Posts 

The Linux Show went rather well tonight. George was a great co-guest, and I think we handled the questions well in general. We maintained a positive and factual yet enthusiastic air throughout. Even the SUSE/Novell/Ximian and User Linux queries went well. They had a record number of people attending tonight; even the IRC channel had ~80 people in it (they usually only have ~50). So, they were happy with it too. Good fun and a great way to get KDE some positive exposure. I'm feeling rather spent now, though. Time to find some wine and a good book.

no blog since august 29th, so I will continue on this ....

Every time I read a bit of news regarding the Linux desktop, I find myself asking myself: are they reporting on something that has happened or that will happen in the future? I fear that many of our colleagues in the Linux desktop struggle are trying to sell a tomorrow that doesn't exist yet because they feel that they have, so far, lost. This has the potential to blow up in so many horrible ways: people will start expecting tomorrow's abilities today; people will wait until tomorrow rather than act today; competitors will see where we are headed before we get there and be able to act with initiative; those promising may not deliver or even be around in their current form to deliver; what we want to accomplish today may be scrapped in favour of a better idea tomorrow. KDE is very good at avoiding all this. Let's make sure we keep it that way. =)

working on kscd... fixed several bugs over the weekend... only several more to go =P auditing sucks. but it's so necessary. i read over libkcddb tonight and caught several issues, including classes used in a QValueList that didn't have copy ctors or operator=s and a potential buffer underrun. kids, indexing with ints that can be negative isn't cool. anyways. auditing sucks. it's tedious, boring and not much fun. but it's just so easy to miss things in your own code, that having someone else look through it can make quite a difference. Read More

Okay so it was a cold Sunday morning, and I just couldn't seem to make it out of bed. So with my warm Powerbook, I hacked out this little cvs:[kdebindings/kjsembed/docs/examples/invaders/invaders.js|nugget]: [image:260,middle] Read More

Finally after a long time of messing with this, DCOP now works in KJSEmbed. Currently we support any type that can be used inside of a qt:QVariant. KJS functions can also be exported to DCOP interfaces now. This also gives us the ability to have connect dcop signals to local KJS functions. A good example that shows off how this all plays out is below: Read More

It's been a long long while since I came up with a blog entry here, mostly since I didn't do anything interesting for the public lately. KDE is still in a freeze, so I have been fixing a few bugs occasionally, nothing more. Read More

It has been said that some Free / Open Source software projects lack direction and vision, that it's all just a random herky-jerk towards an unknown or poorly defined goal. While this may be true of some projects (though hopefully not too many), KDE is not one of those projects. Right from the beginning, KDE had a vision. Matthias stated that he wanted to build a consistent desktop to counteract the menagerie of toolkits and methods common to X11 environments at the time and a full set of user-oriented applications on top of that environment. This vision has not changed significantly. Read More

In the last two weeks servers of Debian, Savannah and Gentoo have been compromised, as you probably noticed. And they won't be the last ones. Many people brag about the security of free software, but I have never seen a single technical reason why free server systems should be more secure. The only reason why there are fewer worms is that there's more fragmentation and the users are more experienced. It's easier for a worm to spread when 50% of the Internet's computer are binary compatible rather than only 0.1%. But when an attacker wants to attack a specific server, a Linux or OpenBSD server is not more secure than a Windows or MacOS server. This year there were exploits in the Linux kernel, Apache, OpenSSL, thttpd, MySQL, Samba, CVS, OpenLDAP, ProFTPd, Sendmail, PostgreSQL, Kerberos, rsync, CUPS, lsh and OpenSSH. Most of these exploits can be used by an attacker even without having an account on the server. In other words, you will hardly find a single server that has not been vulnerable for some time this year. Even worse, it's highly unlikely that those were the last exploits to be found, so you are still vulnerable after patching them. It's just a matter of time until an attacker finds the exploits. Read More

I've been thinking about what KDE is. Or what it means to be a "desktop environment" at all. KDE has many faces (and we're not just talking about kde:KJanusWidget :). The windowing manager (and associated KDE Panel) is the public face, but the infrastructure in kdelibs that makes the key applications (KMail, Konqueror, konsole, kdevelop, and lots more) not just possible, but consistent and reliable. The toolset in kdevelop, and the developer community are key parts of KDE too. Read More