So true. Having used Gentoo for 2 years my box was actually slower. It had to compile security updates + all unrelated upgraded every week. emerge has no (official) way to install security updates only. And once you have ldap + mysql installed, all./configure scripts start to pick those libraries up too, making the whole system link to each other.
Tell me what objdump -x `which $kdeapp` | grep NEEDED returns at your system. It should only return direct deps, not the whole list. And remember RPM-based distro's also compile with "-O2 -mcpu=i686";-)
I'm also getting really tired of bug reports from Gentoo users. They report my app is broken, when it appears they managed to compile KDElibs without SSL, or use a bleeding edge build system which is not supported by stable KDE releases. I don't mind different Linux configurations, but these extremes are just wasting precious time.
For a security audit of an existing code base! Or are you willing to hire someone to browse code in a month time?
I suppose the over-use of PHP (which for a long time didn't even support prepared statements (does it even do it today?)) Every language allows you to write libraries which do things properly. The language is not a limiting factor here.
Something I also missed was xajax. They use AJAX as RPC layer, calling a server-side method from JavaScript, and in reverse call methods on the clients back. This is easy to implement in existing pages, and leaves much room for implementation.
Instead of parsing data structures in the client, xajax allows you to send HTML chunks, JavaScript method calls and DOM operations back (making it two-way RPC). The most interesting part is you can reuse all server-side code created in the "web 1.0" days, like HTML template engines.:-)
because there is no standard GUI layer. Windows provides all that.
No, it does not. Well only sort-of.. The "standard GUI layer" of Windows is limited to the plain widgets we all know from Windows 95. The ones Notepad and WordPad still use. Ugly menu's and big bevel toolbar buttons. If you look closer you'll see Notepad, Windows Explorer, Visual Studio, Office all use different menu's and toolbar handles. They're all custom widgets, not standard.
Most advanced widgets for Windows are part of a commercial widget toolkit you've chosen. This can be MFC, ComCtl, VLC (Borland), Windows Forms (.Net), WPF (.Net3), Qt, and I'm missing others (e.g. remember those big sized OK-buttons a big green check icon inside).
All those different frameworks do have something in common. Windows provides central settings for fonts and color schemes. This makes them all look the same. That's something Linux should really improve.
his license and that license (really meaning, these liabilities and those liabilities.)
You have two good options for Linux:
GTK+. Free for use in commercial projects (LGPL). It's the base of GNOME.
Qt. IMHO a enterprise class toolkit (see customer list). Requires a license for commercial work, but I don't see how that's different from a license for Visual Studio. And you'll get commercial support in return too. Qt is the base of KDE.
This is not good at all for getting Linux used more often. It seams Linux are the most difficult users to please. If each "getting-Linux-implemented-somewhere" project is backslashed like this one, it becomes harder to get Linux implemented anywhere.
Re:Who are the idiots working on this project?
on
LinuxBIOS Gets GUI
·
· Score: 1
Motherboard support is the most important thing to be working on. (..) the supported hardware list is laughably small. How about showing the world first why a LinuxBIOS is actually really cool? Why it should get better. You get more developers on the board, and fix hardware support much sooner..:-)
The problem with current Windows installing system is that it is very difficult to upgrade software. At least, it depends on the software developers. If they have an update-friendly software it might be easy.
Correct. The current packaging systems are not the full answer however. It works now with 1% of market share. It will suck when more ISV's jump into Linux. If we don't offer a reasonable framework to install and upgrade distributed packages, every ISV will create it's own setup.exe and update system. Like every Windows application has it's own auto-update function.
RPM and DEB are really good for the base system. Simply really good. They don't scale though when you want the latest Firefox, Gaim or Amarok that was just released. Nor do they scale up when you install more less common third-party software (e.g. some new KDE widget style). It still happens I compile software at distributions like Gentoo and openSUSE which offer a lot of up-to-date software. It's because it's impossible to package all available software out there. Notwithstanding the fact it's a duplicated effort.
Looking at the download page of a random project, I think something is wrong there. Why can't there be just one installer? What is so different between all RPM or DEB-based distributions you need separate packages for each one of them? These are things Zero Install and Autopackage try to fix this. I agree these are intermediate solutions; a good central system is not available yet.
I think Linux needs a distributed packaging system. A system where ISV's can plug-in their "feed url" as well. Perhaps even like RSS does it, place a feed icon at the website. A local cronjob and central update server then check all feeds to provide software updates for really all installed software. I really wish something like that would emerge.
isn't this the same that was always done in Linux kernel?
