Thu, 29 Nov 2012
Secure Login at Alza.CZ
Here is how the "secure" login works at alza.cz, one of the biggest e-shops in the Czech Republic:
In the login form, user can click to the link named "SSL", which leads to the SSL-encrypted page with an alternative login form. The problem is, that this page apparently sends the login form data unencrypted, so the usage of SSL to display the login form is completely pointless.
3 replies for this story:
dan wrote:
I agree, their login form is weird. I checked it with firebug and fortunately the credentials are not sent over in plaintext - it's still HTTPS. It seems that something in the way they are sending them confuses the browser - they are not using a standard HTML form, they are sending the credentials using XHR request. The login doesn't even work with JS turned off.
toto wrote:
Ty máš co kritizovat...spíš si oprav CSS. http://imgur.com/PBm7C
Yenya wrote: Re: toto
Well, the "official" URL of my blog does not start with https, so it is not my problem that it contains http-only images or whatever when accessed over https. Also, there are no private data sent over the net during communication with my blog (as opposed to Alza.cz).
Reply to this story:
Wed, 28 Nov 2012
SOAP::Lite
Today's daily WTF goes to the SOAP::Lite CPAN package and its non-configurability and mis-design.
For example, look at this:
HTTP Basic authentication is accomplished by overriding the get_basic_credentials suboutine in LWP::UserAgent (which SOAP::Transport::HTTP::Client is a subclass):
BEGIN {
sub SOAP::Transport::HTTP::Client::get_basic_credentials {
return 'username' => 'password';
}
}
So apparently the only way how to use Basic authentication is to override
a global function in some foreign namespace. And what to do when I want to
use two SOAP servers with two sets of credentials inside a single application?
There are more similar "features" in SOAP::Lite. For example, tracing can
only be set up globally in compile-time, or by manually calling ->import().
My dear lazyweb, is there a SOAP module with cleaner design?
UPDATE 2012/11/28: Tracing
FWIW, it is probably easier and cleaner to do both basic authentication
and tracing at the transport level - the transport module here is
LWP::UserAgent (thanks Adelton for the hint!), so for example handlers described in the LWP::UserAgent manpage work:
$soap->transport->add_handler(
request_prepare => sub {
shift->authorization_basic($login, $pass);
},
);
$soap->transport->add_handler(
request_send => sub { print STDERR shift->content; },
);
$soap->transport->add_handler(
response_done => sub { print STDERR shift->content; },
);
I wonder why the SOAP::Lite manpages suggest such dirty ways
of handling this (and I have not even started mentioning things
like $SOAP::Transport::HTTP::Client::USERAGENT_CLASS global
variable; ugh)
3 replies for this story:
Adelton wrote:
From man page: Because "SOAP::Client" inherits from "LWP::UserAgent", you can use any of "LWP::UserAgent"'s proxy settings. Can't you really apply the same to the ->credentials call? Eg, $soap->transport->credentials($netloc, $realm, $uname, $pass); ?
Adelton wrote:
By the way, who is holding a gun to your head to force you to use SOAP?
Yenya wrote: Re: Adelton
Well, why TF they have "redefine the get_basic_credential" in the POD as their prefered way of handling basic auth then? (ISDS is the gun holder there, but fortunately this is not my job, I just tried to help one of my colleagues :-)
Reply to this story:
Tue, 27 Nov 2012
Cookies Auth and 403 Forbidden
In IS MU we have recently abandoned the HTTP basic authentication and replaced it with cookie-based authentication. The main reason was that there is no portable way of logging out of the basic authentication. So I have based our new solution on Apache2::AuthCookie. The problem is, that it does not work correctly with some clients because of the way how the login form is handled.
When the yet-unauthenticated user accesses an URL for authenticated users only,
Apache2::AuthCookie returns the HTTP response with "403 Forbidden"
status code, and with text/html body containing the login
form. That way, the client cannot be possibly lead into the false assumption that the page it just received is in fact the content it wanted to receive.
So the user fills the login form, submits it, and the server returns the real
page for that URL, this time with "200 OK" status code.
This approach seems to be correct (even after reading the RFC 2616 :-). However, we observe problems with
the following two use cases:
- Nokia Symbian-based phones. After receiving 403 from the server, they display their own error message, and ignore the returned HTML altogether (except for the page background :-).
