Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

O Iceape, where art thou?

User discussion about Debian Development, Debian Project News and Announcements. Not for support questions.
Message
Author
User avatar
mor
Posts: 970
Joined: 2010-08-28 15:16
Location: mor@debian

O Iceape, where art thou?

#1 Post by mor »

I am an Iceape user and I have always been (through its legacy of Seamonkey, Mozilla Application Suite, Mozilla and Netscape Navigator) ever since I started using a browser back in the days of dial-up connection in the nineties.

I didn't switch immediately from Seamonkey to Iceape, after the branding quarrel with Mozilla, because at the time I was more interested in having the latest version of the gecko engine.
Eventually this priority became less and less important and I switched (I think it was when it re-entered with Squeeze).

Anyway, Iceape's development right now is stagnant and I'm not here to place blames or whine and complain, indeed I am and will always be thankful for the time and effort invested by all those involved in the Iceape project. Also I understand that Mike has more important things to do than follow a niche project.
Nevertheless, the last Iceape movement in any development branch is as old as February 2013 and even by debian standards this means having a browser that is, well, obsolete by today's development pace, not to mention the security aspect although it is not my point here.

Honestly, I am not having too big difficulties in browsing my usual sites and with a little brute force I have been able to install pretty much all the extensions that I wanted (which are mostly just expecting a higher version number), so the general user experience is not the issue (yet).
Still I am beginning to think that in a future not so distant the "going back to Seamonkey" will be inevitable, either because of official discontinuation of the project, or for the practical reason of being unable to properly use most websites even with the useragent switch or other tricks.

Back in the days, I was a stark Web Standards' evangelist, advocating for the outright termination of support for outdated and non compliant-driven browsers (this meant mainly Internet Explorer, but in a way also much older version of the gecko engine and other browsers), even realizing that there were situations where updating/upgrading the browser was simply not feasible.
After parting from the web-development world at the end of the last decade, my views have softened a bit in this regard, but still I think that enough is enough in holding back if there is a fair alternative.

If Iceape is dead or is gonna die anyway, then maybe is time now to say good riddance Iceape and get back to Seamonkey, especially considering that upgrading the official bundle now is immensely easier and quicker than it once was (especially with extensions).

For now, I'm still hanging onto Iceape, but I'm torn.
What about you Iceape users (I mean those who use it for their everyday browsing and love it)?
Are you still using Iceape, are you planning to switch back to Seamonkey, have you already switched back?

User avatar
bw123
Posts: 4015
Joined: 2011-05-09 06:02
Has thanked: 1 time
Been thanked: 28 times

Re: O Iceape, where art thou?

#2 Post by bw123 »

mor wrote: For now, I'm still hanging onto Iceape, but I'm torn.
What about you Iceape users (I mean those who use it for their everyday browsing and love it)?
Are you still using Iceape, are you planning to switch back to Seamonkey, have you already switched back?
Not sure I would want to switch, but it shouldn't be hard if you want to try. Couldn't you use both and see what happens? I might try and install SeaMonkey alogside an IceApe and see what happens, yeah I might be forced to do that if the package doesn't make it. What about a different user profile for IceApe and one for Seamonky in the same home? Heck I don't care I can use Links2 and Mutt and get used to it eventually.

I like IceApe. I tried Seamonkey back when I was struggling with some XP update forcing upgrade to IE 6? or whatever version. I don't remember the exact issue, but I'm the kind of user that doesn't like a lot of upgrades to something I use as often as a browser, or email. I hate webmail, and don't enjoy constant ui changes. I used Netscape back in the day also, and I thought it was an excellent product back then. When I got with the GNU/Linux thing, I was happy to see IceApe/Seamonkey available, it kind of surprised me though. Never had many problems with it. I use the simple html editor prettty often, it makes decent code for most things I do, or at least gets me a nice framework to start from. Chatzilla, well it works when I need it, and the mail program is awesome. Very very few problems over the last couple of years using pop3 and imap with several accounts. The address book I don't use a lot, but it is handy to have.

I was using the useragent spoof "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)"
for awhile to get webpages to cooperate, but it looks like things are changing. Lately I removed it and enabled, general.useragent.compatMode.firefox "advertise FF comaptibilty" and things seem fine, but I don't use scripts, java, or many other doodads by default.

