not all change is progress
March 2, 2015
Direct download links: MP3 & Ogg
Time was when KDE looked like something created by a hyperactive child let loose with a box of crayons. Whilst still offering a befuddling array of configuration options, aesthetically it’s now all grown up – and actually surprisingly attractive. We kicked the tyres on a couple of recent KDE distros that aim to offer the user quite contrasting experiences.
Just why is proprietary GUI software often better than the FOSS alternatives? Hear our thoughts on this after our usual coverage of the news, your feedback and our excursion into KDE-land.0:05:35 News
Bodhi Linux 3.0.0 Release
OpenStreetMap now has A-to-B routing built in to the homepage
Symple Introduces the $89 Planet Friendly Ubuntu Linux Web Workstation
Samsung’s Linux-Based Tizen Phone Proves an Unexpected Success
Pebble Time – Awesome Smartwatch, No Compromises
Odds ‘n’ Sods
Internet of things starter kit unveiled by ARM and IBM (official IBM link)
Congratulations to Martin for Ubuntu MATE gaining official status for 15.04; and now listing on DistroWatch
The truth about Purism: Why Librem is not the same as libre
How hackers could attack hard drives to create a pervasive backdoor
Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections
Some notes on SuperFish
Thought Komodia/Superfish Bug Was Really, Really Bad? It’s Much, Much Worse!
Lenovo’s Promise for a Cleaner, Safer PC
It’s Not Just Superfish – Your Computer Blindly Trusts Hundreds of Sources
The Great SIM Heist: How Spies Stole The Keys To The Encryption Castle
Did NSA, GCHQ steal the secret key in YOUR phone SIM? It’s LIKELY
Gemalto presents the findings of its investigations into the alleged hacking of SIM card encryption keys by Britain’s Government Communications Headquarters (GCHQ) and the U.S. National Security Agency (NSA)
SIM hack scandal biz Gemalto: Everything’s fine … Security industry: No, it’s really not
A huge thank you to Jonathan Spriggs for joining our Monthly Supporters, whose ranks largely keep this little ship afloat. And, as ever, thanks to johanv for his continuing support on Flattr.
Paddy mentioned that you can now find us on Stitcher, if that’s your kind of thing. He also grovelling apologised for a minor RSS snafu, which meant a broken audio feed for half a day. Yes, he’ll be running Fedora for the next week as an act of penance.
Dave Allan and Daniel Rossbach both offered further thoughts on our recent Over a Pint about social media, with Daniel flagging up the supposedly secure and ephemeral Pond.
And, speaking of secure messaging, Ivor O’Connor was one of several listeners who mentioned the Switzerland-based ProtonMail to us.
Richard Norton-Hall told us that the BBC is moving away from Windows Media streaming; whilst James Chappell made some observations about Joe’s recent First Impressions of the Pi 2. And also Pi related, Arold wondered if we’d tried the ODROID-C1?
The debate around ISOs vs scripts for derivative distros continued with some input from Esteban.
Thanks to Isaac Carter, Will, Steven Rosenberg, MikeF and Firefoxfan2702 for your comments on Ubuntu Touch and the bq phone. The Nielsen statistics that Paddy mentioned can be found here.
And thanks to everyone else who left us feedback on our website or elsewhere. Your views are always an important part of this show, and will remain so :)
1:06:01 Two Distros, Two Versions of KDE
We took a look at Linux Mint 17 KDE and the more aesthetically pleasing – but application challenged – KaOS.
1:53:28 Over a Pint
Our occasional discussion segment made a welcome return, albeit with a slightly controversial topic, as Joe wondered why it is that proprietary GUI software is frequently better than the FOSS alternatives?
You assume the powers spying on us want to do the right thing and that there is a right thing to do. Look at Pearl Harbor and how we had all the information to stop it. However American sentiment was very against going to war. The right thing to the average American might have been to stop the Japanese before the war started. However if Japan had been allowed to grow even stronger it might have been far worse. Usually throughout history there are two sides to each story. So though the NSA and other spying powers may have enough it will never be used in a knee jerk fashion…
What do you mean by your last sentence? I don’t see how it follows from what you wrote before it.
In my opinion the best way to keep out of spying
issues is to use a vpn service. I’ve been using the
BVPN app on my phone for a while. It’s free and seems
to work very well for me. https://itunes.apple.com/us/app/bvpn/id955436453?ls=1&mt=8
I use it for banking, I use it to get Facebook, Google+ and watch YouTube, Hulu, etc, which would otherwise be unavailable.. I trust it, and it’s got good reviews as well.
Thanks for an other show that really stayed true to the ‘generally being grumpy’ part of the mission statement – it is refreshing to see this amount of quite existential doubt in the premises of the show (re: value/superiority of FLOSS) being entertained.
