Netscape Releases Security Update 159
daria42 writes "Less than 24 hours after releasing Netscape 8, Netscape has released a security patch bringing the browser up to version 8.0.1. The patch address security vulnerabilities in version 1.0.3 of the Firefox code on which Netscape is based. The update comes amid online criticism from Firefox developers that the browser was insecure."
No thanks (Score:2, Funny)
i prefer to get my browser from the organ grinder [getfirefox.com], not the monkey [netscape.com]
software and bridges (Score:4, Insightful)
Re:software and bridges (Score:1)
That's the luxury software developers have that civil engineers don't. Its not exactly possible to go back and fix a mistake you made while building a multi-million dollar bridge.
Netscape can release patches constantly if they want. That is, unless they want to prevent their customers from becoming confused and annoyed, at which point they can stop using their product.
Re:software and bridges (Score:5, Informative)
That's what you think. New structures are found to be unsound all the time, which usually requires that the structure be patched in some form or another.
Take the case of the London Millennium Bridge [wikipedia.org] which suffered from Resonant vibration (a common problem with suspension bridges). It wasn't planned for because it was assumed that such vibrations couldn't happen from mere pedestrian traffic. The solution was to retrofit 37 fluid-viscous dampers and 52 tuned mass dampeners.
In short, don't think that engineering is that much different from software. They're quite similar, to the point of being frightening.
Re:software and bridges (Score:2)
Re:software and bridges (Score:1)
Re:software and bridges (Score:2)
Re: Software and bridges (Score:1)
Funny you mention that. In engineering terms, software is like 'unlimited-strenght building material'. If done right, it never wears out, can be used as frequently/as long as you like, and never fails, no matter how much pressure you put on it (as long as the underlying hardware can take it).
Engineers can only dream of such a
Re: Software and bridges (Score:1)
Yes, because bridge building is exactly the same level of complexity as software development.
Re:software and bridges (Score:1)
Or maybe they could [slashdot.org].
Re:software and bridges (Score:1)
Re:software and bridges (Score:2)
Re:software and bridges (Score:1)
Re:software and bridges (Score:2)
But of course, this wouldn't be as much of an issue if their update mechanism used some sort of incremental patching and an update didn't require a total reinstall.
Re:software and bridges (Score:2)
"Started"? Where do you live? I get an opportunity to see our local civil engineers filling (patching) the same potholes once a week! These aren't small bumps in the road, either. Some of them are big enough to fit a 1/4 tonne pickup (sometimes I wonder if one actually fell in and they paved over it).
Re:software and bridges (Score:2)
Re:software and bridges (Score:2)
Not yet anyway.
Re:software and bridges (Score:2)
What is cool, though, is that the bug was found AND fixed in Firefox in less than a week and Netscape also updated a few (three?) days later (or one day after the release, depending on how you want to look at it). Ever see Microsoft do that?
gross misuse of the term (Score:3, Insightful)
Imagine if software developers were held to the same standards as engineers.
I get tired people comparing software development to real engineering when developers refuse to follow the same rigorous standards that engineering disciplines have to follow. There are some software engineers out there, but most of the people with that title are simply software developers. Not that every piece of software needs to be engineered, b
Re:gross misuse of the term (Score:2)
Competitive Advantage (Score:1)
For instance, Microsoft releases a new version of Office that has a few holes that need patched. Microsoft decides though that it would be cost beneficial to release the version now. This way people get the new fun features of Office NOW and Microsoft becomes the largest marketshare holder of a new feature.
It's much more beneficial for a company to release a new version quickl
Re:software and bridges (Score:1, Flamebait)
Re:software and bridges (Score:1)
Netscape ? (Score:1, Funny)
What's Netscape ?
Netscape's Original 8.0 Release (Score:5, Informative)
Re:Netscape's Original 8.0 Release (Score:2)
This is what the software industry and versioning is becoming, just ship crappy software first and then provide patches, god, as someone said in other post imagine of other that was an accepted behaviour for other professions???
Patient: Doctor, my appeniccitis operation was not ok, I think my bowel is going out in this hole... can you please add a patch to fix my body?
Doctor: Oh, sorry I am affraid I
Re:Netscape's Original 8.0 Release (Score:3, Insightful)
This is frankly a load of bollocks. If Netscape is going to harp about their commitment to security, then holding off release to include the fixes from Firefox 1.0.4 would have been the only right thing to do.
Sure, the problems existed in Firefox itself, but Netscape
Why didn't they wait? (Score:5, Insightful)
Re:Why didn't they wait? (Score:2)
Re:Why didn't they wait? (Score:3, Insightful)
Re:Why didn't they wait? (Score:2)
If they would have waited until 1.0.4 was out, then we would all be screaming that they should have waited until 1.0.5 was out.
Who would anyone be doing that? There's currently no known security problems with 1.0.4, so why would anyone care about waiting until 1.0.5?
