On 05-03-2015 13:20, Paolo Aglialoro wrote: > I perfectly agree with you, both on fun and curiosity. > > Nevertheless, not all the times we have got time enough "to have fun > netcatting servers". More than often u just have to go straight to the > point.
But before you can get to the point, someone (hopefully) looked under the hood for you. > Btw, try these with (net)cat: > > $ lynx saveddocument.html > $ pdftohtml -stdout -i manual.pdf | lynx -stdin As I mentioned, "for the task the OP mentioned". Of course netcat does not replace a browser. > Actually it does on a user viewpoint: a server daemon is up 24/7 while a > client is activated by the user. For the server, insecurity comes mainly > from its own flaws, for the client danger does not mainly come from the > tool itself (unless it's a totally hopeless sw) but from the *potentially* > silly utilization which is done by the user. You forget that programs bring along libraries and other potentially nasty stuff when ran. lynx had support for a lot of protocols besides http. Take a look at the tech@ thread from last year that prompted it's removal. > So it looks like that, till some months ago, everybody here was on the > wrong OS and risking their lives, as lynx was in base! But I have never > read here about anybody who had his system compromised because of poor > lynx. So, right now, this deletion reflects more a "what if" worry than a > real threat, i.e. lynx <> shellshock. Many of OpenBSD security features are based on " what if". That does not mean that in the future, the "what if", can't become a real threat. The mentality of the OpenBSD devs is in the right place. They try hard to make a OS that try to don't allow you to shoot yourself in the face. Even if that means removing software that might (or not) pose a threat to you in any point in the future. Cheers, Giancarlo Razzolini
