Re: Tunnel iceweasel?
On Wednesday 26 March 2008, Rich Healey wrote:
> Joost Witteveen wrote:
> > On 24/03/2008, Douglas A. Tutty <firstname.lastname@example.org> wrote:
> >> On Mon, Mar 24, 2008 at 11:46:56AM +0100, Joost Witteveen wrote:
> >> > On 23/03/2008, Rich Healey <email@example.com> wrote:
> >>>> I'm trying to tunnel an iceweasel instance via ssh from one
> >> > > of my boxes at my house to remember the name of an add-on i
> >> > > installed.
> >> > >
> >> > > The problem is that i create a ssh session (ssh -XC
> >> > > ssh.psychotik.info), login and run iceweasel at the bash
> >> > > prompt, which takes forever, but then finally *opens a
> >> > > local iceweasel!!!*
> >> >
> >> > I suppose that iceweasel -P uniqueprofilename would do what you want?
> >> >
> >> > Also, it's *much* faster use vnc (tunnel through ssh): on the remote
> >> > host, start: vnc4server on your localhost, start (and login to) ssh
> >> > -L 5900:server:5901 server
> >> >
> >> > and then on the localhost (different window) vncviewer localhost:5900
> >> >
> >> > The 5901 portnumer is assuming the vncserver opens a X11 screen on
> >> > :1. When I start epiphany diretly over X11, it takes about 30 min to
> >> > show a page; when I do it using VNC as above, it takes seconds.
> >> I run iceweasel over ssh all the time, however, I don't have it
> >> installed locally so there's no local version to run. It may take a
> >> few seconds to give the initial window, but then it displays as fast as
> >> the box can swap. The network is 100 MB/s ethernet, the box I'm sitting
> >> at is a P-II with 64 MB ram, the box I'm sshing into to run iceweasel is
> >> an AMD Athlon64 with 1 GB ram. It doesn't even take 30 minutes to show
> >> a page when I ssh from my 486 with 32 MB ram so something is wrong
> >> there.
> >> Why would VNC be faster if both are encrypted?
> > No, over a 100Mb/s ethernet, running iceweasel over VNC probably
> > wouldn't be much faster than directly over ssh (and running over an
> > ssh-tunneled VNC connection would of course be slower than straigt
> > VNC).
> > But the OP complained iceweasel was very slow. So I suppose he didn't
> > run it over a direct 100Mb/s connection, but over something slower,
> > probably with larger ping times, ping times of 10-30 ms are enough to
> > make it slow, and with slow, I mean that it can take over 20 min for
> > iceweasel to even start showing the home page.
> > I notice that when that happens, starting iceweasel on the remote site
> > on a VNC X server an watching the output via a VNC viewer is a lot
> > faster. And a lot here means just a couple of seconds to show the home
> > page, instead of 20 min.
> > As the OP reported using ssh, I assumed he didn't want to connect
> > unencrypted (somethign VNC as far as I know does), so I suggested
> > using an ssh tunnel.
> Hi, the issue here isn't the speed, and besides, i prefer to have it
> directly connected to my Xserver, rather than runnign in VNC.
> The point here isn't eh startup time though, it's that it starts a local
> In trying to build FF from source on my new 64 bit machine i
> accidentally wound up with a ff3 beta, but running that now also opens
> Somehow the binary has managed to associate EVERYTHING with itself.
> The real thing that does my head in is when i launch FF on another box..
> it still creates a local iceweasel? this should happen AFAIK.. my
> starting a command on that box via should not be able to cause commands
> to be run on my local?
> Does this constitute a security issue? i'll see if i can get a PoC
> during the week, even if one couldn't get arbitrary code, one could
> still point the new iceweasel on the host machine to a site witha FF
> Now that i think of it.. it would be simple enough to create a free
> shellserver with busybox aliased to a malicious FireFox call in the
> system bashrc.. that'd probably do it.
> I'll look into it.
I noticed the same slowness, tunneling via ssh via very fast connections.
However, if you use the
it seems to really help.