Netscape Releases Security Update

daria42 writes "Less than 24 hours after releasing Netscape 8, Netscape has released a security patch bringing the browser up to version 8.0.1. The patch address security vulnerabilities in version 1.0.3 of the Firefox code on which Netscape is based. The update comes amid online criticism from Firefox developers that the browser was insecure."

Browser boys are back

[BlueHiro]

wow, first post ? maybe? The browser wars are back! Good to see netscape at it again.

Re:Browser boys are back

[Soybean47]

Are the browser wars really back? Has anyone tried the new Netscape? Given that they pretty much peaked around 4.7 or something like that, or earlier depending on who you ask, I just don't see any reason to even try it. What is Netscape likely to give me that Firefox can't?

Re:Browser boys are back

[Stibidor]

As I recall from yesterday's news, one thing Netscape will give you that Firefox does not is "a toggle which allows switching between Mozilla and Microsoft's rendering engines as needed." The Best of Both Worlds(TM)

Re:Browser boys are back

[BlueHiro]

I agree, I'm off topic. Just got so excited about getting the first post... oh well that'll teach me.

Honestly I don't know why people are ripping on Firefox, it's not like Internet Explorer doesn't have a million exploits. Maybe I'm too tolerant, but a few minor exploits that are not even being used! I just don't think it's worth all the grumping and moaning. And let's not forget that 1.04 came out within a short period of time after 1.03. Yes, they probably should've waiting on the 1.03 release until it was safer, but you can't fault them for not fixing it quickly. Until I see Firefox's "vulnerabilities" causing headaches and spyware infections, long live firefox! The browser is dead, long live the browser

Re:Browser boys are back

Adware. More UI. The ability to use IE without launching IE.

Re:Browser boys are back

[BlueHiro]

Honestly there is an extension for firefox that does something very similar to the "switch to IE rendering" function. My comment about the browser wars being back was a mix nostalgia and positive thinking.
I first used the internet with Netscape 1.0, and was a faithful Netscape user up until Windows 98, after that Internet Explorer was just better. I always tend to go with the best product, surprise surprise I now use Firefox. And although opera has a lot to offer, the return of Netscape (even if it is recompiled Firefox 1.03) marks, in my mind, a return to real competition in the browser market....

Re:Browser boys are back

[Gallandro]

Another thing from yesterday's post (Linked in previous comment): The netscape browser seems to come with a lot more 'features' built in than firefox. And many of those features can be quite difficult to disable. One user reported that Netscape would not stop asking him if he wanted it to remember his passwords, even after unchecking "remember passwords" boxes in 3 different places in his preferences.

Re:Browser boys are back

One word and an acronym:

AOL Spyware.

Re:Browser boys are back

[It+doesn't+come+easy]

Firefox also has the best of both worlds...hehe

Re:Browser boys are back

[bfree]

Has anyone discovered if this can be used with wine and IE on Linux? If not, such an extension could actually be useful to provide the catch all support for a browser on Linux. Of course to actually use this legally you have to have a legal copy of IE and a desire to ever let the code onto your machine, but if your online banking (or some other personally _vital_ site) won't work any other way would it not be better to be able to enable the working rendering engine in your normal browser, rather then firing up a seperate browser or changing browser for one site? Of course the best solution is to ensure all sites stop depending on specific browsers and doing something like the above may actually be counter productive to that at this stage.

Re:Browser boys are back

[mshiltonj]

As I recall from yesterday's news, one thing Netscape will give you that Firefox does not is "a toggle which allows switching between Mozilla and Microsoft's rendering engines as needed."

Cool. Where do I download the linux version that has that feature?

Re:Browser boys are back

but if your online banking ... won't work any other way

Find another bank.

Re:Browser boys are back

[FuzzyBad-Mofo]

What is Netscape likely to give me that Firefox can't?

Browser exploits, thanks to it's embedded IE control. The likely tracking of your browsing information, thanks to AOL's proprietary additions.

Re:Browser boys are back

[snortCrush69]

I'm using 8.0.1 now and I'm very pleased. The fact that you can switch between rendering engines was all I needed to hear to sell me on it. It gives you the security of Mozilla/Firefox browsers and the option to render in IE.

Just as an aside; I noticed a lot of people whining because it was just like Firefox, and why didn't Firefox raise hell about basing Netscape on their 1.0.3 Browser. Well it's because Netscape contributes to the Mozilla foundation. They're all one big happy family.

No thanks

i prefer to get my browser from the organ grinder, not the monkey

Re:No thanks

And I get my browser from mercatur . . . . . .

Re:No thanks

Spankin' monkey... spank that monkey... :-)

software and bridges

[Virtual+Karma]

Don't you think it is wiser to wait 24 hours longer (or maybe a week or so) and then release a quality product rather than issue patches. Imagine if civil engineers started doing the same with buildings and bridges.

Re:software and bridges

[servo335]

Is Netscape run by Microsoft not AOL now? It seems its release the product now fix it later!

Re:software and bridges

[defkkon]

Unlike buildings and bridges, no one is going to die if Netscape releases a quick-fix patch.

That's the luxury software developers have that civil engineers don't. Its not exactly possible to go back and fix a mistake you made while building a multi-million dollar bridge.

Netscape can release patches constantly if they want. That is, unless they want to prevent their customers from becoming confused and annoyed, at which point they can stop using their product.

Re:software and bridges

[Soybean47]

Man, they came out with a patch in under 24 hours! Microsoft would've waiting at least a couple of months.

Re:software and bridges

[AKAImBatman]

That's the luxury software developers have that civil engineers don't. Its not exactly possible to go back and fix a mistake you made while building a multi-million dollar bridge.

That's what you think. New structures are found to be unsound all the time, which usually requires that the structure be patched in some form or another.

