Monday, March 29, 2021

The final official release of Classilla

An apology is owed to the classic Mac users who depend on Classilla as the only vaguely recent browser on Mac OS 9 (and 8.6). I've lately regretted how neglected Classilla has been, largely because of TenFourFox, and (similar to TenFourFox in kind if not degree) the sheer enormity of the work necessary to bring it up to modern standards. I did a lot of work on this in the early days and I think I can say unequivocally it is now far more compatible than its predecessor WaMCoM was, but the Web moves faster than a solo developer and the TLS apocalypse has rendered all old browsers equal by simply chopping everyone's legs off at once. There is also the matter of several major security issues with it that I have been unable to resolve without seriously gutting the browser, and as a result of all of those factors I haven't done an official release of Classilla since 9.3.3 in 2014.

Now that I've announced TenFourFox is winding down, let's just recognize the inevitable and officially declare that Classilla is no longer supported. I may still do minor work on it for my own purposes (for example, like issuing updates to stelae that I think might be helpful to other people, and if so I will post announcements about that here), but I don't make any guarantees on when or in what fashion or even if I will publicly release such work, and I will not be accepting bug reports or feature requests. Effective immediately classilla.org is now a placeholder with static documents. Files have been placed on a new permanent location on the Floodgap Gopher server, though files on SourceForge will remain as a faster HTTP mirror. Report-A-Bug is disabled and the Github project (which was never really used) is read-only as of now and will eventually be removed. Today Classilla is once again just a "hobby" project and I'm sorry I couldn't make it more than that.

Naturally the browser has always been open-source. The build instructions are intimidating but they do work, and I've collected the build prerequisites on the gopher server, which Classilla can access, of course. If you decide to make your own build of Classilla, all I ask is that you change the name to something else so people don't ask me about it.

To sort of make it up to folks, today I'm also releasing the incomplete work I have done towards 9.3.4. I'm calling this a "beta" since it hasn't had a great deal of testing, but you can use it or 9.3.3 (there are no substantial differences in security content). 9.3.4b has updates to layout, eliminating the old manual "slow scroll" option and automatically doing a more conservative repaint on sites that used to scroll incorrectly. Unfortunately this is sometimes also slower and occasionally dramatically so, and some sites will flicker as well, but no site will render worse than 9.3.3. It also has a contributed fix to JavaScript to fix a problem with high-precision math (due to a compiler bug in the version of CodeWarrior Pro 7 I use), and adds a convenience hot key (Command-Shift-Z) to toggle between "no style" and the default style sheet so that a badly rendering page can immediately be destyled.

Finally, as a last-minute thing, I also updated some of the built-in stelae and added a couple more for SourceForge, this blog and the TenFourFox Development blog. While the latter renders fine (if slowly), this blog doesn't, so I sped up both, and fixed visual problems and download issues with SF at the same time. I did this after I'd certified the source, though, so just copy them from the revised binary archive if you want to roll them into your own builds (I didn't feel like doing several more hours validating the source archive again for plain text files which can simply be copied).

However, these changes don't help much on modern pages for which the majority require TLS 1.2 to access at all. Although 9.3.3 added support for SHA-2 certificates and SNI, it's still limited to TLS 1.0, which was recently deprecated and which many servers no longer offer. Adding TLS 1.2 (and, for that matter, 1.3) capability needs sizeable updates to both Necko and NSS which are technically possible but non-trivial. However, now that we have Crypto Ancienne, an easier route is to modify Necko's proxy support to use carl as a backend, which I also implemented in 9.3.4b. If you run Classilla under Classic (as you might on 10.0 through 10.3), or Rhapsody's Mac OS mode, or run Power MachTen, then you can even self-host crypto support without a second system. Here's how.

First, set up carl, Crypto Ancienne's combination proxy and command line demonstration application, either locally or on a machine on your local network (I'll explain why this is important in a second). For Rhapsody/Classic and Power MachTen users, I have pre-compiled binaries available on the Floodgap gopher server that also include micro_inetd configured to bind to localhost. You can download these directly from Classilla or any other compatible Gopher client. The Power MachTen version runs on 4.1.4 and possibly earlier versions. The Rhapsody version runs on any Power Mac running any version of Mac OS X or Rhapsody 5.6/OS X Server v1.2, and possibly earlier versions. Source code is included.

  • Download the binary archive. On Power MachTen, put it into the root folder of the drive you are running Power MachTen from. On OS X or Rhapsody, you can leave it in your home directory or any other desired location.
  • On Power MachTen, log into the virtual machine; on Rhapsody or OS X, start a Terminal session.
  • On Power MachTen only, dfork //carl-machten-414.tar.gz ~/carl-machten-414.tar.gz (yes, two slashes). Change ~ to the desired destination if you want it anywhere else. This copies the archive from the Power MachTen root and strips any resource fork it may have accidentally acquired.
  • cd ~ (or where you put/copied the archive to)
  • gunzip carl-machten-414.tar.gz or gunzip carl-rhapsody-56.tar.gz
  • tar xvf carl-machten-414.tar or tar xvf carl-rhapsody-56.tar
  • You will now have a new folder cryanc with the binaries, so cd cryanc

Now bring up the proxy. On OS X with Classic or Power MachTen (assuming you are tunneling Power MachTen through Open Transport, which is the default), start micro_inetd listening to port 8765 like so: ./micro_inetd 8765 ./carl -p

Don't forget the ./s and the -p, or it won't start or listen correctly on the socket. If for some unexplained reason you are already using port 8765, then change that number in the command line and everywhere you see it below.

