|
This is also OpenSSL we're talking about. The code quality was spectacularly poor and unnecessarily complex. It wasn't widely known at the time that you couldn't treat it like normal software, not because crypto=hard (which is stupid superstition), but because critical things (seeding from /dev/random) and stupidly pointless things (seeding from stack garbage) looked very similar. The Debian dude also wrote to an OpenSSL mailing list for clarification, but apparently not the super secret list that the real developers actually read. It was ultimately Debian's fault, but OpenSSL delenda est.
|
![]() |
|
![]()
|
# ? Feb 10, 2025 06:17 |
|
i was comically exaggerating a bit, but assume that instead of confusing bad code, openssl had the highest quality code ever, well commented, etc. it's still a problem if it's considered acceptable for a linux package maintainer to touch it on their own. the fully legit crypto-is-super-hard thing is designing your own new crypto algorithm. however, even implementating a known established algo is fraught with peril. tiny details matter and getting them slightly wrong can burn you; cryptography software is where minor bugs translate into devastating attacks. even the experts gently caress it up, but the neophytes gently caress up far more because they don't tend to have the appropriate paranoia
|
![]() |
|
Hey guys, criticising GNOME 3 devs is working, we can burn this thing down!quote:WOGUE is no friend of GNOME Lol at this person racing to his defense in the comments though: quote:I just commented about this atrocious video in Reddit. It’s so idiotic that I wouldn’t take it too seriously. Thank you for your great work, that I take seriously. Regarding Software I think the problem is mostly due to lack of progress feedback during long operations which is perceived as seriously buggy by the end user, even if the problem is not that deep. This is specially severe in Fedora because sometimes there is a 1GB flatpak runtime download or because of the auto-update metadata policy of dnf that tends to silently delay installs. I’ve been more lucky in Ubuntu in this regard. Sometimes there is a small delay while a 1 GB download is performed at runtime?! Thank you for your great work! GNOME 3.32 ... definitely a mature product. I go to some effort to disable flatpack on all my systems because the spam in the output of "mount" offends me. They don't do anything polite like cleaning up old entries, so you can end up with loopback mounts of seven different versions of whatever gnome-calculator is called these days... Even if you never launch it. Multiply by twenty other programs and libraries. God forbid you run an older point release of the calculator.
|
![]() |
|
BobHoward posted:i was comically exaggerating a bit, but think about it! you guys want shadowhawk touching your code???
|
![]() |
|
Athas posted:This is also OpenSSL we're talking about. The code quality was spectacularly poor and unnecessarily complex. It wasn't widely known at the time that you couldn't treat it like normal software, not because crypto=hard (which is stupid superstition), but because critical things (seeding from /dev/random) and stupidly pointless things (seeding from stack garbage) looked very similar. What has Debian done since to ensure that they won't accidentally patch out another entropy source? Absolutely nothing. They still patch software and break it all the time for goofy reasons. The code was, honestly, not that hard to read -- the similarity between the two cases was a function called MD_UpdateBuffer, which would take an arbitrary buffer pointer. The dude commented out both because he got valgrind logs pointing to MD_UpdateBuffer as the culprit, and clearly didn't read the few lines above where it was reading from /dev/random.
|
![]() |
|
Oh, that actually makes a lot more sense. Crypto is very much a specialist topic, and not just in the implementation of crypto algorithms but crypto protocols as well: even if correctly implemented, a crypto algorithm is only secure under very precise conditions. There are blunt errors like the Playstation 3 ECC signing exploit, but there are also more subtle ones like the fact that you can use a cipher as a digest and vice versa and it appears to work but is actually very weak in ways I don't fully understand because I'm not an expert on the topic.
|
![]() |
|
pram posted:think about it! you guys want shadowhawk touching your code??? shadowhawk never made the cut to contribute to debian think about that for a second
|
![]() |
|
doesn't mean much other than becoming a package maintainer in debian is much like getting a government job, only gross misconduct will get you fired.
|
![]() |
|
yeah you didn't read that correctly shadowhawk was too lazy to make packages that would conform to debian standards, and was never a debian contributor he just made his own packages and put them up ... wherever, because ???
