The Register reports: “Caldera has pledged that developers and education users will get access to UnitedLinux binaries, after the four member distros have pooled their resources. But as the story unravels, it looks like the per-seat pricing looks like a stayer, at least for Caldera,” even though SuSE has distanced itself from the per-seat license.

LinuxMax.net is excited. “The release has been a big boom to mozilla fans, Mozilla comes in two pieces, an application package and a software development toolkit. The former comprises browser, chat client, email and Usenet reader, while the latter contains Mozilla components, such as the Gecko web rendering engine, and tools to build additional applications.”

– by Tina Gasperson –
As users, it’s easy to forget exactly why we liked computers
so much to begin with. We get enmeshed in routine and things get boring. Then
one day there’s a 1.0 release to review, and surprise of surprises, it’s an
adventure in discovery that brings back some of the magic. Mozilla 1.0 isn’t
perfect, but it certainly is a lot of fun packed into one browser.First, the basics. Mozilla and Netscape mirror each other in ease of
installation with an idiot-proof GUI installer. I just downloaded the installer
in a tar.gz format. Unpacked into my home directory, the files went into
/home/tina/mozilla-installer. I entered the directory, changed to superuser
because I want the rest of my family to be able to use Mozilla, too, and typed
sh mozilla-installer. The GUI interface came up, and I accepted the
default installation directory: /usr/local/mozilla. If you’re the only one who
uses your computer, you could just install it in /home/your_home/mozilla.

Once I told it where to install, it dutifully downloaded and installed all the
files for me automatically, just like Netscape does. The application then opened
and pulled in all the settings from Netscape so I didn’t have to take time to
transfer any bookmarks or set up my mail accounts. However, the release notes say you should not use your Netscape profiles, because you could lose your search settings or become the victim of an ever-growing bookmark file that might freeze your system. I’ve been using Mozilla 1.0 since the release announcement, with my Netscape profile, and haven’t experienced these problems. Yet.

One minor aesthetic point: I liked that Mozilla defaults to the “classic”
Netscape look instead of the new theme. If you don’t like “classic” or “modern”
you can go to Deskmod or
mozdev.org to get some new
ones.

Using Mozilla to browse Web sites is completely intuitive for anyone who is
familiar with browsers. Everything is where it “should” be. Yet browsing for me
was a bit uncomfortable because it felt like there was just a bit of a lag
opening pages. It could have been my connection, but I opened up Opera just to
compare, and the page load times felt much faster — I didn’t feel like I was
trying to help pull them up myself like I was with Mozilla. The pages
themselves rendered quickly, but there was always a slight lag in seeing
the page. That’s my only complaint.

Features

It’s the features that make Mozilla a standout. I’ve been using Mozilla for
months, but never took time to investigate the features I’ve heard murmurings
about, like tabbed browsing. With this review, though, I started poking around
to find out exactly what I could do with the long-awaited official 1.0 Mozilla.
I used Mozilla’s own recommendations as a guide for the “10 most interesting
things” about the browser.

Pipelining

Of all the features, this is the one I care least about. Pipelining allows
multiple HTTP requests to be sent out together, instead of each request being
sent in turn and not until a reply is received for the previous one. Mozilla
says that the “act of pipelining can result in a dramatic improvement in page
loading times, especially over high latency connections.” Later on in the same
document, however, it says that if the pipelining is too long, it can cause
“user-perceived delays.” Mozilla says it is the only browser that makes use of
pipelining.

Tabbed browsing

Tabbed browsing is cool, but it’s not unique — Opera uses this. It can be a bit
disconcerting at first if you’re used to each window coming up separately. The
nicest part about it is that you can see what pages you have open because the
tabs are labeled with the page title. If you’re like me, you may not have room
in the task bar for the identity of each page to be seen; the tabs stay big
enough to read easily, up to around 10 pages, depending on your screen
resolution.

Pop-up blocking

Of course, being able to control pop-ups is a wonderful feature that every
browser should have. Set it and never have to worry about being bombarded with
advertisements in new windows sprouting all over your screen faster than you can
chase them down and close them. It’d be even greater if it worked all the time — the popups at some sites still keep popping — nytimes.com, for example.

