On Sat, 2014-07-12 at 06:11 -0500, Shawn K. Quinn wrote: > If it's code bloat, I'd like to know just how much code we're talking > about. Unless we're going to try to put Lynx on install media (and I am > definitely not suggesting that we do), 1.7 megabytes really isn't all > that big (it's actually smaller than ftp). If you have gamesXX.tgz > installed and never play them you have no business complaining about > bloat on a binary of that size.
The recent patch which removes bibp support and breaks telnet URLs removes a whopping 8k or so (at least on amd64 here, versus -current from a couple days before). If hard drives still topped out at a gigabyte or less that might be an impressive reduction, but those days are long gone. Taking out dired, gopher, news, and finger only makes a total reduction of some 121k. Again, it might make a difference if your whole hard disk is under a gigabyte. Today, a terabyte or significant fraction thereof is more likely. So, not impressive given what we're losing by saving that small amount of disk space. And this comment: > leave gopher, news, and dired in place for now. but we will soon catch up > to the security level of internet explorer 7 by removing these too. This is complete bullshit, to the point where I would think it came straight from Microsoft's PR department. There is no way in hell that Lynx was ever as insecure as Internet Explorer 7, much less is today. Lynx, by its very nature, is one of the most secure browsers out there, as it lacks almost all of the attack vectors (Javascript, CSS, etc) that, say, Firefox or Chrome has. The most recent advisory for Lynx I found was from 2005, then one from 2003, then one from 2000. That's three over a six-year span, then bupkis for the next nine. I think a more appropriate way of wording this comment in full is: "despite several messages on tech@, start gutting lynx under the guise of security. specifically, ignore the people who said bibp is in use and get rid of it. break telnet, rlogin, and tn3270 for the hell of it. "leave gopher, news, and dired in place for now. but we will soon catch up to Microsoft's level of saying 'fuck the users' by removing these too, because we feel like it. "ok's for the version of this diff that removes even more protocols from deraadt@, tedu@. general support from other devs. again, fuck the people actually using our software, fuck gopher, fuck bibp, fuck nntp and Usenet. OpenBSD: where do you want to go today?" Seriously, if you are worried about getting hacked from using Lynx (and I mean real Lynx as distributed, with support for gopher, finger, bibp, telnet, and the kitchen sink included), maybe the Internet is just not for you. As for me, I feel safe running Lynx as root. I'd be surprised to find that many people who were not. Finally, I'm horrified that bibp support was removed, and telnet support was broken, *after* others said they were still using it. I expect this kind of ham-fisted "fuck the users" move from companies like Microsoft and Apple. I honestly never thought I'd see the day that it would happen in OpenBSD. For now, I'm going to make sure my Lynx still has full functionality if I have to manually unfuck the Makefile myself everytime after I update my sources. In the future? Maybe I (and the other users who actually give a shit about having non-crippled software) should have switched to BitRig (or NetBSD, or maybe even something else) already. It's a shame because I was looking to buy a CD set for 5.6, too. But I won't if Lynx isn't all there in 5.6-release, and I'll be donating the money to another project (most likely BitRig) instead. Feel free to follow my lead should you desire. -- Shawn K. Quinn <skqu...@rushpost.com>
