LINUX Unplugged - Episode 37: Client Side Drama | LUP 37
Episode Date: April 23, 2014The GTK camp is pushing hard for Client Side Decorations, but there are some major drawbacks on non-Gnome desktops. We discuss the pros and cons, and if this is going to lead to a new kind of desktop ...Linux fragmentation.Plus our thoughts on the best password managers, your follow up, and more!
Transcript
Discussion (0)
This is Linux Unplugged, episode weekly Linux talk show that its brain knows client-side decorations are a bad idea, but its hearts can't help but love them.
My name is Chris.
My name is Matt.
Hey, Matt.
How are you doing?
Doing pretty good.
Good.
Doing pretty good.
Good.
I got a little crud, so I think I might have gotten you sick on Sunday during last, so
double down.
Oh, boy.
Yeah, I'm crossing fingers.
Double down on any rituals you have.
Do you have rituals that you follow when you think you're getting sick?
Theraflu.
Yeah.
That's the number one thing, because at the end of the day, everything else is a crapshoot.
Theraflu makes me don't care.
And fluid.
Get your fluid.
Well, so this week, I want to talk to you a little bit about a few topics.
We've got some 1404 review follow-up I want to cover, and then we've got a discussion
around password managers.
We got the vote out in the audience, and we heard back from folks on what they use and
what they like, and we're going to talk about password managers.
And then, towards the end of the show,
I want to talk a little bit about this client-side decoration
brouhaha.
Now, it's not really a big deal right now, but you've probably
noticed starting about GNOME 3.10,
some GNOME applications have a brand
new title bar that looks very, very fancy.
And it is
completely breaking some other desktops
the way they look, because sometimes you get the double title bar effect.
We talked about this in the Linux Action Show a little bit in the news segment
when Cinnamon came out.
And the two camps essentially are the GTK folks
and now the QT folks are coming out
and the KWin developers are coming out and saying,
hey, this maybe isn't such a good idea.
I want to talk about what client-side decorations are,
what they give us, and what the challenges are.
And then I want to get the MumbleRooms take on what they prefer
and just kind of have a discussion about that
because that seems to be something that's been brewing in the background
over the last few weeks.
And with GNOME 3.12 out now, they've pushed that even farther forward.
So it's kind of an interesting time.
There's a lot that's changing in that area.
But before we get to all of that,
it is tradition here on the Linux Unplugged show to talk a little bit about what you had to say from previous weeks.
We have a continuing theme that runs through several episode threads.
I think we're covering three or four topics that is sort of winding three or four shows together.
Plus, we're going to do some follow-up from the Linux Action Show.
So the first one I wanted to kind of talk about was sort of a make-good.
I implied on the Linux Action Show on Sunday that Ubuntu 1 was totally dead.
And the reality is that the file syncing service is shutting down.
And the login authentication service is sticking around.
And I knew that during the show, but I was trying to make the point that the messaging is out there now that Ubuntu 1 is shutting down.
So when you're being asked to create an Ubuntu 1 account, if you've sort of loosely
followed the news, it's confusing a little bit.
You might think, oh, Ubuntu 1's down.
I knew it wasn't down, but I was making a point.
But yes, I did want to make it clear that
Ubuntu 1, the authentication service,
is not going away.
So thank you very much to James for writing that in.
You'll still see Ubuntu 1 kicked around
at least for a little while.
So Damon wrote in on the topic of switching to Linux, which is
a thread we've been following for quite
a while. He says, hi, I love the show. I found
your discussion about what will make a computer user
switch to Linux interesting. I have two anecdotes
on the subject. First, my niece will be going
to college later this year, and I wanted to give her
one of my old laptops to use so that she wouldn't
spend money that she didn't have on buying
a Mac. I gave her a choice of Windows Vista,
which came with a laptop, or Linux. She had no idea what Linux was, but she was emphatic that she didn't have on buying a Mac. I gave her a choice of Windows Vista, which came with a laptop, or Linux.
She had no idea what Linux was,
but she was emphatic that she did not want Windows.
Hmm, that's interesting.
The next step was for her to install.