Bookmark keywords

This is fun. When you set a bookmark, you can assign a keyword to it, a la Real
Names, and type that keyword into your navigation bar instead of the whole URL.
What’s more, you can set user inputs for your keywords. If you search Google all
the time like I do, you can set a Google keyword and add your search terms to it
for faster searching. Here’s how: Perform a search in the usual way on Google.
File the bookmark. Open the bookmark in the bookmark manager and click on
“properties.” Give it the keyword “Google”. In the URL, delete the search term
you used and substitute “%s,” to indicate “this is where a user input will
happen.” Save it. Now, when you want to do a quick search on say, takamine
acoustics, type “Google takamine acoustic” in the navigation bar and your search
comes up automatically. Use any terms you like, and be creative.

User customizability

Mozilla is very, very customizable. So much so that there are even hidden ways
to customize. To find out more, type about:config in your navigation bar, and
Mozilla will present you with a complete list of all user-configurable
parameters. Be careful — the FAQ warns that you could render Mozilla unusable if
you set something incorrectly. See Customizing
Mozilla for more information and a useful, well-commented sample preference
file that helped me understand exactly what user customization is all about. I
didn’t mess with this much; I have a feeling this is one of those things
programmers will enjoy tweaking much more than all us “just-a-user” kind of
people.

Page viewing

Mozilla has some handy page viewing shortcuts for zoom:

• Zoom text smaller: Ctrl and –
• Zoom text larger: Ctrl and +

These work very well, but not instantly, so don’t press Ctrl – 10 times like I
did in my impatience.

Mozilla also mentions alternate stylesheets, but after searching the menus and
in the help files, I couldn’t find any information about this.

Themes and appearance

I’ve already mentioned themes, and Mozilla recommends that you use different
themes to change the look of Mozilla, including getting smaller icons and turning off the text under the icons, a feat that you can accomplish in Netscape
without resorting to a different theme. Another thing that seems backward is the
fact that you cannot move the toolbars around — but Mozilla did say that people
would tend to judge this 1.0 release not by the standard of a 1.0 release, but
by comparing it to commercial browsers. This is one area where Mozilla seems
behind — but moving toolbars around and shrinking icons isn’t at the top of my
priority list, so I can wait.

Built-in chat

Chatzilla is perfectly adequate as an IRC app but nothing spectacular. It’s nice
to have it included as part of the browser though. You won’t get this unless you
specify it during the install — you have to select the “full install” option.
Chatzilla is customizable in the same way that the browser is, for instance, you
can add a line indicating your IRC nick.

Extensibility

Developers will shine here. Mozilla, in fact, says that its mission is “create
open source code that software developers can use to build web applications.” As
a user, I’m just along for the ride. Mozdev.org is the repository for projects
developers are working on to add on to Mozilla. One project that caught my eye
is the PlugIn Doc project, which
provides instructions for installing and setting up plugins in Mozilla, a task
that has proved troublesome for me in the past. Speaking of plugins, when I was
browsing around I decided to go to the heavily-java-dependent games.yahoo.com.
Mozilla didn’t know I had Java already installed, so it sent up the “get the
plugin” interface. On a whim I decided to click it and found that Netscape has
created a very easy to use plugin locater and installer, at least when it comes
to Java for Linux, called the Netscape Plugin Finder Service.

Multiple platforms

Finally, Mozilla developers say it runs on dozens of platforms. I’ll take their word for
it since I’m only running one.

Verdict

The jury is still out right now. I like it, and for now I’ll keep using Mozilla
1.0, probably gradually customizing it to my personal likes. My “perception” of
slower loading times may or may not cause me to go back to Netscape 4.77 or
Opera. After four years of anticipation by the Open Source community, having
Mozilla 1.0 and running it is lots of fun. I’m impressed by Mozilla, but wonder
if I’ll ever have time to learn all the “tweaks” on this powerful browser
created especially for software developers.