Even though I almost exclusively use Free software gui
applications, I don’t entirely disagree with (a slightly
less generalised and sweeping version of) your criticism
of them in comparison with unfree alternatives. For me,
the Free software aspect is enough to gloss over minor
deficiencies in most cases, but, as you rightly say, for
most people this is not a pertinent consideration –
although I would say it should be.
In terms of what it takes to fix this, I suppose it is necessary to get different people involved in free software development. To do this, and e.g. reach artists and people interested in design, we will need to find ways to make floss communities attractive and rewarding, and communicate the value of free software in a way that isn’t just preaching to the choir.
I think this is possible, since free software has an empowering potential that can make these things happen (and does in the cases in which it works). So I suppose my answer would be to be more open, and not more like closed development.
Regarding the discussion of KDE, I have to vehemently
disagree with Jesse about their naming practices. It is
not the Konversation, Konsole and Kontakt group of names
(which are spelled with a C /in English/) that is silly,
but the KWrite etc. Random K’s are worse than ones that
actually work in the language originally predominant in
the project (German). Also, as with Okular or Calligra,
they are improving on this front.
And for those who have an issue with KAOS’ lack of supported packages, perhaps the KDE editions of Manjaro (the Manjaro/KDE iso or the rolling version of Netrunner, which are essentially the same) may be an option for a well configured KDE.
Although with the way the NSA uses private contractors do they want to stop terrosit attacks would that mean losing the costs of new funding after a terroists attack Which would be a horrible incentive to violate our privacy take taxpayer money and not protect anyone for profits.
I enjoyed the discussion at the end of the show about the lack of polish evidenced by many FLOSS GUI applications. The conflict of process-based and product-based concerns is something I think about often. FLOSS is much better at the process-based model; it excels at making a lot of small interoperable parts, internet technologies, programming languages, and tools for making other tools.
I work in an architectural and structural engineering firm, and I think building design and construction has the opposite problem. We try to sell building designs as products. But they would serve their users much better if they were designed incrementally, with an eye to user-empowerment, modularity, and extensibility. Budgets and schedules are a nessecary evil, but are always, to some degree, enshrined ignorance. They are evil because they encourage Big-Design-Up-Front thinking. I heartily recommend my favorite book about architecture, Stuart Brand’s “How Buildings Learn”, for more sentiments like this.
Also listening further you could use something like zsync to only download the differnces. I currently do this for dialy isos. Ubuntu has this for their dialy isos of server and desktop.
I backed the ProtonMail Indiegogo campaign last spring and have had an account since last July. Over that time ProtonMail has improved to the point where it now fills a valuable ‘use case’ for me, but I do not consider it to be absolutely secure and PM still lacking many features that would be necessary for it to be a complete replacement for my general email needs.
Despite media headlines asserting that ProtonMail is ‘NSA/GCHQ proof’, I’ve never seen that claim in any of the communications from PM. The ProtonMail website explicitly states as much. Encrypting individual emails with PGP or GPG is still the most secure private email method IMHO, but difficult to achieve when corresponding with non-technical recipients (like friends and family).
PM offers a more convenient means of encrypting the occasional confidential communication with friends and family that would otherwise probably not get encrypted at all. As the email service providers and ISPs here in the USA have made an industry out of harvesting our email content for private information to be used in any way that makes them profits, I’ve been looking for ways to block that abuse. I consider ProtonMail an option for added protection against abusive commercial service providers and criminal breaches, but not state-actor surveillance.
ProtonMail is certainly not yet a perfect solution for all email privacy needs but PM is still very young and already fills a valid use case for me. They have bootstrapped successfully with a very small team (originally 3) and hopefully will be able to continue their progress at a measured pace. Demand for their service has continuously outstripped their capacity over the last 9 months but PM has done a good job of gating the addition of new users as their platform and capacity has improved in my experience.
For those with a further interest in PM; I’ve seen some rather inaccurate reviews of ProtonMail on the web but this ProtonMail review by BestVPN is pretty accurate in describing ProtonMails’s current state IMHO.
FWIW, I also backed the Lavabit Kickstarter in 2013 which has now morphed into the DIME initiative. Any potential email privacy solutions from that endeavor seem to be very far out on the horizon, if ever. If any other listeners are aware of other good alternatives for email privacy I’d be very interested.
A friend of mine uses neomailbox.ch. He signed up for it before protonmail started because it was based in Switzerland. I still primarily use gmail. I’d love to find a good alternative, but I haven’t had the time to invest in it. So many important functions (banking, bills, healthcare, etc) flow through email that it is time consuming to switch and I want to make sure I choose wisely when I do. From a quick look, protonmail looks good, but I don’t know that I want to trust such a new company with so much important functionality. I am sure the security is respectable, but my concern is more about longevity. I am pretty sure gmail will be around for another couple years (the experiments with Google Inbox and the history of previous retired Google projects keep me from putting a longer time horizon on it than that). I have been bitten in the past by choosing the wrong cloud storage provider and had to move things around quickly.