Being rooted in a Debian-based distribution,
I started sending her screenshots from DistroWatch
so that she could choose to see what she wanted.
Ultimately, Imagine Linux won.
Imagine Linux is a Debian-based XFCE distribution
with comp as enabled. Being
that she's a graphic artist, I installed
applications that suit that niche as well
as applications for general use. Four months later,
I'm still waiting to hear from her that she has had a
problem with the laptop. Now, my second switcher store
is quite simple. A woman that works in the
same building as me found out that I am
well-versed in Linux, and she asked me to help her get Wi-Fi
working. It was simply a matter of showing her where
the switch was, but in talking to her, she was me to help her get Wi-Fi working. It was simply a matter of showing her where the switch was.
But in talking to her, she was encouraged to install OpenSUSE 12.1 by a friend.
Because she did not want to run an unsupported OS, which was Windows XP now,
all she does is surf the web, check email, and this is perfect for her.
Here are two stories of people that have switched and are happy.
As an aside, my niece showed her friend's Compiz and what it can do,
so now I have to install Linux on his laptop too.
Take care, Damon.
Nice.
Compiz is still switching users after all these years.
That's great.
I'm telling you, it's all about the cube.
You've got to have the cube, Matt.
All right, so this is GiantDaff.
He writes in.
He says, Heartbleed, this is what I see.
A little follow-up on the Heartbleed discussion we've been having here.
He says, so happy Easter to Matt and Chris. So as we all know, this Heartbleed, this is what I see. A little follow-up on the Heartbleed discussion we've been having here. He says, so happy Easter to Matt and Chris.
So as we all know, this Heartbleed bug was detrimental to security,
but it's also putting a slightly darker shade on the opinions of the consumer market.
Now, I'm not and never will claim to be an expert in economics or politics.
However, I can't help shake the notion that this issue will set back the opinion of Linux.
Microsoft and Apple are both extremely well-funded, and this holds political ties
to help form
negative opinion
around open source. They have been for
years, and I have been ever
so fortunate to have a very opinionated family.
Cough, cough. My ears even bleed
instead. I would like to mention one thing,
however. Companies can claim to have
a little to no faulty code, but how can
you claim such
things without proper review among peers,
a.k.a. a formal review of code?
I claim that if proprietary code was submitted to review,
board sworn not to expose the code
itself, that you would see extremely different numbers
as claimed before. With that, open source code is more
likely to our best proprietary,
is more likely to outbest
proprietary coding any time.
I'd like to hear your opinions on the matter
of what you hear among less technical peers
and what you would suggest to helping shift opinions.
Matt, do you think the Heartbleed vulnerability
has caused a negative opinion about Linux and open source?
I think it depends on the situation and who you're asking.
If you're talking to the average person
and you're explaining what's happening,
they are not able to draw a line between the licensing of the different code and the software affected.
They're only looking at the overall result.
So they look at a service or a product and say, oh, well, that was affected.
That's potentially scary.
I don't think the average person is going to look at the actual licensing differences.
That being said, I think if you ask a more advanced user,
maybe like a Windows fan or a Mac fan,
someone that's really heavily involved in technology,
yeah, I think that their views are already pretty much colored as it is.
I don't think it really swaps anyone out.
I don't think it changes any minds.
Yeah, and I have seen a surprising amount of mainstream coverage about Heartbleed. It's always been pretty bad, but it was on the CBS Morning News recently.
And I never heard
them say anything about Linux specifically.
They did mention Android.
A lot of times, we talk about
how Linux doesn't get full recognition.
It's Chrome OS,
not Linux. It's Android, not Linux.
But in this case,
it sort of has played to Linux's benefit,
because people are talking about Android having vulnerabilities
and Cisco Gear having vulnerabilities.
They're not necessarily saying Linux.
I think you could probably draw a closer comparison
saying that open source has taken maybe a bit more of a public image beating,
but even then I don't think it's that dramatic.
And I think once the dust settles,
people realize that when you need peer-reviewed code,
open source is literally your only option.
Oh, absolutely.
I mean, it's just a matter of logic.