Maybe you could use this thread for a place that IceAPe users (all two of us) can list pages that aren't working correctly? Things are mostly fine here, it works like it supposed to, tweaked out a little but not much. I get an occasional lockup maybe every week or two, and some content does seem to slow things down but I think that's from sloppy html like on yeehaw.
resigned by AI ChatGPT

User avatar
Issyer
Posts: 3032
Joined: 2007-05-23 02:59
Location: Khakassia

Re: O Iceape, where art thou?

#3 Post by Issyer »

Personally I use SeaMonkey from their web site. They upgrade it from time to time. But I don't use the whole thing, just Composer. Why? Iceape is a funny project any way. The engine is the same for all the stuff including Firefox - Netscape.

Oh, yes. I am still enchanted with FF-2.0, although it's incompatible with almost everything. Fkng world of consumers. They don't let people enjoy their favorites.

User avatar
mor
Posts: 970
Joined: 2010-08-28 15:16
Location: mor@debian

Re: O Iceape, where art thou?

#4 Post by mor »

Issyer wrote: But I don't use the whole thing, just Composer. Why? Iceape is a funny project any way.
I have never used the Composer thing and I would have stripped it altogether from the bundle all the times if I wasn't lazy about it. Although I never used Chatzilla either and have always removed it right away, the Composer part is the only thing I really hate about this project and I would love to see (it and its spawn) nuked from Earth along with all other WYSIWYG editors (because they are evil!).

So no, I have used Iceape (and its legacy) only for the browser and mail (well, the major features), although in the last few years I've been using e-mail less and less so almost just the browser as of lately.
bw123 wrote:Not sure I would want to switch, but it shouldn't be hard if you want to try. Couldn't you use both and see what happens?
Maybe I gave the wrong impression.
I am not concerned about the technical difficulties of switching back. Actually it is quite easy.
As for using them both at the same time nah... either I stick with Iceape or switch back, I don't care maintaining two profiles and I'm not a fan of mixing them. Indeed:
bw123 wrote:I might try and install SeaMonkey alogside an IceApe and see what happens,
What'll happen, if you don't manually create a new profile and switch to it, is that Seamonkey will load on the basis of your Iceape profile and getting back might be tricky considering the changes that a newer version might do to the profile (that's why sharing profiles across different versions is not advisable).

Beside, the point of this discussion was for me to receive a sort of "virtual hug" from fellow Iceape users who are experiencing or have experienced the same "emotional turmoil" I am experiencing.
In fact I launched this thread in a moment of sadness following the umpteenth inquiry about the development state of Iceape.

I would want to remain with Iceape, I'd really love to, but how long is it gonna last and at what price?

To make a romantic comparison, it is almost like if I was in a relationship with a girl that I feel is not that much into me anymore, who might, but it is very unlikely, regain interest in our romance but more realistically will break up with me sooner or later, maybe even by cheating on me or, even worse, keep staying with me unhappily ever after.
With the saddest part being that I can't do anything about it.

It is not even a thing of making lists of sites that work fine or extensions that require no hacks or whatever, all in all, as I said, I can still manage to do pretty much anything. In fact, when it won't be possible anymore, switching back will not be a decision to make but a solution to resort to.

I just hoped that Iceape users on this forum would gather and share their thoughts about the hypothesis of switching back for said reasons, but I am suspecting that there might be even less Iceape users than I expected. Like you said, you and I so far.

User avatar
bw123
Posts: 4015
Joined: 2011-05-09 06:02
Has thanked: 1 time
Been thanked: 28 times

Re: O Iceape, where art thou?

#5 Post by bw123 »

one reason i like the composer is it takes about 5 sec to do this with images. It puts dimensions, alt text and everything else in for you.

Code: Select all

<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
</head>
<body>
<a href="http://gnuheadpic.foo"><img alt="gnu head pic" title="gnu
head pic"
src="file:///thumbs/3d-gnu-head.jpg"
style="border: 0px solid; width: 580px; height: 560px;"></a>
</body>
</html>
To make a romantic comparison, it is almost like if I was in a relationship with a girl that I feel is not that much into me anymore, who might, but it is very unlikely, regain interest in our romance but more realistically will break up with me sooner or later, maybe even by cheating on me or, even worse, keep staying with me unhappily ever after.
With the saddest part being that I can't do anything about it.
Okay, well I'm no philosopher, but as long as she still butters your bread now and then I wouldn't worry about.
resigned by AI ChatGPT

User avatar
mor
Posts: 970
Joined: 2010-08-28 15:16
Location: mor@debian

Re: O Iceape, where art thou?

