Thats the consequence of wasting effort rewriting the screensaver app (and all other basic apps) over and over and over, instead of focusing effort on writing more important things like Adobe CS and the like.
Once they fix all embarassing bugs, they'll simply throw everything away and start rewriting everything from scratch again. The main reason Linux desktop is dead is because Linux desktop developers treat it like the latest fashion fad instead of a commercial product you have to live off and be responsible for.
KDE4 killed Linux on the desktop for me. I loved KDE3, used it for years. And then they stopped maintaining it, and the next version was unusable for years. It's still not particularly good or better than KDE3, it's just different.
The same thing happened to me. KDE3 was one of the best desktops. Then things where going downhill, at least from my perspective.
There was also Kmail, once a very usable tool for me (I think, the best version also came with KDE3). Then after the update (I guess with KDE4) there where some bugs on receiving eMail that happened again and again. It was nasty (I still can't get it, how they managed to kill the simple POP3 handler) but I could use my mail still. After that with the next update came a version that did not manage to import my old mailboxes that I had managed with Kmail for years. They simply killed this once good application for me! Just for gimmicks. Today I use webmail, though I don't like it. Also they managed to cripple KDE4 more and more ... The desktop applications did not do what was documented and they fixed bugs, that did not exist, thus removing or crippling once valuable options ... There was also a bug filed for that, but the developers just did not listen.
Now I use another desktop, but I fear, one day I also need to kick this one, since I see similar behavior -- adding or removing features, complete rewrites, just because it is a nice mind-game or in fashion. I also where thinking to use a really old desktop that nobody uses anymore, just to be free from feature-creep and fashion-ism. I need the computer to work with, not playing mind-games and update-platformers!
> It's still not particularly good or better than KDE3, it's just different.
You're right, it isn't better.
When I last tried using it (November last year), parts were unusable -- for example on the workspace switcher (the panel that shows your workspaces) I couldn't see the windows that were on each workspace, because the idiot who had coded it thought it more important to make the control look shiny than to display the windows.
I use xubuntu/xfce now. I've no time for fuckwits who just want to jump on the newest trendiest technology bandwagon
What does this have to do with Linux? Every OS evolves, free or not free. At least with linux you occasionally have things like MATE happen (forking a previous, popular version). And you have xfce, dwm, fluxbox, and dozens of other choices that fit to your liking. KDE kind has the market corners on that style of WM though. The only others like it are lightweight like LXDE.
Linux needs more people writing stuff like Adobe CS replacements (and tons of other tools and core functionality besides), than it needs people rewriting the screensavers.
Yeah, and with regards to wide desktop adoption (as opposed to server adoption or "it's made to scratch our needs, who cares for mass users"), that's a problem.
Especially since people who DO want to write stuff like CS that tons of users use everyday on Windows and OS X, usually don't program for Linux.
>There's no Adobe CS alternative because the people using Linux don't need/want that tool.
I used Linux and I could use such a tool. I'm pretty sure there are others. In fact, one of the founding blocks of desktop Linux wasn't GIMP (which gave Gtk and Gnome)?
The people who want it (designers) overwhelmingly use OSX and aren't looking to switch.
Why would they, since they can't find programs of equal calibre to what they use in it? On the other hand, designers and video editors and common users switch from OS X to Windows all the time.
People write what they want to write. There's no Adobe CS alternative because the people using Linux don't need/want that tool. The people who want it (designers) overwhelmingly use OSX and aren't looking to switch. It would be a wasted effort to make such an application, but if you think there's a market I'd love to be proven wrong.
Well you may have cause and effect backwards. More likely the people who need Adobe CS won't consider Linux simply because it won't run it and has no replacement!
Basically. I don't think there will be ever a replacement just due to the overwhelming complexity of it. Unless we can deal with Pantone and other weird colour spaces on linux, nobody will switch.