So I think those people that understand it, you know,
understand the differences between the licensing and the types of code that's out there,
they should understand that unless they have a vested interest in seeing something happen
to open source as a concept.
Well, kind of on this subject, today, officially, LibreSSL was announced.
On this subject, today, officially, LibreSSL was announced.
LibreSSL is a free version of SSL TLS that is a protocol that's been forked from OpenSSL.
I think it's being worked on by the OpenBSD folks.
Right now, it's only available for OpenBSD, but I'm sure as they get down the line here,
that will become available to other platforms.
What's kind of funny, Matt, is I'm this guy.
I'm looking at this website.
I'm like, wait a minute.
Is the LibSSL site using Comic Sans?
I mean, out of all choices,
why are they using Comic Sans? I'm getting all
uppity about it, right? At the very,
very, very bottom of the website,
way, way, way down, it says
this page is scientifically designed
to annoy web hipsters.
Donate now to stop the Comic Sans
and blink tags.
Oh, that's brilliant.
I mean, what a great fundraising idea.
That is a seriously great idea for raising money
because I feel compelled now to donate
just to get the damn Comic Sans off their website.
But the open source community seems to be responding
pretty positively to LibreSSL.
A lot of people consider the OpenBSD camp
to be some of the best folks in the business out there to do this and they seem to be
taking a pretty rational approach so
something we'll keep an eye on and if it
comes to Linux we'll update you guys right now
it's just for you OpenBSD heads
a place to be SD
well an additional insight on this too
is you know you look at
OpenOffice versus LibreOffice
LibreOffice is great OpenOffice
is kind of you know it's kind of yesterday's news.
Maybe we'll see the same thing here.
Yeah, yeah.
No rational argument to that, but I just thought it was great.
I could see a transition happening.
I could see that.
Yeah, I could see what you're saying.
All right.
Well, I had a quick note I wanted to get to.
We're making good time on the feedback this week.
Ramey wrote in to the subreddit.
I love getting these posts.
He says, DigitalOcean is the perfect use case for a huge 16-core, 48-gigabyte of RAM VM.
Check this out.
He says, I have a new router which supports OpenWRT.
It's a clone of the TP-Link 730N or 703N.
It's a small USB-powered router with a 1-gigabit port and 802.11n.
USB-powered router with a 1 gigabit port and 802.11n.
But he was trying to build a specific version of OpenWRT for this device,
and on his own laptop, he says it takes about 4.5 hours to build the OpenWRT image.
So he spawned himself up a DigitalOcean instance, and it only took 45 minutes,
and his total cost was $1 for the entire process.
And this is something I wanted to thank him for writing in,
because the other day we were testing some auto-publishing scripts,
and when it came time to try out the FTP angle from multiple locations,
the first thought I had was, you know what I could do?
I could just take the DigitalOcean droplet that I have, spin it up in the
San Francisco location, and then we'll
have a real-world test case to
bang on this. And it makes it so quick and
simple, and because of DigitalOcean's
flexible pricing, you can do hourly pricing, it
makes testing these kinds of things a slam dunk.
So let me tell you about DigitalOcean. They're one of our sponsors.
DigitalOcean is a simple
cloud hosting provider dedicated to offering
the most intuitive and easy way to spin up a cloud server.
Users can get a cloud server created in about 55 seconds.
Our users, 47, 43, and 40 seconds.
I'm waiting for a screenshot on the 40 seconds.
And pricing plans start at only $5 per month for 512 megabytes of RAM,
a 20-gigabyte SSD, one CPU, and a terabyte of transfer.
DigitalOcean has data center locations in New York,
San Francisco, Singapore, and Amsterdam.
Their interface is simple.
Their control panel could not be more intuitive,
and power users can replicate that control panel
on a much larger scale with their straightforward API.
And they've just announced that they're rocking
Ubuntu 14.04 droplets,
so if you want to deploy the latest LTS release
on a DigitalOcean droplet, they're ready to go.
They've got images that are set.
And this is what I love.
These guys are all in on the latest releases on Docker, all this kind of stuff.
And DigitalOcean is sort of the accumulation of all of the things we've talked about for so long.
They saw trends in the industry, you know, SSDs.
