Slashdot Mirror
Red Hat: Who Needs Netscape?
LazyBoy points to this story on Yahoo which says that Red Hat won't be bundling Netscape with its distribution once Mozilla 1.0 is out. And since the (very nice) .9 is out, with .9.1 on the horizon, that shouldn't be all that long from now. Rather cool that the long-heralded failure of Mozilla is proving to be exaggerated, even with a lot of other good browser projects in the ring.
I wonder if he's changed his mind about the nature of time, organizational behavior, and how to get things done fast since it's been forever getting his nightclub redone. I don't expect he figured it would be this long getting done. Of course there's a lot he had to rewrite from scratch at the club.
I know a lot of Slashdotters use /. moz updates as personal reminders to go get the latest build, just for browsing purposes.
I've been following the nightly builds pretty closely, and I would suggest waiting for 0.91 for most browsers. There have been a few bugs that crept in over the last two weeks or so. The most well-understood one is a problem with right-click context menus, at least on Win32. It sounds like they have the problem in hand, but it makes life painful.
I think there are some problems that have been introduced into the rendering engine, because I have gotten a few really unexpected and unusual crashes. In some cases the browser window just completely disappeared without a trace or any error.
And I have had a few *really* annoying crashes while composing messages in textareas. (Like I'm doing now.) That is extra painful because you lose what you were writing!
So your best bet is to wait on this one if you have a stable build that you're running, and pick up a nightly build or 0.91 build in a few weeks.
Other than that, recent changes in how pages are built make everything seem a lot smoother and faster. I forget what they called the one fix... it had a funny description, but the upshot was that you can now click on things on an "outgoing" page if your new page hasn't loaded yet. For us impatient browsers who give up on crappy-loading sites, that one was a real breakthrough!
You're missing the point. RedHat ships binaries to users. They also ship source, but that's not really their focus. They may modify the source and ship modified binaries if they feel it improves their distribution. With Bernstein's license, they can't do this.
In addition, you're quoting the GNU project out of context when you say Bernstein's license matches freedom 2 "The freedom to redistribute copies so you can help your neighbor." the same page that lists the freedoms also clearly says, "The freedom to redistribute copies must include binary or executable forms of the program, as well as source code." Clearly Bernstein's license doesn't allow binary forms of modified code.
Fortunately, as you point out, Bernstein's code "NEVER" has holes in it, so we don't need to worry about it. Of course, I'm more impressed with your ability to travel into the future and confirm this. Unfortunately Red Hat is not able to visit to future to check this, so errs on the side or caution.
In addition, while Bernstein's software has never had any holes under Bernstein's narrow definition, Linux itself might have problems which require modifying qmail as a workaround. This is quite common, and while Bernstein can complain all he wants that it's the operating system's fault, the rest of us need to deal with the reality of the hole and find a workaround. This has happened before, and under Bernstein's license, Red Hat can't ship patched binary to fix it.
Search 2010 Gen Con events
The E-Smith Distribution, which is based on RedHat, includes Qmail.
It does this by including one RPM that includes the full, working, approved binary, plus another RPM that applies E-Smith's customizations to it.
This BS about the license not ALLOWING RedHat to include it in a distribution is false, and there is working evidence to the contrary.
I need Netscape in order to do Online Banking.
Even though Konqueror would WORK, Wells Fargo
refuses to accept any SSL connections not coming
from Netscape or IE.
Java and Javascript support are pretty good in
Konqueror, but there are still quite a few things that won't work in it that will work in
Netscape. I don't care about those though. If I could do online banking with Wells Fargo without Netscape, I'd probably never use it.
-fb Everything not expressly forbidden is now mandatory.
Of course, qmail and djbdns have no holes. Guaranteed.
You realize that good security practice dictates that we can now never accept anything you ever say on the subject of security again, right?
The browser-making arm of Netscape is owned by AOL. AOL keeps Netscape going because they are the dominant market share player and they understand that game. The last thing they want is to not have a fallback position if Microsoft ever decides to pull the rug out from under them with IE. Since Microsoft owns MSN, a major competitor of AOL, and given MS's past behaviour of leveraging a monopoly in one market sector into a monopoly in another sector, it's an ace in the whole which AOL will not lightly set aside. AOL didn't buy Netscape because they expected to make money from the portal. AOL bought Netscape to keep Microsoft honest by using FUD with teeth. They bought Netscape to avoid handing the Internet to MS on a silver platter. So far that strategy has worked.
If Microsoft loses an appeal at the Supreme Court level and gets broken up in such a way that they can no longer use IE to turn MSN into the dominant ISP, then I think you'll see AOL cutting Netscape loose and telling them to fend for themselves. Until then, it's a relatively cheap insurance policy,
Laissez lire, et laissez danser; ces deux amusements ne feront jamais de mal au monde. - Voltaire
I see a white mouse
And I want to paint it black.
