On Sat, 2014-07-12 at 06:11 -0500, Shawn K. Quinn wrote:
> If it's code bloat, I'd like to know just how much code we're talking
> about. Unless we're going to try to put Lynx on install media (and I am
> definitely not suggesting that we do), 1.7 megabytes really isn't all
> that big (it's actually smaller than ftp). If you have gamesXX.tgz
> installed and never play them you have no business complaining about
> bloat on a binary of that size.

The recent patch which removes bibp support and breaks telnet URLs
removes a whopping 8k or so (at least on amd64 here, versus -current
from a couple days before). If hard drives still topped out at a
gigabyte or less that might be an impressive reduction, but those days
are long gone.

Taking out dired, gopher, news, and finger only makes a total reduction
of some 121k. Again, it might make a difference if your whole hard disk
is under a gigabyte. Today, a terabyte or significant fraction thereof
is more likely. So, not impressive given what we're losing by saving
that small amount of disk space.

And this comment:

> leave gopher, news, and dired in place for now. but we will soon catch up
> to the security level of internet explorer 7 by removing these too.

This is complete bullshit, to the point where I would think it came
straight from Microsoft's PR department. There is no way in hell that
Lynx was ever as insecure as Internet Explorer 7, much less is today.
Lynx, by its very nature, is one of the most secure browsers out there,
as it lacks almost all of the attack vectors (Javascript, CSS, etc)
that, say, Firefox or Chrome has. The most recent advisory for Lynx I
found was from 2005, then one from 2003, then one from 2000. That's
three over a six-year span, then bupkis for the next nine. I think a
more appropriate way of wording this comment in full is:

"despite several messages on tech@, start gutting lynx under the guise
of security. specifically, ignore the people who said bibp is in use and
get rid of it. break telnet, rlogin, and tn3270 for the hell of it.

"leave gopher, news, and dired in place for now. but we will soon catch
up to Microsoft's level of saying 'fuck the users' by removing these
too, because we feel like it.

"ok's for the version of this diff that removes even more protocols from
deraadt@, tedu@. general support from other devs. again, fuck the people
actually using our software, fuck gopher, fuck bibp, fuck nntp and
Usenet. OpenBSD: where do you want to go today?"

Seriously, if you are worried about getting hacked from using Lynx (and
I mean real Lynx as distributed, with support for gopher, finger, bibp,
telnet, and the kitchen sink included), maybe the Internet is just not
for you. As for me, I feel safe running Lynx as root. I'd be surprised
to find that many people who were not.

Finally, I'm horrified that bibp support was removed, and telnet support
was broken, *after* others said they were still using it. I expect this
kind of ham-fisted "fuck the users" move from companies like Microsoft
and Apple. I honestly never thought I'd see the day that it would happen
in OpenBSD.

For now, I'm going to make sure my Lynx still has full functionality if
I have to manually unfuck the Makefile myself everytime after I update
my sources. In the future? Maybe I (and the other users who actually
give a shit about having non-crippled software) should have switched to
BitRig (or NetBSD, or maybe even something else) already. It's a shame
because I was looking to buy a CD set for 5.6, too. But I won't if Lynx
isn't all there in 5.6-release, and I'll be donating the money to
another project (most likely BitRig) instead. Feel free to follow my
lead should you desire.

-- 
Shawn K. Quinn <skqu...@rushpost.com>

Reply via email to