Yes, but... Who told the hardware vendors about that?:-p
Someone finally did, explained the benefits, and got an amazing number of responses:-)
We take much for granted. When you meet a Linux newbie you'll notice how much "hidden knowledge" we have. Who the community is, that the FSF / GPL is, how the OS is layered in tools and front ends, what "compiling" does, how communication is done, how to find answers for problems. Linux newbies are not aware of this. The same can be said about hardware vendors.
Even if a vendor jumped in a random channel, the average response is "Open Source it". We understand the meaning and advantages of that approach. They only think "help, I must give away my code". It was about time someone stepped up to shed some light on these matters.
We need to stop trying to convert the masses - it's still too early. Build a truly better operating system and you won't have to spend so much time trying to sell people on a free product. Wait until "it just works" otherwise we're going to continue to turn people off.
If you won't market it now, *WHEN* will you? In 1 year, 2 years, 5 years from now? When Microsoft releases a Vista successor? Or simply never?
Anyone who worked for a commercial place knows you need to release something at some point. You need returns for the investment before you can continue. What happened with "release early release often"?
Not everyone becomes a contributor for new code, that's not important. They likely have better communication skills. Being able to write better howto's, be more convincing then the local nerd around the block. Heck, I even received a translation file from a 50 year old Slovenian court member.
Last few months I get frequently asked about Linux. People like to learn about Linux now. They want to be there too when it has gains critical mass. So let's help them!
If you're writing an app for Windows, what is the alternative to using the Windows API? How could Microsoft develop Windows applications without using the Windows API? Well consider reading about Windows NT, Secret APIs and the Consequences (Google Cache).
There is a private hidden API under the Win32 API calls. For example, NtCreateProcess is the internal function used by the CreateProcess function. The Win32 API only exposes a small subset of the available API functions in Windows.
From the article:
(..) when Microsoft released Internet Information Server (IIS), it significantly outperformed Netscape Server on the NT Platform. Microsoft insisted that its developers had not had any additional acceess to information than had Netscape developers. Yet after careful review, Netscape developers were able to utilize previously undisclosed information about NT in their own products. Future releases of Netscape Server were competitive with IIS in subsequent testing. If you write programs using a documented API, the programs run slower. The second quote illustrates that Microsoft uses the hidden APIs to make their applications the best in any particular market:
Microsoft can write application code that can run optimally on an operating system, has advance knowledge about future releases, knows which programming method to choose over another, and can tweak the OS code prior to final relase to advantage3 its own applications. If you perform the costly task of reverse-engineering the hidden APIs in order to compete with Microsoft, they change those hidden APIs to favor their products.
If the product becomes popular or makes money, Microsoft can make a faster competing product using the real system calls, or they can change the real NT system calls out from under your product at the next release of NT. In either case, Microsoft can cause their competing product to inherit your market.
But that's what libraries like Apache Axis are for. I don't have to deal with it. For me, it's a snap. I send objects, I get objects. Easy. But write SOAP from scratch? Hell no!
That's a solution to a problem that shouldn't have existed in the first place.
Writing a complex specification makes it hard for other parties to create compatible applications. Just like everybody needs *the one true browser* to navigate arround the Internet, everyone needs tools for SOAP. A simple spec would make SOAP extremely powerful, but also sets developers free of certain (commercially available) tools they need now...
In result, this is what SOAP gives us now:
Implementations that have incompatibilities with each other (e.g. PHP can't send Multiref messages to AXIS because it doesn't detect some optional WSDL property,.Net not being able to parse what PHP sends).
5 different styles to communicate. RPC/encoded, RPC/literal, document/encoded, document/literal, "document/literal wrapped". Add Multirefs to the WSDL, and it doubles.
WSDL being the so generic/abstract it defines methods in three abstraction levels and adds HTTP-bindings as extension feature.
real-world bindings as extension. "SOAP over SMTP" is called a feature, something nobody will ever use. It's not written with the real/existing world in mind.
An application layer built on top of an application layer. SOAP implements what HTTP already offers (like error handling and parameter transport).
There is one positive feature I can add. Things like REST have very random return values, SOAP is more consistent here.
Yeah, cuz it's not enough that I can no longer relay e-mail directly from my machine..
Everybody delivers e-mail messages through the SMTP server of their ISP. What is wrong with that?
Network administrators get thousands of connections from infected machines. They drop those connections, except the connection from the official SMTP server of that IP-block. If someone can't put aside their blind determination to ignore the SMTP of their ISP, or lack a damn good reason to send email directly, their deserve to get rejected by recipients. Politely sending a reject message back would double the bandwidth wasted on spam, nobody is waiting for that either.