Anonymous Reader writes: “TheKompany.com says it hopes to ease adoption of Linux by enterprises who have legacy COBOL applications through its new KOBOL compiler and IDE. Shawn Gordon says in this story on Linux and Main that in most cases all that’s required for a Linux port is a simple recompile of the existing code. He says that this is of particular importance in many countries around the world that don’t have big IT budgets.”

“It is the first time Oracle will provide support for an operating system, said Mark Shainman, senior research analyst with Meta Group Inc., and it means that customers running Oracle9i Database on Red Hat Linux only have to work with one vendor to receive support, such as bug fixes and patches.

“This is actually giving some validity for Linux in the enterprise,” Shainman said. “One of the biggest apprehensions customers have with Linux is support.” More about this announcement at IDG.net.

News.com admits that “Linux is catching on” in China. Now, Microsoft is over there trying to balance the eradication of “piracy” with the elimination of that nasty open source cancer stuff. The former deputy general manager of Microsoft in China is quoted as saying that Microsoft is too arrogant. He works for Red Flag Linux now, but we’re sure his opinion is unbiased. Read the rest of the article at News.com.

Hmm. Microsoft apparently has drafted an essay blasting the proposed CBDTPA (fka SSSCA) legislation, saying it would be a potential invasion of users’ privacy–but more important for them, we tend to think, it would also “slow the processing of data communications.” Read more at The Register.

They say, in this article at The Register (from ComputerWire) that Mozilla 1.0 is nothing if not a “vision thing.” There’s a mention that Mozilla 1.0 will not be judged with the usual 1.0 release measuring stick, but will be compared instead with all other commercial browsers.

Emanuel Mair writes: “As previously reported on NewsForge’s NewsVac, Amiga Inc. is planning to divide the up-and-coming POP-based PowerPC hardware market into “POP” and “POP, but for AmigaOS” fractions, and on top of it all try to enforce licensing policies that many fear would be the final death of AmigaOS. Yesterday, the ongoing petition aimed at Amiga Inc. got an official site where more background information, FAQs and related news can be found for anyone interested in AmigaOS, Open Hardware and an independent PowerPC market.”

– By Robin “Roblimo” Miller –
Here’s an interesting way to secure an Internet-connected computer against intruders: Make sure the operating system and software it runs are so old that current hacking tools won’t work on it. This was suggested by Brian Aker, one of the programmers who works on Linux.com, NewsForge, Slashdot, and other OSDN sites; he runs several servers of his own that host a number of small non-profit sites in the Seattle area. “I have one box still running a version of Solaris that’s so old none of the script kiddies can figure it out,” Brian says. “They tend to focus on the latest and greatest, and don’t have the slightest idea how to handle my old Sun box.”
Brian points out that some of the most secure Department of Defense Web sites — ones that don’t make headlines by getting cracked all the time — run old versions of Mac OS and the venerable WebSTAR server suite. “[Mac is] a great operating system for that application,” he says. “No scripting or remote capability at all, so there’s no way for them to get in.”

Not only that, the hacker/cracker crowd is fixating, as usual, on the latest versions of everything, like Windows 2K/XP, Mac OS X, the most recent Linux kernels and BSDs, the newest Solaris, and so on. What fun is there in breaking into a system running something so ancient only a dad would even consider using it? There’s also an obscurity factor to consider here, and not the one proprietary software advocates usually trot out when discussing security issues.

True “security through obscurity”

Most Web site takedowns and system intrusions make use of known vulnerabilities in a particular operating system or server software package. These vulnerabilities are typically discovered, a little at a time, by thousands of bad hackers who poke and prod at systems, port-scanning and probing them, sharing the information they gain from their (mostly failed) attempts with each other. A million monkeys with Internet connections may not reproduce any Shakespeare plays — they need to use old-fashioned typewriters to do that — but they sure as bleep are going to find vulnerabilities in any host they contact sooner or later simply by sheer weight of numbers, especially if the operating system or software they attack is popular enough that they have many instances of it out there to look and poke at. It doesn’t matter whether the operating system and server software under attack is proprietary or Open Source. Sooner or later, with enough monkeys scratching at it, every single chink or opening can be discovered and exploited.

