lynx is gone?

classic Classic list List threaded Threaded
53 messages Options
123
Reply | Threaded
Open this post in threaded view
|

lynx is gone?

Bob Eby-2
Lynx is gone.  Wow just wow, I'm stupefied by just how much you guys have
removed from base.

The least you could do is put something on afterboot useful to getting a
web browser up and running.  Note: it's usually helpful to have a
web-browser to do things like oh, I don't know, find a suitable mirror for
pkg_add?

It was fun playing with the packet filter all those years ago, but I think
I've had my fill of OpenBSD after lack of new hard drive formats, WPA2
hassles, failure to get very popular and important firmwares (ipw anyone?)
into the distribution.  (Nothing like installing over a wireless NIC when
you don't have the firmware and can't download it over said NIC)

Honestly, every new box I try to find some use for OpenBSD but every time
go back to some Linux flavor to actually do ... well ? anything.  (Except
play nethack. I guess, yeah, *thats* more important than a default web
browser)

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Peter Hessler
1) lynx has some amazingly insecure code

2) the installer installs a functional pkg.conf if you installed from
the network.


On 2015 Mar 04 (Wed) at 10:11:17 -0500 (-0500), Bob Eby wrote:
:Lynx is gone.  Wow just wow, I'm stupefied by just how much you guys have
:removed from base.
:
:The least you could do is put something on afterboot useful to getting a
:web browser up and running.  Note: it's usually helpful to have a
:web-browser to do things like oh, I don't know, find a suitable mirror for
:pkg_add?
:
:It was fun playing with the packet filter all those years ago, but I think
:I've had my fill of OpenBSD after lack of new hard drive formats, WPA2
:hassles, failure to get very popular and important firmwares (ipw anyone?)
:into the distribution.  (Nothing like installing over a wireless NIC when
:you don't have the firmware and can't download it over said NIC)
:
:Honestly, every new box I try to find some use for OpenBSD but every time
:go back to some Linux flavor to actually do ... well ? anything.  (Except
:play nethack. I guess, yeah, *thats* more important than a default web
:browser)
:

--
Might as well be frank, monsieur.  It would take a miracle to get you
out of Casablanca and the Germans have outlawed miracles.
                -- Casablanca

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Manuel Giraud-4
Peter Hessler <[hidden email]> writes:

> 1) lynx has some amazingly insecure code
>
> 2) the installer installs a functional pkg.conf if you installed from
> the network.

3) nethack is not in base

--
Manuel Giraud

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Marc Espie-2
On Wed, Mar 04, 2015 at 04:49:06PM +0100, Manuel Giraud wrote:
> Peter Hessler <[hidden email]> writes:
>
> > 1) lynx has some amazingly insecure code
> >
> > 2) the installer installs a functional pkg.conf if you installed from
> > the network.
>
> 3) nethack is not in base

At least parts of nethack is GPL.

jsg
Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

jsg
Its not in my pay grade to offer a technical opinion on Lynx removal!
But ,,,,,,WHAT r u folks using instead, considering??????

thanks OpenBSD

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Giancarlo Razzolini-3
On 04-03-2015 15:48, Jeff St. George wrote:
> Its not in my pay grade to offer a technical opinion on Lynx removal!
> But ,,,,,,WHAT r u folks using instead, considering??????
Well, for the task the OP mentioned, finding a mirror for pkg_add, you
could do plenty of things to accomplish that. netcating to the OpenBSD
site and running the http get's by hand is one that comes to mind.
curling the mirrors page is another. The fact is, there are no
decent/secure text mode browsers, and given the discussion on tech@ last
year about lynx removal, I believe it should have gone sooner. I don't
think any other text mode browser will make into base in the near
future, unless someone develops a secure one.

Cheers,
Giancarlo Razzolini

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Brendan Desmond
On 2015-03-04, Giancarlo Razzolini wrote:
>curling the mirrors page is another.

This was my first thought. I don't think this is out of anyone's league if they
are already choosing to install OpenBSD.