Take the case of the London Millennium Bridge which suffered from Resonant vibration (a common problem with suspension bridges). It wasn't planned for because it was assumed that such vibrations couldn't happen from mere pedestrian traffic. The solution was to retrofit 37 fluid-viscous dampers and 52 tuned mass dampeners.

In short, don't think that engineering is that much different from software. They're quite similar, to the point of being frightening.

Re:software and bridges

[toggles]

Think about the work that goes into putting out a release, you have to burn CD's etc, package them, ship them, etc. You don't do this the day of the release, you do it weeks/months before.

Re:software and bridges

Hm, dont know about that. In London (UK), they oppened a new bridge, "the Millenium Bridge" ( or somthing) and then... ...closed it the next day for urgent repairs. to me, it sounds like release today, fix latter is pretty much standerd practace

Re:software and bridges

[Blkdeath]

Imagine if civil engineers started doing the same with buildings and bridges.

"Started"? Where do you live? I get an opportunity to see our local civil engineers filling (patching) the same potholes once a week! These aren't small bumps in the road, either. Some of them are big enough to fit a 1/4 tonne pickup (sometimes I wonder if one actually fell in and they paved over it).

Re:software and bridges

[Bedouin+X]

Good point. But when "security" is part of your marketing spiel, it would seem to me that repackaging CD-ROMs would be a reasonable amount of crow to eat.

Re:software and bridges

[paranode]

To be fair, buildings and bridges aren't quite as susceptible to little kids launching attacks from their basement thousands of miles away...

Re:software and bridges

[It+doesn't+come+easy]

They probably did wait a short time...Firefox 1.0.3 wasn't finalized and released in a day...

What is cool, though, is that the bug was found AND fixed in Firefox in less than a week and Netscape also updated a few (three?) days later (or one day after the release, depending on how you want to look at it). Ever see Microsoft do that?

Re:software and bridges

[bogado]

To be fair, buildings and bridges aren't quite as susceptible to little kids launching attacks from their basement thousands of miles away...

Not yet anyway.

Re: Software and bridges

[Alwin+Henseler]

That's the luxury software developers have that civil engineers don't. Its not exactly possible to go back and fix a mistake you made while building a multi-million dollar bridge.

Funny you mention that. In engineering terms, software is like 'unlimited-strenght building material'. If done right, it never wears out, can be used as frequently/as long as you like, and never fails, no matter how much pressure you put on it (as long as the underlying hardware can take it).

Engineers can only dream of such a material to build bridges from. But strangely, software fails waaayyyy more often than bridges. It looks like (in general) bridge builders take their job far more serious than software developers.

Unlike buildings and bridges, no one is going to die if Netscape releases a quick-fix patch.

Probably not in the case of Netscape, but if someone dies or not, only depends on where the software is used, and when/where it fails. Space shuttle astronauts won't think so lightly about 'just another patch', when something fails during a mission. Neither would I, if a software-assisted breaking system (in a car) would fail when I need it most.

Regardless, any kind of patching cost money. Man-hours (yours!), storage, bandwidth, version management, etc. How much, varies. Somehow I suspect that, say, any fix needed for popular software like Netscape, Mozilla (or IE!) isn't exactly cheap, when you'd sum up all costs involved. Patches are only cheap if people's time costs nothing.

The optimal solution is not needing one.

Re:software and bridges

[juan2074]

That's the luxury software developers have that civil engineers don't. Its not exactly possible to go back and fix a mistake you made while building a multi-million dollar bridge.

Or maybe they could.

Re:software and bridges

[tyrione]

Now that is pathetic. With the famous Tacoma Narrows Bridge bringing to life the issues of resonance and designing to eliminate such a test case they had decades of lead time to make sure their bridge is protected.

Re:software and bridges

[tarmithius]

Then why release it at all? Why not wait those 24 hours to integrate the patch before releasing it into the wilds of the net? FF 1.0.4 has been released for a week now and Netscape has known about those holes, they could have patched it inhouse, but they didn't.

Re:software and bridges

[MrP-(at+work)]

ok so lets say they used 1.0.4, changed the lauch date to june 20 or something.. then on june 19 a bug is found in 1.0.4.. do they throw out all the 1.0.4 work and start with 1.0.5? it could never end!

Re: Software and bridges

[Radres]

Engineers can only dream of such a material to build bridges from. But strangely, software fails waaayyyy more often than bridges. It looks like (in general) bridge builders take their job far more serious than software developers.

Yes, because bridge building is exactly the same level of complexity as software development.

Re:software and bridges

[Mancat]

Yes, they're both very similar, as both engineers and developers are taken out into a field and shot once they turn 40.

Re:software and bridges

[AKAImBatman]

Did you miss the memo? They've lowered the age on developers to 5 years of service or promotion to senior developer position, whichever comes first. (No, I'm not annoyed by idiot hiring practices that are driving companies into the ground, not at all.)

Re: Software and bridges

How many bridges take 100 million man-hours to complete?

Re:software and bridges

[Bedouin+X]

It could, but when you're dealing with critical flaws then I don't think that you can be too careful. Especially - again - when your marketing is based on security.

But of course, this wouldn't be as much of an issue if their update mechanism used some sort of incremental patching and an update didn't require a total reinstall.

Netscape ?

huh ? Netscape ?

What's Netscape ?

Re:Netscape ?

I heard its this cool new world-wide-web browser. Someday I'll upgrade my Mosaic....

Re:Netscape ?

Someday I'll upgrade my Mosaic....

Mosaic? Is that something like WorldWideWeb.app? You kids and your newfangled computers...

Re:Netscape ?

netscape is the best, far.

Re:Netscape ?

[wallsg]

What's Netscape ?

Netscape is this neat OS-independent platform that's going to replace Microsoft Windows on the desktop for launching programs. Or so I was told once.

Netscape's Original 8.0 Release

ZDNet Australia has a scathing report on problems with Netscape's original 8.0 release, which shipped with known critical security bugs. ZDNet notes that several key Mozilla devs have lashed out at Netscape, including Firefox lead developer Ben Goodger, who posted a live exploit of the known vulnerability. Gervase Markham, another Mozilla employee found Netscape's claim that Firefox 1.0.4 is "outdated" ridiculous. Ali Ebrahim, another contributor commented that Netscape's claim of "more security choices" is based on a false premise. To their credit, Netscape has since released Netscape 8.0.1, based on Firefox 1.0.4 which plugs the most severe known issues, though the question still remains as to why they released 8.0 in the first place if it contained such severe security issues.

Re:Netscape's Original 8.0 Release

[xtracto]

Its is not only that it contains such severe security issues but that they are KNOWN as have been fixed!

This is what the software industry and versioning is becoming, just ship crappy software first and then provide patches, god, as someone said in other post imagine of other that was an accepted behaviour for other professions???

Patient: Doctor, my appeniccitis operation was not ok, I think my bowel is going out in this hole... can you please add a patch to fix my body?
Doctor: Oh, sorry I am affraid I can't didnt you read the EULA?? the operation came "AS IS" without any implied warranty

Re:Netscape's Original 8.0 Release

WOW, that was a lot of URLs!

Re:Netscape's Original 8.0 Release

[aliebrah]

The reason they released it was it was all they had. They didn't have time to test and integrate a new version. It's the firefox people's fault for having the vulnerabilities, I think they're just trying to distract from their own failings.

This is frankly a load of bollocks. If Netscape is going to harp about their commitment to security, then holding off release to include the fixes from Firefox 1.0.4 would have been the only right thing to do.

Sure, the problems existed in Firefox itself, but Netscape has chosen to (a) base it's products on Firefox, and (b) tout security as a primary feature. Nobody has forced them to do it, least of all the Mozilla Foundation.

What you're seeing Firefox devs say has nothing to do with a smokescreen. It's simply an observation that Netscape, the company who offers "more security choices" than anyone else chose to release a product with known critical vulnerabilities instead of waiting a single day to patch them. As they've demonstrated, it only did take them that long.

Re:Netscape's Original 8.0 Release

Oops, forgot to post my blog anonymously, my bad.

Why didn't they wait?

[drsmack1]

I did not understand why it was based on 1.03 anyway; were they completely unaware of what was going on at the firefox project?

Re:Why didn't they wait?

[SB5]

Wouldn't be surprised, I mean they were completely unaware of how they lost so much browser marketshare, or if they did know, they didn't do anything to gain it back.

Re:Why didn't they wait?

[Reducer2001]

What were they supposed to do? They have to do a code-freeze sometime. If they would have waited until 1.0.4 was out, then we would all be screaming that they should have waited until 1.0.5 was out. You know that another security bug will be found in Firefox again. They can't just keep holding off releasing a product because of security exploits that haven't been discovered yet.

Re:Why didn't they wait?

[Vellmont]

Obviously it didn't take them long to apply the security patches from 1.0.3. Would it really have been that difficult to just wait another day and release the version we now call 8.0.1 as the initial release of 8.0.0?

If they would have waited until 1.0.4 was out, then we would all be screaming that they should have waited until 1.0.5 was out.

Who would anyone be doing that? There's currently no known security problems with 1.0.4, so why would anyone care about waiting until 1.0.5?

You know that another security bug will be found in Firefox again. They can't just keep holding off releasing a product because of security exploits that haven't been discovered yet.

So what you're saying is just release a product that has known (and already fixed in another product) security problems? Furthermore security problems that can (and were) patched the next day? All this on the justification that "there might be more security problems later.. so why bother fixing the ones we have already have patches for?" Sir, do you work for Microsoft?

Re:Why didn't they wait?

[Pollardito]

while i agree with you that they should have waited, i don't think the 24-hour timeline is really correct. if it takes (for example) 3 days for them to take the final browser build, do regression testing on it, and print it to CDs and then release them, than the developers may have been working all of those 3 days (plus the 24 hours) making this patch that they just released. firefox 1.0.4 wasn't released 24 hours ago, so it probably took most of the time from when it was released until now to integrate the fixes.

Re:Why didn't they wait?

[Exitar]

Sure, but now they have an unsafe Firefox fork...

Re:Why didn't they wait?

They should have waited for one simple reason. Getting a 8.0.1 is going to be a fresh download. It is not going to be small patch.
Or is this just a ploy to increase download numbers?

I don't get it.

[Nytewynd]

What is the deal with Netscape 8? It sounds like they basically downloaded the source code for Firefox, recompiled it, and then distributed it as something new.

First, why isn't Firefox going after Netscape and second, why would anyone start using Netscape when Firefox knows their own code better and fixes it faster?

I think I might get the Firefox code myself and create a browser called LOL-I'm-Really-Just-Firefox. It will be huge.

Re:I don't get it.

[Jarnis]

As long as you abide by the license of the code, you can do that. Open source and all that...

Re:I don't get it.

[Soybean47]

First, why isn't Firefox going after Netscape

Firefox is open source.

and second, why would anyone start using Netscape when Firefox knows their own code better and fixes it faster?

Now, you've got me there. Uh...brand recognition? Maybe?

Re:I don't get it.

[smithberry]

IIRC The Mozila code base came about originally because Netscape made their browser code open source. For several years Netscape supported Mozilla.org (providing staff and resources).
We should be glad that Netscape continue to use the Mozilla code base - it helps to provide another credible alternative to IE for instance.

Re:I don't get it.

You do realize that for many years, Netscape was the principal sponsor of the Mozilla? That the whole start of Mozilla was Netscape open-sourcing its browser?

Re:I don't get it.

