc.. that'd probably do it.

I'll look into it.
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


Reply to: