Good to know that you're acknowledging the problems but honestly, I don't see how that monster could be fixed without a complete rewrite at least of the frontend. It's not like some stylesheet or HTML tweaks would do. The UI was an insult 5 years ago and nowadays it's borderline ridiculous when compared to the competition.
Ofcourse it's emotional and you're free to call it childish and screechy if that's your perception. That doesn't change my point: SF is a pain to work with and I'll keep calling it TortureForge just like I call our favorite OS "Wintendo". If that's a problem for you - feel free to ignore me.
My major gripe with trac is the ticket management and the inconsistent authentication/notification issues. It's not easy to pin these down unless you have worked with a better system (i.e. redmine or mantisbt) for reference, consequently many trac evangelists will argue over them to death.
Anyways, some random PITAs with trac:
No ticket relations. Maybe there is a module/addon for that but I don't think I have ever seen a deployment using it. The lack of relations is one of the reasons why pretty much every trac installation eventually turns into an unstructured mess. In the real world almost every issue is related to another in one way another. Without a way to represent these relations any issue tracker falls short, to say the least.
Someone obviously thought "color coding would be cool" one day - but never spent the time to learn how to apply it in a useful manner. Anyone who has worked with mantisbt for a while will attest that color-coding ticket-states makes a lot more sense than coding the priority.
The dreaded "Submit an Issue" or "Watch an issue" link. Sometimes it exists, usually it doesn't or is buried deep in the wiki. Both (if reachable for a mortal at all) usually require registration and/or (most ridiculous) a comment on the ticket to fill in the CC field. This is a big hinderance for people that want to quickly keep a tab on a few OSS projects (or particular tickets) without spending 30 minutes each.
Yes, I'm aware that these issues can be fixed with tweaking and patching. The problem is that for each public trac instance that you can show me that has only one of them fixed I'll be able to show you 10-15 that haven't. "Broken by default" is the key-phrase here since we're talking about public drive-by-trac's. What you do and can do to with a carefully tuned inhouse-trac is an entirely different story.
Don't get me wrong, I'm not saying trac is crap. It's a big step up from Bugzilla and deserves some credit. But nowadays it has effectively been superseded by redmine for the "all-in-one tool" and long ago by mantisbt for "most effective ticket tracking".
There are plenty of alternatives, use one that doesn't make your devs and users scream in agony every time they have to use it. Sourceforge is so bad, it's not remotely funny. Not only are the "Forums" and "Bugtrackers" utterly unusable and useless. Even supposedly trivial (read: baseline!) stuff like downloading a release tarball is a sea of pain, requiring 2-3 clicks through useless spoiler-pages (more ad impressions, eh?). God forbid someone just wants to quickly wget a release to give it a shot, OSDN might not profit!
Generally avoid any provider that carries "forge" in its name. Most of them took the abysmal tortureforge interface and somehow managed to make it worse. Also beware of tortureforge in disguise! Some, like berlios, copied everything except the name. Same poison, different bottle.
So, here are some sane choices (randomly picked, there are more):
And if you are serious and have a bare minimum of linux-skills then you can always set up your own instance of RedMine (not trac, mind you) along with a SVN, Git, bzr or whatever server. It's not rocket science. I'm sure there are even hosters that sell it prebundled for a few bucks a month.
It puzzles me that some people still pick TortureForge for their projects in this day and age. But normally that's at least a surefire sign that the project is not worth the diskspace it occupies... (for *new* projects that is, not counting legacy projects here that started on sourceforge years ago and are just too lazy to move).
or enforce strong passwords and then cripple them with mandatory 'security' questions that allow anyone who knows you halfway well to reset your password.
How about sites that want "5-10 characters, only letters and numbers please"? Those are my personal favorites.
Even if your ISP really offered all these protocols on your uplink, which is highly unlikely, then your data would still travel over an IPv4 link after 1-2 hops anyways. And those are mostly orchestrated via BGP.
Furthermore I'm eager to hear how you talk to all those popular internet services over STCP, IPSEC, UDP or, hey, why not IPv7?
Maybe you are right. Never underestimate human stupidity etc. but I *do* want to think that there are less of that kind(!) of idiots on slashdot than elsewhere.
Hm, I somewhat doubt that slashdot is the right target audience for that kind of PR. If someone really paid for it then I'd say they just wasted their money...
Exactly. This "article" is yet another bad joke (slashdot disappoints a lot lately).
