Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla.org Releases Protozilla

Posted by CmdrTaco on from the now-thats-a-strange-idea dept.

An anonymous reader wrote in to tell us about Protozilla's release. "Protozilla enables Mozilla to execute any CGI program on the local disk directly, without passing it through an HTTP server." Its a strange little idea that could definitely simplify development.

8 of 155 comments (clear)

  1. Not really a new idea by dervish121 · · Score: 4

    Lynx has done this for a long time (though you have to reference the script as LYNXCGI, iirc; I used it a few years ago to write a script to browse manpages through lynx). It's pretty useful if you want to use cgi scripts and junk for local documentation, but don't want the overhead of running a full web-browser.

  2. not mozilla.org - mozdev.org! by hwaara · · Score: 4

    This Protozilla project is in no context official! It's a Mozdev project, therefor it doesn't have anything to do with Mozilla.org! So, why is the topic "Mozilla.org releases Protozilla"?

    --
    -Håkan
  3. So Mozilla is the center of the I/O universe? by Morgaine · · Score: 4

    For the greatest flexibility, the central star-point of a communications I/O multiplexer has to be the operating system, not a windows manager as in W95 (partly) nor an application as in Protozilla.

    We're seeing the same old and discredited mistakes of yesteryear repeated here. Yes, this makes Mozilla vastly more powerful, and it is easy to see how its developers would appreciate such a facility for experimental purposes, but for the end user it is the wrong approach. Architecturally, it is the wrong design, and pragmatically it's the wrong thing to do as well: when Mozilla crashes, you do not want a pile of network services to go down with it.

    Yes, I know it's advertised primarily as a hook for experimentation in protocols, but if any real service is ever delivered over it then we all lose.

    --
    "The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
  4. Not just for local CGIs by Pulzar · · Score: 4
    Looking at the White Paper, executing CGIs locally is just one of the features of Protozilla. A more interesting feature is the "protocol handlers" feature -- you can assign any external program to handle any existing protocols (like finger), or you can define your own protocols and assign program (or URLs!) to handle them!

    For those afraid of the security issues associated with running CGI scripts locally -- this is a development tool only. In order for a script kiddie to misuse this, (s)he'll have to send your the CGI script in the mail, and tell you to run it for him :). Unless you're running Outlook, you're ok ;).
    ----------

    --
    Never underestimate the bandwidth of a 747 filled with CD-ROMs.
  5. mozilla.org did not release Protozila by asa · · Score: 5
    mozilla.org did not release Protozila (or Protozilla). This is an independent project that is being developed at mozdev.org. mozdev.org is not a part of mozilla.org.
    From the mozdev front page:
    mozdev.org is the location for development projects based on the open source Mozilla project. Anyone interested in Mozilla is welcome to look around and try out any of the more than 20 projects hosted on this site, and anyone working on a project is welcome to host their development here free of charge.
    The projects currently on mozdev.org include a number of the development projects that Alphanumerica had been developing. After Alphanumerica's merger with CollabNet these development projects were integrated with SourceCast, CollabNet's project hosting tool, to create mozdev.org.
    While this project is not being developed (or released for that matter) from within mozilla.org itself, it and other projects at mozdev demonstrate how mozilla technologies can be used and extended and how the community of mozilla developers has and continues to expand "beyond the browser".
    --Asa
  6. Re:security by llywrch · · Score: 4

    > I would think this might be a script kiddies dream. Couldn't it be used to exploit local variables?

    Interesting point, now that I have thought thru your question, & read the source page. What they wrote at Mozilla is:

    > Protozilla is a browser add-on that makes it very easy to implement protocols in Mozilla (or Netscape 6.x). It is not a
    > traditional browser plugin, but may be described as a "socket adapter", like the kind that you may carry around with your
    > laptop when you travel internationally.

    In other words, an ability to handle protocols like SMTP & NNTP akin to the ability of specifying helper-applications to handle MIME types. (And if this works with the Gecko rendering engine, you can specify your own choice of MTA or newsreader when you hit the link that requires that protocol, instead of being forced to d/l the whole bloated mass of Netscape!)

    And if the admin for the workstation running the browser has done a proper job securing the ports, then there should be no new security issues.

    My assumption -- & someone who knows more, correct me if this is wrong -- is that the browser add-in, being a daughter process, would inherit the environment the parent process has -- & ultimately that of the user. So unless you are doing something stupid like running your workstation as ``root" or ``Admin" this won't do anything to your computer worse than you can do in a non-privileged account. In other words, if *you* can't ``rm -rf *" & lose more than a few files, then neither can the enabled protocol.

    (Although it would be even safer if anything that ran in this wise ran in rsh as ``nobody".)

    However, I doubt anyone truly knows how security & environment variables are handled under NT4.0/Win2000, so maybe we do have another exploit waiting to happen in certain cases. Wouldn't be the first time MS coding practices proved injurous.

    Geoff

    --
    I think I see a trend here. Maybe for them it really would be easier to muzzle the entire internet than to produce p
  7. Great Idea by burris · · Score: 4
    This is a great idea. Now you can have easily special handling for URLs into distributed filesystems like Mojo Nation or Freenet without having to add another proxy to your long chain. Instead you have a special url like mojo: or freenet: and only those URLs are sent to your proxy, instead of every URL. This is a blessing because now there is much less chance that an added service will disrupt a users regular web browsing (which can happen if you chain your proxy in with all the others and it turns out to be flaky). Users are willing to try new things but they get very unhappy if their regular web browsing gets disturbed.

    Burris

  8. Internet Explorer can by NoInfo · · Score: 4

    IE can already do this in the beta .NET stuff.. Not only that, it can run ASP, do all sorts of database stuff, etc, locally without needing a real web server.

    --
    bug.gd: error search engine. Humanity working together to solve all errors.