Hi, 2007/3/20, Justus Winter <4winter@informatik.uni-hamburg.de>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hey folks :)
I completely agree with Marc on this topic. I have been following this list for some time now and I have heard all kinds of people proposing interesting uses for dillo and I like to add one more to this list.
I have done some research in web security, mostly session riding based attacks. Dillo, with its missing javascript interpreter and css engine being a feature this time, is not vulnerable against most session riding attacks.
Though most session riding attacks require javascript, it has been shown, that port scanning and web server fingerprinting is possible using only html and css.
So why not use dillo on workstations in your internal network to protect your intranet web applications against malicious javascript and css?
Also with its small codebase (compared to geckos), some kind of auditing might be possible.
But on the other hand, more and more web sites and web applications require css (which is definitively a good thing) and javascript (which may not be a good thing). The web is a moving target, and everyone developing a web browser is playing catch up with the standards and with the ever growing demands of users and developers.
And I for one think, that no one of the big four is doing very well...
Dillo development has stagnated. So with every day that passes, dillos practicability, the number of users and the number of developers interested in doing some work for dillo decreases.
I can understand Jorges bitterness, but this wont get dillo anywhere. If its more work for a company (-> money and time) to get dillo up to speed to meet their needs than to strip down gecko or khtml until it fits into their devices (or whatever they want to do with it), they wont choose dillo.
With every single day, the value of the dillo codebase decreases. And on some day it wont matter if it is ever released or not, because it is completely useless for the applications and sites out there. Maybe this day has already passed without any one noticing.
By the way, I keep referring to "the code". Yes I know that the GTK branch is out there. Yes, I have taken a look at it and yes, I began to develop an plugin, but I realized that the plugin interface was lacking some important things (registering uri handlers comes to mind - it is hardly an plugin if you need to touch and recompile parts of dillo).
So I stopped before I began any serious work. Dillo felt dead. No one is going to invest time in an project which was somewhat abandoned by its main developer. No offense, but this is how it feels.
Most free software developers are working on these kind of projects in their leisure time, they want to have fun. If dillo wants to attract developers, developing dillo needs to be fun. There are lots and lots of free software projects that discussed how to make developing their software fun. Things like giving write access to repositories to developers interested in development, creating branches or creating a wiki could help.
It is somewhat true, that one or two developers working on dillo full time would be nice, but as long as no one pays for this, I don't see how this is possible. But this all or nothing attitude will kill dillo in the long term.
Jorge, consider releasing this patch of yours. You have got very little to loose (or am I missing something?) but this might spark some interest in dillo development again.
Just my thoughts...
Sure, I agree with you! As can be seen at: http://www.dellideastorm.com LinuxBIOS is the 10 most voted idea to Dell implement. If you get Dillo running inside the LinuxBIOS the interest in this web-browser will increase newly, then now it the time to Dillo show its worth. Jorge, consider this.
Cheers, Justus
Cheers, Alan