[StonedRat]

They have bloated it quiet a bit, it takes at least twice as long to load as Firefox, also it monitors your browser usage unless you uncheck a hidden box in the installation. Plus there's the added benefit of supporting IE so it's even less secure.

Re:I don't get it.

[CypherXero]

It sounds like they basically downloaded the source code for Firefox, recompiled it, and then distributed it as something new.

Firefox is Open Source, so this action is perfectly fine. And if you remember, the Mozilla team got the original code for Firefox (the Gecko Engine) from...yes, Netscape!

Re:I don't get it.

Going after them? It's open source. They can fork it if they like.

Re:I don't get it.

"why isn't Firefox going after Netscape and second"

Firefox is open source, moron.

Re:I don't get it.

[UID500]

prolly cause it's mozilla and not firefox... and...maybe because netscape helps pay the bills. that's why they don't "go after netscape".

Re:I don't get it.

[justforaday]

The big deal with Netscape 8 is that it offers the choice of using the IE or Firefox/Gecko rendering engine on different pages. For instance, you can have it set to display /. using the Gecko engine, while using the IE engine to render your company's intranet page (you know, the one that requires that you use IE for "full functionality"). The main reason for it, however, is for the brand recognition that AOL gets out of it. Of course, the dual-rendering ability will only complicate matters for Joe Sixtooth.

Re:I don't get it.

[mjackson14609]

And there's no question this security problem with Netscape 8.0 was a serious forkup.

Re:I don't get it.

[Wieland]

And if you remember, the Mozilla team got the original code for Firefox (the Gecko Engine) from...yes, Netscape!

That's not entirely correct, actually. According to this Wikipedia entry, "the initial Communicator open source release did not even build cleanly, much less run." Because of that, the Mozilla developers eventually decided to write Gecko from scratch.

Re:I don't get it.

[afd8856]

Take it as a challenge and go with that (create your own browser). In fact, if you manage to complete the browser, I promise I'll even pay suport for it. Heh? :-)

Re:I don't get it.

[argent]

First, why isn't Firefox going after Netscape

You don't get the whole "Open Source" thing, do you?

Re:I don't get it.

[Akaihiryuu]

Personally, I think the "dual rendering" support is a very bad thing. First of all, it's an insult to the Firefox developers, and second, if it were to gain acceptance, it would just encourage people to make bad website code that only works in IE. If a lot of people were to start using this, website developers would just be able to ignore Mozilla, since they'd figure "Oh well, if it doesn't work they can switch to IE rendering mode." IMO this Netscape release is a very bad thing and should be avoided. It might be more convenient for some people in the short term, but in the long term it will create nothing but problems.

Re:I don't get it.

[netdudeuk]

It's NOT going to be easy to look credible when the first 'selling point' is security and they let out this major release with KNOWN security issues in it. I'm certain that the MS IE guys will be having a good laugh today and who can blame them ?

I've already downloaded the full installer but having read about the new features, I've deleted it and will stick with Firefox for now. I just don't see the point in using Netscape.

Re:I don't get it.

[Nytewynd]

I do understand Open Source. I guess I just don't know exactly how the licensing works. I imagine at some point Netscape will want to make some money with their product. I'm sure things are spelled out in all of the License Agreements, but I was too uninterested to read all of that stuff.

If they are openly admiting that their code is nearly an exact duplicate of Firefox, it might limit them in the future. If they designed their own browser instead, they would be free to do whatever they wanted. I also know there is history between Netscape and Firefox. I guess since Firefox started with netscape, they are returning the favor by reviving Netscape with their new browser. Kind of strange how it turned out.

Re:I don't get it.

[Myen]

The box was hidden? Was right there for me...

Don't know about the speed (no way I'm putting that on my normal use box), and the IE option looks good assuming you make the selection at install-time to always use Gecko (and switch manually to IE only).

Re:I don't get it.

Or alternatively, you could render /. using IE, since Mozilla has bugs that make /. render wrongly.

Re:I don't get it.

[argent]

I guess I just don't know exactly how the licensing works.

There are very few open source projects that limit commercial redistribution of the software. Oh, there's a broad range of licenses, from the "you can do it as long as you don't sue us if it breaks" modified BSD license, through to "you can do it as long as you make the result open source" GPL, but products like the dual-licensed Ghostscript or the no-commercial-use Kermit have become fairly rare.

That's a pretty important thing to understand about Open Source. Even a lot of Open Source developers don't "get" it, and ask the CSRG folks why they hadn't sued Microsoft for using BSD code in Windows NT... and are utterly befuddled when the response is "they did exactly what they're supposed to do".

If they are openly admiting that their code is nearly an exact duplicate of Firefox, it might limit them in the future.

Actually, hiding the use of Open Source has often turned out to be a bigger problem for companies. That's how USL/USG ended up having to settle with CSRG over the BSD-Lite software releases, and that's why CherryOS imploded.

Re:I don't get it.

[S.O.B.]

The Mozilla Foundation was formed in July 2003 around when Mozilla 1.4 was released. Until then Mozilla (which included Gecko) was owned and operated by Netscape. So yes, the Gecko code was provided (or at least sponsored) by Netscape).

Also, Firefox (formerly Firebird formerly Phoenix) was started in late 2002 when Mozilla was still part of Netscape.

Re:I don't get it.

[the-stringbean]

As long as you abide by the license of the code, you can do that. Open source and all that...

I might be wrong but I'm not convinced that they are fully abiding by the license agreement. To quote the Mozilla Public Licence:

Any Modification which You create or to which You contribute must be made available in Source Code form under the terms of this License either on the same media as an Executable version or via an accepted Electronic Distribution Mechanism to anyone to whom you made an Executable version available

Now looking at the licence agreement for downloading Netscape 8 you find this statement:

19. USE AND AVAILABILITY OF OPEN SOURCE CODE. Portions of the Browser were created using Firefox source code from the Mozilla Foundation....The version of the Firefox source code modified by Netscape is also available from the Mozilla Foundation and via FTP from Netscape, and its use is also governed by the MPL.

Now I've looked at ftp.netscape.com and ftp.mozilla.org and I can't find any source code to do with Netscape. Now is it Netscape being lazy, them flaunting the agreement or have I overlooked some hidden public ftp site where this is published?

I also noticed this during the installer - http://img11.echo.cx/my.php?image=netscape7qx.png Which gave me a good laugh!

Re:I don't get it.

[mysidia]

I'm not so sure that dual-rendering is bad. I also don't know that it's "just as insecure as IE"; this depends on factors like Security Zone settings, whether Netscape will enable ActiveX/Java, which java engine it uses, what if any filtering or sanitization of the parsed HTML code it does before passing it to IE.. or if it passes the raw document directly to the IE component.

• The Dual Rendering choice provides a transition path and is user-empowering, because it provides more options than "Go start IE".
• It will likely attract folks who had trouble with Mozilla on their favorite site and went back to IE.
• Provides the capability of greater stability in the way of interface... the ability to choose a user interface and stick to it. I am guessing Netscape unified cookies, passwords, form fields, etc. No need to change themes or widgets just to view a different kind of site that Mozilla didn't do well with, very convenient.
• Empowering users and providing a transition path means that this browser could cut into Internet Explorer's user base even further. Since Gecko is the default choice for rendering engines more not less sites will be encouraged to choose the route of better standards compliance: everybody wins.
• How is it an insult to the Firefox developers? I.E. Why should they care too much if some users feel that their browser isn't perfect and users want a choice of rendering engines for some sites? Is it an insult to the Gnome developers when a Linux distribution includes KDE? Suppose a distribution includes KOffice and Crossover Office with a choice between which to start when a .DOC file is clicked on... is this an insult to the KOffice developers, since their software can't open .DOC files perfectly?
• Better software is not built by hiding criticism and providing alternatives, just because you might reveal that despite all the developer's efforts, it is still lacking in some ways.
• Point (2) Is moot. There are people who will write bad code that will, regardless. What about developers writing bad javascript that only works on Mozilla and not Internet Explorer due to this?
• Personally I wish they hadn't stopped here: it would be cool if users could choose rendering engine from "Internet Explorer (various versions, possibly)", "Gecko (various versions, possibly)", "Opera (various versions, possibly"... In other words, a Universal Web Browser that can be set to view a site with any browser's expectations and quirk's of choice... a web developer's dream, since they'd not need to install many browsers to test popular configurations :)

3 != 44

[dereference]

There were only 3 bugs fixed in 8.0.1, not 44! See the Release Notes for yourself.

Re:3 != 44

[ArielMT]

Gotta be that fuzzy "new math" used in the Million Man March a few years ago.

I wonder if we could organize a "Million Fox March" on Netscape's headquarters. There seem to be about 57,530,179 of us. ^_^

Re:3 != 44

[zindorsky]

There were only 3 bugs fixed in 8.0.1, not 44!

Gosh I sure hope there aren't 44! bugs. (Since 44! is more than the number of atoms in the planet.)

Re:3 != 44

[mforbes]

Would we be forced to listen a million Joe O'Reillies and Sean Hannities?

Re:3 != 44

[BorgHunter]

See, the Firefox dev team fixes bugs quickly! Faster than the human eye can track, even!

Show offs!

[khendron]

Netscape just wanted to show off how they can produce patches faster than Microsoft and Firefox.

The promo goes like this: "Miscrosoft leaves holes unpatches for weeks, maybe months. Firefox sometimes takes a few days. But *we* can produce a patch in less than 24 hours! Na na!"

Re:Show offs!

[Alex+P+Keaton+in+da]

The next logical demonstration of patch spreed would be to release a project with a note saying it was patched a few minutes before release...
As far as browser security- Are we talking security for the masses or for the (somewhat)informed? I for one can't imagine needing a browser with "anti phish" technology or whatever they call it, just like I couldn't imagine a need for a car security system that works when you leave your keys in your car with the windows down in a bad neighborhood...
The best security is education/knowledge.
Then again, I have a Standard Poodle (inherited from my sister) who I refer to as my guard dog- people laugh at that, but I just need a smart dog who alerts me to anything wrong, so I can grab my 12 Gauge (I am a country bumpkin). That is clearly analagous to the browsers/software- I dont need protection per se, I just need a notifier that I should get my protection... (Insert joke about open sores on my date here)

Whenever I let loose a particularly rank, yet silent fart, I wait three seconds to allow for proper dispersion, and then say "MMmmmmmm, smells like someone is baking cookies" which causes people to instinctively inhale deeply, and thus enjoy my sphincterific emanations.

Before the first day was out, no less!

[ArielMT]

And for most of NS8's official first day, anyone not using NS8 were redirected to this "alert" page, even users of Mozilla Firefox 1.0.4! "Your current browser is outdated," my tail.

It's so Not A Good Thing(TM) that a commercial product needs a security upgrade on the first day of going official.

Re:Before the first day was out, no less!

[Buran]

I got a page like that one when trying to use a brand-new nightly, released THE NIGHT BEFORE, when trying to visit the Firefox extension list page. I had to hack my user-agent string to explicity claim to be 1.0.4 even though I was using a NIGHTLY OF THAT BROWSER, and it wouldn't let me in.

Yeesh. Some coder needed a good tongue-lashing that day.

Re:Before the first day was out, no less!

[ArielMT]

Yeesh. Some coder needed a good tongue-lashing that day.

Oh, heh, the Netscape feedback folks got one from me, and I imagine many others since that didn't last the day either. One can only hope that they passed it on.

Re:Before the first day was out, no less!

