Netscape 5 will be GPL'ed
[Press Releases] http://www.netscape.com/newsref/pr/newsrelease558.html?cp=nws01flh1 NETSCAPE ANNOUNCES PLANS TO MAKE NEXT-GENERATION COMMUNICATOR SOURCE CODE AVAILABLE FREE ON THE NET BOLD MOVE TO HARNESS CREATIVE POWER OF THOUSANDS OF INTERNET DEVELOPERS; COMPANY MAKES NETSCAPE NAVIGATOR AND COMMUNICATOR 4.0 IMMEDIATELY FREE FOR ALL USERS, SEEDING MARKET FOR ENTERPRISE AND NETCENTER BUSINESSES ---------------------------------------------------------------------------- MOUNTAIN VIEW, Calif. (January 22, 1998) -- Netscape Communications Corporation (NASDAQ: NSCP) today announced bold plans to make the source code for the next generation of its highly popular Netscape Communicator client software available for free licensing on the Internet. The company plans to post the source code beginning with the first Netscape Communicator 5.0 developer release, expected by the end of the first quarter of 1998. This aggressive move will enable Netscape to harness the creative power of thousands of programmers on the Internet by incorporating their best enhancements into future versions of Netscape's software. This strategy is designed to accelerate development and free distribution by Netscape of future high-quality versions of Netscape Communicator to business customers and individuals, further seeding the market for Netscape's enterprise solutions and Netcenter business. In addition, the company is making its currently available Netscape Navigator and Communicator Standard Edition 4.0 software products immediately free for all users. With this action, Netscape makes it easier than ever for individuals at home, at school or at work to choose the world's most popular Internet client software as their preferred interface to the Internet. "The time is right for us to take the bold action of making our client free - and we are going even further by committing to post the source code for free for Communicator 5.0," said Jim Barksdale, Netscape's president and chief executive officer. "By giving away the source code for future versions, we can ignite the creative energies of the entire Net community and fuel unprecedented levels of innovation in the browser market. Our customers can benefit from world-class technology advancements; the development community gains access to a whole new market opportunity; and Netscape's core businesses benefit from the proliferation of the market-leading client software." Netscape plans to make Netscape Communicator 5.0 source code available for modification and redistribution beginning later this quarter with the first developer release of the product. The company will handle free source distribution with a license which allows source code modification and redistribution and provides for free availability of source code versions, building on the heritage of the GNU Public License (GPL), familiar to developers on the Net. Netscape intends to create a special Web site service where all interested parties can download the source code, post their enhancements, take part in newsgroup discussions, and obtain and share Communicator-related information with others in the Internet community. Netscape will also continue to develop new technologies and offer periodic certified, high-quality, supported releases of its Netscape Communicator and Navigator products, incorporating some of the best features created by this dynamic community. The ubiquity of Netscape's client software facilitates Netscape's strategy of linking millions of individuals to businesses. Today's announcements will help to further proliferate Netscape's award-winning client software which today has an installed base of more than 68 million, providing a ready market for businesses using Netscape's Networked Enterprise software solutions and Netscape Netcenter services. Netscape's research indicates that in the education market where Netscape's products are free, the Netscape client software commands approximately 90 percent share, indicating that users tend to choose Netscape when the choice is freely available. Making its browser software free also will enable Netscape to continue to drive Internet standards, maximize the number of users on the Internet, and expand the third-party community of companies and products that take advantage of the Netscape software platform. Netscape has successfully shifted its business over the past year toward enterprise software sales and to revenues from its Web site business, and away from standalone client revenues. In the third quarter of 1997, standalone client revenues represented approximately 18 percent of Netscape's revenue, with the rest coming from enterprise software, services and the Web site. Preliminary results for the fourth quarter of 1997, which Netscape announced January 5, show standalone client revenues decreased to approximately 13 percent in the fourth quarter. In the fourth quarter of 1996 by comparison, standalone client revenue represented approximately 45 percent of Netscape's revenue. In conjunction with its free client, Netscape separately announced today that it is launching a host of enhanced products and services that leverage its free client software to make it easy for enterprise and individual customers to adopt Netscape solutions. The new products and services reinforce Netscape's strategy of leveraging market penetration of its popular client software and