Not sure how accurate these figures are, but they make sense considering the environment -
I asked Adobe (just before they released CS3) why it supports Mac OS X. I received a response from Russell Brady, PR Director of Adobe. According to Mr. Brady, Adobe’s sales in its last financial year (2006) “were 77% Windows and 23% Mac. In some markets, such as the creative professional space, the Macintosh percentage is even higher. The Macintosh market is huge for Adobe and, by most estimates, we’re the largest supplier of Mac software on the planet.”
I don't really agree about the importance of putting effort into these things- almost every user wants well-designed, polished interfaces for launching applications, reading email, surfing the web, listening to music, etc, and a very large percentage of users only want that. You could well be right about a lack of discipline in writing and rewriting, rather than improving what's there. But then I look at elementary OS, which has focused on doing exactly what you are complaining about, and that seems to be a major success.
> The main reason Linux desktop is dead is because Linux desktop developers treat it like the latest fashion fad instead of a commercial product you have to live off and be responsible for.
>The main reason Linux desktop is dead is because Linux desktop developers treat it like the latest fashion fad instead of a commercial product you have to live off and be responsible for.
Xscreensaver is a thing and you can use it.
It's no secret that ubuntu's desktop has been a basket case, but it's not the only available option even with ubuntu - let alone on linux. kubuntu is fine, and xubuntu is awesome (neither of which use this screensaver).
The reason why the linux desktop never took off was because microsoft used its not insignificant market power to squash it each time it was about to take off.
Not because of a silly screensaver that got rewritten.
The linux desktop never took off because of petty things like rewriting the screensaver every few years, while letting things users care about, like backwards compatibility, incremental change, etc, all get in the way. I gave up on the linux desktop because every other version seemed to be a jarring change along the lines of windows 7 to windows 8. After a while, one gets tired of having to relearn things and just wants a system that works.
I think you're giving Microsoft too much credit. Linux on the desktop failed for a lot of reasons. Major fragmentation and lack of focus are some major ones.
1. This bug was filed before Ubuntu 14.04 was released
2. This bug was patched before Ubuntu 14.04 was released
3. You're an obvious troll account based on the username "muuh-gnu"
4. Most of your arguments are unfounded and opinion based.
This is an exaggeration you had to make to prove your point (and the reason you had to exaggerate is because you don't actually have a point, which anyone can see by actually doing some research). Most Linux threads on HN seem to end in an anti-linux circle jerk, while the people who are actually presenting the facts get downvoted. The actual usefulness of Linux based operating systems are highly and disproportionately discounted on HN as it is a fact that the majority of computer users spend most of their time inside a browser talking on social media. Now this would be a good point to refute, but whenever the subject comes up the replying comments always seem to diverge from this subject and postulate a different argument that supports their view point while completely disregarding the point the parent comment made.
If you believe that 90% of computer users need photoshop and advanced features of word and excel (you can use both word and excel online though, without windows installed), then fine, show me some proof, don't just say "It'll never happen you guys are dumb", come up with some evidence to support your claim. I mean, new versions of Linux are as easy to use as an iPhone (app stores, home screens, big pretty icons) so if people can learn to use iOS they can obviously learn to use Linux. This week I'm switching over 4000 computers to Ubuntu 14.04 for a tech support company. Last week I did around 2000 for a call center based around ordering small sausages and cheese. Currently I have about six more contracts that are being negotiated to set up even more Linux based machines. I have the ability to switch about a thousand a day because of how the computers in these places are networked. Can you believe they were running Windows 7 to emulate DOS? One of the contracts I'm currently negotiating involves switching a thousand computers from XP to Ubuntu 14.04 and all they use the computers for is a web app that the workers use to send what they call "technical requests" using browser based web apps that all work in firefox. I could go on.
The few people in these companies that are actually skilled workers and need Windows compatibility for some reason are either using "Windows labs" that we set up specifically for them or we're running a remote version of windows on a server and streaming whatever they want to a Linux box.