|
![]() |
|
i got what you meant, but as far as i recall the issue with shadowhawk wasn't that he did anything wrong with the package, it was just that debian already had a dude that was packaging it shadowhawk was putting forth that he did the packaging better, but this being debian technical merits had no say at all
|
![]() |
|
Tankakern posted:i got what you meant, but as far as i recall the issue with shadowhawk wasn't that he did anything wrong with the package, it was just that debian already had a dude that was packaging it shadowhawk's packages didn't follow debian guidelines, like, at all his package would never, ever have been accepted into debian
|
![]() |
|
Gnome 3 kicks rear end and I use it and enjoy it every day
|
![]() |
|
Kde is sewer tier
|
![]() |
|
lol at how wrong you are
|
![]() |
|
Janitor Prime posted:lol at how wrong you are lets c: gnome 3: sweet rear end cool looking window manager. effortlessly glide between thousands of applications and directories. use beautifully integrated features like the wifi button, notification pane, search thing when u press the Super key... WOW! beautiful, efficient, and fun KDE: sum kinda busted rear end windows knock off that sucks balls and is ugly as fk. shameful. piece of poo poo
|
![]() |
|
Smythe posted:Gnome 3 kicks rear end and I use it and enjoy it every day my only complaint so far is that the alt-tab app switcher thing only renders on one monitor in my dual monitor setup everything else seems really good tho
|
![]() |
|
Smythe posted:lets c: i wish i didnt agree with this but i do i'm sure kde is better because a lot of respectable people seem to like it but it doesnt look like a rad futuristic linux like most of the alternatives so i've never given it a chance
|
![]() |
|
so go back to using compiz gnome is fine for small computers you watch youtube on or tablets, not computers you actually use for stuff
|
![]() |
|
Tankakern posted:so go back to using compiz How so?
|
![]() |
|
I watched someone using gnome3 the other day. it looked like the entire gui kept freezing any time they changed directory in the file browser. it was bad.
|
![]() |
|
Soricidus posted:I watched someone using gnome3 the other day. it looked like the entire gui kept freezing any time they changed directory in the file browser. it was bad. Works on my machine. Ticket closed.
|
![]() |
|
hey Smythe wb to the pos what’s cookin
|
![]() |
|
Big ol' pot of Chome
|
![]() |
|
kde does look like poo poo though
|
![]() |
|
kde5 looks just fine if you want it to look like '00s windowblinds you can always install a different theme than the default
|
![]() |
|
kde seems pretty poo poo but qt also seems like the only actually legitimate semi-modern toolkit on offer these days.
|
![]() |
|
build gnome on qt goodnight
|
![]() |
|
I subjectively don't like kde but yeah qt as a library is p good https://www.youtube.com/watch?v=NbTEVbQLC8s
|
![]() |
|
yo it's smythe which window manager is best for the use-case i have of "slamming my dick in the car door"
|
![]() |
|
Captain Foo posted:yo it's smythe enlightenment
|
![]() |
|
Captain Foo posted:yo it's smythe twm
|
![]() |
|
my stepdads beer posted:build gnome on qt goodnight gnome literally came into existence because they didnt want to build on qt Officially because of licencing issues back in the day, but also 'euw C++ has cooties' despite an OO language being a really good fit for writing a UI library. Which the gtk guys realised and reimplemented C++ in C, badly, with poo poo tons of ugly casts all over the shop.
|
![]() |
|
feedmegin posted:gnome literally came into existence because they didnt want to build on qt to be fair c++ actually did have cooties back then the gnome people wanted to port to terrible legacy unix, which often had horrible broken c++ compilers e.g. hp-ux and aCC, which at the time could compile no non-trivial c++ program because it was still based on cfront, and because gently caress you, that's why
|
![]() |
|
GNOME should have realized their mistake and just used Objective-C and also abandoned GNOME and just started working on GNUstep
|
![]() |
|
eschaton posted:GNOME should have realized their mistake and just used Objective-C objective c had the same problem as c++ -- no support from legacy unix vendors
|
![]() |
|
Notorious b.s.d. posted:to be fair c++ actually did have cooties back then I can imagine that being a concern, especially for platforms g++ was ropey on (which has p much always been true of hp-ux to be fair). That said I was around and on the gnome mailing lists at the time and there was also a whole lot of 'KDE sux because C++ is a crap language for idiots and we should all be using plain old C like K&R intended' going on.
|
![]() |
|
Notorious b.s.d. posted:objective c had the same problem as c++ -- no support from legacy unix vendors and now with swift, it has no support from modern unix vendors either!
|
![]() |
|
apple is a modern unix vendor
|
![]() |
|
cfront more like afront
|
![]() |
|
![]()
|
# ? Feb 10, 2025 06:17 |
|
feedmegin posted:I can imagine that being a concern, especially for platforms g++ was ropey on (which has p much always been true of hp-ux to be fair). That said I was around and on the gnome mailing lists at the time and there was also a whole lot of 'KDE sux because C++ is a crap language for idiots and we should all be using plain old C like K&R intended' going on. yeah, well, there's the ground truth, and there's the reasons stated in design documents, and sometimes they align, sometimes they don't the ostensible reason for gnome's c obsession was the poor quality of c++ targets on legacy unix
|
![]() |