its busy Internet site to seed further sales of Netscape software solutions in the home and business markets. The new products and services include enhanced subscription and support packages, an investment protection program for Netscape Communicator users, new reduced pricing on Netscape's retail and enterprise client products, new Premium Services on its Netscape Netcenter online service and Netscape SuiteSpot server software upgrades featuring Netscape client software. In addition, the company separately announced the launch of an aggressive new software distribution program called "Unlimited Distribution" to broadly distribute its market-leading Internet client software for free. Unlimited Distribution enables Original Equipment Manufacturers (OEMs), Internet Service Providers (ISPs), telecommunications companies, Web content providers, publishers and software developers to download and redistribute Netscape Communicator and Netscape Navigator easily with "no strings attached." In addition, beginning immediately, individual users can download Netscape Communicator or Navigator for free, register for Netscape Netcenter and, beginning tomorrow, enter the Choose Netscape Sweepstakes to win exciting travel-related prizes including a grand prize of two all-inclusive, seven-night tropical resort vacations. Individuals can download a free copy of Netscape Communicator client software or the Netscape Navigator browser from the Netscape home page at http://home.netscape.com, or by clicking on any of the thousands of "Netscape Now" buttons on the Internet. Netscape Communicator Professional Edition, which adds features for enterprise customers, will be available for US$29. Netscape Communications Corporation is a premier provider of open software for linking people and information over enterprise networks and the Internet. The company offers a full line of Netscape Navigator clients, servers, development tools and commercial applications to create a complete platform for next-generation, live online applications. Traded on NASDAQ under the symbol "NSCP," Netscape Communications Corporation is based in Mountain View, California. Additional information on Netscape Communications Corporation is available on the Internet at http://home.netscape.com, by sending email to info@netscape.com or by calling 650/937-2555 (corporate customers) or 650/937-3777 (individuals). Netscape is a trademark of Netscape Communications Corporation, which is registered in the United States and other jurisdictions. Netscape Communications, the Netscape Communications logo, Netscape Navigator, Netscape SuiteSpot, Netscape Composer, Netscape Messenger and Netscape Communicator are trademarks of Netscape Communications Corporation. ---------------------------------------------------------------------------- Corporate Sales: 650/937-2555 · Corporate Renewal Sales: 650/937-2929 · Personal Sales: 650/937-3777 · Government Sales: 650/937-3678 · Education Sales: 650/937-2810 If you have any questions, please visit Customer Service, or contact your nearest sales office. Copyright © 1998 Netscape Communications Corporation. This site powered by Netscape SuiteSpot servers.
root wrote on 1998-01-23 01:29 UTC:
[Press Releases] http://www.netscape.com/newsref/pr/newsrelease558.html?cp=nws01flh1
NETSCAPE ANNOUNCES PLANS TO MAKE NEXT-GENERATION COMMUNICATOR SOURCE CODE AVAILABLE FREE ON THE NET
Excellent! Finally mainstream software companies start to understand that security critical software has to be provided to the customer in full compilable source code to allow independent security evaluation. No formal CC/ITSEC evaluation process can beat the scrutiny of the Internet crowd. I wonder how long we have to wait for the day on which we can download the latest GPL'ed Windows NT version source code from Microsoft's web server ... Markus -- Markus G. Kuhn, Security Group, Computer Lab, Cambridge University, UK email: mkuhn at acm.org, home page: <http://www.cl.cam.ac.uk/~mgk25/>
Markus Kuhn wrote:
root wrote on 1998-01-23 01:29 UTC:
[Press Releases] http://www.netscape.com/newsref/pr/newsrelease558.html?cp=nws01flh1
NETSCAPE ANNOUNCES PLANS TO MAKE NEXT-GENERATION COMMUNICATOR SOURCE CODE AVAILABLE FREE ON THE NET
Excellent!
Finally mainstream software companies start to understand that security critical software has to be provided to the customer in full compilable source code to allow independent security evaluation.
Don't hold your breath. We're still bound by US export regulations, so we won't be able to export crypto-relevant source code. We'll release what we can, but you probably won't be satisfied. Of course, there's always the option for some enterprising individuals outside the US to replace the missing pieces. -- What is appropriate for the master is not appropriate| Tom Weinstein for the novice. You must understand Tao before | tomw@netscape.com transcending structure. -- The Tao of Programming |
At 07:26 PM 1/26/98 -0800, Tom Weinstein wrote:
Markus Kuhn wrote:
root wrote on 1998-01-23 01:29 UTC:
[Press Releases] http://www.netscape.com/newsref/pr/newsrelease558.html?cp=nws01flh1
NETSCAPE ANNOUNCES PLANS TO MAKE NEXT-GENERATION COMMUNICATOR SOURCE CODE AVAILABLE FREE ON THE NET
Don't hold your breath. We're still bound by US export regulations, so we won't be able to export crypto-relevant source code. We'll release what we can, but you probably won't be satisfied.
Of course, there's always the option for some enterprising individuals outside the US to replace the missing pieces.
Or you can print those sections in a book and let some enterprising foreigners OCR scan them.
Anonymous writes:
At 07:26 PM 1/26/98 -0800, Tom Weinstein wrote:
Don't hold your breath. We're still bound by US export regulations, so we won't be able to export crypto-relevant source code. We'll release what we can, but you probably won't be satisfied.
Of course, there's always the option for some enterprising individuals outside the US to replace the missing pieces.
Or you can print those sections in a book and let some enterprising foreigners OCR scan them.
Could this process not be simplified by Netscape (hint Tom) having a non-exportable version of the source including all crypto code. Then an interested third party may print it on paper and snail it out of the US, or simply make use of a remailer; either way once it is outside the US we have legal full strength netscape. Another area which could use some attention is that the netscape distribution license seems to result in large european ftp sites carrying only the 40 bit version. Anything that would free up the license might encourage more sites to carry the 128 bit versions. (Such as carried by replay.com and others). Adam -- Now officially an EAR violation... Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
At 9:44 PM -0800 1/27/98, Alan Olsen wrote:
At 07:26 PM 1/26/98 -0800, Tom Weinstein wrote:
Don't hold your breath. We're still bound by US export regulations, so we won't be able to export crypto-relevant source code. We'll release what we can, but you probably won't be satisfied.
Of course, there's always the option for some enterprising individuals outside the US to replace the missing pieces.
Or you could just publish the source code in a big book... ]:>
Or even easier option: Dispense with the actual scanning and OCRing and simply _say_ the code was OCRed. Or, for that matter, don't even bother to say. U.S. Customs and the ITARs/EARs have no provisions for asking international users if the version they are using was compiled from source code printed in books! (This was my recommended approach for the PGP job...use the code off the CD-ROM, carried out in someone's luggage or mailed or sent over the Net, and then _say_ the OCRing was done....it's not as if U.S. Customs has any authority to question someone in Amsterdam or Denmark and demand proof that they really spent those hundreds of hours laboriously scanning and OCRing and proofreading....) Why do things the hard way? Seriously, when the code people use internationally is used, just who the hell cares whether it was ever scanned from a book or not? That only affects the issue of _export_, which is mooted anyway by the utter triviality of exporting software on CD-ROMs, DATs, through the mail, via FedEx and Airborne, through remailers, and on and on and on. Nobodu using "PGP International Version" has to worry one whit, no pun intended, about whether the code came from an original PGP distribution, or source code scanned and OCRed, so long as it checks out properly. --Tim May The Feds have shown their hand: they want a ban on domestic cryptography ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^2,976,221 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
Tim May <tcmay@got.net> writes:
At 9:44 PM -0800 1/27/98, Alan Olsen wrote:
At 07:26 PM 1/26/98 -0800, Tom Weinstein wrote:
Don't hold your breath. We're still bound by US export regulations, so we won't be able to export crypto-relevant source code. We'll release what we can, but you probably won't be satisfied.
Of course, there's always the option for some enterprising individuals outside the US to replace the missing pieces.
Or you could just publish the source code in a big book... ]:>
Or even easier option:
Dispense with the actual scanning and OCRing and simply _say_ the code was OCRed. Or, for that matter, don't even bother to say. U.S. Customs and the ITARs/EARs have no provisions for asking international users if the version they are using was compiled from source code printed in books!
Why do things the hard way?
Agree strongly. The problem is not in the export, which as Tim says happens soon enough anyway, as anyone can verify looking at www.replay.com where a good collection of 128 bit browsers can be obtained. The problem is netscape's distribution license. I tried to work out why netscape is only carried at certain sites, and why all of the sites which do carry it carry 40 bit. The answer seems to be that even though the netscape browser is free for academic use, that netscape tries to control distribution by requiring distributing sites to sign their distribution license. Netscape's motive for this restrictive distribution license I presume is an attempt to reduce risk of hacked copies (say with virususes embedded) being distributed. By keeping the number of sites controlled (albeit by weak legal mechanism) they keep the sites to a small number of large reputable ftp sites. This leads to the conclusion that the best thing netscape could do is: - not distribute a 40 bit version in electronic form at all, forcing overseas sites to keep 128 bit versions - have shrink wrap 40 bit versions sold overseas if they must, but have strict license prohibiting electronic distribution - modify the distribution license to allow free distribution of the 128 bit version (none of this distributors must sign a license) - ensure that the license on the purchased 40 bit version allows one to use the freely obtained 128 bit version in a commercial setting Problem solved. No need to fiddle around with printing source code in books, or to waste time remove crypto calls and hooks from source code, nor waste some one elses time recoding the omitted code. So, how about it netscape? Adam -- Now officially an EAR violation... Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
In <v03102809b0f4820cf059@[207.167.93.63]>, on 01/28/98 at 01:46 AM, Tim May <tcmay@got.net> said:
At 9:44 PM -0800 1/27/98, Alan Olsen wrote:
At 07:26 PM 1/26/98 -0800, Tom Weinstein wrote:
Don't hold your breath. We're still bound by US export regulations, so we won't be able to export crypto-relevant source code. We'll release what we can, but you probably won't be satisfied.
Of course, there's always the option for some enterprising individuals outside the US to replace the missing pieces.
Or you could just publish the source code in a big book... ]:>
Or even easier option:
Dispense with the actual scanning and OCRing and simply _say_ the code was OCRed. Or, for that matter, don't even bother to say. U.S. Customs and the ITARs/EARs have no provisions for asking international users if the version they are using was compiled from source code printed in books!
(This was my recommended approach for the PGP job...use the code off the CD-ROM, carried out in someone's luggage or mailed or sent over the Net, and then _say_ the OCRing was done....it's not as if U.S. Customs has any authority to question someone in Amsterdam or Denmark and demand proof that they really spent those hundreds of hours laboriously scanning and OCRing and proofreading....)
Why do things the hard way?
Seriously, when the code people use internationally is used, just who the hell cares whether it was ever scanned from a book or not? That only affects the issue of _export_, which is mooted anyway by the utter triviality of exporting software on CD-ROMs, DATs, through the mail, via FedEx and Airborne, through remailers, and on and on and on. Nobodu using "PGP International Version" has to worry one whit, no pun intended, about whether the code came from an original PGP distribution, or source code scanned and OCRed, so long as it checks out properly.
I think that this was a legal decision by PGP, Inc. not out of concern by the people doing the scanning overseas. I believe that they were trying to sheild themselves from another lenghty court battle with the Feds but still be able to make the source code available. Unfortunatly PGP is nolonger the product of crypto-anarchists but is now owned by the "suits" who tend to tread lightly in such matters (shareholders realy don't care about crypto-anarchy principles unless there is financial gain in doing so). -- --------------------------------------------------------------- William H. Geiger III http://users.invweb.net/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/pgpmr2.html --------------------------------------------------------------- Tag-O-Matic: "640K ought to be enough for anybody." - Bill Gates, 1981
At 2:29 AM -0800 1/28/98, Adam Back wrote:
The problem is not in the export, which as Tim says happens soon enough anyway, as anyone can verify looking at www.replay.com where a good collection of 128 bit browsers can be obtained.
The problem is netscape's distribution license. I tried to work out ... This leads to the conclusion that the best thing netscape could do is:
- not distribute a 40 bit version in electronic form at all, forcing overseas sites to keep 128 bit versions
How about this as an idea: -- encourage Web servers to reply to 40-bit Navigator or Explorer interactions with a message saying: -- "You have communicated with a very insecure 40-bit....." -- "Click here, ...., to update your browser to 128 bits..." (And the "here" site would be some outside-the-U.S. sites, of course.) This would either patch their browser, or with a plug-in. And if their browser cannot be patched, they are at least alerted and can perhaps upgrade. The idea being to make it very easy for customers who were forced to use the 40-bit version, or who got it by default or screwup, to easily update their browsers to full strength. Netscape should make this as easy as possible. (We have discussed "drop-ins" many times over the years, and the possible ITAR/EAR illegality of providing "hooks" or "drop-ins" for thoughtcrime-strength crypto, but I can't imagine anyone being successfully prosecuted on this.) --Tim May The Feds have shown their hand: they want a ban on domestic cryptography ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^2,976,221 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
At 07:26 PM 1/26/98 -0800, Tom Weinstein wrote:
Don't hold your breath. We're still bound by US export regulations, so we won't be able to export crypto-relevant source code. We'll release what we can, but you probably won't be satisfied.