[FuzzyBad-Mofo]

It also showed that "upgrade" page irrespective of OS. Yeah, I'm sure that .EXE file will do a lot of good on my Mac or Linux box..

/fricking idiots

Re:Before the first day was out, no less!

It's AOL. No surprise here. Who even goes to Netscape.com? Ick.

I'm not impressed with Netscape 8

I'm thoroughly unimpressed with Netscape 8. Not only is it butt ugly, but it's a rip-off of Firefox. Netscape will *NEVER* regain the user base it once had under the name Netscape. I'm an Opera user myself, but wow, there is no shortage of new browsers to try and use.

Hmmm

[jim_v2000]

The patch address security vulnerabilities in version 1.0.3 of the Firefox code on which Netscape is based.

Was this vulnerabilty already known and patched in Firefox? And if so, why the heck did they release a program that had a known security hole with a known fix?

Re:Hmmm

[vorm]

Was this vulnerabilty already known and patched in Firefox?

Yes Firefox 1.0.4 was released in order to address it.

In other news...

[kniLnamiJ-neB]

Netscape released a statement saying that people who downloaded the browser labeled 8.0 actually got a mis-labeled copy of 7.9.9.9.9. The new version 8.1 will actually be 8.0 and the following patches labeled 8.1.1, 8.1.2, and 8.1.2.1, which will be released daily starting tomorrow, will be relabeled as 8.0.1, 8.1.0, and 8.1.2, respectively. ***NO CARRIER***

We apologize for the above post. Those who were responsible for sacking those who were just sacked, have been sacked.

Re:In other news...

You're just not funny.

Re:In other news...

[dickrichardv8]

7.9, 8.0, 8.1, 8.1.1, alpha,beta, stable,concept car, prototype, production model; It's all the same. Some one makes an executive decision as to what to label a moving target and call it a product. Then you have patches, field repairs, build changes, recalls, retro kits, etc. to fix that executive decision. The two choices are have it now with bugs or wait till hell freezes over for a bugless software app or a trouble free bridge or car.

Re:In other news...

LOL british humor!!!!!!!!!!!!!!

If it were Microsoft...

[davidwr]

Proof positive AOL/Netscape != Microsoft:

If this were Microsoft:
We'd wait several months while they verified the problem, then a few weeks while they fixed it, a few weeks for them to pretent to test the fix, then wait up to 4 weeks more for the next patch day.

Re:If it were Microsoft...

The only reason they put this patch out was because they were slammed with negative comments about well known flaws. It should never have been released in tha state.

Spin your way out of that.

Re:If it were Microsoft...

[whitehatlurker]

.. and microsoft patched three holes in ONE day, we could have a fully secure MS IE in ... oh, wait, ... nevermind.
It's still too long, isn't it?

Huh?

[bsquizzato]

Why did Mozilla release Netscape 8, based on Firefox 1.0.3, AFTER they had released the fix? (1.0.4) Why wouldn't they just wait an extra day? Now there will be vulnerable Netscape 8's floating around if people aren't consciencious enough to check for updates daily.

Re:Huh?

[Zontar+The+Mindless]

> Why did Mozilla release Netscape 8...?

Um, Mozilla didn't release it -- AOL did.

Re:Huh?

Mozilla didn't release it, AOL/TW owns Netscape, AOL/TW released it.

Re:Huh?

[jack_csk]

Now perhaps AOL will release the AOL Optimized 10.1 CD the day after AOL Optimized 10.0... that would be great.

Re:Huh?

I suspect bureaucracy. Most every large organization has perverted values based on simple, sound-bite-ish information. "Did you release on time?" "Yes!"

No Linux Version?

[courtrrb]

Just been to Netscape's website and no Linux version available. Some web site will work only with IE or netscape. I still prefer Netscape over IE anyday.

Re:No Linux Version?

[bunratty]

Some web site will work only with IE or netscape.

If you find a site like that, email the admins and let them know this is the 21st century. There are more than two browsers on the market, and they're losing at least 10% of their visitors if the site doesn't work in Gecko (Firefox), Presto (Opera), and WebCore (Safari) browsers.

Re:No Linux Version?

Just get the user-agent switcher plugin for Firefox and set it to Netscape. They're both the same thing now.

Re:No Linux Version?

[courtrrb]

I always send them emails stating they don't work with Firefox or Mozilla. So I tried both of these suggestions. Neither of them has worked work yet. If you go to www.ecsusa.com a (Motherboard Manuf site) you'll see that site dosn't work with Firefox or Mozilla. I've sent them 3 emails over the last year to no avail. It seams they don't care to support their customer buy their hardward.

Re:No Linux Version?

[stretch0611]

Some web site will work only with IE or netscape.

I use FireFox. I will not use IE. If a site does not work with Firefox(not too many sites are still like this) I will not use that site. That means no advertising revenue and no retail sales from me.

I admit I have to use IE for 3 webapps at work. One of these is developed and maintained by my group and we are currently in the process of making it browser neutral. Everything else I will use with Firefox. The difference is I am paying for using other sites (either by sales or ads). At work I am being paid to do what is necessary; I do not always have a choice in how I do it if I want to get paid.

Re:No Linux Version?

[bunratty]

When a site refuses to support your browser(s) of choice, just take your business elsewhere, and let them know that they've lost you.

Re:No Linux Version?

[Myen]

WFM - I managed to download a random IDE driver.

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050520 Firefox/1.0+

Of course, I'd still prefer using an old machine than something with their motherboard... but that's unrelated.

Re:No Linux Version?

[courtrrb]

None of their pulldowns work. So trying to find anythins is a real pain in the &&^^%

Re:No Linux Version?

[springbox]

It works for me (FireFox 1.0.4 Windows.) Maybe you should do some more testing to see if it's operating system specific.

Re:No Linux Version?

