Mozilla.org Releases Protozilla

An anonymous reader wrote in to tell us about Protozilla's release. "Protozilla enables Mozilla to execute any CGI program on the local disk directly, without passing it through an HTTP server." Its a strange little idea that could definitely simplify development.

Re: Mozilla .7 was still to bloated to run at home

Mozilla .7 was still to bloated to run at home, after installing the jvm. Personally I think that the jvm that they are using sucks butt. It launches about 30 threads that just take up all my memory. Why????

There is a bug reported about JavaPlugin been loaded at statup. (bug 26516 [mozilla.org]). And there are people working on it.

There are people working on startup performance.

• Bug 18277 [mozilla.org] - Need to lazily load the OJI DLL
• Bug 27510 [mozilla.org] - Too much read from disk on startup
• Bug 29063 [mozilla.org] - Excessive stat calls
• Bug 29249 [mozilla.org] - 49 dlls loaded on startup: 50% of startup time

And there are many reports about performance in general that are beeing addressed (Performance problems [mozilla.org])

I hope someday Mozilla will be the Browser of our dreams. We can all help this to happen by reporting bugs, correcting them, or promoting Mozilla project.

Re:Great Idea!

Er - It's been availiable in MS Internet Explorer for the Mac for a coupla years...

Generally it's used to point ftp to a real FTP client (Interarchie being popular) and afs to an AFS client (Apple File Sharing.) However it can be used for about anything, including hooks to scripting languages (AppleScript, Python, TCL) using the built in Open Scripting support.

Open Source is great but it didn't come up with this one first.

Not really a new idea

Lynx has done this for a long time (though you have to reference the script as LYNXCGI, iirc; I used it a few years ago to write a script to browse manpages through lynx). It's pretty useful if you want to use cgi scripts and junk for local documentation, but don't want the overhead of running a full web-browser.

not mozilla.org - mozdev.org!

This Protozilla project is in no context official! It's a Mozdev project, therefor it doesn't have anything to do with Mozilla.org! So, why is the topic "Mozilla.org releases Protozilla"?

So Mozilla is the center of the I/O universe?

For the greatest flexibility, the central star-point of a communications I/O multiplexer has to be the operating system, not a windows manager as in W95 (partly) nor an application as in Protozilla.

We're seeing the same old and discredited mistakes of yesteryear repeated here. Yes, this makes Mozilla vastly more powerful, and it is easy to see how its developers would appreciate such a facility for experimental purposes, but for the end user it is the wrong approach. Architecturally, it is the wrong design, and pragmatically it's the wrong thing to do as well: when Mozilla crashes, you do not want a pile of network services to go down with it.

Yes, I know it's advertised primarily as a hook for experimentation in protocols, but if any real service is ever delivered over it then we all lose.

Re:Can we say "feature bloat"?

I think this represents one of the few flaws in the Open Source philosophy. Because developers are working on their own time, they work on whatever suits their fancy. More often than not, this involves some great new feature that's completely unnecessary, but rates high on the "cool-factor". So the things that really need to get done are delayed.

Netscape's programmers are paid to work on Mozilla. I would guess about 80-90% of the Mozilla development team is Netscape employees. So in other words, yes, Mozilla is open source but it is most definitely not a volunteer project. And I can tell you've never visited the bugzilla site, because bugs that interfere with functionality (crashing on startup, etc) always get highest priority and are usually the ones to get fixed first.

I agree with you in that the bloat is excessive, but it's really beyond anyone's control at this point. I can only hope that they continue with the bug fixes long after 1.0 and make it the best damn browser suite they can.

Based on the history of the project, I believe it can be done.

Wrong

Mozilla.org didn't release this, it was someone's project at MozDev. You clearly know this, since you linked to mozzev.org.

Not a New Idea, but Not Widespread

Jon Udell [roninhouse.com] had a similar idea at least two years ago (see his book, Practical Internet Groupware).

There are plenty of programs out there that can work well with just an HTML+JavaScript interface, especially if you have a small database (even a DB_File!) on your machine, and an interpreter for a scripting language like Perl or Python.