- Microsoft Word. When the link to the authenticated page is embedded inside the Word document, and user ctrl+clicks it, Word apparently starts MSIE to get the page. However, in this special case MSIE does not display the login form after getting the 403 status, but reports the error to its caller (MS Word) instead. So Word displays a generic error pop-up to the user, without the user being able to log in.
What to do now? The problem is clearly in the HTTP status code 403, and in its
mis-interpretation by some clients. I don't want to return the login form
in a 200 OK response, because I need e.g. the web crawlers to know that this
is not actually the page they tried to access. As for Symbian, they can be
clearly identified by their User-Agent string, so I can
return 200 OK only for them. But as for MS Word, I have no clue: what I see
is the request made by MSIE (and again, I probably don't want to return
200 OK to every unauthenticated MSIE request).
Any other suggestions, my dear lazyweb?
2 replies for this story:
Adelton wrote:
I'm not sure about that 403: "Authorization will not help and the request SHOULD NOT be repeated". Since you are using cookies for something it's not technically supposed to be used (authentication), I wouldn't worry about that 200 that much. I'd either make it 200 or 302 to some login page, ideally with some Pragma: no-cache so that spiders don't index/cache it.
Yenya wrote: Re: Adelton
Well, the request after 403 is not repeated (by the browser itself). Apache2::AuthCookie returns a login form in that request, and the action of this form is some different URL (which, by coincidence, returns 302 to the original URL, if correct credentials are submitted). So I still think 403 is a perfectly legal way of returning the login form.
Reply to this story:
Mon, 12 Nov 2012
Desktop Environment-Specific Apps
I have recently came across this two years old bug report, filled to the bug tracker of Transmission (a Bittorrent client) where a GNOME developer suggests removal of the notification area icon from the application on the basis that GNOME 3 does not support notification area at all.
So if I understand it correctly, we are now living in a world where all the GUI applications have to be dependent on the particular desktop environment, and it should be no longer supported to run - say - Transmission under XFCE, or GIMP under KDE, at least according to GNOME developers. "We GNOMErs do not support notification area icons, so this application should not use it" (even though the application is not used exclusively under GNOME)? Where are the freedesktop.org cross-DE interoperability recommendations?
That said, notification area as such sucks - what I liked most was the original approach of X11: using on-desktop icons for minimized applications (instead of applications and documents shortcuts), and applications displaying their own status in their icon (handled by every window manager using the same ICCCM specification).
3 replies for this story:
Martin Putniorz wrote:
GNOME devs are just a bunch of guys who think of themselves as the team of Steves (Jobs). More about it here https://igurublog.wordpress.com/2012/11/05/gnome-et-al-rotting-in-threes/
Yenya wrote: Rotting in threes
Yep. I have also discovered that blog post yesterday. Quite disturbing read, isn't it? And it is not only GNOME, but Ubuntu and others as well.
Milan Zamazal wrote:
Interesting reading, it explains a lot. I'm pretty happy and quite stable with simple and highly customizable environments (StumpWM + Emacs + uzbl) last years. The problem is that such environments are not suitable for nonprogrammers. It seems that Xfce is still going in the right direction, i.e. being easy to use, easy to set up and running well on old hardware. So I'm going to replace GNOME and KDE desktops of my users with Xfce on the next upgrade. Other users may have other needs. E.g. one of positive effects of Ubuntu was that some developers and users preferring smaller and unstable distribution with frequent updates and more buzz have left Debian in favor of a somewhat similar distribution better suited to their needs. This is all right and there has been less tension in Debian since then as there are less attacks on its principles -- I think both Debian and Ubuntu users and developers are happier now.
Reply to this story:
Fri, 12 Oct 2012
Failed SSD
Yesterday I went to a meeting and brought my laptop with me. I made
notes to a text file, and after the meeting closed the lid (my laptop
is configured to suspend then) and went away. After returning to my
office I have opened my laptop and seen only error messages from
the sda drive.
The drive was totally dead, and did not work even in another computer.
After plugging it in the SATA controller only printed something like
"resetting SATA channel", so it did notice something has
been plugged in, but nothing more. I had to teach my UNIX course in two
hours, so I had to quickly find a replacement, install a new system,
and configure it for presentation. Fortunately, I had a "spare" 2.5" drive
prepared as a replacement of the root FS of my workstation. So I deleted
the already configured system for my workstation, and used that.
Have you anybody seen a similar problem? The drive was "iops-optimized" OCZ Vertex II, about a year old. Fortunately, I use LUKS, so I can send it back to the vendor without worrying about my data.
2 replies for this story:
Lukas wrote:
We have SSD drives (250GB KINGSTON) in our workstations. For last year and half, we encouraged 5 total drive failures in our 7 member team. I think that this technology is still immature.
Jakub wrote:
If you still run Fedora, make sure that TRIM is enabled w/ LUKS: http://forums.fedoraforum.org/archive/index.php/t-278455.html
Reply to this story:
Mon, 06 Aug 2012
Enterprise Bug Fixes
Today, an unimportant but interesting bug #313291 has been fixed in RHEL 5. Here is the timeline:
- 2007-09-30: I reported the bug.
- 2007-10-03: The package maintainer found the upstream change which fixed the bug.
- 2007-10-05: I have verified that this trivial patch fixed the bug for me.
- 2012-08-06: The errata and the fixed package have been released.
I am grateful that the bug has been fixed after all this time,
but I don't use RHEL 5 anymore, and mutt in RHEL 6 got the fix
from the upstream.
I wonder why they even bothered to fix the bug after so much time,
and even release the new mutt package fixing this single bug.
This is not a complaint, this is hopefully an interesting insight to
the release process of RHEL packages. Maybe some high-profile customer
wanted this bug fixed. Who knows?
2 replies for this story:
Vašek Stodůlka wrote:
...or maybe some package maintainer, whose salary is dependent on how many bug fixes he delivers, wanted to earn some easy money, or package maintainers have a new boss, who want to earn some points and he wants to have "fixed bugs in month" key performance indicator higher, than the previous man. :-)
wrote:
... or maybe we just reached 5th year of fixing more important issues of RHEL5. :))
Reply to this story:
Mon, 02 Jul 2012
404: /undefined
In IS MU, we log and evaluate errors in HTTP
requests, including "404 not found". When the Referrer header
points back to our site, we try to look for a broken link.
Recently (last month or so), strange 404 requests started to appear in our
log file:
These requests point to the location /undefined, with referrer
being our root document, /. And the referrer is not fake,
there is always a successful request to / from the same IP
address from several seconds ago. Occasionally we get similar 404 requests,
pointing to /lide/undefined, or /vyhledavani/undefined,
with referrer being /lide, or /vyhledavani.
We are not able to reproduce the problem. It is not User-Agent-specific
(altough most of the User-Agents with this problem are Chrome), and it
is not deterministic: we got tens of these 404 requests daily out of
milions total requests (and out of tens of thousands of requests to the
title page). These requests are always for a non-authenticated page, and
always for a page which is a directory (i.e. which is represented by the
index.html or index.pl document in that directory).
I think it is related to some Javascript we include to the title page - maybe JQuery, maybe Google Analytics. I have tried to remove the Google Analytics Javascript from our title page for a day, but it did not make the problem disappear. Also, our git log from the time these requests started to appear does not show anything related. We have found the following possibly related discussions:
- http://productforums.google.com/forum/#!category-topic/analytics/discuss-tracking-and-implementation-issues/oqEgEM3rc8M
- http://stackoverflow.com/questions/11017609/undefined-randomly-appended-in-1-of-requested-urls-on-my-website-since-12-jun
So, my dear lazyweb - any ideas what can be the cause of this behaviour?
UPDATE 2012/07/03: It is probably AJAX
Yesterday have added a new image to the 404 page which meets the above
conditions (location ending with "/undefined",
referrer being the location minus "/undefined"), and
so far after > 12 hours I see exactly zero accesses to that image
in my Apache logs. So this error is most probably caused by something
that users can't see, i.e. AJAX requests. Not the window.location
modification that himdel suggests in the coments.
2 replies for this story:
himdel wrote:
I think it's the autocompletion .. or, more specifically, ancient jQuery:
- go to /lide/
- there's this result handler: var span = document.createElement('span'); span.innerHTML = item[0]; window.location = $(span).find("a").attr("href") + url_params;
- span gets set to <span></span>
- but $(span) yields null
- null has no find method, so the while $(span).find... expression yields undefined
- window.location = 'undefined' goes to /lide/undefined
Yenya wrote: Re: himdel
Thanks, I will look at the autocompletion. But this would mean item[0] was set to an empty string. Moreover, I don't see any request to autocompletion (/naseptavac_data.pl) in my access logs before the request to /undefined is made.