You know that anothe
Re:Why didn't they wait? (Score:1)
I don't get it. (Score:2, Insightful)
First, why isn't Firefox going after Netscape and second, why would anyone start using Netscape when Firefox knows their own code better and fixes it faster?
I think I might get the Firefox code myself and create a browser called LOL-I'm-Really-Just-Firefox. It will be huge.
Re:I don't get it. (Score:4, Informative)
Re:I don't get it. (Score:2, Informative)
Firefox is open source.
Now, you've got me there. Uh...brand recognition? Maybe?
Re:I don't get it. (Score:1)
We should be glad that Netscape continue to use the Mozilla code base - it helps to provide another credible alternative to IE for instance.
Re:I don't get it. (Score:1)
I've already downloaded the full installer but having read about the new features, I've deleted it and will stick with Firefox for now. I just don't see the point in using Netscape.
Re:I don't get it. (Score:1)
Re:I don't get it. (Score:1)
Don't know about the speed (no way I'm putting that on my normal use box), and the IE option looks good assuming you make the selection at install-time to always use Gecko (and switch manually to IE only).
Re:I don't get it. (Score:1)
Firefox is Open Source, so this action is perfectly fine. And if you remember, the Mozilla team got the original code for Firefox (the Gecko Engine) from...yes, Netscape!
Re:I don't get it. (Score:1)
That's not entirely correct, actually. According to this [wikipedia.org] Wikipedia entry, "the initial Communicator open source release did not even build cleanly, much less run." Because of that, the Mozilla developers eventually decided to write Gecko from scratch.
Re:I don't get it. (Score:2)
Also, Firefox (formerly Firebird formerly Phoenix) was started in late 2002 when Mozilla was still part of Netscape.
Re:I don't get it. (Score:1)
Re:I don't get it. (Score:5, Informative)
Re:I don't get it. (Score:1)
And this is a good idea WHY? (Score:2)
The fundamental security flaws that are inherent in the Microsoft HTML Control can't be fixed by a wrapper, because they're in the HTML control itself, not the IE "shell". So you're no safer using the "IE Engine" inside Netscape than just using IE.
So this is no different than just using IE for the pages that need IE, except that people who think they're being safer using Netscape
Re:And this is a good idea WHY? (Score:1)
Re:And this is a good idea WHY? (Score:1)
https://addons.mozilla.org/extensions/moreinfo.ph
Re:And this is a good idea WHY? (Score:2)
It seems like it would have been a lot easier to add an "open in internet explorer" menu/contextual menu/accelerator key, and a lot less likely to lead to people getting confused about whether they're in a "safe" (relatively) browser or not.
Re:And this is a good idea WHY? (Score:2)
That's the point.
Using the same application to view both trusted and untrusted objects is a bad idea. It opens up the possibility that an untrusted object will convince the application that it's trusted.
Don't use IE at all, except for trusted sites. Assume that you're at risk whenever you're using IE. You'll be a lot happier.
Re:And this is a good idea WHY? (Score:2)
Regardless of who you feel is at fault for the reasons a certain page will not display correctly in any other browser than IE, considering the user would need to use IE to access the page in any case, this is a very convenient feature now av
Re:And this is a good idea WHY? (Score:2)
The most important feature of Netscape is that it doesn't support ActiveX and most of Active Scripting. That is an advantage, even if it makes the page appear incomplete. No, a user is better off having the site display incorrectly than ta
Twice the Rendering Engine; Twice the Vulnerabilit (Score:2)
Re:I don't get it. (Score:2)
Re:I don't get it. (Score:2)
You don't get the whole "Open Source" thing, do you?
Re:I don't get it. (Score:1)
If they are openly admiting that their code is nearly an exact duplicate of Firefox, it might limit them in the future. If they designed their own browser instead, they would be free to do whatever they wanted. I al
Re:I don't get it. (Score:2)
There are very few open source projects that limit commercial redistribution of the software. Oh, there's a broad range of licenses, from the "you can do it as long as you don't sue us if it breaks" modified BSD license, through to "you can do it as long as you make the result open source" GPL, but products like the dual-licensed Ghostscript or the no-commercial-use Kermit have become fairly rare.
That's a pretty important thing to understand about
Re:I don't get it. (Score:2)
3 != 44 (Score:2, Informative)
Re:3 != 44 (Score:1)
Gotta be that fuzzy "new math" used in the Million Man March [bu.edu] a few years ago.
I wonder if we could organize a "Million Fox March" on Netscape's headquarters. There seem to be about 57,530,179 [spreadfirefox.com] of us. ^_^
Re:3 != 44 (Score:2)
Show offs! (Score:5, Funny)
The promo goes like this: "Miscrosoft leaves holes unpatches for weeks, maybe months. Firefox sometimes takes a few days. But *we* can produce a patch in less than 24 hours! Na na!"