#6 Post by mor »

Well, most non WYSIWYG html editors do have a "insert image" feature that does exactly that (bluefish for instance).
What I don't like about Composer and any wysiwyg editor is that inevitably they produce ugly, redundant and messy code.

But this is very OT. ;)

User avatar
bw123
Posts: 4015
Joined: 2011-05-09 06:02
Has thanked: 1 time
Been thanked: 28 times

Re: O Iceape, where art thou?

#7 Post by bw123 »

mor wrote:Well, most non WYSIWYG html editors do have a "insert image" feature that does exactly that (bluefish for instance).
What I don't like about Composer and any wysiwyg editor is that inevitably they produce ugly, redundant and messy code.

But this is very OT. ;)
okay, well to get us back on topic I'll agree that the code is sometimes ugly. But, having the composer included with the browser means I don't have to install anything else which is better for me, but probably harder for a new maintainer. Getting a new maintainer for IceApe is your topic?

I'm not sure what policy says about newer version, I think it's stuck for now? I wouldn't mind staying with what I got until Jessie, but I do hope Iceape will be there.
resigned by AI ChatGPT

User avatar
mor
Posts: 970
Joined: 2010-08-28 15:16
Location: mor@debian

Re: O Iceape, where art thou?

#8 Post by mor »

bw123 wrote:Getting a new maintainer for IceApe is your topic?
No no, not at all.

If that should happen, or if Mike and the rest of the team would find new energy to follow upstream a little more closely surely that would make me happy, but by no means I was thinking about finding a new maintainer for Iceape when I started this discussion.

Like I said, I just wanted other Iceape users to share their opinion about the switch back or not or when or why dilemma. ;)

User avatar
bw123
Posts: 4015
Joined: 2011-05-09 06:02
Has thanked: 1 time
Been thanked: 28 times

Re: O Iceape, where art thou?

#9 Post by bw123 »

okay, that was my mistake about the maintainer. I thought from the link you posted he quit and went sailing around the world or something...

I think that the Seamonkey project is probably dealing with a lot of changes, the web is really evolving. Maybe the Debian side is waiting until something sort of gels to move a newer ver into testing, but I don't really follow that at all, just a guess. I know there have been some security updates for IceApe, not sure what the current version of Seamonkey is, or what the status is. I really just prefer to stick with what's in the repo because that way someone else gets to deal with upgrade hell instead of me.

I'm lazy like that, but I would be glad to try Seamonkey on another machine. If you go first?
resigned by AI ChatGPT

User avatar
mor
Posts: 970
Joined: 2010-08-28 15:16
Location: mor@debian

Re: O Iceape, where art thou?

#10 Post by mor »

bw123 wrote:okay, that was my mistake about the maintainer. I thought from the link you posted he quit and went sailing around the world or something...
Eh eh no, he just relocated in Japan with his wife, good for him, Japan is an interesting place, I'd love to get my ass there sometime.
bw123 wrote:I think that the Seamonkey project is probably dealing with a lot of changes, the web is really evolving. Maybe the Debian side is waiting until something sort of gels to move a newer ver into testing, but I don't really follow that at all, just a guess. I know there have been some security updates for IceApe, not sure what the current version of Seamonkey is, or what the status is.
I'll try to give you some details about the technical aspect of the issue.

Seamonkey is not going through a particular era of changes, it usually follows the Firefox upgrade pattern (maybe lagging behind a little as it has always been) although not embracing the crazy-paced versioning system that brings us today with Firefox at version 25 and Seamonkey at version 2.22 upgraded respectively from 24 and 2.21.
So when you think about today's Iceape 2.7.12 you are looking at Seamonkey 2.7.12 that was roughly equivalent to Firefox 10.

Right now Iceape is present (in stable, oldstable backports, testing and unstable) with a version of the gecko engine that corresponds to Iceweasel 10 (what is on oldstable backports now) while stable has Iceweasel 17 and unstable has 24, experimental 25 (on pace with upstream).
So, Iceape is simply just stuck, the devs are not waiting for anything major to happen, it is just that there are not enough resources to carry the project at a reasonable pace (only recently Iceweasel kept up with upstream).