In my experience Windows is not needed in 90% of cases and when it is it's for a skilled task that involves skilled workers. It's a fact that skilled workers do not make up even close to a majority of the work force. Also, Ubuntu is certified to run on 70% of desktop computers: http://www.ubuntu.com/certification/desktop/ . One of the the manufacturers I work closely with is Dell and for the most part I haven't had any problems installing Linux on any business model Dell desktop that there is. Business models don't typically come with high end nVidia GPUs and other unnecessary hardware, so upgrading to Linux is no problem most of the time. On budget and typical business systems Linux seems to be the king of resume times and performance (at least in my experience). I've only used windows 8 on an employees laptop and from what I can tell, it wasn't made to perform well on his Toshiba to say the least. I've seen both windows 7 and windows 8 running very well on the right hardware though. The performance of windows on budget hardware (~75% of consumer) is mediocre at best, which is unfortunate, but what's even more unfortunate is that because a select few can get Windows performing amazingly on great hardware, the consumer market seems to think it runs amazingly everywhere. Hopefully soon it will, or people will come to their senses and realize installing windows on a low budget (average consumer grade) system is more trouble than it's worth.
If we want to talk about an insecure OS we can start with windows which is the king of insecurities. Do I even need to get into all the bugs people find after the release. At least this was found before the official release.
If anything there's a circle jerk around "why Linux can't be used for anything" which is pretty sad considering the people who come here consider themselves to be tech oriented but can't even use Ubuntu. I'd also like to mention that I have a friend who installs Linux for animation companies, including pixar, who use Blender and other open source technologies to make professional quality animated films. Can we stop pretending that Linux has no uses for anything?
Because it was already the most popular desktop in the world. It's so big that they can make bad decisions and still take the whole market in the direction of said bad decisions.
Scheme, Lisp, Smalltalk, heck even APL and J posts make it to the top of HN too, and those languages have been dead for the vast majority of developers for decades.
It's not like HN is a representative sample of the computing users at large.
The title is misleading. The bug was fixed before the release of Ubuntu 14.04, so technically, holding down Enter on Ubuntu 14.04 WILL NOT bypass lockscreen.
This thread should just be removed. It serves no purpose other than to disrupt and deceive. The fact that this crap has been on HN over an hour kind of makes me wonder what the mods motives are. I mean, posting a bug from a pre-release version serves no purpose other than to fan the flames of the anti-Linux circle jerk. I come to HN for intelligent discussion, not this crap.
Edit: the title has been edited since I posted this. It still serves no purpose though.
To those who are down voting, please explain why you think this thread should remain here?
> Who knows what bugs wait lurking in there; who knows which particular combinations of which libraries are a security-bug timebomb. [...] The GTK and GNOME libraries have never been security-audited to the extent that their maintainers would be willing to make the claim, "under no circumstances will this library ever crash."
> gnome-screensaver is brand new, bug-ridden, unreliable, and a security disaster waiting to happen
Actually this is not the first time this kind of bug happening. A few years ago, gnome-screensaver suffers from exactly the same kind of Bug: Keeping <ENTER> pressed would trigger a bug in GTK+ and crash the screen locker.
However jerking off to discussions about how to properly implement screen locker password input completely misses the point: That locking a screen/session from "inside" always will be flawed. There's an "easy" way to fix it: Instead of trying to lock a session with an inside locker, it should be detached from the terminal instead.
If you're working on just the text console this is a piece of cake: Use tmux or screen for the login shell and as soon as you detach from it you're getting logged out (a lot of people use this setup). There's no way a screen locker crash would pose a security thread, because there's no screen locker at all. Just the regular login which when crashing gets respawned.
Had XFree86/Xorg the capability to detach the X server from the screen, this would allow to log out to the regular display manager login and "unlocking" a session would be simply reattaching to it. Unfortunately the internal driver/device model used by XFree86/Xorg made it hard to impossible to implement such a thing (this is not a drawback of the X11 protocol per se, but the widespread implementations of it).