I’d really like to minimize my ties to Google. On the other hand, I am conscious of the fact that switching away from gmail, even to a security focused service like protonmail, will involve giving up some security/privacy under certain threat models: If you take Google’s statements at face value that they only scan your emails automatically for ad injection and don’t sell your information to anyone else, the amount of privacy lost to Google is not that much. Meanwhile, Google has the infrastructure to encrypt and transmit email from one gmail account to another without much exposure to outside threats (assuming they’ve learned to harden their private network following the Snowden revelations). Since most of the other people I email use gmail and will never actively use any security software on their end, this protection provided by Google is probably greater than what I would get by going with any provider outside of Google’s network. Plus Google gets all of the messages that I send/receive from other gmail uses (the majority of my email) any way. I still want to move away from Google, but this line of thinking just prevents me from prioritizing something that I want to put a fair amount of time into before taking action.
SCaLE 13X (Southern California Linux Expo) was Feb 19-22 this year. Here is a Youtube playlist of 60+ of the [ SCaLE 13X talks. Thanks go to rcmnet on Youtube for the playlist.
SCaLE is probably the largest community organized Linux/FLOSS event in the USA these days, I heard that attendance was well over 3,000 this year.
SonofNed: Thanks much for the ProtonMail review link and comments. I’m currently in the process of moving off Gmail and into Fastmail, along with roadtesting a Yubikey Neo with my Fedora box and my OnePlus One. I’ve looked at Proton late last year and passed but your comments have peaked another look at the service. I’d be very interested in what your current setup is along with Proton or any other thoughts about this topic you may have.
Joe: After listening to your current pub podcast I’m terrified of loosing this incarnation of the Luddites. I look forward to this podcast the most, especially the lengthy nature. I understand that it does take a ton of work. You guys fill a unique voice in the Linux community. There’s a good balance within the three hosts and, again, the length let’s the show breathe deep on topics that only get a superficial glance elsewhere.
(Although I really wish the MintCast would be released on the opposite week..)
Detected a definite bias against KDE even before you started your reviews of the two KDE distros Linux Mint KDE and KaOS. When Gnome shell was released (with the Mutter windows manager) my desktop PC suffered from continuous freezes which still occur now. The release of Gnome 3 shell and the stability issues that I was having with it, was the point at which that I started to look into using KDE and the KWin windows manager which has proved itself to be very stable.
Concerning LXQt, the lightweight Qt desktop environment, it would appear to have a good long term future with the decision of the project team to move to Qt 5 and the KWin system. This has presumably been done for stability reasons as LXQt will be using a tried and tested library for handling window events. The KDE team are to commended for making their frameworks available to the LXQt project. I had a quick look at LXQt with the SparkyLinux 3.6-dev3 release and it is shaping up into a useful light desktop.
One of the favourite distros of the “luddites” seems to be Ubuntu MATE or Mubuntu as you called it. As I understand it, this distro is currently using a fork of the Gnome 2 Windows manager Metacity called “Marco”. When Canonical introduces Unity 8 in Ubuntu 15.04, presumably with Qt 5 and Mir, is Ubuntu MATE going to stick with Marco or move to Mutter and a Gnome 3 base? Talk about fragmentation. I think I will stick clear of all this with KDE and KWin thank you.
Also could I suggest that the next time you review KDE you take a look at some of the tools it provides out of the box such as KOrganizer, KAddressbook, Okular, Kate, Krita, KSysGuard, K3B (disk burning) which are all excellent. The KDE Plasma 5 desktop is now beginning to mature into a stable desktop and the next 12 months will see even more refinements.
Hi there guys and thanks for the show!
I found about you just recently and I’ve now been listening through the past episodes with great delight.
I noticed though that you keep forgetting to mention the noble subject of hard drive encryption.
For me the encryption is one of the strengths of the desktop Linux and I now routinely encrypt all of my hard drives, on desktops as well as on laptops. It just seems to be a sensible thing to do.
What is your take on this? Is the hard drive encryption so self evident that it’s not even worth mentioning? Or are you not bothering with it? And if not, why?
I bought one of the Lenovo laptops with Superfish. My previous laptop had been a Mac and the Dell and IBM that I had bought before that were both purchased through universities (for college and grad school), so it had been over 14 years since I bought a consumer PC straight from a vendor. I was pretty shocked by how much junk it came with. I discovered the Superfish behavior pretty quickly because I use NoScript and I saw that a strange script was being injected into every site I visited. That was the last straw that led me to blow away the OEM Windows installation and reinstall the Microsoft version. Contrary to what Joe said, you can actually do this for free if you buy a computer that comes with Windows now. The Windows license key is stored in the BIOS and the installer that you can download for free from Microsoft will find it automatically. I did Windows 8.1 because that was what came with the computer, but I saw somewhere when doing my research that it was possible to do this with Windows 7 as well (if you have the right license for it). And don’t worry, I set it up to dual boot Linux right after I did that.