The whole concept of plasma is still in the design phase. I was pretty amazed someone managed to get a review of something that hasn't got a GUI yet. The 'plasma' folder in KDE SVN consists of data-handling classes only. I'd rather trust the lead developer (Aaron Seigo, aseigo.blogspot) to provide the first sneak preview of plasma rather then MadPenguin.
Konqueror on the other hand is a file manager, also a file viewer. It's such a good file viewer that you can view either local or remote files, and not only pictures and pdfs, but also html files, meaning you can also view graphic html files on remote servers, aka the web. As such, firefox is dedicated to being a browser where the web is a primary focus, whereas konqueror is more like a swiss army knife where the web is an included convenience.
This myth should actually be seen as a compliment to KDE. Why? The components you mention all come from the standard KDE libraries, or they are supplied by additionally installed applications. Konqueror is just a shell, host for all of them. Just like ActiveX/OLE integrates applications seamlessly together in Windows.
Konqueror can host a KHTMLPart, KatePart (text editor), file-viewer part, image-viewer part. They can all be developed by separate appliations. Install a PDF viewer, and Konqueror can load it's PDFPart too. The networking support you mention come from the standard KDE-IO libraries, they haven't been klunged into Konqueror at all (every KDE application has KDE-IO and KPart support!).
Saying that this would remove developer resources from KHTML isn't really true. Developers working on a PDFPart likely wouldn't have ended up coding for KHTML anyways.
Slashdot seams to have picked up a wonderful kind of humor. When I opened the article it showed the "Nothing to see here, please move along"-404 page:-)
Guess they're right after all. I'm out of here.
The CSS test suite runs all tests in Quirks mode, ment for browsers to preverve binary compatibility. Fixing these bugs in Quirks mode would break a lot of websites. Most CSS bugs get fixed in Standard mode only (IE7 does that), so the test could give a lot of false positives.
use mysql_real_escape_string() on all database input, or better: the variable binding feature of PEAR::DB
disable register_globals, use $_GET, $_POST and $_COOKIE instead.
Use preg_replace( '/[^a-zA-Z0-9\-_]', '', $input ) on all input used in file names.
Things like require_once("files/" + $input + ".html") actually read php files when it's called as ?input=file.php%00
The trouble with drag-and-drop UI designers is that the layout tends to break horribly when the window is resized or the font size changed. (I'm talking about VB, Delphi, and MFC here - there may be other frameworks that have found a way around this problem.) Designers who try to solve the problem by making their forms non-resizable should be taken outside and shot...
I've read TFA, but noticed most arguments against Linus' option are made by members of the Open Source / Free Software communities. It would be more interesting to hear the feedback from commercial party's who're involved with Linux as well (e.g. Novell, HP, Oracle, Trolltech). This doesn't exactly put any weight under the arguments of the article.
I believe Linus is more open towards commercial development then most FLOSS community members are. This makes it understandable why he is so against enforcing freedom through everyones throats. Linus has always been the more practical type.
Well the good news is, they fixed most CSS2.1 bugs in IE7. They killed almost every bug mentioned at positioniseverything.net. They also added support for CSS2 selectors.
the new bugfixes are not applied in quirks-mode. Shouldn't be a problem, quirks mode is ment for backwards compatibility anyways.
most of my pages rendered exactly like Firefox and Safari already did. In fact, if I left a "bug" there because it was only visible in Safari, it will likely be visible in IE7 too due their better support for standards.
If you coded your pages for standards, and only used "* html" for IE5/6, most pages still look fine in IE7
they removed the "* html" bug because it broke web sites since they also support of the child-selector (html>body) in IE7. Note that pages render fine now without this hack!
they appear to have left a new hack, *>html, but they recommend conditional-comments instead
Souds like Microsoft knows how to deal with the advantages people can mention about Linux. It's getting annoying to hear "well.. vista will have it" each time you try to name another advantage of MacOS or Linux.
So even though I know it is cool to bash microsoft, this is a case where they went out of their way to help me. I called them for help and 10 minutes later I had my situation fixed. No need to reinstall Windows or switch os's all together.
Each time you re-install Windows you need to explain your motives at Microsoft. And be sure they'll log your call. It's not that bad, but I don't like the idea to answer for my actions at Microsoft.....and typing over a 56-digit key twice:-|.
FYI: In my case, a bad driver from windows update caused display problems and it could not be fixed with Dell support. To get a new activation key you'll have to explain this first at the phone.
