New around here? Register your SA Forums Account here!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Athas
Aug 6, 2007

fuck that joker
This is also OpenSSL we're talking about. The code quality was spectacularly poor and unnecessarily complex. It wasn't widely known at the time that you couldn't treat it like normal software, not because crypto=hard (which is stupid superstition), but because critical things (seeding from /dev/random) and stupidly pointless things (seeding from stack garbage) looked very similar.

The Debian dude also wrote to an OpenSSL mailing list for clarification, but apparently not the super secret list that the real developers actually read.

It was ultimately Debian's fault, but OpenSSL delenda est.

Adbot
ADBOT LOVES YOU

BobHoward
Feb 13, 2012

The only thing white people deserve is a bullet to their empty skull
i was comically exaggerating a bit, but

assume that instead of confusing bad code, openssl had the highest quality code ever, well commented, etc. it's still a problem if it's considered acceptable for a linux package maintainer to touch it on their own.

the fully legit crypto-is-super-hard thing is designing your own new crypto algorithm. however, even implementating a known established algo is fraught with peril. tiny details matter and getting them slightly wrong can burn you; cryptography software is where minor bugs translate into devastating attacks. even the experts gently caress it up, but the neophytes gently caress up far more because they don't tend to have the appropriate paranoia

James Baud
May 24, 2015

by LITERALLY AN ADMIN
Hey guys, criticising GNOME 3 devs is working, we can burn this thing down!

quote:

WOGUE is no friend of GNOME

Alex Diavatis is the person behind the WOGUE account on YouTube. For a while he’s been posting videos about GNOME. I think the latest idea is that he’s trying to “shame” developers into working harder. From the person who’s again on the other end of his rants it’s having the opposite effect.

Lol at this person racing to his defense in the comments though:


quote:

I just commented about this atrocious video in Reddit. It’s so idiotic that I wouldn’t take it too seriously. Thank you for your great work, that I take seriously. Regarding Software I think the problem is mostly due to lack of progress feedback during long operations which is perceived as seriously buggy by the end user, even if the problem is not that deep. This is specially severe in Fedora because sometimes there is a 1GB flatpak runtime download or because of the auto-update metadata policy of dnf that tends to silently delay installs. I’ve been more lucky in Ubuntu in this regard.


Sometimes there is a small delay while a 1 GB download is performed at runtime?! Thank you for your great work! GNOME 3.32 ... definitely a mature product.

I go to some effort to disable flatpack on all my systems because the spam in the output of "mount" offends me. They don't do anything polite like cleaning up old entries, so you can end up with loopback mounts of seven different versions of whatever gnome-calculator is called these days... Even if you never launch it. Multiply by twenty other programs and libraries.

God forbid you run an older point release of the calculator.

pram
Jun 10, 2001

BobHoward posted:

i was comically exaggerating a bit, but

assume that instead of confusing bad code, openssl had the highest quality code ever, well commented, etc. it's still a problem if it's considered acceptable for a linux package maintainer to touch it on their own.

the fully legit crypto-is-super-hard thing is designing your own new crypto algorithm. however, even implementating a known established algo is fraught with peril. tiny details matter and getting them slightly wrong can burn you; cryptography software is where minor bugs translate into devastating attacks. even the experts gently caress it up, but the neophytes gently caress up far more because they don't tend to have the appropriate paranoia

think about it! you guys want shadowhawk touching your code???

Suspicious Dish
Sep 24, 2011

2020 is the year of linux on the desktop, bro
Fun Shoe

Athas posted:

This is also OpenSSL we're talking about. The code quality was spectacularly poor and unnecessarily complex. It wasn't widely known at the time that you couldn't treat it like normal software, not because crypto=hard (which is stupid superstition), but because critical things (seeding from /dev/random) and stupidly pointless things (seeding from stack garbage) looked very similar.

The Debian dude also wrote to an OpenSSL mailing list for clarification, but apparently not the super secret list that the real developers actually read.

It was ultimately Debian's fault, but OpenSSL delenda est.

What has Debian done since to ensure that they won't accidentally patch out another entropy source? Absolutely nothing. They still patch software and break it all the time for goofy reasons. The code was, honestly, not that hard to read -- the similarity between the two cases was a function called MD_UpdateBuffer, which would take an arbitrary buffer pointer. The dude commented out both because he got valgrind logs pointing to MD_UpdateBuffer as the culprit, and clearly didn't read the few lines above where it was reading from /dev/random.