Paddy — things might not have worked out well for Lotus, but some of us still have to deal with Lotus Notes (though it’s been rebranded as IBM Notes now).
Regarding the Over a Pint segment: Many projects are a side projects made by developers who want a tool that meets their needs, so they make something that works on the command line and is configurable. Maybe they make a rudimentary GUI, but the people who make tools like this tend to be backend developers. I don’t know what front end developers and graphic designers do in their free time — maybe they have hobbies outside of their computers? For these projects to get better GUIs/front ends/documentation, I think you’d need front end developers to look around for projects in need of front end development and to volunteer their services in the same way that backend developers work on open source projects in their free time.
Your very long discussion of the UI quality of commercial
software vs FOSS could have been shortened with a few
examples. Outside of Linux Mint, I only use a few apps
under Windows XP/2000 because they are either unavailable
under Linux or are much more productive. One example:
there still isn’t a simple, easy to use but still
powerful Linux image editor like the free IrfanView; the
author probably wouldn’t object if the UI was replicated
using QT or GTK.
I’ve also checked out some recent KDE based releases and they still make me want to cry :-). Occasionally I switch from daily driver XFCE to MATE and am still finding missing functionality. Transitioning either DE to GTK3 makes me nervous (given constant GNOME API changes) and so I’m following the LXQT project with great interest.
Hi Mike – I’ve been watching LXQt quite closely, too; and found a recent blog post from that team that suggests they seem to be going the wrong way on memory usage. I guess we’ll have to wait for v1.0 to make a final call, but being heavier than Xfce wasn’t what I was hoping for or expecting…
Remember my interview in episode 11 where I talked about aesthetic issues being open source’s kryptonite because the development model melting down into 3 distinct failure modes every time “shut up and show me the code” is not the correct response to the problem at hand? (1) endless talk with no action, 2) fork to death, 3) delegate the problem to nobody via engine/interface separation or endless configurability without sane defaults.)
Open source can’t do user interfaces for the same reason wikipedia can’t write a novel. Our distributed solution to the “too many cooks” problem doesn’t fix how the soup _tastes_. We fight off sturgeon’s law with filtering, discarding 90% of the work that gets done, but this filtering requires empirical criteria by which to determine a correct outcome (to avoid endless argument or everybody going off to implement their own preference in a fork). Anything about which reasonable people can disagree either paralyzes our process or gets filed down to pablum.
Having a single person’s taste in charge is necessary (but not sufficient) to get aesthetic issues right, but open source treats such single points of failure as a weakness to be handed over to a committee to make the project sustainable. (Because we all know focus groups produce better movies and television programs than individuals with some singular vision.) So open source projects that _do_ start unusually usable and thus become popular or important, tend to have their usability eroded over time by the nature of our development process. (As with disruptive technologies, doing all the right things produces the wrong result.)
1. Naming is traditionally a tough job to do as it depends on user taste. Should Apple call a watch an Apple Watch or an iWatch? Google Play Music All Access or YouTube Music Key are both terrible names. So major companies also choose idiotic names. I think KDE does an excellent job when picking up names. For example, if you were to search for Epiphany, you would find it on 7th or 8th position in Google search. If you were to search for Konqueror, it is always the first result. KDE choice of naming is both easier on tongue and excellent from SEO perspective.
2. System tray icons are not hidden. They are gone. Older apps use an XEmbed system tray which is basically a patchwork in X11. They can’t be scaled properly in system tray and their behavior and presentation is also not consistent. KDE guys wrote KStatusNotifierItems. If any app wants to show their icons in system tray they will have to use that API. Apps based on newer Qt versions do that automatically. Ubuntu Unity guys adopted KStatusNotifierItems into libappindicator which serves the same purpose for GTK+ app. X11 system tray icons are gone for both KDE and Unity. GNOME guys are going through that awkward phase where they want to transform notifications into a magical unicorn aka system tray is against GNOME designs principal. KWin developer Martin Graesslin has written several times about system tray support in KDE like this http://blog.martin-graesslin.com/blog/2014/06/where-are-my-systray-icons/
3. The way open source development works is that people do what they find interesting. They make changes they are interested in and then they drop out. On the other hand, Proprietary software is designed to serve a market and their end product follows a plan and to what they want to achieve in the end. Such is not the case with opensource and perpetuity of open ended development leads to poor user interaction and design.
Comments are now closed.
The content of this website, and that of the podcasts produced by the website owners, is licensed under the Creative Commons Attribution-NonCommercial 4.0 International License.