Re:Show offs! (Score:1)
As far as browser security- Are we talking security for the masses or for the (somewhat)informed? I for one can't imagine needing a browser with "anti phish" technology or whatever they call it, just like I couldn't imagine a need for a car security system that works when you leave your keys in your car with the windows down in a bad neighborhood...
The best security
Before the first day was out, no less! (Score:1)
It's so Not A Good Thing(TM) that a commercial product needs a security upgrade on the first day of going official.
Re:Before the first day was out, no less! (Score:3, Funny)
Yeesh. Some coder needed a good tongue-lashing that day.
Re:Before the first day was out, no less! (Score:1)
Yeesh. Some coder needed a good tongue-lashing that day.
Oh, heh, the Netscape feedback folks got one from me, and I imagine many others since that didn't last the day either. One can only hope that they passed it on.
Re:Before the first day was out, no less! (Score:1)
It also showed that "upgrade" page irrespective of OS. Yeah, I'm sure that .EXE file will do a lot of good on my Mac or Linux box..
Hmmm (Score:1)
Was this vulnerabilty already known and patched in Firefox? And if so, why the heck did they release a program that had a known security hole with a known fix?
In other news... (Score:4, Funny)
We apologize for the above post. Those who were responsible for sacking those who were just sacked, have been sacked.
Re:In other news... (Score:1)
If it were Microsoft... (Score:1, Troll)
If this were Microsoft:
We'd wait several months while they verified the problem, then a few weeks while they fixed it, a few weeks for them to pretent to test the fix, then wait up to 4 weeks more for the next patch day.
Re:If it were Microsoft... (Score:1)
It's still too long, isn't it?
Still better than Microsoft in same position. (Score:1)
Huh? (Score:2, Interesting)
Re:Huh? (Score:5, Informative)
Um, Mozilla didn't release it -- AOL did.
Re:Huh? (Score:1)
No Linux Version? (Score:1)
Re:No Linux Version? (Score:2)
Re:No Linux Version? (Score:2)
I use FireFox. I will not use IE. If a site does not work with Firefox(not too many sites are still like this) I will not use that site. That means no advertising revenue and no retail sales from me.
I admit I have to use IE for 3 webapps at work. One of these is developed and maintained by my group and we are currently in the process of making it browser neutral. Everything else I will use with Firefox. The difference is I am paying for using other sites (
Re:No Linux Version? (Score:1)
Re:No Linux Version? (Score:2)
Re:No Linux Version? (Score:1)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050520 Firefox/1.0+
Of course, I'd still prefer using an old machine than something with their motherboard... but that's unrelated.
Re:No Linux Version? (Score:1)
Re:No Linux Version? (Score:2)
Rather embarassing (Score:3, Insightful)
I would imagine there are quite a few red faces around netscape today
Reminds me of an old joke (Score:2)
Netscape washes thoroughly and uses the automatic air dryer.
Firefox doesn't piss on its hands.
Really a patch or complete download? (Score:3, Interesting)
Netscape is patetic (Score:1)
The website is some kind of news/portal site, with nothing interesting just bullshit like "How to Handle an Angry Woman" or "Top searches: American Idol", and hidden between all that "All New Netscape Browser 8.0", it is a shame (not to mention it's firefox with other GUI).
I think it's time for Netscape to dissappear and leave their browser as the legend it was years ago not the piece of crap it's today.
Automatic updates (Score:2, Informative)
Re:Automatic updates (Score:1)
Hmm, it looks like they distribute the trust stuff there too
Short review of Netscape 8 (Score:1)
The interface is very cluttered with "potentially" useful information, like movie theater show times, weather, news, etc. If you prefer Yahoo's front page portal to the simplicity of Google's front page, this browser is made for you. Otherwise, stick with Firefox.
The browser renders all "unknown" sites as Firefox, which was annoying to me because the only purpose for me trying this out was to test out some IE-only web pages. Luckily, it took
Favorite Poll Question (Score:2)
Well I can't find it in the poll archives. I was pretty sure it was a slashdot poll. Funny anyway.
RP
Re:Browser boys are back (Score:4, Insightful)
Re:Browser boys are back (Score:5, Informative)
Re:Browser boys are back (Score:2, Interesting)
Re:Browser boys are back (Score:3, Funny)
Re:Browser boys are back (Score:2)
Re:Browser boys are back (Score:2)
Cool. Where do I download the linux version that has that feature?
Re:Browser boys are back (Score:1)
What is Netscape likely to give me that Firefox can't?
Browser exploits, thanks to it's embedded IE control. The likely tracking of your browsing information, thanks to AOL's proprietary additions.
Re:Browser boys are back (Score:1)
Just as an aside; I noticed a lot of people whining because it was just like Firefox, and why didn't Firefox raise hell about basing Netscape on their 1.0.3 Browser. Well it's because Netscape contributes to the Mozilla foundation. They're all one big happy family.