On Rhapsody, your instance of "Blue Box" Mac OS may be set up to use a separate IP address (this is the case on my Wally G3), which means connecting to localhost won't work. If you have only one IP address assigned to your main Rhapsody installation, but this address is different from what Mac OS is using, then run ./micro_inetd_any 8765 ./carl -p instead to listen on that interface. Be careful if your Rhapsody machine has a publicly routable IP address; this will make your system into an open proxy! If your Rhapsody install has multiple IPs, however, you really should be handy enough to modify micro_inetd.c and recompile it to listen on the right one.

Regardless, with micro_inetd running, now configure Classilla 9.3.4b. Classilla is based on an earlier version of Mozilla that allowed separate proxy definitions for "regular" HTTP proxies and special "SSL proxies" that supported the CONNECT method, since in those days doing so was not necessarily guaranteed. (Today every modern HTTP proxy supports CONNECT and the distinction is no longer relevant.) Here we have set both proxy settings to localhost on port 8765 — if you are on Rhapsody or using a non-standard Power MachTen configuration, or running carl on a separate machine, substitute that IP or hostname for localhost as necessary — though you don't have to proxy unencrypted HTTP traffic through Crypto Ancienne (that said, it will politely pass such traffic through).

The reason the browser prefers to use CONNECT is so the connection between the server and the browser is encrypted end-to-end (all the proxy is doing, in this case, is shoveling data back and forth). However, this means the browser is doing the encryption, which is not what we want. 9.3.4b adds a new preference called network.http.proxy.use-http-proxy-for-https which says that the browser should make an unencrypted request for an encrypted resource and defer the encryption to the proxy. Find this preference in about:config and set it to true.
Now view any https:// URL. The request will be forwarded to Crypto Ancienne, which will do the encryption for you. Here is Classilla 9.3.4b accessing Hacker News.
You'll note that the padlock icon which would ordinarily indicate a secure link shows an insecure one, and if you click on it Classilla will indicate that the connection is not encrypted. This is correct and intentional: the connection between you and the proxy is not encrypted. It just so happens that the proxy is the same computer via the internal loopback, so nothing can get in the middle. However, if you place Crypto Ancienne on another system on the local network, other systems on the network can potentially snoop you, and if you use this method to connect to a proxy that's not on your local network ... well, that's just dumb. Don't do that.

In a like fashion, since Classilla never sees the server's certificate in this configuration, it can't verify its authenticity either. Crypto Ancienne may do this in a future version but for now, you may wish to find other means of confirming the host you have connected to is the host you want to connect to.

Pulling it all together, here is a screenshot from a running system, my dual 1.8GHz Mirrored Drive Doors Power Mac G4 (the system used to develop Classilla) running 9.2.2 and Power MachTen. Yes, my copy is legally purchased from Tenon, spank you very much.

You can also use the same installation of Crypto Ancienne for MacLynx; just change the proxy URLs in lynx.cfg to http://localhost:8765/ for HTTPS and/or HTTP as appropriate.

As a polite warning for Power MachTen users, Classilla can still unsettle your Mac, and if it does, that can corrupt your MachTen FFS volumes. Once you get this set up, you may want to back up your FFS images and consider running Power MachTen and Classilla from separate partitions or hard disks. At some point I would like to port carl into an MPW Tool so you can run it there, but I haven't even started on that yet, and I don't make any guarantees I'll ever do so. If I end up doing that, just like with stelae for other important sites that you can download and add to the Classilla `Byblos` folder, I will post about those things here and there is a "classilla" tag for them.

Regardless, Classilla still serves a basic purpose for me, and with judicious use of destyling serves as a very basic browser that's a little more than MacLynx and Netscape, a little faster than iCab, and now can access more pages than IEMac can. Hopefully this gives it a little longer lease on life because classic Mac OS still has an interface and user experience no other OS, even little-m macOS, has ever matched. I learned a lot from working on it. Thanks to everyone who said kind things about it.

5 comments:

  1. Congrats on an amazing run on both TenFourFox and Classilla. You have provided perhaps the longest-supported contribution to users of these older Macs and it is a genuine legacy you should be proud of.

    ReplyDelete
  2. Thank you a lot for doing this work for so long. It was a great journey =) one another user of g4 since 2014

    ReplyDelete
  3. Thanks a lot for all the work you have put in both TenFourFox and Classilla. I use almost everyday for both fun & college work Classilla (quite a bit) and TenFourFox (a lot) and it makes using my PowerPCs a joy. I hope you will have time for some leisure now. My regards, from France.

    ReplyDelete
  4. > Adding TLS 1.2 (and, for that matter, 1.3) capability needs sizeable updates to both Necko and NSS which are technically possible but non-trivial.

    for TLS 1.2(don't know about 1.3), this could be possible (a test build works in my win32-target classilla-phoenix build, but I don't know if NSS itself will work in Mac OS Classic/CodeWarrior Pro 7 environment)
    https://github.com/roytam1/classilla/commits/tls12-exp

    ReplyDelete
  5. I'd like to take a moment and say thanks ... not just for leaving comments over here on "the other side", but also for the years of TFF development that helped to keep my Power Macs viable for so many years further. (I didn't use Classilla nearly as much, though I'm appreciative of that effort as well, having sporadically run it on some of my beige Power Macs.)

    I should probably fire up the rather rarely used Mac mini G4 (bought new!) and update its copy of TFF...

    ReplyDelete