Dear "DigitAl56K": If you're so worried about losing your first and lastname on the interwebs then why the hell do you participate in retarded lotteries? Here's a little secret: If you don't push that submit button then nobody will ever get your information!
Exactly. That made me laugh, too. That and his "I need to know how much my software is worth, in cold hard $$$ please".
I'm sure he'll make for a worthwhile manager drone (if he looks pretty in a suit with tie, that is), I strongly doubt that he'll ever become a capable engineer.
And what kind of deep flaws are you talking about that make it necessary to "get rid of UNIX" as a whole?
Sorry but your whole post reads as if you're talking outta your ass. I don't know what kernel version you are running but large parts of *my* kernel were thought up and written long after the '90s...
Security from the lowest bidder - Makes totally sense!
How about this: I don't trust VeriSign. I don't Trust thawte. I don't trust any of these self-proclaimed "Authorities". VeriSign has issued fake Microsoft certs and there were plenty of other incidents with many CAs.
As far as I am concerned this whole chain of trust, where some commercial entities own the root, is inherently broken.
Here is how *I* would like SSL authentication to work:
Warn me every time when I visit a SSL site for the first time. Self-signed or not. Display a big, nasty dialog box that encourages me to call up the bank/merchant/site-owner and compare the fingerprint over the phoneline.
Then save the cert and never annoy me again about that particular site.
It doesn't matter at all whether a certificate is "signed by a trusted authority" or just self-signed. Phishing attacks don't work like that.
Any worthwhile phishing attack will present a "trusted", verisigned certificate anyways. Just not for yourbank.com but for yourbank.com.oooooooooooooooooooooooooooofreshphish.ru.
In our current model any browser will silently accept the phishers certificate. In my proposed model the browser would choke - exactly when it is supposed to.
Oh, many people already have ditched it and the number is only increasing. The approach to performance critical applications nowadays is to write them in a high-level language and optimize only the relevant parts with inline C (or asm if you're so inclined).
Actually nobody in their right mind uses C++ for anything anymore - if they have a choice, that is. C++ is used where it is inevitable, mostly for GUI programming and on legacy projects that can't just throw out their codebase.
For new projects there is hardly a use-case for C++ anymore, it's quickly becoming a niche.
Slashdot Mirror
Bzzt. Epic fail on your premise.
Good to know that you're acknowledging the problems but honestly, I don't see how that monster could be fixed without a complete rewrite at least of the frontend.
It's not like some stylesheet or HTML tweaks would do. The UI was an insult 5 years ago and nowadays it's borderline ridiculous when compared to the competition.
Ofcourse it's emotional and you're free to call it childish and screechy if that's your perception.
That doesn't change my point: SF is a pain to work with and I'll keep calling it TortureForge just like I call our favorite OS "Wintendo".
If that's a problem for you - feel free to ignore me.
My major gripe with trac is the ticket management and the inconsistent authentication/notification issues. It's not easy to pin these down unless you have worked with a better system (i.e. redmine or mantisbt) for reference, consequently many trac evangelists will argue over them to death.
Anyways, some random PITAs with trac:
much every trac installation eventually turns into an unstructured mess. In the real world almost every issue is related to another in one way another. Without a way to represent these relations any issue tracker falls short, to say the least.
Yes, I'm aware that these issues can be fixed with tweaking and patching. The problem is that for each public trac instance that you can show me that has only one of them fixed I'll be able to show you 10-15 that haven't. "Broken by default" is the key-phrase here since we're talking about public drive-by-trac's. What you do and can do to with a carefully tuned inhouse-trac is an entirely different story.
Don't get me wrong, I'm not saying trac is crap. It's a big step up from Bugzilla and deserves some credit.
But nowadays it has effectively been superseded by redmine for the "all-in-one tool" and long ago by mantisbt for "most effective ticket tracking".
For the love of god do not use tortureforge.
There are plenty of alternatives, use one that doesn't make your devs and users scream in agony every time they have to use it.
Sourceforge is so bad, it's not remotely funny. Not only are the "Forums" and "Bugtrackers" utterly unusable and useless. Even supposedly trivial (read: baseline!) stuff like downloading a release tarball is a sea of pain, requiring 2-3 clicks through useless spoiler-pages (more ad impressions, eh?). God forbid someone just wants to quickly wget a release to give it a shot, OSDN might not profit!
Generally avoid any provider that carries "forge" in its name. Most of them took the abysmal tortureforge interface and somehow managed to make it worse.