No neutrals anymore,
I want it to turn black.
Apologies to the Stones.
--
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
djbdns and qmail are Free Software in the GNU sense of the word.
Near as I could tell from looking at Bernstein's web site you are not allowed to distribute modified binaries or source!
According to the FSF, one of the four freedoms provided by "Free" software is "The freedom to improve the program, and release your improvements to the public". A license that requires you to distribute your improvements as patches can barely be consideded to provide that freedom. Certainly that's enough reason for me to avoid it.
This belies the point that holes are NEVER discovered in Bernstein's software
A completely foolish statement. Even if it is true that there has never been a qmail or djbdns exploit, that does not prove there never will be one. Even OpenBSD has had exploits, and those guys are DAMN careful!
It is impossible to guarentee that a non-trivial piece of software does not have vulnerabilities. Not allowing distributors, or hell just concerned sys-admins from distributing sources or binaries that with any kind of improvements is just plain fucking rediculous. IMHO Bernstein is just being a jackass. His "Free software" is about as free as Microsoft's "Shared Source" bullshit.
Why don't you just come out and admit that marketing ploys are your only reasons for including or not including something in the dist.
What marketing ploy would that be? Thier attempt to actually follow thier stated values? Thier attempt to support the Free Software that spawned them?
You are a hypocrite.
In this case, they are not. You, however, are a fool.
Mozilla is *not* really good. It's not even marginally acceptable to serious browser users:
Here's a list of what was still broken when I tried it again a couple of weeks ago:
1) Still can't handle reasonably populated mail files. I have many files/mailboxes that have a couple of thousand messages in them. Mozilla shows they have only a few dozen. I've had previous versions corrupt the mailfiles, too, something I can never forgive. (And yes, I know it's not done yet, but I don't expect it to corrupt my mailfiles after so many years in development...)
2) It's still completely incapable of handling serious bookmark files. (A quick wc -l on my bookmarks file returns 2516. I've yet to have a version of Mozilla that won't scrog the bookmark file within a few hours, and most of them I've tried can't even load the whole thing. Mozilla also seems to have real problems in parsing many levels of bookmark folders, too. Basically, it's bookmark capabilities are useless to me.
3) On top of all that, it still doesn't support roaming profiles, so I'm forced to going back to managing bookmark files separately on every computer I own or use, or dealling with half-assed methods like unison or other file sync programs.
Note that all of these complaints apply equally to Netscape 6 as well as Mozilla. Neither is really up to supporting anything other than a lightweight user of the tool. Netscape 4.x, for all its warts, at least has the cojones to do the job. I've never found any other tool that can... (No, IE doesn't count, because it doesn't integrate mail that can use a standard non-binary, non-proprietary mailbox format. Not to mention it's bookmark capabilites aren't even as good as Mozilla's...)
So far as I can tell, there is NO ALTERNATIVE AT ALL to Netscape 4.x, nor is there likely to be one anytime in the near future. (Oh, and anything I use must run as well or better on Win32 also, since unfortunately, that's where I need to spend 90% of my desktop time...)
"The future's good and the present is nothing to sneeze at." - Roblimo's last
There are known DOSes in qmail that have been there for (literally) years with no attempt made to address them.
This is a lie. Dan has said that those DOS attacks are preventable by using ulimit. Why should qmail reproduce a system facility?
Exim has had security holes. No thank you.
a DOS which allows an attacker with a substantially smaller pipe to swamp a server with overwhelming resources _should_ be fixed.
You are being ridiculous. You want to deny service to somebody with an SMTP server? Just start opening connections, and leave them idle. Eventually you'll either crash the machine or you'll run into a connection limit. For this "discovery" you expect Dan to pay you $500???
-russ
Don't piss off The Angry Economist
Every time I look at qmail, I see too many cool/needed modifications that will ONLY be distributed in a pain-in-the-ass patch format. Bernstein doesn't seem to care about his users' needs, only about his software's security reputation. It's his right, but it's reason enough for me not to run qmail; YMMV. It doesn't make the resulting binary any more secure, just more time-consuming to administer. If the qmail patch list were carefully integrated by him as options, I'd feel better. Forbidding the change of file and directory locations has no conceivable security function, and only strengthens the notion that he is a talented coder who is also an eccentric and a pain in the ass to deal with. Again, it's his right, but it doesn't make me feel safe relying on such an arbitrary person.
No marketing ploys, just practical decisions.
Boss of nothin. Big deal.
Son, go get daddy's hard plastic eyes.
Expanding a vast wasteland since 1996.