Slashdot Mirror
So true. Having used Gentoo for 2 years my box was actually slower. It had to compile security updates + all unrelated upgraded every week. emerge has no (official) way to install security updates only. And once you have ldap + mysql installed, all ./configure scripts start to pick those libraries up too, making the whole system link to each other.
Tell me what objdump -x `which $kdeapp` | grep NEEDED returns at your system. It should only return direct deps, not the whole list. And remember RPM-based distro's also compile with "-O2 -mcpu=i686" ;-)
I'm also getting really tired of bug reports from Gentoo users. They report my app is broken, when it appears they managed to compile KDElibs without SSL, or use a bleeding edge build system which is not supported by stable KDE releases. I don't mind different Linux configurations, but these extremes are just wasting precious time.
For a security audit of an existing code base! Or are you willing to hire someone to browse code in a month time?
I suppose the over-use of PHP (which for a long time didn't even support prepared statements (does it even do it today?)) Every language allows you to write libraries which do things properly. The language is not a limiting factor here.Something I also missed was xajax. They use AJAX as RPC layer, calling a server-side method from JavaScript, and in reverse call methods on the clients back. This is easy to implement in existing pages, and leaves much room for implementation.
Instead of parsing data structures in the client, xajax allows you to send HTML chunks, JavaScript method calls and DOM operations back (making it two-way RPC). The most interesting part is you can reuse all server-side code created in the "web 1.0" days, like HTML template engines. :-)
No, it does not. Well only sort-of.. The "standard GUI layer" of Windows is limited to the plain widgets we all know from Windows 95. The ones Notepad and WordPad still use. Ugly menu's and big bevel toolbar buttons. If you look closer you'll see Notepad, Windows Explorer, Visual Studio, Office all use different menu's and toolbar handles. They're all custom widgets, not standard.
Most advanced widgets for Windows are part of a commercial widget toolkit you've chosen. This can be MFC, ComCtl, VLC (Borland), Windows Forms (.Net), WPF (.Net3), Qt, and I'm missing others (e.g. remember those big sized OK-buttons a big green check icon inside).
All those different frameworks do have something in common. Windows provides central settings for fonts and color schemes. This makes them all look the same. That's something Linux should really improve.
his license and that license (really meaning, these liabilities and those liabilities.)You have two good options for Linux:
This is not good at all for getting Linux used more often. It seams Linux are the most difficult users to please. If each "getting-Linux-implemented-somewhere" project is backslashed like this one, it becomes harder to get Linux implemented anywhere.
Correct. The current packaging systems are not the full answer however. It works now with 1% of market share. It will suck when more ISV's jump into Linux. If we don't offer a reasonable framework to install and upgrade distributed packages, every ISV will create it's own setup.exe and update system. Like every Windows application has it's own auto-update function.
RPM and DEB are really good for the base system. Simply really good. They don't scale though when you want the latest Firefox, Gaim or Amarok that was just released. Nor do they scale up when you install more less common third-party software (e.g. some new KDE widget style). It still happens I compile software at distributions like Gentoo and openSUSE which offer a lot of up-to-date software. It's because it's impossible to package all available software out there. Notwithstanding the fact it's a duplicated effort.
Looking at the download page of a random project, I think something is wrong there. Why can't there be just one installer? What is so different between all RPM or DEB-based distributions you need separate packages for each one of them? These are things Zero Install and Autopackage try to fix this. I agree these are intermediate solutions; a good central system is not available yet.
I think Linux needs a distributed packaging system. A system where ISV's can plug-in their "feed url" as well. Perhaps even like RSS does it, place a feed icon at the website. A local cronjob and central update server then check all feeds to provide software updates for really all installed software. I really wish something like that would emerge.
Yes, but... Who told the hardware vendors about that? :-p
Someone finally did, explained the benefits, and got an amazing number of responses :-)
We take much for granted. When you meet a Linux newbie you'll notice how much "hidden knowledge" we have. Who the community is, that the FSF / GPL is, how the OS is layered in tools and front ends, what "compiling" does, how communication is done, how to find answers for problems. Linux newbies are not aware of this. The same can be said about hardware vendors.
Even if a vendor jumped in a random channel, the average response is "Open Source it". We understand the meaning and advantages of that approach. They only think "help, I must give away my code". It was about time someone stepped up to shed some light on these matters.
If you won't market it now, *WHEN* will you? In 1 year, 2 years, 5 years from now? When Microsoft releases a Vista successor? Or simply never?
Anyone who worked for a commercial place knows you need to release something at some point. You need returns for the investment before you can continue. What happened with "release early release often"?
Not everyone becomes a contributor for new code, that's not important. They likely have better communication skills. Being able to write better howto's, be more convincing then the local nerd around the block. Heck, I even received a translation file from a 50 year old Slovenian court member.