Reply to this story:
Fri, 18 Nov 2011
Google Authenticator
For some time, I have been considering adding two-factor authentication to my systems in order to prevent break-ins in case somebody's workstation is compromised (which is a common attack vector these days). One of the systems for one-time passwords is Google Authenticator.
G-A has an application for many smart-phone platforms (Android, iOS, Blackberry), and has a PAM module, which is even packaged in Fedora. It stores users' secrets in a file in the home directory, and uses 6-digit time-based passwords and 8-digit emergency scratch passwords. The configuration in Fedora is pretty straightforward:
yum -y install google-authenticator- In
/etc/pam.d/system-authandpassword-auth, changepam_unix.sofromsufficienttorequired, and after that line, add the line which reads "auth sufficient pam_google_authenticator.so". - Install the G-A application to your smartphone.
- Generate a new key using the
google-authenticatorcommand. - Add the key to your smartphone, either directly or using a QR code.
- Profit!
There are several problems with SSH-daemon, though:
- With SElinux enabled, it does not work.
- When public key authentication is allowed in
sshd_config, it also does not work (use "PubkeyAuthentication no" in/etc/ssh/sshd_configand restartsshdif you want to test it).
Especially the second problem is pretty serious, as I wanted to allow also public key + one-time password authentication there.
So, my dear lazyweb, what kind of two-factor authentication do you use?
2 replies for this story:
Adelton wrote:
Dan has just released post to his blog at http://danwalsh.livejournal.com/48161.html -- I did not dig deep whether it solves or just reiterates the SELinux problem thou.
Yenya wrote: Re: Adelton
Yep. The SELinux team has definitely the best response time (and attitude!) in Fedora bugzilla. There is further discussion ongoing in this BZ entry. For all interested parties, I suggest to continue discussion in that BZ.
Reply to this story:
Mon, 03 Oct 2011
Dear Customer,
[...] we would also like to inform you about the following change
in your network: a new address has been assigned to you:
2001:4cc8:...::/64.
Netbox apparently supports IPv6 now. Yay!
2 replies for this story:
dan wrote:
I got that e-mail as well! I've got to try it, hopefully it's not an error in the matrix :-).
Cohen wrote:
https://konto.netbox.cz/sco/network/ipv6
Reply to this story:
Wed, 15 Jun 2011
High-Performance HTTP Servers
Yesterday I have read about Apache Traffic Server. My dear lazyweb, do you use something like that (or Nginx)? What is your main reason for using it? I wonder why use user-space solution, when IPVS works pretty well for load balancing.
1 replies for this story:
Miroslav Suchy wrote: Perlbal
I used to use Perlbal as reverse proxy server. Why I did not used some kernel module? User space is much better for maintenance. At least for me. I can create new instance of Perlbal in 5 minutes and it will not require maintenance ever. I could not say that for kernel modules as I'm upgrading kernel whenever update from distro come.
Reply to this story:
Tue, 24 May 2011
Mysterious Source Code
About a month ago, I have spotted a two-page listing of source code in our printer room/kitchenette. I have glanced over it briefly, and during subsequent visits to the room, I became more and more fascinated by it. Finally, about a week ago, I have grabbed it for myself, because nobody seemed to care about it anymore. So here it is, in all its glory:
Click the thumbnails for full-size images. Sorry for not providing a plain text version, and sorry for the Czech language in the comments. I have two reasons for which I find it really fascinating:
- There are two pages of source code, which does literally nothing. It only wraps an existing class with a new one with marginally different API (two exceptions joined into one exception, and retrying in case of failure). Nobody sane would write these two pages by hand, so I expect the code has been at least partially generated by some IDE. Obviously nobody can expect the code to be read by a human (actually, not read, but carefully examined for traces of some non-trivial application logic, should there be any). So I wonder what the present meaning of "the source code" phrase is, when it is no longer written nor readable by humans.
- The only real "application logic" is the
for-cycle near the end of the second page. And even this has been totally destroyed by the "every block should have only one exit point" mantra of the programming theoreticians. Adding a simplereturnstatement when the message sending finally succeeds would save them the following:- a boolean variable
- a complicated condition in the
for-cycle - an
ifstatement when the maximum number of tries is reached
I can only hope this is some kind of a silly example and not a real assignment given to the students of the Programming in Java course. I think the students have to be taught that mid-layers are root of all evil, and not some highly theoretical (read: impractical) rules like "goto is evil" or "a single exit point only".
4 replies for this story:
gRis wrote:
I would have said it is a code snippet for the Public Administration Informatics guys, but it reminds me too much of the atrocities we used to create in PB162 several semesters ago. I suggest you ask in the course discussion forum, or submit it to TDWTF.
himdel wrote:
Nope, this was an actual PB162 homework, I remember having to write something very similar. Courses like this are what made me really despise Java (I don't, anymore, but I still think it's rather silly). However, IIRC it was meant to teach about chaining exceptions, which it probably does well. And while they might have taught the single point return nonsense, there were only automated tests so the student who wrote that could have written it better.
EL wrote:
Having taught Java (meaning I was the "teacher" on the excersises for two terms) I'd say that this is just silly looking excersise, with empasis on the word looking. My guess is that this is a way to teach students how to use exceptions (which you have to do a lot in Java). Normally, on such a small piece of code, you wouldn't bother, but this is how the students IMHO get used to the exceptions. BTW: While I understand the "old programmers" desire to minimize the amount of variables etc., from my point of view there are two most important things that should be considered regarding a source code: - readability (that includes consistent coding) - the best available complexity (in the terms of computational complexity) So in this case, the return would definitelly make more sense than the overcomplicated condition, but the (non)existence of the boolean variable doesn't seem so relevant (although it vanishes from the code as well as a result).
EL wrote:
Ooops, sorry for the (non)formatting, I tought it would be preserved.
Reply to this story:
Mon, 23 May 2011
Lost GUI features
Contemporary GUI applications have several problems which, if I remember correctly, previous systems did not have. I wonder whether somebody else also considers it being a problem:
- Creating a new file
- Almost every TUI text editor (like
vim) happily accepts a non-existent file
as a command-line argument, and the straightforward interpretation is
"user wants to start working with a new file". On the other hand,
most GUI applications simply complain that the file does not exist,
and some‒like OO.org‒exit after that
message. Other GUI apps,
like Gnumeric, present
a warning, but then open a new work with the default file name
(
Book1.gnumericin the case of Gnumeric) instead. - Working directory
- The file open/save dialog of contemporary GUI apps does not offer
by default the working directory from which the application has been started,
and uses some silly default (such as
~/Documentsin case of OpenOffice.org). Even gThumb needs to be explicitly told that the user wants to browse the current directory with the "gthumb ." command line. - Iconified applications
- Once upon a time, in a stone age of GUI computing, there was a twm window manager. When the application window was not needed on the screen, twm could be used to iconify the application. All applications, and all instances of them, could be iconified and then restored back the same way. Then Windows 95 happened, and it started to minimize the applications to the bottom panel instead of iconifying them to any place in the desktop. It also reused the desktop icons as application shortcuts instead of representing the minimized running applications. Unfortunately, the panel was too small for so many running minimized applications. Users stopped expecting to be able to restore the application after minimizing it. The applications which required to be minimized and restored back frequently (music players etc), developed their own means of minimizing, the notification icon area. So we have the iconification back, only not usable from all applications, and with each application implementing it in its own crappy way.
So what other important features of the "desktop of the past" do you consider missing from the present GUI systems?
UPDATE 2011/05/23: Iconified Apps
I have just discovered that XFCE4 in Fedora 15 allows the desktop icons
to be switched between the Application launchers/shortcuts and Minimzed
applications modes. Yay!
8 replies for this story:
Jiri Appl wrote:
Actually KDE apps still adhere to the first two points. Or at least kwrite and kword do. As for the iconified applications, kwin supports showing only the title bar of a running application.
Jiri Appl wrote:
Actually KDE apps still adhere to the first two points. Or at least kwrite and kword do. As for the iconified applications, kwin supports showing only the title bar of a running application.
Obvious Troll wrote:
Well, why don't you go and fix it? It's not like they're Microsoft apps, right? ;-) On a more serious note, I completely understand your frustration. I have to spend hours fixing (i.e. reverting crappy GUI decisions) applications every time a major release comes out. It feels as if there were some saboteurs writing bad code to make us switch to commercial software. I already did that in the case of Microsoft Office.
Yenya wrote: Re: Obvious troll
Why don't I fix it myself? Well, I expect the said behaviour is intentional so the patches will not be accepted. And I don't want to fork it. As for MS Office - their Ribbon UI is a prime example of what I _don't_ want to use.
Obvious Troll (not anymore) wrote: Re: Yenya
I am not convinced that it's entirely intentional. To me it seems more like something no one thought or cared about enough to fix. Anyway, you could either make it an option in settings or, in the case of creating a new file, turn the alert into a dialog. Regarding MS Office, I still have the pleasure of using the old UI as I have Office 2003. I wish they left the old UI as an option, but apparently one just _can't_ have it both ways. Anyway, the features are more than enough for the work I do and as long as there is some backward and forward compatibility, I should be fine. Maybe the problem lies not in the fancy new UI, but within us. Maybe we're getting obsolete almost as fast as our computers, and are being phased out by the young and progressive users. And maybe I should grab my cane, take out my false teeth and end this rant :-)
Milan Zamazal wrote:
IMO a sane user uses OO.org just as a document viewer or to edit (when being forced to do so) documents delivered to him. So complaining about a non-existent file makes sense to me. It's not a bad idea to use separate directories for different purposes so it makes sense to offer something else than cwd (that is typically $HOME) as the default directory. Of course, a civilized application should be extensible and so the default directory should be settable to anything (including cwd) by the user but that's another problem. As a user of an extensible tiled wm I don't understand why to waste screen space for either window bars or any kind of icons. A music player definitely doesn't require to be "minimized", my wm simply puts it automatically in its own workspace bound to a given hot key and the most frequent player operation (play/pause) is bound to a multimedia key on my keyboard without the need to display the player at all.
Yenya wrote: Re: Milan Zamazal
IMO tiling WMs suck. The main problem with them is that they resize xterms, and I want my terminals to have exactly 80 characters width. Another problem is that without window decorations, it is not easily visible which window has focus (which is also my objection to most themes of the non-tiling VMs; some of them display focus state only by changing the title bar, not the whole decorations). And music player in its own workspace? Having to switch to that workspace every time I want to do something nontrivial with it? No way.
Milan Zamazal wrote:
Tiling WMs are not for everyone, but they don't waste screen space and your complaints about them are invalid. If you always use the same font for your xterms, you can arange your workspace to make them 80 characters wide. Or you can use a floating window group (workspace). You can customize frame decorations to make the focused frame more visible if you want. I don't understand what's the problem with switching workspaces, you just press a hot key to switch to the player's workspace and another hot key to switch back to the original workspace. Don't forget that tiling WMs are based more on logical than visual concepts – and it's not easy to get free of some stereotypes (my own experience).
Reply to this story:
Fri, 20 May 2011
GNOME 3
After installing Fedora 15 in a virtual machine, I have decided to give GNOME 3 a try. Firstly, it is really slow over VNC. While GNOME 2 has been pretty usable for testing various new applications in a virtual machine, under GNOME 3 it is almost impossible. Here is a screenshot on which I will demonstrate my problems with GNOME 3:
Firstly about the file manager. I use mostly command line for managing
my files, but using a file manager is sometimes handy nevertheless. One
of the features I often use is the "Places" list. In GNOME 3, it is presented
differently in the Places menu and in the file manager itself, which
is a clear usability bug. When I wanted to add another directory there
(I often use ~/tmp as my sandbox),
it took me at least 10 minutes to discover
that "Bookmarks" is what I probably want. And even then, the newly added
bookmark is added to a submenu instead of the main Places menu.
Also, I did not found any way how to remove those useless predefined
directories like Videos, Music, etc.
from the left sidebar. Even when I have deleted them from my home directory,
they still remain in the sidebar.
Another ugliness is that the new window manager does not decorate the windows properly, and instead relies on the applications themselves to provide things like resizing handle in the lower right corner (see the gnome-terminal window). Not only it looks ugly as hell, it also obscures the space the application expects to be visible. I will probably file this as a bug report when F15 is officially released, but I expect in a truly GNOME-ish fasion it to be solved by removing the "scrollbar on the left side" option :-/.
Anyway, it seems that XFCE+Sawfish combo works as expected, so I am definitely leaving GNOME when I install F15 on my workstations.
6 replies for this story:
thingie wrote:
You don't get "real" Gnome 3 without GL compositing, the new WM (not this one) needs it. It is quite different from this and it also has a new panel, without "Places" or "Applications". Given that even "ordinary" 3.0 is still rather incomplete, it's no wonder that this fallback environment is lacking even more.
Vašek Stodůlka wrote:
My desktops were Afterstep (doen not seem to be alive) - Windowmaker (similar) - waimea 0.4 (furter version were totally something else) and then went to gnome. It was not great, but everything worked and I liked the GUI simplicity. Now it looks also to xfce migration, or maybe I will go back to Afterstep, just for fun. I liked downloading plugins as source and coppiling that tiny-lovely one file binaries. I feel like i want to go back to the roots for a while.
Karel Zak wrote:
yum install cdargs ... for command line "bookmarks".
Yenya wrote: Re: thingie
I stand corrected, thanks! I have tested a real GNOME-3 on a physical machine (my wife's laptop :-), and after using it briefly, she is also migrating to XFCE now. For me, GNOME-3 looks like a smartphone/tablet UI - oversized title bars and scrollbars are the prime example of that. BTW, does anybody know how to add my own program/script to the list of favourite applications? Do I have to write the .desktop file for it?
Yenya wrote: Re: Karel Zak
Karel, I can manage my command line pretty well, thanks for asking :-). What I wanted was to have ~/tmp in every file/save dialog.
Yenya wrote: Re: Vašek Stodůlka
What I liked on GNOME-2 was the integration with hardware - it was usable even for my parents. Also the file manager was pretty good. For the first time after many many years I have used a GUI file manager when reviewing the documentation for the new faculty building. It was a three-levels deep directory tree with files named with mixed case, spaces and diacritics (often in more than one charset inside a directory).
Reply to this story:
Tue, 03 May 2011
Rethinking Cron
cron(8) is one of the oldest tools in UNIX. Despite of that,
I think cron is not something to be proud of. In my opinion, it
falls to the unfixable designs
category.
The recent attempts to fix it (factoring out atd(8),
a dirty hack that is anacron(8), etc.) show some of the problems
of cron. My recent experience confirms it:
This is the load average graph from our server, which runs periodical jobs of
IS MU. Around 2 pm, I have rewritten the
main crontab joining several similar tasks to one line, and adding several
seconds delay between their startup. The groups of tasks are now started by a
simple Perl script which handles redirecting STDOUT and STDERR, and handling
the return code. The Perl script is started using exec in the
crontab line, saving one more process.
This way, I have managed to get the number of jobs which are
simultaneously started in the peak minutes of an hour from 155 to 13.
The system does exactly the same amount of work as before, but most of the
work is evenly distributed across the whole timeframe, not started in parallel
the first second of a minute.
This is one of the big weaknesses of cron. I think the future
cron will need to support the following use cases:
- Starting jobs approximately in a given period, but not exactly at the beginning of a minute.
- Starting jobs the given period after the previous instance has finished (and maybe warn if the previous instance keeps running for too long time).
- Run the job weekly, near the beginning of the weekend (not at some random
time as
anacronand/etc/cron.weeklydoes). See Fedora bug #671076. - Start a job several times in parallel (depending on number of CPUs or something like that), and restart them after some of them finishes.
What periodical and semi-periodical tasks scheduler do you use? Will
systemd
be the answer to these problems?
2 replies for this story:
Vašek Stodůlka wrote:
I miss the feature not to start when previous instance of the same line is still running. I use "lockrun" for this, but it is not a package in most distributions, so it has to be some better way...
xbezdick wrote: systemd
Lately when I was complaining about systemd somewhere I mentioned that it's already big enough to take over from cron and do even it's job...
Reply to this story:
Fri, 01 Apr 2011
git-diff(1) Dark Color Scheme
The default colored output of git-diff(1)
and other commands is a bit ugly in my terminal with dark (green-on-black)
color scheme. Here is how to fix it:
git config --global color.branch.current 'yellow bold' git config --global color.branch.remote 'cyan bold' git config --global color.diff.new 'yellow bold' git config --global color.diff.old 'red bold' git config --global color.diff.meta 'cyan bold' git config --global color.diff.frag 'white bold' git config --global color.diff.commit 'white bold' git config --global color.status.added 'yellow bold' git config --global color.status.changed 'cyan bold' git config --global color.status.untracked 'red bold'
Hope this helps - I had to read the source code to find out where the color of the commit ID in git-log(1) is set. The above can at least serve as an example (after all, I don't expect you to have the same taste for colours), and for my future reference.