I'm curious to see whether it does anything more than Jellybean [wgz.org] can... there's something compelling about a tiny local web server with the power of mod_perl and a simple interface that lets you build persistent, network aware applications that can replicate data between clients. With XPCOM, it's certainly possible to write a nicer interface than one that only has HTML Form widgets and some onClick handlers.

--

Not just for local CGIs

Looking at the White Paper [mozdev.org], executing CGIs locally is just one of the features of Protozilla. A more interesting feature is the "protocol handlers" feature -- you can assign any external program to handle any existing protocols (like finger), or you can define your own protocols and assign program (or URLs!) to handle them!

For those afraid of the security issues associated with running CGI scripts locally -- this is a development tool only. In order for a script kiddie to misuse this, (s)he'll have to send your the CGI script in the mail, and tell you to run it for him :). Unless you're running Outlook, you're ok ;).
----------

mozilla.org did not release Protozila

mozilla.org did not release Protozila (or Protozilla). This is an independent project that is being developed at mozdev.org. mozdev.org is not a part of mozilla.org.
From the mozdev front page:

mozdev.org is the location for development projects based on the open source Mozilla project. Anyone interested in Mozilla is welcome to look around and try out any of the more than 20 projects hosted on this site, and anyone working on a project is welcome to host their development here free of charge.

The projects currently on mozdev.org include a number of the development projects that Alphanumerica had been developing. After Alphanumerica's merger with CollabNet these development projects were integrated with SourceCast, CollabNet's project hosting tool, to create mozdev.org.

While this project is not being developed (or released for that matter) from within mozilla.org itself, it and other projects at mozdev demonstrate how mozilla technologies can be used and extended and how the community of mozilla developers has and continues to expand "beyond the browser".
--Asa

Re:security

> I would think this might be a script kiddies dream. Couldn't it be used to exploit local variables?

Interesting point, now that I have thought thru your question, & read the source page. What they wrote at Mozilla is:

> Protozilla is a browser add-on that makes it very easy to implement protocols in Mozilla (or Netscape 6.x). It is not a
> traditional browser plugin, but may be described as a "socket adapter", like the kind that you may carry around with your
> laptop when you travel internationally.

In other words, an ability to handle protocols like SMTP & NNTP akin to the ability of specifying helper-applications to handle MIME types. (And if this works with the Gecko rendering engine, you can specify your own choice of MTA or newsreader when you hit the link that requires that protocol, instead of being forced to d/l the whole bloated mass of Netscape!)

And if the admin for the workstation running the browser has done a proper job securing the ports, then there should be no new security issues.

My assumption -- & someone who knows more, correct me if this is wrong -- is that the browser add-in, being a daughter process, would inherit the environment the parent process has -- & ultimately that of the user. So unless you are doing something stupid like running your workstation as ``root" or ``Admin" this won't do anything to your computer worse than you can do in a non-privileged account. In other words, if *you* can't ``rm -rf *" & lose more than a few files, then neither can the enabled protocol.

(Although it would be even safer if anything that ran in this wise ran in rsh as ``nobody".)

However, I doubt anyone truly knows how security & environment variables are handled under NT4.0/Win2000, so maybe we do have another exploit waiting to happen in certain cases. Wouldn't be the first time MS coding practices proved injurous.

Geoff

Great Idea

This is a great idea. Now you can have easily special handling for URLs into distributed filesystems like Mojo Nation or Freenet without having to add another proxy to your long chain. Instead you have a special url like mojo: or freenet: and only those URLs are sent to your proxy, instead of every URL. This is a blessing because now there is much less chance that an added service will disrupt a users regular web browsing (which can happen if you chain your proxy in with all the others and it turns out to be flaky). Users are willing to try new things but they get very unhappy if their regular web browsing gets disturbed.

Burris

Re:nice idea...

why too much? netscape had a built in web server years ago.

Internet Explorer can

IE can already do this in the beta .NET stuff.. Not only that, it can run ASP, do all sorts of database stuff, etc, locally without needing a real web server.