Now for the everyday usage of a regular user, even the current outdated Iceape would still do fine in most cases. From a security point of view on the other hand, if you consider that the last upgrade was in February, that gives you an idea of what could be wrong for a browser: the timeframe for the last browser's security update is pretty far back.
Regardless, at some point one would like to update even just for the hell of it. :D

Today stable users get the 17 version of Iceweasel and can even access more updated version through mozilla.debian.net.
Iceape users have no other option than to switch back to Seamonkey if they want or need a more updated browser.

I suppose that if a similar situation was true for Iceweasel and there wasn't a movement in the reps since last February, most Iceweasel users would run "the real" Firefox or at least be pondering the switch as I am right now. :D
bw123 wrote:I really just prefer to stick with what's in the repo because that way someone else gets to deal with upgrade hell instead of me.

I'm lazy like that, but I would be glad to try Seamonkey on another machine. If you go first?
Oh well, upgrading current Seamonkey is not the "hell" it once was.
Now you just do it through the built in system which automatically downloads and installs the new files.
If you want to try Seamonkey just do it, is really easy, bear with me if some things I write here are obvious.

Seamonkey is to Iceape as Firefox is to Iceweasel. You've seen many times users coming here asking how to install "the real" Firefox on debian and being answered that Iceweasel is Firefox, just with a fancy name and thus they don't need to bother. This is true, especially when through backports and mozilla.debian.net one can update Iceweasel almost to the latest and greatest version of the gecko engine like in the latest official Firefox.

Now, regardless of what we rightly suggest to the impatient users that want Firefox instead of Iceweasel, installing "the real" Firefox as well as Seamonkey on debian (or any GNU/Linux system for that matter) is just a matter of downloading the bundle from mozilla.com and seamonkey-project.org respectively, extract the archive to a folder (in home or somewhere else like /opt for system wide installs) and launch it. It works out-of-the-box.

Firefox would just use the Iceweasel profile, Seamonkey would use the Iceape profile (Thunderbird on the other hand works differently in that has a different profile path from Icedove).
Mixing profiles, as I said abundantly, is not recommended thus if one wants to have both apps should create a new profile and have a switch on the loader. But in my opinion it would really make little sense having both since when one works the other is just a clone (in web-development might make sense having multiple version and multiple profiles, but this goes beyond the point here).

So no, I won't go first because I don't need to try this move. Once I decide to switch it'll be for good (or at least until Iceape will be more supported), I'll purge Iceape and custom install Seamonkey.

If you fancy trying, although don't expect to find major visible differences, just get the bundle from the site, unpack it in some dir in your home (say "bin" or ".bin" like I do to have it hidden) and run it from terminal simply like I would do:

Code: Select all

mor@debian:~$ /home/mor/.bin/seamonkey/seamonkey
But I strongly suggest to backup your profile folder or to temporarily rename the .mozilla dir (quicker than renaming the specific profile folder, but be careful if you have Iceweasel open) in your home and let Seamonkey run a new .mozilla directory which you'll later just delete.

Only let Seamonkey (or any other version different from whichever Iceape/Seamonkey you regularly use) touch your main profile when you want to commit to it (and make a backup anyway! :D ).
Last edited by mor on 2013-11-12 12:59, edited 1 time in total.

User avatar
bw123
Posts: 4015
Joined: 2011-05-09 06:02
Has thanked: 1 time
Been thanked: 28 times

Re: O Iceape, where art thou?