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Wade, Daniel
In reply to this post by Bob Eby-2
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On
> Behalf Of Bob Eby
> Sent: Wednesday, March 04, 2015 10:11 AM
> To: [hidden email]
> Subject: lynx is gone?
>
> Lynx is gone.  Wow just wow, I'm stupefied by just how much you guys have
> removed from base.
>
> The least you could do is put something on afterboot useful to getting a
> web browser up and running.  Note: it's usually helpful to have a
> web-browser to do things like oh, I don't know, find a suitable mirror for
> pkg_add?
>


#ftp -o - http://www.openbsd.org/ftp.html | grep nofollow

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Kenneth Gober
In reply to this post by jsg
On Wed, Mar 4, 2015 at 1:48 PM, Jeff St. George <[hidden email]> wrote:

> Its not in my pay grade to offer a technical opinion on Lynx removal!
> But ,,,,,,WHAT r u folks using instead, considering??????
>

typically when I am setting up a server I have a laptop with me.  the
laptop will either have my pre-planning notes, or if it doesn't have
that, it will be where I record my as-built notes.  either way, at the
end I will have a record on my laptop of all the key information I
would need if I ever have to rebuild that particular server.

since I have my laptop with me anyway, if I need to look at any web
pages during the server install, I use that.  if I really need to fetch
a web page on the server itself, I use ftp (which also supports http).

if it's not a server (i.e. I'm setting up a workstation) then I'll typically
want X and something like Firefox.

-ken

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

L.R. D.S.
In reply to this post by Bob Eby-2
>1) lynx has some amazingly insecure code

So, remove Xombrero from base too, he segfault everytime
and is much more insecure due to ECMAscript engine of WebKit.

>curl

Please guys, a browser is different from a http/ftp downloader. A
browser have HTML parser, and funcionality's for you... ahm... browse?

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Ted Unangst-6
L.R. D.S. wrote:

> So, remove Xombrero from base too, he segfault everytime

Done!

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Carl Trachte
In reply to this post by L.R. D.S.
On Wed, Mar 4, 2015 at 2:15 PM, L.R. D.S. <[hidden email]> wrote:

>>1) lynx has some amazingly insecure code
>
> So, remove Xombrero from base too, he segfault everytime
> and is much more insecure due to ECMAscript engine of WebKit.
>
>>curl
>
> Please guys, a browser is different from a http/ftp downloader. A
> browser have HTML parser, and funcionality's for you... ahm... browse?
>


I accidentally posted off list the first time.  I'm just a user, but
my preference is to let the devs, for lack of a better word, dev.  If
I knew how to run the OpenBSD project to end up with something like
OpenBSD, which I'm fond of, I'd be . . . a lot smarter . . .

The app (lynx) is on the CD's as a package, for now, at least.  That
works fine for me, and I am a pretty frequent lynx user.

My 2 cents.

Carl T.

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Ingo Schwarze
In reply to this post by Ted Unangst-6
>> So, remove Xombrero from base too, he segfault everytime

> Done!

Hey, wait!  The plan was to improve browsers, wasn't it?
That's not the same thing as deleting them, you know!

Then again, if we set the firefox to keep the tedu (err... or
was it the other way round...?) we need not be surpised that
browsers end up...  getting lost.  :-D

Everyone please lock the tree: somebody let a tedu loose!

Yours,
  Ingo

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Paolo Aglialoro
In reply to this post by Giancarlo Razzolini-3
This sounds like:

"As with a knife one could cut throats, let's start eating only with the
fork. Oh, btw, but also the fork could poke, so let's use just the spoon."

Using netcat or ftp to browse the web/intranet/localhost in the 3rd
millennium is like eating a steak with a spoon.

It's the same logic of leaving open root ssh access with pw=password:
nothing can stop a stupid misuse of things. But this is not a good reason
to delete ssh.

And, just for the records, I bet that 99% of use of lynx is just sysadmin
stuff on CLI systems, for the rest (the dangerous horrid scary world...)
there are X clients with Firefox. Who's going to warez sites with lynx? Of
course we're all a pkg_add away, but that is not the point.

Security is a damn good thing.
Excesses not.