Luckily Linux is moving to a new graphics model and whatever we'll use in a few years, hopefully detaching graphical sessions will become as simple as using tmux/screen; then you'd close a terminal session instead of locking and no longer need a screen locker.
Really? The security bugs that have been reported in gnome-screensaver haven't had anything to do with the libraries it uses, and the bug mentioned in this story isn't even in gnome-screensaver.
Meh, I never expected a lockscreen to be a "real" security barrier. For me, its rather a deterrent for friends and family members, making them ask me before they can use my computer. Maybe this attitude comes from the old days where the linux screensavers were so brittle that they would crash by looking at them the wrong way.
Nevertheless, this bug is a big WTF and shows that it is not a good architectural choice to have the lock screen as just another X app. It would make more sense to have it in the kernel, and have one app that is allowed to supply a gui. If that app crashes, it is just restarted, or it falls back to text mode. If the user authenticates, the lock screen goes away and the main X server / wayland / whatever is reconnected to the hardware.
I think Windows uses alternate desktops/sessions (I'm not sure what the technical term is) for the lockscreen, as well as for the Ctrl+Alt+Del screen, so there is a similar protection at the kernel level. However, if winlogon.exe or anything related to the logon screen crashes, you have hardly any chance of recovering.
Meh, it's reasonably safe to have the lock screen in userland if you do it right. For instance, in recent versions of KDE the actual screen locking itself is handled by ksmserver (the KDE session manager) but password entry happens in a completely seperate process that it launches. If you somehow manage to crash the password entry program the screen remains locked and it gets restarted a few seconds later. Even if you somehow manage to crash ksmserver, that instantly kills the X session so you can't get access that way either.
The bigger WTF here is that holding down a key can cause an application to crash, an application that is (or should be) extremely simple in terms of what it has to do. I don't seem able to see the code changes that were made to fix this, but would really like to know just how this could even happen.
I don't think it needs to be in the kernel; the login process for *nixes has always been in usermode, and this arrangement hasn't proved to be particularly troublesome.
I don't know exactly how the fix prevents the problem, though.
As for "how this could happen".... it's code for a UI. There's always going to be weird timing issues, race conditions, etc etc. UI code is never as simple as it appears.
There was something written lately about how X does not do isolation, at all, easily letting people capture keyboard input that was being typed into a terminal during the sudo prompt.
A screensaver would not be immune to this as well when run in userland, in fact the same session.
I think there should be more isolations in place for cases like this.
That's incorrect - the screensaver is able to perform a full grab and prevent any keys being passed through to other apps. Which is why the screensaver won't trigger if you have a menu open.
Windows 3.11 to Windows 98 (and possibly later) let you click 'Cancel' at the login screen so you wouldn't need a user/pass at all to get access to the desktop. There was also the 'safe mode' option if the login prompt really was an obstacle. This easy login was a feature, not a bug.
That's about right. That's why I use xscreensaver. It actually locks the screen and doesn't unlock the screen for random (non-)reasons.
My coworkers mostly use gnome-screensaver. Many of them have sent emails along the lines of, "Hi everyone, I should lock my screen." to popular mailing lists.
That is why one should _never_ make cute critical error messages. Cute success and "ok" messages are passable. Cute _fail_ messages are just getting people to get enraged and ridicule you. They time they see that message is probably not a funny happy time for them. So it won't be taken the way it is intended.
Downvotes, really? Someone posts a bug that's already been reported AND FIXED /before/ release, and yet they word the HN title as if it's a current bug just to get people to click on it, and to get the anti-ubuntu crowd to upvote it.
Once they fix all embarassing bugs, they'll simply throw everything away and start rewriting everything from scratch again. The main reason Linux desktop is dead is because Linux desktop developers treat it like the latest fashion fad instead of a commercial product you have to live off and be responsible for.