#11 Post by bw123 »

mor wrote: Seamonkey is not going through a particular era of changes,
I don't know if I could agree with that after looking into the version history?
http://www.seamonkey-project.org/news
So, Iceape is simply just stuck, the devs are not waiting for anything major to happen, it is just that there are not enough resources to carry the project at a reasonable pace (only recently Iceweasel kept up with upstream).
This I can understand, lack of time or resources. Maybe we should try and help them? What if a few users find a version that is fairly stable with some new features that would be good to have, and suggest it?
From a security point of view on the other hand, if you consider that the last upgrade was in February, that gives you an idea of what could be wrong for a browser: the timeframe for the last browser's security update is pretty far back.
I don't know if I understand, are you saying old software is not secure just because it's old?
Today stable users get the 17 version of Iceweasel and can even access more updated version through mozilla.debian.net.
Iceape users have no other option than to switch back to Seamonkey if they want or need a more updated browser.
I can see that it's not fair for the other guys to have new versions unless everybody gets one, but for me the main thing I ask when faced with an upgrade is, "Will it do anything I can't do now, or only do the same thing differently?" To me, content is the thing I want, and the browser should deliver it in a quick, reliable way. I don't need bells, whistles and flashy spinners, I like to read and all that crap just distracts me. IMHO, most of the new features found in modern browsers make it easier to deliver fancy advertising to my day, and I really am looking for TEXT on the internet, not flashy ads and forms and signup pages or javacoookiescripty features.

I will probably try Seamonky 2.20 this weekend and see if it does anything I can't do now, and what upgrading will look like. If it doesn't do anything new, I really don't see the point, a higher version number doesn't earn me much because nobody uses it anyway, so there's no competition.
resigned by AI ChatGPT

pcalvert
Posts: 1939
Joined: 2006-04-21 11:19
Location: Sol Sector
Has thanked: 1 time
Been thanked: 2 times

Re: O Iceape, where art thou?

#12 Post by pcalvert »

mor wrote: Oh well, upgrading current Seamonkey is not the "hell" it once was.
Now you just do it through the built in system which automatically downloads and installs the new files.
I don't like that way of upgrading SeaMonkey. If I am not mistaken, I would need to run SeaMonkey as root in order to do that, which is something I am not fond of doing (as well as being a little bit of a hassle). And yes, I know I could install SeaMonkey in my home directory as a normal user, but doing it that way is not as secure as installing it as root in /opt.

Phil

P.S. I dumped Iceape and switched to SeaMonkey a few months ago.
Freespoke is a new search engine that respects user privacy and does not engage in censorship.

User avatar
mor
Posts: 970
Joined: 2010-08-28 15:16
Location: mor@debian

Re: O Iceape, where art thou?

#13 Post by mor »

pcalvert wrote:I don't like that way of upgrading SeaMonkey. If I am not mistaken, I would need to run SeaMonkey as root in order to do that, which is something I am not fond of doing (as well as being a little bit of a hassle). And yes, I know I could install SeaMonkey in my home directory as a normal user, but doing it that way is not as secure as installing it as root in /opt.
Obviously if you install it out of your home (to have it available system wide) it is inevitable that you have to use the root account to upgrade.
But only to upgrade it, not to run it.

When you run it you always use your user. Every once in while, when you see that there is a newer version, you close, run as root and upgrade (as you would to run apt-get or aptitude), close again and restart as user.

As far as the security of installing it in the home folder I don't get what you mean. How could anything installed just in the user's home be any less secure?
Anything that could happen could only happen to the unprivileged user. The system should be untouchable.

So, either way is secure (well, as secure as anything else in the system) as long as the user is responsible. ;)

Just a curiosity, you said you switched, but you said you don't like neither home or out-of-home situation. How are you using Seamonkey then?
bw123 wrote:
mor wrote: Seamonkey is not going through a particular era of changes,
I don't know if I could agree with that after looking into the version history?
http://www.seamonkey-project.org/news
I really don't get what you mean.
That page shows the announcements of each release since 2005. So what?
Here's the release page for Firefox:
http://www.mozilla.org/en-US/firefox/releases/

These pages simply track how many versions of each browser have been released. As I told you already, they are pretty much symmetrical, and these pages do not attest to any particular "era of changes" in either project.
bw123 wrote:Maybe we should try and help them? What if a few users find a version that is fairly stable with some new features that would be good to have, and suggest it?
Having a few new features is not the point. Every debian's Ice* project is meant to follow the upstream release, de-brand it, apply the few debian specific patches (let's not forget that the controversy was branding and patches, not just branding) and then package it like any other debian package in the repository.

So, even if what you propose was feasible in the context of what the Ice* projects are all about, it wouldn't solve the problem of having a constant development for Iceape.

Which brings me to:
bw123 wrote:I don't know if I understand, are you saying old software is not secure just because it's old?
Not in a general sense as we are used to talk about in the usual discussions about "outdated" software in debian stable.

You have to look at a browser in a different way from, say, a word processor.
You use a browser to navigate constantly evolving websites that might be sources of malicious exploit or other threats. If you use a month old or a six months old or a year old and more browser you expose yourself to any potential security threat.
Now, the danger of such threats is most of the times exaggerated and within the GNU/Linux systems even more so. But still, yes, an old browser is in general a less secure browser and since a browser is the window through which most of the exposure to security threats comes from, I think it would make sense to at least take security into account when talking about outdated browsers.
But I would like to point out that "security" was only a marginal point in my discourse.
bw123 wrote:
Today stable users get the 17 version of Iceweasel and can even access more updated version through mozilla.debian.net.
Iceape users have no other option than to switch back to Seamonkey if they want or need a more updated browser.
I can see that it's not fair for the other guys to have new versions unless everybody gets one
No, fairness was not my point.
I was just trying to picture a scenario that would help you understand how outdated is Iceape by comparing it to Iceweasel.
Iceweasel, like Firefox in Mozilla, is the powerhouse and if the dev team couldn't keep up with upstream, the whole Ice* thing effort would fall apart because the vast majority of Iceweasel users would just use the official bundle from Mozilla and good riddance to the re-branding issue: debian would just drop Mozilla altogether.

I said that because you seemed (and considering the link to the Seamonkey releases page you maybe still are) confused about the entity of the gap from upstream in Iceape, gap that does not exist because Seamonkey's development is supposedly flying (indeed it almost always lag a little behind Firefox). ;)

I don't care about fairness, when something is the product of volunteer work, there's no such thing as fair or unfair, there's just "thank you devs for whatever -big or little- you have done so far!". ;)
bw123 wrote:... but for me the main thing I ask when faced with an upgrade is, "Will it do anything I can't do now, or only do the same thing differently?"
And that's totally fair.
But although newer doesn't automatically mean better, indeed sometimes there can be regressions and new bugs, it is undeniable that especially in the field of browsers newer does generally mean better, more compatible.

So it does make sense to look for up-to-dateness, especially in a browser.

Also, do not forget the security aspect.
Like I said before, being over-concerned is probably wrong, I am after all using a severely outdated browser and I even use it to access my bank's online services, but is not exaggerated at all keeping an eye on that too.
bw123 wrote:To me, content is the thing I want, and the browser should deliver it in a quick, reliable way. I don't need bells, whistles and flashy spinners, I like to read and all that crap just distracts me.
I am not one who "needs" bells and whistles, certainly not one who could use a system with wobbly windows, but I like changes in graphic and overall embellishments when they don't come at a too high price in performaces.

But here the eye-candyness is really not even noticeable. Switching to a fully up-to-date Seamonkey would leave you wondering if anything changed at all if it wasn't for the program icon and the name on the window title.

But under the hood there are considerable differences, things that do have an impact (for the better) on your navigation experience.

In fact...
bw123 wrote: IMHO, most of the new features found in modern browsers make it easier to deliver fancy advertising to my day, and I really am looking for TEXT on the internet, not flashy ads and forms and signup pages or javacoookiescripty features.
... by using a more up-to-date browser you have more compatibility not only with websites so that you can take advantages of any feature, but also with more extensions that might help you better fine-tune your browser and even the sites you visit (by removing stuff you don't want, or enhancing parts you are more interested in etc.).

Moreover, it is not the browser that delivers or helps websites deliver new fancy ads and unwanted stuff. It is a website that delivers such stuff using newer capabilities of newer browsers, but that would only result in crappier renderings and potentially more intrusive visualizations of such unwanted stuff in older browsers.

Stuff that you might be able to remove easier and better with newer built-in features or extensions that you wouldn't be able to use in older browsers because of compatibility issues.
bw123 wrote:I will probably try Seamonky 2.20 this weekend and see if it does anything I can't do now, and what upgrading will look like. If it doesn't do anything new, I really don't see the point, a higher version number doesn't earn me much because nobody uses it anyway, so there's no competition.
Then I'll save you the trouble.
You won't notice much difference in a weekend trial, unless you already have many sites that in one way or another are not fully usable with your current browser.
As for how it'll look like, as I said above, not even noticeable, unlike Firefox/Iceweasel that changed the interface and menus in many aspects during it's development, the Iceape/Seamonkey interface is almost the same since it was called Netscape Navigator.