Last few months I get frequently asked about Linux. People like to learn about Linux now. They want to be there too when it has gains critical mass. So let's help them!
That's a solution to a problem that shouldn't have existed in the first place.
It reminds me of a SOAP is simple conversation, which explains quite well how SOAP evolved.
Writing a complex specification makes it hard for other parties to create compatible applications. Just like everybody needs *the one true browser* to navigate arround the Internet, everyone needs tools for SOAP. A simple spec would make SOAP extremely powerful, but also sets developers free of certain (commercially available) tools they need now...
In result, this is what SOAP gives us now:
There is one positive feature I can add. Things like REST have very random return values, SOAP is more consistent here.
Everybody delivers e-mail messages through the SMTP server of their ISP. What is wrong with that?
Network administrators get thousands of connections from infected machines. They drop those connections, except the connection from the official SMTP server of that IP-block. If someone can't put aside their blind determination to ignore the SMTP of their ISP, or lack a damn good reason to send email directly, their deserve to get rejected by recipients. Politely sending a reject message back would double the bandwidth wasted on spam, nobody is waiting for that either.
"But underneath.. it's still windows"
The whole concept of plasma is still in the design phase. I was pretty amazed someone managed to get a review of something that hasn't got a GUI yet. The 'plasma' folder in KDE SVN consists of data-handling classes only. I'd rather trust the lead developer (Aaron Seigo, aseigo.blogspot) to provide the first sneak preview of plasma rather then MadPenguin.
This myth should actually be seen as a compliment to KDE. Why? The components you mention all come from the standard KDE libraries, or they are supplied by additionally installed applications. Konqueror is just a shell, host for all of them. Just like ActiveX/OLE integrates applications seamlessly together in Windows.
Konqueror can host a KHTMLPart, KatePart (text editor), file-viewer part, image-viewer part. They can all be developed by separate appliations. Install a PDF viewer, and Konqueror can load it's PDFPart too. The networking support you mention come from the standard KDE-IO libraries, they haven't been klunged into Konqueror at all (every KDE application has KDE-IO and KPart support!).
Saying that this would remove developer resources from KHTML isn't really true. Developers working on a PDFPart likely wouldn't have ended up coding for KHTML anyways.
Slashdot seams to have picked up a wonderful kind of humor. When I opened the article it showed the "Nothing to see here, please move along"-404 page :-)
Guess they're right after all. I'm out of here.
The CSS test suite runs all tests in Quirks mode, ment for browsers to preverve binary compatibility. Fixing these bugs in Quirks mode would break a lot of websites. Most CSS bugs get fixed in Standard mode only (IE7 does that), so the test could give a lot of false positives.
MSIE also allows developers to execute JavaScript in CSS code. A forum which translates
to is vulnerable when you can enter .- limit the session to the IP-address of the visiting user.
- use htmlentities() on all outputted HTML
- secure file uploads to avoid uploading PHP code
And most important (but not relevant for TFA):Things like require_once("files/" + $input + ".html") actually read php files when it's called as ?input=file.php%00
I've read TFA, but noticed most arguments against Linus' option are made by members of the Open Source / Free Software communities. It would be more interesting to hear the feedback from commercial party's who're involved with Linux as well (e.g. Novell, HP, Oracle, Trolltech). This doesn't exactly put any weight under the arguments of the article.
I believe Linus is more open towards commercial development then most FLOSS community members are. This makes it understandable why he is so against enforcing freedom through everyones throats. Linus has always been the more practical type.
(response from Safari user) *cough* Obtain an interactive shell through lynx *cough* Lynx NNTP vulerability *cough* Lynx CRLF injection*cough*
Well the good news is, they fixed most CSS2.1 bugs in IE7. They killed almost every bug mentioned at positioniseverything.net. They also added support for CSS2 selectors.
The bad news is they didn't add ":after" support..
If you used this to clear floats without structural markup, you need to find another way.
And worth mentioning:
Note that pages render fine now without this hack!
Souds like Microsoft knows how to deal with the advantages people can mention about Linux. It's getting annoying to hear "well.. vista will have it" each time you try to name another advantage of MacOS or Linux.
Each time you re-install Windows you need to explain your motives at Microsoft. And be sure they'll log your call. It's not that bad, but I don't like the idea to answer for my actions at Microsoft.. ...and typing over a 56-digit key twice :-|.
FYI: In my case, a bad driver from windows update caused display problems and it could not be fixed with Dell support. To get a new activation key you'll have to explain this first at the phone.