Il 04/mar/2015 20:01 "Giancarlo Razzolini" <[hidden email]> ha
scritto:

>
> On 04-03-2015 15:48, Jeff St. George wrote:
> > Its not in my pay grade to offer a technical opinion on Lynx removal!
> > But ,,,,,,WHAT r u folks using instead, considering??????
> Well, for the task the OP mentioned, finding a mirror for pkg_add, you
> could do plenty of things to accomplish that. netcating to the OpenBSD
> site and running the http get's by hand is one that comes to mind.
> curling the mirrors page is another. The fact is, there are no
> decent/secure text mode browsers, and given the discussion on tech@ last
> year about lynx removal, I believe it should have gone sooner. I don't
> think any other text mode browser will make into base in the near
> future, unless someone develops a secure one.
>
> Cheers,
> Giancarlo Razzolini
On 04-03-2015 15:48, Jeff St. George wrote:
> Its not in my pay grade to offer a technical opinion on Lynx removal!
> But ,,,,,,WHAT r u folks using instead, considering??????
Well, for the task the OP mentioned, finding a mirror for pkg_add, you
could do plenty of things to accomplish that. netcating to the OpenBSD
site and running the http get's by hand is one that comes to mind.
curling the mirrors page is another. The fact is, there are no
decent/secure text mode browsers, and given the discussion on tech@ last
year about lynx removal, I believe it should have gone sooner. I don't
think any other text mode browser will make into base in the near
future, unless someone develops a secure one.

Cheers,
Giancarlo Razzolini

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Stuart Henderson
On 2015-03-04, Paolo Aglialoro <[hidden email]> wrote:
> And, just for the records, I bet that 99% of use of lynx is just sysadmin
> stuff on CLI systems

And probably a lot of that is quickly checking something that you're
only doing directly on the machine for convenience. Something that you
might otherwise do on the system you're ssh'ing from, or on a phone/etc
which avoids the need to run any browser on what is potentially a
sensitive server.

And the remainder for things like lynx -dump in scripts where it can
easily be pkg_add'ed if needed. (hopefully these will run as a relatively
unprivileged user).

> for the rest (the dangerous horrid scary world...) there are X clients
> with Firefox. Who's going to warez sites with lynx?

You've never heard of webservers on technical topics being attacked and
serving malicious content?

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Giancarlo Razzolini-3
In reply to this post by Paolo Aglialoro
On 04-03-2015 20:30, Paolo Aglialoro wrote:

>
> Using netcat or ftp to browse the web/intranet/localhost in the 3rd
> millennium is like eating a steak with a spoon.

But it's so fun man! If people looked under the hood more often, we
wouldn't had the bug nightmare that was these past years. Heartbleed,
ghost, shellshock, etc.

Konsole output
~# nc -vvv www.openbsd.org 80
Connection to www.openbsd.org 80 port [tcp/www] succeeded!
GET / HTTP/1.1
Host: www.openbsd.org

HTTP/1.1 200 OK
Date: Thu, 05 Mar 2015 13:28:54 GMT
Server: Apache
Last-Modified: Wed, 19 Nov 2014 17:29:26 GMT
ETag: "84c3c06e225fcffbdd723847e25fa29b1586fbe2"
Accept-Ranges: bytes
Content-Length: 4871
Content-Type: text/html


>
> It's the same logic of leaving open root ssh access with pw=password:
> nothing can stop a stupid misuse of things. But this is not a good reason
> to delete ssh.

lynx removal does not compare to this. It was removed based solely on
technical merits. That, and the fact that no OpenBSD dev would spare
time to fix it.

>
> And, just for the records, I bet that 99% of use of lynx is just sysadmin
> stuff on CLI systems, for the rest (the dangerous horrid scary world...)
> there are X clients with Firefox. Who's going to warez sites with lynx? Of
> course we're all a pkg_add away, but that is not the point.

I didn't got your point.

>
> Security is a damn good thing.
> Excesses not.

Then you're on the wrong Operating System. OpenBSD is secure by default.
If lynx had the tiniest chance of compromising your system, then I'm
glad it's gone.

Cheers,
Giancarlo Razzolini

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Kevin Chadwick-2
In reply to this post by Stuart Henderson
> > And, just for the records, I bet that 99% of use of lynx is just sysadmin
> > stuff on CLI systems  

The reason I install lynx from ports is simpy because it opens the
packages directory in seconds rather than 10s of seconds compared to
even xombrero which is quicker that firefox or chrome.

Having seen people browse the web on exchange servers I'm quite happy
for it to be gone from base as it simply saves me from ever
needing to chmod 000 it on servers.

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Paolo Aglialoro
In reply to this post by Giancarlo Razzolini-3
Il 05/mar/2015 14:34 "Giancarlo Razzolini" <[hidden email]> ha
scritto:
>
> But it's so fun man! If people looked under the hood more often, we
wouldn't had the bug nightmare that was these past years. Heartbleed,
ghost, shellshock, etc.

I perfectly agree with you, both on fun and curiosity.