Sapozhnik
Jan 2, 2005

Nap Ghost
Oh, that actually makes a lot more sense.

Crypto is very much a specialist topic, and not just in the implementation of crypto algorithms but crypto protocols as well: even if correctly implemented, a crypto algorithm is only secure under very precise conditions. There are blunt errors like the Playstation 3 ECC signing exploit, but there are also more subtle ones like the fact that you can use a cipher as a digest and vice versa and it appears to work but is actually very weak in ways I don't fully understand because I'm not an expert on the topic.

Notorious b.s.d.
Jan 25, 2003

by Reene

pram posted:

think about it! you guys want shadowhawk touching your code???

shadowhawk never made the cut to contribute to debian

think about that for a second

Tankakern
Jul 25, 2007

doesn't mean much other than becoming a package maintainer in debian is much like getting a government job, only gross misconduct will get you fired.

Notorious b.s.d.
Jan 25, 2003

by Reene
yeah you didn't read that correctly

shadowhawk was too lazy to make packages that would conform to debian standards, and was never a debian contributor

he just made his own packages and put them up ... wherever, because ???

Tankakern
Jul 25, 2007

i got what you meant, but as far as i recall the issue with shadowhawk wasn't that he did anything wrong with the package, it was just that debian already had a dude that was packaging it

shadowhawk was putting forth that he did the packaging better, but this being debian technical merits had no say at all

Notorious b.s.d.
Jan 25, 2003

by Reene

Tankakern posted:

i got what you meant, but as far as i recall the issue with shadowhawk wasn't that he did anything wrong with the package, it was just that debian already had a dude that was packaging it

shadowhawk was putting forth that he did the packaging better, but this being debian technical merits had no say at all

shadowhawk's packages didn't follow debian guidelines, like, at all

his package would never, ever have been accepted into debian

Smythe
Oct 12, 2003

Gnome 3 kicks rear end and I use it and enjoy it every day

Smythe
Oct 12, 2003

Kde is sewer tier

Janitor Prime
Jan 22, 2004

PC LOAD LETTER

What da fuck does that mean

Fun Shoe
lol at how wrong you are

Smythe
Oct 12, 2003

Janitor Prime posted:

lol at how wrong you are

lets c:

gnome 3: sweet rear end cool looking window manager. effortlessly glide between thousands of applications and directories. use beautifully integrated features like the wifi button, notification pane, search thing when u press the Super key... WOW! beautiful, efficient, and fun

KDE: sum kinda busted rear end windows knock off that sucks balls and is ugly as fk. shameful. piece of poo poo

the talent deficit
Dec 20, 2003

self-deprecation is a very british trait, and problems can arise when the british attempt to do so with a foreign culture





Smythe posted:

Gnome 3 kicks rear end and I use it and enjoy it every day

my only complaint so far is that the alt-tab app switcher thing only renders on one monitor in my dual monitor setup

everything else seems really good tho

Corla Plankun
May 8, 2007

improve the lives of everyone

Smythe posted:

lets c:

gnome 3: sweet rear end cool looking window manager. effortlessly glide between thousands of applications and directories. use beautifully integrated features like the wifi button, notification pane, search thing when u press the Super key... WOW! beautiful, efficient, and fun

KDE: sum kinda busted rear end windows knock off that sucks balls and is ugly as fk. shameful. piece of poo poo

i wish i didnt agree with this but i do

i'm sure kde is better because a lot of respectable people seem to like it but it doesnt look like a rad futuristic linux like most of the alternatives so i've never given it a chance

Tankakern
Jul 25, 2007

so go back to using compiz

gnome is fine for small computers you watch youtube on or tablets, not computers you actually use for stuff

Smythe
Oct 12, 2003

Tankakern posted:

so go back to using compiz

gnome is fine for small computers you watch youtube on or tablets, not computers you actually use for stuff

How so?

Soricidus
Oct 20, 2010
freedom-hating statist shill
I watched someone using gnome3 the other day. it looked like the entire gui kept freezing any time they changed directory in the file browser. it was bad.

Smythe
Oct 12, 2003

Soricidus posted:

I watched someone using gnome3 the other day. it looked like the entire gui kept freezing any time they changed directory in the file browser. it was bad.