They got tier one bandwidth partners.
They got amazing hardware.
And they're utilizing KVM to offer a solution that on its face sort of almost seems obvious in retrospective,
but the implementation of how they did it is really the differentiator.
Their control panel is so great.
They have managed to wrap a simple-to-use interface around a process that I used to be able to charge clients hundreds of dollars an hour for.
It has completely transformed the amount of power that is available to just anyone,
and you can get started for just $5 a month.
And if you use our special promo code UNPLUGGEDAPRIL,
UNPLUGGEDAPRIL will get you a $10 credit,
and you can try out a DigitalOcean droplet for two months for absolutely free,
or get the higher-end rig and just use it for free when you use Unplugged April.
It's really impressive to see all of these awesome technologies that Linux has enabled
and come together in a package that is so well done, so intuitive.
I just really love it.
So go over to DigitalOcean.com, spin up yourself a droplet, and see what you can do.
There's all kinds of great uses.
You can check out our Jupiter Colony Google Plus community for some ideas of what folks are doing with their DigitalOcean.com. Spin up yourself a droplet and see what you can do. There's all kinds of great uses. You can check out our Jupiter Colony Google Plus community
for some ideas of what folks are doing with their DigitalOcean droplets.
DigitalOcean.com.
Unplugged April will get you that $10 credit
and a really big thank you to DigitalOcean
for sponsoring Linux Unplugged
and for getting Ubuntu 14.04 support so soon.
I think that's going to be a great, great cloud operating system.
I wanted to follow up on a topic
that we raised on the Linux Action Show
a couple of weeks ago
when we asked what folks use
as their password manager.
Because it's really gotten to the point now
with after Heartbleed,
it's no longer something you should do.
It's something you have to do.
I don't care if you're a Windows user
or a Linux user.
You need to have a different password
for every online service you use.
So we asked the audience,
hey, what do you use?
And we put it to a vote, and the results are in, Matt.
38% of folks who voted, and we got 784 votes, 38% of folks who voted use LastPass.
Close, probably not too surprising.
KeePass came in at 37%. So it's pretty much split between LastPass and KeePass.
Then the third choice is built-in Chrome and Firefox,
and then it goes to KWallet and a few others.
Yeah, the built-in browser ones are just, I mean, I'd use KWallet over that.
Those are horrible.
Yeah.
So I wanted to bring it to the Mumble Room,
because I'm sort of a no-apologies LastPass fan.
I used LastPass for years.
So Mumble Room, anybody in here want to take the side of KeePass
and try to convince me on why I should switch to KeePass from LastPass?
Prioritary garbage.
All right.
I'm just kidding.
Here's another thing about KeePass versus LastPass.
KeePass stores everything locally.
LastPass keeps it on somebody else's server.
You have no idea where it is granted it's encrypted but who's going to stop somebody from breaking that encryption
right well it's not just the encryption itself it's not just the encryption it's the fact that
you're reliant on a third party you sure you could um at any time last pass could shut down
for whatever reason and you know you've lost that service you
you may well actually find you don't even know your passwords for half a dozen or more sites
i started using last pass when a site a prominent site got hacked and my email address was published
on pastebin and i thought i better change that so i i switched to last pass and i've not looked
back since i pay them and i use the mobile version and i love it to bits but i i i switched to last pass and i've not looked back since i pay them and i use
the mobile version and i love it to bits but i i can see an argument for not using them but they
they have uh like last pass also has um the the the pocket version where you can store everything
locally if you want to it just has you can then you can sync it every once in a while back and
forth to the pocket to the the cloud so if you want to have the the the local storage you can sync it every once in a while back and forth to the pocket to the cloud. So if you want to have the local storage, you can totally do that.
The difference is I like KeePass, but for me, the convenience of having it always synced to my phone and my computers and all that stuff.
That seems critical to me. That seems absolutely critical now.
Well, there is a way to get that synced across multiple devices.