Imagine a custom operating system used by only a few servers, running server software so oddball that cracking lessons learned on mainstream servers don’t apply to it at all. Or imagine running a DOS variant or an OS like AIX that has never been widely used for Net-attached servers but is adequate for handing out simple Web pages and receiving responses through online forms and handling email, which are the primary tasks performed on most publicly-accessible servers.

Now imagine your local script kiddie trying to crack a box running an operating system and server software he’s never seen before, about which no information is available in the usual online hacker hangouts. Chances are, he’s going to move on to an easier target.

This is security through obscurity at its finest. Even if the custom operating system and server software are Open Source, low-level attackers aren’t going to bother poring over the code thoroughly enough to find its vulnerabilities, and those few who have the skill level needed almost certainly have better things to do with their time — like work — and won’t bother.

Really dumb stuff

Never forget, most intrusions and defacements exploit really stupid administrator or user mistakes, like using “password” as the password for remote access or running all kinds of unnecessary services that create security holes so big a whale could dive through them. These lapses have nothing to do with the operating system or software being used. No operating system or application ever written is immune to user stupidity. Some just take more stupidity to botch than others, you might say. But that’s enough about that. Let’s go back to talking about old operating systems.

Age before beauty

One advantage of mature software is that lots of people have already tried to crack it and lots of patches have been written. A smart sysadmin like Brian, running an ancient version of Solaris, has kept up with security updates over the years and has installed all of them he has found. What some people might sneer at as “obsolete” software, others might call “carefully tested” or “proven.” Indeed, Debian Linux users often point to the fact that Debian’s stable branch does not include the latest kernel or software as one of its great strengths; Debian lets others explore the latest and greatest — and fall victim to the latest and greatest exploits — before all the kinks are worked out to the Debian maintainers’ satisfaction.

Note that an awful lot of servers out there are still running on Red Hat 6.1 or 6.2, not Red Hat 7.x, and that it takes a long time for the latest version of Apache to trickle out into the world full-strength. Because these programs have zero licensing cost attached to updates, why would so many sysadmins keep using old versions when new ones no doubt offer more and slicker features? Obviously, those sysadmins have the same outlook as delivery truck fleet managers who refuse to buy a new model during its first year or two in production. They prefer to wait until all the kinks are worked out and all the defects and maintenance tricks have been discovered and applied by early adopters before jumping from the tried and true into something new.

This is sane behavior for a conservative business manager whether she is running a fleet of Web servers or a fleet of trucks — or even a fleet of Web servers for a trucking company. But it may be even more sane to hold on to the same servers and trucks even when others sneer at them as being old, even if new versions are smoother and easier to administer or drive. Quite simply, once you have worked with a piece of software or a truck for a number of years, you know its quirks inside and out. When it acts up in a subtle way someone not used to it might not even notice, long experience with it can point an observant sysadmin or mechanic straight to a problem, thereby saving downtime and repair costs.

Because “Total Cost of Ownership” is the big management buzz phrase that cuts across all business areas, and anything new requires a learning curve, sometimes it is best to just keep on using the old whatever as long as it does its job reasonably well.

At some point — hopefully before Microsoft stops supporting it — Windows NT may be reasonably secure against most common exploits. If nothing else, by that time there will be hundreds of thousands of sysadmins who have learned how to secure it as hard as possible, even if they had to learn some lessons the hard way — by getting cracked. At the same time, the script kiddies and malicious hackers who ran roughshod over NT servers when they first appeared have aged. Most of them probably have jobs and responsibilities by now, and aren’t getting their kicks playing in other people’s systems but are busily securing ones they run themselves.

The next generation of bad-kid hackers probably won’t mess much with NT — or pre-X Mac OS or Linux pre-2.5 kernels or Apache pre-2.x or any of the other operating systems and server applications their fathers or older siblings ran “back in the day,” while those same fathers and older siblings will have piled up endless experience securing those old, now-obscure programs, making them harder targets than the latest stuff.

You never read about this kind of “security through obscurity,” which can just as correctly be called “security through obsolescence.” Despite this lack of publicity, it may be as effective a tactic as any other, and it can be implemented without spending a dime.