Also beware of tortureforge in disguise! Some, like berlios, copied everything except the name. Same poison, different bottle.
So, here are some sane choices (randomly picked, there are more):
And if you are serious and have a bare minimum of linux-skills then you can always set up your own instance of RedMine (not trac, mind you) along with a SVN, Git, bzr or whatever server. It's not rocket science. I'm sure there are even hosters that sell it prebundled for a few bucks a month.
It puzzles me that some people still pick TortureForge for their projects in this day and age. But normally that's at least a surefire sign that the project is not worth the diskspace it occupies... (for *new* projects that is, not counting legacy projects here that started on sourceforge years ago and are just too lazy to move).
how do you know i'm paranoid by nature? who told you that? do you have other information about me? WHO TOLD YOU THAT?
In fact, 1 can be a prime number depending on who you ask.
How about sites that want "5-10 characters, only letters and numbers please"? Those are my personal favorites.
Ehm, miss the point much?
Even if your ISP really offered all these protocols on your uplink, which is highly unlikely, then your data would still travel over an IPv4 link after 1-2 hops anyways. And those are mostly orchestrated via BGP.
Furthermore I'm eager to hear how you talk to all those popular internet services over STCP, IPSEC, UDP or, hey, why not IPv7?
Bullshit much?
Maybe you are right. Never underestimate human stupidity etc. but I *do* want to think that there are less of that kind(!) of idiots on slashdot than elsewhere.
Hm, I somewhat doubt that slashdot is the right target audience for that kind of PR.
If someone really paid for it then I'd say they just wasted their money...
Exactly. This "article" is yet another bad joke (slashdot disappoints a lot lately).
Dear "DigitAl56K": If you're so worried about losing your first and lastname on the interwebs then why the hell do you participate in retarded lotteries?
Here's a little secret: If you don't push that submit button then nobody will ever get your information!
Remember we're talking about google here. They apparently pay very well...
Anyways, I sincerely hope the poor parents will somehow manage to find a fulltime babysitter outside of google for their $1,425 dollars/month.
Exactly. That made me laugh, too.
That and his "I need to know how much my software is worth, in cold hard $$$ please".
I'm sure he'll make for a worthwhile manager drone (if he looks pretty in a suit with tie, that is), I strongly doubt that he'll ever become a capable engineer.
The problem, as usual, is in the presentation bias.
I got myself a copy of this rosetta thing and well, see for yourself:
Sad.
oO
And what exactly would this revolutionary achievement be that suddenly obsoletes all the broad concepts of UNIX? Time travel?
And what kind of deep flaws are you talking about that make it necessary to "get rid of UNIX" as a whole?
Sorry but your whole post reads as if you're talking outta your ass.
I don't know what kernel version you are running but large parts of *my* kernel were thought up and written long after the '90s...
Security from the lowest bidder - Makes totally sense!
How about this: I don't trust VeriSign. I don't Trust thawte. I don't trust any of these self-proclaimed "Authorities".
VeriSign has issued fake Microsoft certs and there were plenty of other incidents with many CAs.
As far as I am concerned this whole chain of trust, where some commercial entities own the root, is inherently broken.
Here is how *I* would like SSL authentication to work:
Display a big, nasty dialog box that encourages me to call up the bank/merchant/site-owner and compare the fingerprint over the phoneline.
It doesn't matter at all whether a certificate is "signed by a trusted authority" or just self-signed.
Phishing attacks don't work like that.
Any worthwhile phishing attack will present a "trusted", verisigned certificate anyways.
Just not for yourbank.com but for yourbank.com.oooooooooooooooooooooooooooofreshphish.ru.
In our current model any browser will silently accept the phishers certificate.
In my proposed model the browser would choke - exactly when it is supposed to.
TCP over Snailmail!
Erm. If a cracker compromises an extension then why would he put evil code in the landing page when he can put it directly in the extension?
Oh, many people already have ditched it and the number is only increasing.
The approach to performance critical applications nowadays is to write them in a high-level language and optimize only the relevant parts with inline C (or asm if you're so inclined).
..and when one uses python then everything suddenly starts to make sense.
SCNR
Preserve your sanity.
Actually nobody in their right mind uses C++ for anything anymore - if they have a choice, that is. C++ is used where it is inevitable, mostly for GUI programming and on legacy projects that can't just throw out their codebase.
For new projects there is hardly a use-case for C++ anymore, it's quickly becoming a niche.