Somebody told me I shouldn't log in as root all the time, so I just changed my .bashrc to have a 'su -' at the end instead, and then set root's password to nothing.
Is that bad?
Fear: When you see B8 00 4C CD 21 and know what it means
> Soon you'll have different browsers in the Linux
> world to those found in the corporate mainstream.
It's really the same browser. Same code base, so everyone has a common interest in improving it. Same support for standards, so presenting a united front to Web developers (this includes Konqueror and Opera too as a matter of fact).
The only significant difference from Netscape's point of view is that they lose revenue from the buttons and bookmarks they ship with their branded browser.
then worry about the 200 applications they want to build into it. But instead they let the engineers run the show which will ultimatly be their downfall.
I interned at Netscape last summer. I worked on the Mail/News client. Let me assure you that there are most definitely phases to the project, and its not just a bunch of engineers sticking in whatever they want. Whatever new idea I had, it was shot down, because we were focusing on bugs at the time. All feature work was put on the back burner. Instead, I, and everyone else, worked on critical bugs.
And let me also assure you that the other projects in Mozilla (IRC, etc) were not created when an engineer said "Screw my bugs, I'm going to work on this." They were created when someone had some free time, or an outside contributor delivered some code.
Did NS6 ship bug free? No, but don't blame that on random engineering if you don't know what you're talking about.
--
python -c "x='python -c %sx=%s; print x%%(chr(34),repr(x),chr(34))%s'; print x%(chr(34),repr(x),chr(34))"
BTW, feel free to ask the Mozilla team what they think about the OS/2 programmers they work with.
--
Lord Nimon
And the men who hold high places must be the ones who start
To mold a new reality... closer to the heart
You are a hypocrite. djbdns and qmail are Free Software in the GNU sense of the word. You say
Read the licenses of djbdns and qmail, and you'll see why we can't ship them: If a hole is discovered, we're not allowed to distribute a fixed version in binary form.
This belies the point that holes are NEVER discovered in Bernstein's software. Besides that, you can provide the source. You can modify it for personal use. You can freely re-distribute the source. You can distribute source patches SEPARATELY from the djb source.
GNU freedoms are
The freedom to run the program, for any purpose (freedom 0).
Clearly djb's programs meet this.
The freedom to study how the program works, and adapt it to your needs (freedom 1). Access to the source code is a precondition for this.
Clearly this one is met as well.
The freedom to redistribute copies so you can help your neighbor (freedom 2).
This one is true also.
The freedom to improve the program, and release your improvements to the public, so that the whole community benefits. (freedom 3). Access to the source code is a precondition for this.
Of course, you have to distribute patches separately, and cannot distribute modified binaries.
Look, you guys at RedHat have shipped more BIND installations that have resulted in remote root compromises than anyone else. I have personally had to re-install two machines for this reason. (and no, I didn't do the original install). Bernstein writes good free software. You can safely distribute a binary and NEVER worry about finding holes in it. Of course, any improvements in the source would have to be approved by Bernstein before being broadly distributed.
But some of us consider that a good thing.
Why don't you just come out and admit that marketing ploys are your only reasons for including or not including something in the dist.
In particular the "DJB license" does not provide "freedom 3": "The freedom to improve the program, and release your improvements to the public, so that the whole community benefits", therefore DJB's license is not a free software license by the FSF's standards. For the same reason it doesn't conform to the OSI definition either.
You are quite free to distribute patches to the djb source, so long as they are distributed separately. The FSF freedoms do not include re-distributing under the same terms as those you received. That is part of OSI and DFSG. With DJB software, you have the source, you can use it, you can modify it, you can re-distribute the original as source or binary (provided the binary does not change the directory structure and works "as intended" from the original tarball). You can also distribute patches. This qualifies as improving the software and distributing your improvements. These are the FSF essential freedoms. It doesn't make a specific point about distributing modified binaries, except in the long text after stating the basic freedoms. Note that QT 1.0 came under a more restrictive license than this...
Now then, I do not feel as a user that I am so inclined to avoid software when I am given a copy that I own. A copy that I can hack, modify, and a copy that I can distribute, as I received it, to others.
If distributions as so concerned about holes that they will not distribute djb software because they cannot distribute a modified binary - then they ought to take a good long hard look in the mirror and repeat the words "sendmail, BIND, wu-ftp, oh my" over and over again until they get it.
Crappy remote root compromisable software that is GPL'd is not worth the bits used to ship it. That has included at times wu-ftp, sendmail, and BIND multiple times each. That RedHat is free to distribute a modified binary is little solace to me as I re-install a machine. Heck, they do not even do a security review, or if they do, they are not very good at it. The cost of a single remote root compromise is well over $1000 to the admin. The cost of using qmail and djbdns is free. The cost of sleeping better at night - priceless.
...the better for all of us. It deserves to be decently buried at midnight in an unmarked grave, but that's about all.
Of course, *nix users are probably the last people that need to be told this, but every little bit helps.
N4 is the single biggest ball-and-chain around the ankles of people otherwise dying to write quality, standards-compliant code. Now we just have to get the mac users to give it up, most Win people are using IE5, which is good enough for the most part.
TomatoMan
-- http://frobnosticate.com
You mention Qt - and we fought the ideals we (well, they - I wasn't working there then) believed in and put resources into a free desktop: GNOME.
While QT may be free now, it (and thus KDE built on top of it) certainly wasn't free then - and we took the consequence of that, opening markets for people who cared less for principles and open source and more about giving a group of users the KDE they wanted.
Read the licenses of djbdns and qmail, and you'll see why we can't ship them: If a hole is discovered, we're not allowed to distribute a fixed version in binary form.
As for Netscape, there really wasn't an alternative when we added it - there now is. qmail and djbdns, OTOH, would have a hard time making it in anyway as there are other alternatives with better licenses. Qmail isn't a "must have", when we already have sendmail, postfix and exim
so farewell then Netscape 4.7,
.oO0Oo.
You were an annoying program,
Almost as annoying as vendor specific tags,
I'll still have to test with you,
But I'll paint my mouse black as a mark of respect.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
And IE 5.5 is the most stable browser I've ever used.
Then you haven't ever used Lynx.
Everyone who makes generalizations should be shot.
They aren't the first to ship mozilla as the main browser. Progeny Debian comes with Mozilla is the default web browser. Netscpe 4 is also there, as is konq, but Mozilla is the default. And it works well. Really well. If you haven't tried Progeny, check it out.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
"Mozilla has the exact same look and feel of the current Netscape browser, but officials said that the reason to go strictly with Mozilla is that its open-source development model has a better fit with Red Hat's philosophy."
Even if they signed an agreement with Opera, to distribute a fast closed-source ad ridden browser with Red Hat - I doubt their corporate customers would dig having to support it. Seeing as Red Hat can't provide security fixes or patches to it to repair or improve it, it doesn't align with their open source philosophy.
They can make a Red Hat `branded' version of Mozilla using its components once it goes 1.0 and I would not be surprised to see them do it. Either way, Mozilla is looking really nice 0.9 and I am typing this post using it right now.
-Pat
I've been using 0.9 since it was announced a few days ago, and I have to tell you it's MUCH faster than the previous versions, and doesn't make me miss IE at all. I'm slowly making the conversion from using windows for all my desktop tasks to using only free software, and not having a browser that could run effectively on my redhat 6.2 box with only 64 megs of ram has, until now, been a real pain. But 0.9 runs very nicely with my setup, and I'm not sure what you think would make it better. I think they've figured the big picture rather nicely, and their plans are beginning to come together. You may not be a troll, but you're wrong. Bryguy when neverwinter nights comes out, my conversion will be complete :)
microsoftword.mp3 - it doesn't care that they're not words...
I don't think the original poster (teg) was arguing that they weren't free... just that they are impractical for a distribution. RedHat needs to be able to distribute all the software in the distributions as RPMS, _and_ they need to be able to fix security holes promptly, and distribute those fixes as RPMS as well.
So, if there was a hole in djbdns, and the original author doesn't fix it (or doesn't fix it fast enough), RedHat is out of luck because they can't distribute their own fix as an RPM. There's also the issue of not being able to relocate files when you package it, which is also annoying to a distro maker trying to organize things consistently.
Now, the chance of a security hole in djbdns may be really small. I'm not familiar with the software myself. But, I can see why RedHat wants to have the ability to respond flexibly to holes if they do occur.
I'm sure Jamie Zawinskiis thrilled about this. It seemed that he took it as a personal failure that Mozilla.org didn't take off in it's first year of operation. In the last 6 months it seems to have been holding it's own and here's one of the proofs of that theory. Keep up the good work guys.
--CTH
--
--Got Lists? | Top 95 Star Wars Line
djbdns and qmail are both under the DJB license, a license of their creator. You arent as free to do what you want with them as GNU applications. As such, RedHat has stated it will never distribute them unless the license changes. However, They distribute Netscape, Which is worse than djbdns/qmail. You can see more on D. J. Bernstein's site
Linux: Because a PC is a terrible thing to waste.
James Brents
The Netscape browser will end up on the desktops of the 30 million or so hapless AOL users, when the next version of AOL ships. AOL's contract with Microsoft for IE is up soon (if not already) and they own Netscape, so it's no extra cost to them.
-----------------
www.lucernesys.comHorizon: Calendar-based personal finance