[courtrrb]

Nope! Made shur that I had 1.0.4 and it still dosn't work. I'm using Linux Mandriva 2005LE. I belive it has somthing to do with the java used. Firefox for windows must useing the non-standard M$ version of java were as the Linux version use the standard version. Loook at Nvidia.com they have the same drop down boxes but they work fine on that site.

Re:No Linux Version?

[bunratty]

It works in the latest Mozilla on Windows. And they use JavaScript for their menus, not Java. Still, if you have problems with the site, let them know. It may be a simple problem to fix that they just don't know about yet.

Still better than Microsoft in same position.

[davidwr]

Need I say more?

Insecure?

I'm insecure and I apply daily patches (nicotine), but dunno how it can happen to a browser. Is Firefox insecure because people keep criticizing it?

OT: Avagadro's number to be fixed

In the process of defining the standard kilogram in terms of universal constants, Avagadro's number will be defined as the length of time, in seconds, before half of the bugs in Microsoft NT 4.0 will be fixed.

Rather embarassing

[Phil246]

Regardless of the reasons why - For a software company to release a patch for a product they released 24 hours ago is , to say the least embarassing.
I would imagine there are quite a few red faces around netscape today

gross misuse of the term

[gosand]

Imagine if civil engineers started doing the same with buildings and bridges.

Imagine if software developers were held to the same standards as engineers.

I get tired people comparing software development to real engineering when developers refuse to follow the same rigorous standards that engineering disciplines have to follow. There are some software engineers out there, but most of the people with that title are simply software developers. Not that every piece of software needs to be engineered, but way too many "software engineers" have no business using the word engineer when they refuse to follow any type of rigorous process around software development.

Again - most software doesn't need to be engineered, but some does. The term "software engineer" is grossly misued most of the time.

Re:gross misuse of the term

[Beatbyte]

why shouldn't they be? software controls LOTS of financial/medical/industrial stuff that really has to be up to snuff. what if the computerized arm thats operating on your eye freaks and shoves its arm through your skull?

And this is a good idea WHY?

[argent]

The big deal with Netscape 8 is that it offers the choice of using the IE or Firefox/Gecko rendering engine on different pages.

The fundamental security flaws that are inherent in the Microsoft HTML Control can't be fixed by a wrapper, because they're in the HTML control itself, not the IE "shell". So you're no safer using the "IE Engine" inside Netscape than just using IE.

So this is no different than just using IE for the pages that need IE, except that people who think they're being safer using Netscape instead of IE are likely to let their guard down when using this feature.

Re:And this is a good idea WHY?

[Pollardito]

it seems like it'd be a lot easier just to switch rendering engines when you hit a bad page than to copy the link, open another application, paste the link into it, etc. plus, this way you can maintain one set of bookmarks one browser history, and one cache. i'm trying to think if this is a good thing for us web developers. is this an easy way to quickly test a page in two different environments, or is it a third environment that has quirks that the two engines don't have natively?

Re:And this is a good idea WHY?

[masdog]

I think there is a firefox plugin that copies the link, opens another application, and pastes it for you.

https://addons.mozilla.org/extensions/moreinfo.php ?id=35&application=firefox

Re:And this is a good idea WHY?

[argent]

it seems like it'd be a lot easier just to switch rendering engines when you hit a bad page than to copy the link, open another application, paste the link into it, etc.

It seems like it would have been a lot easier to add an "open in internet explorer" menu/contextual menu/accelerator key, and a lot less likely to lead to people getting confused about whether they're in a "safe" (relatively) browser or not.

Re:And this is a good idea WHY?

[Trevahaha]

It will render using Gecko by default, except for trusted sites which you then specify whether to render with IE or Gecko.

Re:And this is a good idea WHY?

[timmyf2371]

This is a good idea because it means for the many sites which do not display correctly in Mozilla/Firefox/Netscape they can still be accessed via Netscape and presumably still have all the excellent features of the code such as tabbed browsing and like available to them.

Regardless of who you feel is at fault for the reasons a certain page will not display correctly in any other browser than IE, considering the user would need to use IE to access the page in any case, this is a very convenient feature now available to users.

Re:And this is a good idea WHY?

[argent]

except for trusted sites which...

That's the point.

Using the same application to view both trusted and untrusted objects is a bad idea. It opens up the possibility that an untrusted object will convince the application that it's trusted.

Don't use IE at all, except for trusted sites. Assume that you're at risk whenever you're using IE. You'll be a lot happier.

Re:And this is a good idea WHY?

[argent]

This is a good idea because it means for the many sites which do not display correctly in Mozilla/Firefox/Netscape they can still be accessed via Netscape and presumably still have all the excellent features of the code such as tabbed browsing and like available to them.

The most important feature of Netscape is that it doesn't support ActiveX and most of Active Scripting. That is an advantage, even if it makes the page appear incomplete. No, a user is better off having the site display incorrectly than taking the risk of viewing it in IE.

Re:And this is a good idea WHY?

Tell this to my company, who suffers from way too many middle managers who think they can just update internal pages with an ancient version of FrontPage that can't tell the difference between dynamic and static linking, horrid javascript menus that will only work in IE and other tidbits of moronic goodness. :P

Supposedly, everything in our internal net is secure (yeah, sure), but that feature sure is handy - if only to show people how much *better* the other options like Firefox are.

Reminds me of an old joke

[192939495969798999]

Internet Explorer rinses and uses paper towels in the bathroom.
Netscape washes thoroughly and uses the automatic air dryer.
Firefox doesn't piss on its hands.

Joy for the meta-moderators

Post is labeled interesting AND troll.

The meta-moderators will have fun with that one.

Really a patch or complete download?

[klui]

I'm really curious if this is indeed an incremental patch or Mozilla's idea of one--namely a complete download of the product.

Re:Really a patch or complete download?

[janeil]

There isn't any complete download of the product at all. All you can download is a stub, which goes online for the actual download. The netscape ftp site has a netscape8 folder, with the usual nested folders down to win32/, then ... nothing. So, the first download wasn't a complete download anyway. The patch may be a complete new set of files, but who knows? (I hate the stub.)

Looks like 7.2 will be my last netscape. Sad. I still install 3.0 (3.1?) gold sometimes just for nostalgia's sake.

And, am I just lucky in my use of the web? Where are all these pages that must have IE? (Which I never use except for windows update.) Please, point me at one, could someone? I'm curious.

Netscape is patetic

[MorseKode]

It's patetic what Netscape turned into.
The website is some kind of news/portal site, with nothing interesting just bullshit like "How to Handle an Angry Woman" or "Top searches: American Idol", and hidden between all that "All New Netscape Browser 8.0", it is a shame (not to mention it's firefox with other GUI).
I think it's time for Netscape to dissappear and leave their browser as the legend it was years ago not the piece of crap it's today.

Re:Netscape is patetic

Obviously you have never had to handle an angry woman, or you would never have said that! ;)

Re:Netscape is patetic

Women are real? I thought they only existed in pr0n.

Re:Netscape is patetic

No, I think I saw one out my window yesterday

Ridiculous

Don't netscape engineers read slashdot?

No seriously, the Firefox vulnerabilities were big news. It was widely reported and talked about not just on slashdot but in other places.

Forgetting that .. isn't it just prudent to check for new releases and issues etc. of the core product right before release day? What did they do during the in between time since the vuln. was announced and the patch was released? Didnt bother going to firefox's page? Or heck reading just about any tech news site?

What the hell is wrong with corporations?

Twice the Rendering Engine; Twice the Vulnerabilit

[Dark+Coder]

Oh boy, Netscape now has to watch both sides of the flaming candle stick, less they get burned with additional vulnerability (from EITHER side).

Automatic updates

[POWRSURG]

I installed Netscape 8 the day it came out for testing purposes. I saw this story, went to Netscape with their default skin and found they had nothing similiar to the Firefox's red ! to alert me that updates were necessary. I went to Tools->Advanced->Software Update and found Automatically Download and install updates was checked by default, so I checked my UA string to find it was still Netscape 8.0. Went back to Software Update and ran Check Now and it did not find any updates. Switched to their other theme (I do appreciate it coming with two themes provided for users to choose from) and found no icon next to that throbber either (as one might expect). Will this be turned on/fixed in the future, or was the functionality for this in the 17 MB minimum hard drive space system requirements difference between it and Firefox?

This coupled with the fact that Firefox themes/extensions do not work and the fact that it has twice the recommended system requirement for processor speed and memory (which seems accurate as it seems slower than Firefox and I am somewhere in between Firefox and Netscape's recoomended CPU speed) are just a few of the reasons I will not switch back.

Re:Automatic updates

[Myen]

For the auto-update, you need to wait for them to update this file.

Hmm, it looks like they distribute the trust stuff there too :)

Die !

Die stupid dead thing !! Die !!!!

Competitive Advantage

[snortCrush69]

The reason that companies release their software then patch later, is so that they gain a competitive advantage in the market.

For instance, Microsoft releases a new version of Office that has a few holes that need patched. Microsoft decides though that it would be cost beneficial to release the version now. This way people get the new fun features of Office NOW and Microsoft becomes the largest marketshare holder of a new feature.

It's much more beneficial for a company to release a new version quickly and patch, than it is to engineer a secure version and lose a foothold in the market.

Short review of Netscape 8

[ilyaaohell]

I just briefly used Netscape 8, so I'll write up my impressions.

The interface is very cluttered with "potentially" useful information, like movie theater show times, weather, news, etc. If you prefer Yahoo's front page portal to the simplicity of Google's front page, this browser is made for you. Otherwise, stick with Firefox.

The browser renders all "unknown" sites as Firefox, which was annoying to me because the only purpose for me trying this out was to test out some IE-only web pages. Luckily, it took little effort to set most of them to display in IE.

The rendering engine switch is very fast and seamless. I thought speed would be a major issue here, but it is not and issue at all.

This pretty much sums up any immediately noticable differences between this browser and Firefox. I uninstalled it because, for my normal browsing, Firefox works well and is un-cluttered. If I use Netscape 8 just because it has IE rendering, it would be no different than what I do now when I just open up an IE window whenever I need to view a banking website or things of that nature that are not compatible with Firefox.

Also, upon installation, the Import Wizard crashed, but that didn't matter much to me since I wasn't going to use the thing as my default browser anyway.

Favorite Poll Question

[ReadParse]

Reminds me of my favorite slashdot poll of all time: "Netscape 6 is out. Do you care?" The resounding winner was "no," as I recall.

Well I can't find it in the poll archives. I was pretty sure it was a slashdot poll. Funny anyway.

RP

Windows only?

Any reason I might have had to try and test it just flew out the window. Who the hell cares about IE rendering on Windows? Netscape probably has the same vulnerabilities as IE now since they're just using Windows components....

Another debacle for OpenSource?

[webphenom]

From ZDNet...

A day after launching Netscape 8 and touting the browser's security features, Netscape has released an update to fix several serious security flaws.

The original Netscape 8, released early Thursday, is based on version 1.0.3 of the open-source Firefox browser. Netscape thought the new browser was immune to security vulnerabilities in the Firefox software that were fixed last week in Firefox 1.0.4. It turns out Netscape 8 is vulnerable.

"We had been misinformed by an external security vendor that the Firefox security issues did not affect us," Netscape spokesman Andrew Weinstein said Friday. "Within hours of discovering that the vendor was not accurate, we had addressed those issues and posted an updated version of the browser."

netscaped nuked my IE XML viewer

now I cannot view XML files in my IE browser after I installed Netscape... oh the pain. This one is tough to figure out...