It you want to see how a newer browser engine fares on today's websites, maybe you can more easily just get "Iceweasel release" from mozilla.debian.net and see if the websites you usually go to have anything different, anything more.
If you notice anything different and better then maybe yes, it'll make sense to try Seamonkey out or consider switching altogether.

Bye ;)

pcalvert
Posts: 1939
Joined: 2006-04-21 11:19
Location: Sol Sector
Has thanked: 1 time
Been thanked: 2 times

Re: O Iceape, where art thou?

#14 Post by pcalvert »

mor wrote: As far as the security of installing it in the home folder I don't get what you mean. How could anything installed just in the user's home be any less secure?
Anything that could happen could only happen to the unprivileged user. The system should be untouchable.
If you install SeaMonkey in your home directory as a regular user, then those files are (obviously) not owned by root and lack the protection that they would have if they had been installed normally like most software. Because of that, an attempt to modify those files via a web browser vulnerability would have a greater chance of succeeding.

mor wrote: Just a curiosity, you said you switched, but you said you don't like neither home or out-of-home situation. How are you using Seamonkey then?
You misunderstood. I install SeaMonkey in /opt, and I "upgrade" it by reinstalling.

Phil
Freespoke is a new search engine that respects user privacy and does not engage in censorship.

User avatar
Issyer
Posts: 3032
Joined: 2007-05-23 02:59
Location: Khakassia

Re: O Iceape, where art thou?

#15 Post by Issyer »

mor wrote:I have never used the Composer thing
Oh. Composer is a nifty thing. I like it so much. I basically use it to strip tags off the pages. :lol:

User avatar
mor
Posts: 970
Joined: 2010-08-28 15:16
Location: mor@debian

Re: O Iceape, where art thou?

#16 Post by mor »

I don't know Phil, I can't claim to be absolutely sure about it (in this I would really appreciate the input of more knowledgeable users than me), but I think what you're saying is not right.

I want to start from the last thing, the upgrading by reinstalling (that is: re-download and re-unpack into /opt ).
I think it is overkill.
Let me make you an example: when you upgrade your system through apt, you temporarily give root permission to that tool (apt-get, aptitude or whatever you use). If by any chance that tool gets compromised, then you are caught with your pants down. Why you do it then?
Because you trust debian's sources and have confidence that when you give root privileges to apt you won't get screwed.

Now, upgrading Seamonkey by running it as root just to upgrade, is pretty much the same thing. As long as you trust the source (and frankly I have no reason not to trust it), there's no problem in upgrading the browser through its built-in feature.

Let's move now to the main issue: security problems in running Seamonkey from the user's home or from system-wide installation.

Through the years I have seen many guides and articles that instructed users about the installation of Mozilla related products (they all work the same as far as we are concerned). They all either suggested to install under the user's home or under /usr or /opt or other system-wide locations, but never I read about security reasons in preferring one over the other (or maybe if there were, they could favor a user's home installation as we'll see later).

I just did a quick search and found a document about installing Firefox on GNU/Linux and they have no problem in suggesting to install in the user's home.
This doesn't prove that what you are saying is wrong, after all there are other guides that only suggest a system wide installation, but it is an official guide that proposes a method without talking about a security flaw.
Actually the only reason for choosing one installation over the other is whether one wants to have Firefox or Seamonkey or whatever available for a single user or for all users.

Now, the reasoning.

As far as my understanding of privileges goes (and it doesn't go far, so I'm humbly just saying how I see it), what matters is not where the files physically reside or who owns them. What matters is who executes those files.

Say you have a script that'll delete all files under the user's home and this script is located both in /usr/bin/malicious-script and ~/.scripts/malicious-script.
What's the difference in executing them?

I see none, either you execute them with root privileges or with your user, files will be deleted (this is why we have to only use scripts we know or from sources we trust).

On the other hand, say we have a similar script, copied in the same two locations, but this time the script will delete root files instead of user's home files.
In this scenario only by executing the script as root you'll do the damage, a user will simply be denied, regardless of whether he executes the script under root or the one under his home.