Works on my machine. Ticket closed.

eschaton
Mar 7, 2007

the knowledge knower. a wisdom imparter. irritatingly self-assertive. odorous.
hey Smythe

wb to the pos

what’s cookin

spankmeister
Jun 15, 2008






Big ol' pot of Chome

mike12345
Jul 14, 2008

"Whether the Earth was created in 7 days, or 7 actual eras, I'm not sure we'll ever be able to answer that. It's one of the great mysteries."





kde does look like poo poo though

Zlodo
Nov 24, 2006
kde5 looks just fine

if you want it to look like '00s windowblinds you can always install a different theme than the default

Cybernetic Vermin
Apr 18, 2005

kde seems pretty poo poo but qt also seems like the only actually legitimate semi-modern toolkit on offer these days.

cowboy beepboop
Feb 24, 2001

build gnome on qt goodnight

Progressive JPEG
Feb 19, 2003

I subjectively don't like kde but yeah qt as a library is p good

https://www.youtube.com/watch?v=NbTEVbQLC8s

Captain Foo
May 11, 2004

we vibin'
we slidin'
we breathin'
we dyin'

yo it's smythe

which window manager is best for the use-case i have of "slamming my dick in the car door"

hobbesmaster
Jan 28, 2008

Captain Foo posted:

yo it's smythe

which window manager is best for the use-case i have of "slamming my dick in the car door"

enlightenment

feedmegin
Jul 30, 2008

Captain Foo posted:

yo it's smythe

which window manager is best for the use-case i have of "slamming my dick in the car door"

twm

feedmegin
Jul 30, 2008

my stepdads beer posted:

build gnome on qt goodnight

gnome literally came into existence because they didnt want to build on qt

Officially because of licencing issues back in the day, but also 'euw C++ has cooties' despite an OO language being a really good fit for writing a UI library. Which the gtk guys realised and reimplemented C++ in C, badly, with poo poo tons of ugly casts all over the shop.

Notorious b.s.d.
Jan 25, 2003

by Reene

feedmegin posted:

gnome literally came into existence because they didnt want to build on qt

Officially because of licencing issues back in the day, but also 'euw C++ has cooties' despite an OO language being a really good fit for writing a UI library. Which the gtk guys realised and reimplemented C++ in C, badly, with poo poo tons of ugly casts all over the shop.

to be fair c++ actually did have cooties back then

the gnome people wanted to port to terrible legacy unix, which often had horrible broken c++ compilers

e.g. hp-ux and aCC, which at the time could compile no non-trivial c++ program because it was still based on cfront, and because gently caress you, that's why

eschaton
Mar 7, 2007

the knowledge knower. a wisdom imparter. irritatingly self-assertive. odorous.
GNOME should have realized their mistake and just used Objective-C

and also abandoned GNOME and just started working on GNUstep

Notorious b.s.d.
Jan 25, 2003

by Reene

eschaton posted:

GNOME should have realized their mistake and just used Objective-C

and also abandoned GNOME and just started working on GNUstep

objective c had the same problem as c++ -- no support from legacy unix vendors

feedmegin
Jul 30, 2008

Notorious b.s.d. posted:

to be fair c++ actually did have cooties back then

the gnome people wanted to port to terrible legacy unix, which often had horrible broken c++ compilers

e.g. hp-ux and aCC, which at the time could compile no non-trivial c++ program because it was still based on cfront, and because gently caress you, that's why

I can imagine that being a concern, especially for platforms g++ was ropey on (which has p much always been true of hp-ux to be fair). That said I was around and on the gnome mailing lists at the time and there was also a whole lot of 'KDE sux because C++ is a crap language for idiots and we should all be using plain old C like K&R intended' going on.

Suspicious Dish
Sep 24, 2011

2020 is the year of linux on the desktop, bro
Fun Shoe

Notorious b.s.d. posted:

objective c had the same problem as c++ -- no support from legacy unix vendors

and now with swift, it has no support from modern unix vendors either!

pram
Jun 10, 2001
apple is a modern unix vendor

spankmeister
Jun 15, 2008






cfront more like afront

Adbot
ADBOT LOVES YOU

Notorious b.s.d.
Jan 25, 2003

by Reene

feedmegin posted:

I can imagine that being a concern, especially for platforms g++ was ropey on (which has p much always been true of hp-ux to be fair). That said I was around and on the gnome mailing lists at the time and there was also a whole lot of 'KDE sux because C++ is a crap language for idiots and we should all be using plain old C like K&R intended' going on.

yeah, well, there's the ground truth, and there's the reasons stated in design documents, and sometimes they align, sometimes they don't

the ostensible reason for gnome's c obsession was the poor quality of c++ targets on legacy unix

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply