Hating on Gnome is the popular thing to do, and it’s fantastic link bait. We’ll come to the defense of this bold shell, and why 2014 could be big year for Gnome.
Plus: We’ll breakdown the major security issues plaguing X, the UK “porn” filter that’s blocking Fedora downloads, a little Enlightenment 18 talk…
AND SO MUCH MORE!
All this week on, The Linux Action Show!
Support the Show:
— Show Notes: —
In Defense of Gnome 3:
Brought to you by: System76
– Chris’ Full Disclosure –
- The majority of my work week recently has been spent in KDE.
- Chris’ desktop
- The future for Qt looks bright, and like most geeks, I want to ride the wave and try to live in the future.
- Gnome Extensions concern me in the long run. Some important functionality for me in Gnome 3 is provided via extensions. The long term viability of that is quesentonalbe.
- Every time an extension works, it feels like a tiny and temporary merical.
– Summation of Common Gnome 3 Complaints –
– Gnome Developers Step Into the Spotlight –
William Jon McCann, Files developer:
Someone smart once said “Linux is just a kernel”. I couldn’t agree more. But in this age, it is going to take more than adding on a few tools to make a compelling operating system. It is going to take thinking seriously about the end result and making hard decisions to get there. A result that I believe the world needs more now than ever. A real choice for freedom. A choice for everyone. Time to step out of the dark ages. We, the technological elite, have been holding on to freedom too long. Effectively preventing others from enjoying it. Perpetuated by hostile dogma like the “unix way”. We need to be clear. Those days are over. And it is time to share.
Sri Ramkrishna, Tizen dev, long time Gnome Contributor:
Changes to Nautilus have been met with universal unhappiness – the changes that have been made have made a lot of people unhappy. There just hasn’t been anybody I’ve met both who are fans of GNOME 3 and critics alike who like what the current nautilus have become. People have either been silent or have encouraged the use of the 3.6 fork of Nautilus.
People have really been down on GNOME designers. While they have made some great community outreach, specifically Allen Day and Jakub Steiner have always been available to talk about their designs. Regardless, there is always this sense that whatever feedback is given will be ignored that everything is inevitable.
It’s very important that we are up front on regressions. The gnome-terminal incident is a good example of this. There is no doubt that transparency is a popular feature in terminals.
I will ask module maintainers to be upfront to the release team when there is a significant regression like this. In turn, release team needs to tell the engagement team as well so that we are also ready to talk about it when it comes up.
The conclusion is, we are creating a product. But we need to act like we are creating a product. That will require closer teamwork between the various teams that we have before. I’ll talk about this in another post. But we don’t have everything set up for that. We have gaps, and they should be addressed.
– New Generation of Desktop Apps Inspired by Gnome Design –
– Making Gnome Work for You –
The sexiest fish in the large sea of file managers, Marlin is well-designed with a focus on speed, simplicity, ease of use.
– Favorite Gnome Extensions –
- Dash to Dock – GNOME Shell Extensions
- Caffeine – GNOME Shell Extensions
- NetSpeed – GNOME Shell Extensions
- Skype Integration – GNOME Shell Extensions
- Media player indicator – GNOME Shell Extensions
- SystemMonitor – GNOME Shell Extensions
- Bitcoin Markets – GNOME Shell Extensions
– Community Reaction –
– Picks –
Desktop App Pick
Best of Linux and more at 2014 International CES:
- Annual best of Linux @ 2014 International CES, January 7–10
- Chase from Unfilter joins Matt and Chris next week for CES Coverage.
- On our January 12th episode LAS s30e05
Git yours hands all over our STUFF:
- Jupiter Broadcasting Affiliate Extensions
- Callisto-app – Google Project Hosting
- Quick Update to the Jupiter Broadcasting Android App
— NEWS —
Ilja van Sprundel, Professional Pen Tester
Talk at 30th Chaos Communication Congress [30c3]
Spent a year researching X.org code and bugs.
Found trivial memory corruption bugs with many opportunities to insert random/malicious data.
Very awesome response from xsecuirty@xorg developer, 80 of the bugs fixed asap. He was very responsive and worked super hard.
Some of these bugs exist because hard drives were so tiny when X was created, they never thought about some of the interesting ways folks could load/inject data into memory.
LWN comment from OG X dev: http://youtu.be/2l7ixRE3OCw?t=11m29s – 12:41
X Client Summary: http://youtu.be/2l7ixRE3OCw?t=25m57s
One major issue on the X client side is so many X apps run with setuid to root. Making it trivial for a client side X application to abuse X flaws.
SUID (Set owner User ID up on execution) is a special type of file permissions given to a file.
Normally in Linux/Unix when a program runs, it inherits access permissions from the logged in user. SUID is defined as giving temporary permissions to a user to run a program/file with the permissions of the file owner rather that the user who runs it.
Users will get file owner’s permissions as well as owner UID and GID when executing a file/program/command.
X server is in good shape, and the X11 protocol.
GLX is broken “beyond repair”. (OpenGL Extension to the X Window System)
X extensions have quite a few bugs too, but not all systems have the same extensions. Trickier.
tl;dr: 80 bugs in xlib, most of them fixed. 120 bugs in the server, going to be fixed but not disclosed yet to avoid 0-day exploits. Tons of stinky code in extension modules, potentially full of bugs, but no investigations have been done, yet.
Aksed about Wayland: http://youtu.be/2l7ixRE3OCw?t=55m17s – 56:00
– Feedback: –
— Chris’ Stash —
Minecraft Faux World Competition
Hang in our chat room:
— What’s Matt Doin? —
Join our virtual LUG on Mumble to debate: Does groupthink / management by consensus tamper open source innovation. Does backlash to aggressive and sometimes new or “risky” ideas inhibit bold invitations?