Of course, there's always the option for some enterprising individuals outside the US to replace the missing pieces.
Or you could just publish the source code in a big book... ]:> --- | "That'll make it hot for them!" - Guy Grand | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano@teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.ctrl-alt-del.com/~alan/ |alan@ctrl-alt-del.com|
-----BEGIN PGP SIGNED MESSAGE----- In <E0xvVff-0003c1-00@heaton.cl.cam.ac.uk>, on 01/22/98 at 11:04 PM, Markus Kuhn <Markus.Kuhn@cl.cam.ac.uk> said:
I wonder how long we have to wait for the day on which we can download the latest GPL'ed Windows NT version source code from Microsoft's web server ...
What for, the best it would be good for is as an exercise on how not to write code. - -- - --------------------------------------------------------------- William H. Geiger III http://users.invweb.net/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/pgpmr2.html - --------------------------------------------------------------- Tag-O-Matic: I don't do Windows, but OS/2 does. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a-sha1 Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBNMff149Co1n+aLhhAQETvQQAifWL4p9iEvYGzI8uHPaRhrh9/KU7A800 M/MlYnJxDzfqm8H88Hf1fso8Tybi1r2jJFdfWPXgsjuAYVNsw8JLeYRodhSvpRnq LE5IIKAiMbn7u9caubdOF4cAZkbonZ6IsJnfouQiWfpX0R2AuhhBvn5mxnnY/wlu lazyBsd2qeI= =hQ9R -----END PGP SIGNATURE-----
Markus Kuhn wrote: | > NETSCAPE ANNOUNCES PLANS TO MAKE NEXT-GENERATION COMMUNICATOR SOURCE CODE | > AVAILABLE FREE ON THE NET | | Excellent! | | Finally mainstream software companies start to understand that security | critical software has to be provided to the customer in full compilable | source code to allow independent security evaluation. I'm not sure that this is the message they're sending at all. They're trying to work the Linux/GNU model of getting a horde of volunteer programmers to improve their product, and base other products on it, because of the ease of integration. I don't know that security was even on their minds. | No formal CC/ITSEC evaluation process can beat the scrutiny of the | Internet crowd. I wonder how long we have to wait for the day on which Not that the internet crowd is such hot shit, either. The freely usable FWTK contained a *really* easy to find replay attack for about 3 years, befire I pointed it out at the Crypto rump session. (www.homeport.org/~adam/crypto97.html). Small code. Comments pointing to problems. Security critical in some instances. 3 Years to find. Adam | we can download the latest GPL'ed Windows NT version source code from | Microsoft's web server ... -- "It is seldom that liberty of any kind is lost all at once." -Hume
Adam Shostack wrote:
I'm not sure that this is the message they're sending at all. They're trying to work the Linux/GNU model of getting a horde of volunteer programmers to improve their product, and base other products on it, because of the ease of integration. I don't know that security was even on their minds.
It doesn't matter. In fact this is the smartest thing they could have done. Given their recent financial predicament and the level of competence and cluefulness they have shown in the past, I am amazed they didn't let inertia and their investment in the anti-civilization (and pointy haired managers) hold them back. I feel that Microsoft's extremely determined attempts to corner the browser market has forced them to stop evading reality for a while. They seem to have realized that the best model for their business is Caldera/Redhat/Stronghold model. To add value to already existing free software that adheres to an open standard. Releasing Netscape 5 code will effectively ensure them a standard to capitalize on. Best, Vipul Links: x. http://www.openspace.org/ has setup up a forum for developing free Netscape. x. http://slashdot.org/slashdot.cgi?mode=article&artnum=425 http://www.slashdot.org/slashdot.cgi?mode=article&artnum=499 this guy first suggested that netscape should go GPL (on january 12) and predicted they'll do it right away. -- Powell lingered. "How's Earth?" It was a conventional enough question and Muller gave the conventional answer, "Still spinning." -- "Reason", Asimov. ================================================================== Vipul Ved Prakash | - Electronic Security & Crypto mail@vipul.net | - Web Objects 91 11 2233328 | - PERL Development 198 Madhuban IP Extension | - Linux & Open Systems Delhi, INDIA 110 092 | - Networked Virtual Spaces
participants (10)
-
Adam Back -
Adam Shostack -
Alan Olsen -
Markus Kuhn -
nobody@REPLAY.COM -
root -
Tim May -
Tom Weinstein -
Vipul Ved Prakash -
William H. Geiger III