Nevertheless, not all the times we have got time enough "to have fun
netcatting servers". More than often u just have to go straight to the
point. Btw, try these with (net)cat:

$ lynx saveddocument.html
$ pdftohtml -stdout -i manual.pdf | lynx -stdin

> lynx removal does not compare to this.

Actually it does on a user viewpoint: a server daemon is up 24/7 while a
client is activated by the user. For the server, insecurity comes mainly
from its own flaws, for the client danger does not mainly come from the
tool itself (unless it's a totally hopeless sw) but from the *potentially*
silly utilization which is done by the user.


> Then you're on the wrong Operating System. OpenBSD is secure by default.
If lynx had the tiniest chance of compromising your system, then I'm glad
it's gone.

So it looks like that, till some months ago, everybody here was on the
wrong OS and risking their lives, as lynx was in base! But I have never
read here about anybody who had his system compromised because of poor
lynx. So, right now, this deletion reflects more a "what if" worry than a
real threat, i.e. lynx <> shellshock.

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Ingo Schwarze
Hi Paolo,

Paolo Aglialoro wrote on Thu, Mar 05, 2015 at 05:20:51PM +0100:

> So it looks like that, till some months ago, everybody here was
> on the wrong OS and risking their lives, as lynx was in base!

That's a fallacy so common that it's worth calling out.

An operating system is not a religion:  Created perfect by God
herself ere the Dawn of Time and since conserved untainted by Her
faithful and diligent followers.

OpenBSD inherits from 4.3BSD-Reno and 4.4BSD-Lite2 via 386BSD and
NetBSD-1.0.  The CSRG BSD code was good code by 1990 standards, is
not so good any longer by 2015 standards, and much third-party stuff
of lesser quality had to be included simply because nothing better
was freely available at the time, or even available at all.

We keep improving the code, you know, one (intentional!) side effect
being that the bar of what is deemed good enough is constantly
rising.  Most often, when something is no longer good enough,
somebody cares enough to write a better replacement, though nobody
is obliged to do that work and nobody is entitled to request it.

Sometimes, stuff has already rotten for too long before patience
finally runs out, and still no one cares enough to write the
replacement.  If the system is still deemed usable without it,
it may get deleted outright, even if that hurts a bit.

If it hurts you, take that as an incentive to write the replacement.

Yours,
  Ingo


P.S.
By the way, lynx(1) removal doesn't really hurt that much.
Rotten code that will hurt more when it will finally be deleted
includes, for example, the sqlite3(1) library and file(1).

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

patric conant
On Thu, Mar 5, 2015 at 11:11 AM, Ingo Schwarze <[hidden email]> wrote:

> Hi Paolo,
>
> Paolo Aglialoro wrote on Thu, Mar 05, 2015 at 05:20:51PM +0100:
>
> > So it looks like that, till some months ago, everybody here was
> > on the wrong OS and risking their lives, as lynx was in base!
>
> That's a fallacy so common that it's worth calling out.
>
> An operating system is not a religion:  Created perfect by God
> herself ere the Dawn of Time and since conserved untainted by Her
> faithful and diligent followers.
>
> OpenBSD inherits from 4.3BSD-Reno and 4.4BSD-Lite2 via 386BSD and
> NetBSD-1.0.  The CSRG BSD code was good code by 1990 standards, is
> not so good any longer by 2015 standards, and much third-party stuff
> of lesser quality had to be included simply because nothing better
> was freely available at the time, or even available at all.
>
> We keep improving the code, you know, one (intentional!) side effect
> being that the bar of what is deemed good enough is constantly
> rising.  Most often, when something is no longer good enough,
> somebody cares enough to write a better replacement, though nobody
> is obliged to do that work and nobody is entitled to request it.
>
> Sometimes, stuff has already rotten for too long before patience
> finally runs out, and still no one cares enough to write the
> replacement.  If the system is still deemed usable without it,
> it may get deleted outright, even if that hurts a bit.
>
> If it hurts you, take that as an incentive to write the replacement.
>
> Yours,
>   Ingo
>
>
> P.S.
> By the way, lynx(1) removal doesn't really hurt that much.
> Rotten code that will hurt more when it will finally be deleted
> includes, for example, the sqlite3(1) library and file(1).
>
> Maintaining file might be a good enough reason for me to learn C and
contribute. file is pretty high on my list of must-have's.

123