KDE Blogs 

In the last two weeks servers of Debian, Savannah and Gentoo have been compromised, as you probably noticed. And they won't be the last ones. Many people brag about the security of free software, but I have never seen a single technical reason why free server systems should be more secure. The only reason why there are fewer worms is that there's more fragmentation and the users are more experienced. It's easier for a worm to spread when 50% of the Internet's computer are binary compatible rather than only 0.1%. But when an attacker wants to attack a specific server, a Linux or OpenBSD server is not more secure than a Windows or MacOS server. This year there were exploits in the Linux kernel, Apache, OpenSSL, thttpd, MySQL, Samba, CVS, OpenLDAP, ProFTPd, Sendmail, PostgreSQL, Kerberos, rsync, CUPS, lsh and OpenSSH. Most of these exploits can be used by an attacker even without having an account on the server. In other words, you will hardly find a single server that has not been vulnerable for some time this year. Even worse, it's highly unlikely that those were the last exploits to be found, so you are still vulnerable after patching them. It's just a matter of time until an attacker finds the exploits. Read More

I've been thinking about what KDE is. Or what it means to be a "desktop environment" at all. KDE has many faces (and we're not just talking about kde:KJanusWidget :). The windowing manager (and associated KDE Panel) is the public face, but the infrastructure in kdelibs that makes the key applications (KMail, Konqueror, konsole, kdevelop, and lots more) not just possible, but consistent and reliable. The toolset in kdevelop, and the developer community are key parts of KDE too. Read More

so Ingo, in all his wilyness, got me into a debate on kde-core-devel over the new-ish address picker in KMail. turns out his REAL problem is that it is buggy. and he's right: there are several issues with it. some of it can be blamed on classes that were suposed to make it into the libs from kaddressbook that haven't, but there is some work that needs to be done, no doubt about it. getting me into a debate isn't all that hard (sigh) but the truly wily part about it: i've committed to spending some time on that dialog (which i didn't even write; hi Zack!) this week. huzzah! i suppose that's one way to get 3.2 into shape: debate people into fixing bugs ;) Read More

i've got several outstanding bugs to squash in kscd that represent regressions over 3.1. things keep coming up, or i keep getting prematuraly tired in the evenings: i have a lot on my plate at the moment, both for work and personal life. but i have to get the kscd stuff done this week. i think i'll take a couple hours out of work to do so. the problems don't seem very difficult, aside from the Linux ide-through-scsi emulation bug. that one's going to be annoying because it's likely due to work done on libwm by another hacker, so i'm not intimately familiar with every LOC in there and this just breaths of one of those annoying OS-specific quirks. such is life. Read More

Crazy things happening around Mahlah's computer this week. First she complains to me that her KDE (3.1 on SUSE 8.2) is acting up: it's slower than usual and rather flaky. It started up after she rebooted two weeks ago. I went downstairs to check it out and sure enough, it's much slower than it should be. She's only got 8 konqi windows open, kmail, a konsole with three tabs (one of which was ssh'd into a machine to irc from a screen session) and some text document open. That shouldn't slow the system down. The CPU isn't showing much usage but there's a distinct slowness and disk churning when switching from the desktop with all the browser windows on it to the one with kmail on it. So I take a look at the output of free assuming something must have gone run-away on the mem usage. To my astonishment I see that, for whatever reason, the system thinks there's only 32MB of RAM! There's many times that amount actually installed, but on the last reboot the system took a left turn somewhere and figured it would only use 32MB. It was only 8MB into swap, despite running sshd, cups, apache and the afformentioned KDE session. No wonder it was "slower than usual"! I'm just amazed that it was usable at all. Read More

Thanksgiving is in two days. I'm a vegetarian so I'm definitely not going to be eating turkey. Anyway, I've spent most of today with Coolo and Dirk talking about khtml, safari and regression testing. Coolo did a great job with regression testing. The rendering tree output is going to be a pain. Baseline output has to be pretty much regenerated after most changes to the rendering. Coolo thinks this will go away as we stabilize. We'll see. Dirk fixed the td p margin problem that was plaguing us. Cool stuff. Read More

I've been working on C++ bindings for libusb, which is a cross platform library for accessing USB devices. Currently I have a really hierachial class structure, where each Endpoint is in a Qt:QPtrList - the Interface. Each Interface is in a Qt:QPtrList - the Alternative Setting. Each AltSetting is in a Qt:QPtrList - the Configuration. Each Configuration is in a Qt:QPtrList - the Device. Each Device is in a Qt:QPtrList - the Bus. Each Bus is in a Qt:QPtrList - the Busses. Read More

Okay so now I have enough to start working on a KJSApplet installer [image:243,middle]. At this point KIconLoader works so we can get standard KDE icons. KIO works so i can download files off the internet, and I can create the files. Read More

On Sunday we held the first Kontact Bug Squashing Day. A couple of core developers met on IRC and tried to fix some Kontact bugs. We started with 431 open bug reports (Summing up the reports of kontact, kaddressbook, kmail, knode, knotes and korganizer) and ended with 419 open bug reports. This doesn't sound too impressive, but we were able to address some of the remaining major problems, so all in all it was a success and not to forget it also was fun. Read More

Yeah, im insane... but you can. Check out cvs:[kdenonbeta/applets/kjsapplet] from cvs and build/install it. Next comes the fun part. There are 3 files, an .la file, desktop file and a js file. The desktop file is the same as they are for normal kicker applets. The la file is a bit more interesting, this is here to fool KDE into loading the javascript properly. Ideally we can make this go away in KDE 4 or 3.3 at the earliest. The la file must match the library name in the desktop file and must be unique on the system. This will get installed into the $KDEDIR/lib directory with the other.la files. The last step is to write your ECMA Script :) Read More