So, a malicious script or malware or whatever that aims at destroying your home, might be a problem regardless of where you launch Seamonkey from, and as for a script that aims at destroying your system, it won't do anything as long as you don't run it as root.

Now, in this regard, as I anticipated before, having a Seamonkey installation in /opt or any other system-wide location, would actually represent a higher risk than having it in the user's home, but only when used as root, which in turn would only be a realistic risk if used as root for anything but upgrading.

In fact, as I said, if you only run Seamonkey as root for the purpose of upgrading (no navigation, no mail, no nothing else) you won't expose the root profile or the executed process to potential threat. The only source of problems could be the built-in upgrading feature which, as I said before, I think we can trust.

What do you think?

Anybody else cares chipping in a matter of security?

pcalvert
Posts: 1939
Joined: 2006-04-21 11:19
Location: Sol Sector
Has thanked: 1 time
Been thanked: 2 times

Re: O Iceape, where art thou?

#17 Post by pcalvert »

mor wrote: I want to start from the last thing, the upgrading by reinstalling (that is: re-download and re-unpack into /opt ).
I think it is overkill.
Maybe it's overkill, but it is a simple thing to do. It also allows me to easily revert to the previous version if I experience any problems with the new version. That's because I do this before I reinstall:

Code: Select all

# cd /opt
# mv seamonkey seamonkey_prev
mor wrote: In fact, as I said, if you only run Seamonkey as root for the purpose of upgrading (no navigation, no mail, no nothing else) you won't expose the root profile or the executed process to potential threat. The only source of problems could be the built-in upgrading feature which, as I said before, I think we can trust.
That makes sense to me. I never said that I don't do it that way because of security concerns.

Phil
Freespoke is a new search engine that respects user privacy and does not engage in censorship.

User avatar
mor
Posts: 970
Joined: 2010-08-28 15:16
Location: mor@debian

Re: O Iceape, where art thou?

#18 Post by mor »

pcalvert wrote:Maybe it's overkill, but it is a simple thing to do.
Not as simple as using the built-in upgrade feature, that's for sure.
pcalvert wrote:It also allows me to easily revert to the previous version if I experience any problems with the new version. That's because I do this before I reinstall:

Code: Select all

# cd /opt
# mv seamonkey seamonkey_prev
Well then just make it a "cp" instead of "mv " and you are done. ;)
pcalvert wrote:I never said that I don't do it that way because of security concerns.
Well, I remember you said:
pcalvert wrote:I would need to run SeaMonkey as root in order to do that, which is something I am not fond of doing (as well as being a little bit of a hassle). And yes, I know I could install SeaMonkey in my home directory as a normal user, but doing it that way is not as secure as installing it as root in /opt.
Which makes me think you do as you do exactly for security reasons.

So, since you now seem to agree that there are no security concerns either in installing in the user's home or in /opt and using the built-in upgrade feature as root, and given that using the built-in upgrade feature is always much simpler than how you currently do, I think you can reconsider your procedure. ;)

Of course you will still do as you like, personal preference always trumps even best procedures when is a matter of trivial decisions, but since you joined the discussion maybe you are interested in a new approach. Who knows!

Bye Phil, take care. :)

User avatar
gradinaruvasile
Posts: 935
Joined: 2010-01-31 22:03
Location: Cluj, Romania
Contact:

Re: O Iceape, where art thou?

#19 Post by gradinaruvasile »

First i did the root install route and all, but i got lazy and just extracted Seamonkey in my home folder. As i have a 64 bit system and use their 64 bit "unofficial" builds from their site, i get no automatic updates anyway (so far at least).
Anyway, if there is some malware that manages to run code i really really doubt it will go against the browser's binaries/libraries. It will either try to compromise the system by trying to install services and whatnot, either run code as the user/access your data in your home dir or maybe go after your user profile's saved passwords - none of these cases are mitigated by installing as root and running as user.
Seamonkey is very very handy if you use a browser all the time and use a mail client - it saves the ~150-200 MB overhead (Thunderbird) and still runs fast and stable.

User avatar
mor
Posts: 970
Joined: 2010-08-28 15:16
Location: mor@debian

Re: O Iceape, where art thou?

#20 Post by mor »

And as feared, Iceape is officially dead.
http://forums.debian.net/viewtopic.php?f=19&t=109937

Time to move on (or back) I guess. :(

Post Reply