It's not a practical way
like if you look at like the key pass you could do like some kind of syncing service like you know
bt sync or something but it wouldn't it would take so much effort that you can't also guarantee that
it's going to work like you could even use sync me wireless to transfer over your key pass stuff
but you're still that's it still requires the phone to sync it not the computer and you
it's just not a practical way to do it at all i disagree the reason i disagree is that my uh
music library is completely synced between my devices my computer my tablet and my phone
completely with bt sync so it's according to that if your whole point is to be, like, open and stuff,
well, BT6 isn't a solution either.
Well, no, my point's not to be open. My point is to
make it so that I'm not having to run out on a third
party. Man, who needs
all that fancy software? All you need is just
sticky notes. Come on, people.
Well, there is... The keypass
is cool to use the...
If you can do the syncing stuff, that's the main
reason I don't use keypass. It's just the convenience of the syncing with lastpass but also the newest version of
lastpass introduced an awesome feature where you used to have to do these add notifications to get
your easily you know log into an app but now you just open the app you have to start a service in
the phone but you open the app and then click the username
and password section, and it will give you
like you can automatically fill it through
the LastPass app, which is
only available, I think, on
Jelly Bean and KitKat, but it's still awesome.
How about
this thing using LastPass the last month?
Have I just discovered it? So it's actually not too big.
Yeah, I mean, to me, LastPass seems like
maybe the obvious choice then for pretty much average
users, but also people who don't want to have to worry about the sync component.
The thing I like about LastPass is they have a good record of communicating very clearly
about matters.
So, like, if they were to shut down, their history would seem to indicate to me that
they're probably going to give you a heads up.
So, I have that sort of comfort.
It's not a guarantee, but I sort of have a comfort in that. But the other thing that strikes me about
LastPass is like now on Android, you can, you can have LastPass autofill app passwords. So you can,
you know, or on websites that you're just browsing in the regular Chrome web browser, LastPass
can fill that stuff and it can be passwords you set up
on the desktop.
And the nice thing is that that syncing is just totally handled for you, and it's instantaneous.
And the encryption's done on the client side, so the thing that they're syncing is just
the encrypted password database.
They're not syncing the individual passwords.
I've used it for years now, and it's worked really well for me, but the one thing that
it always does sort of ring in the back of my head is it's not open source. But without that syncing component,
I come down to the practical nature of, if I'm going to be trusting
a service to store all of my passwords, it has to be almost
omnipresent, because I just use all kinds of different computers
and devices all the time.
So when I worked at a corporate about 10 years ago,
and there was a guy in the office that we all used to laugh at
because he had folded up three sheets of paper
with all his passwords written on
that he would keep in his breast pocket in his shirt.
And we all laughed at him.
But, you know uh schneier has
written years ago back in 2005 he says um that someone urged people to write down their passwords
and he says this is good advice and he's been saying it for years there's there's something
to be said for actually sometimes you don't need to um go the technological route sometimes it is
actually more sensible to just have a little notepad
and maybe be a bit cryptic about
which passwords you write on which page
and which goes with which.
But you don't have to have
a cloud-syncing third-party system
with triple DES or some magical encryption.
You can just write it down.
I mean, there's no way some random person
on the internet is going to find out my password by it being
written down in my pocket
right yeah
you don't have to show anybody your password
but writing a thousand passwords
in my notepad would not be very
easy to carry in my back pocket
you don't write them all at once
one at a time
VR Max says I'm acting like a Windows user on this issue so I wanted to hear his thoughts at a time. VR Max says I'm acting like a Windows user on this issue,
so I wanted to hear his thoughts on that.
Go ahead, VR Max.
Yeah, just in short, your attitude about I just want it to work
sounds a lot like what Windows users say
when I try to move them over to something like Linux.
Well, I think it's a little bit different
because it's sort of like the keys to the business, right?
It's one of these things where if you really go all in on these crazy passwords that are really pretty much close to impossible to remember,
then you depend on something like LastPass literally to work, to do your job, to do shopping, to do everything.
you're to do shopping to do everything and um the idea that that i have some peace of mind knowing that if i sign up for a new service on my computer and then i i go out in the road in fact this
happened with a streaming tv service i go out in the road and i decided you know what i want to try
doing this in the app on my mobile device it's really nice to know that even though i never
initiated a manual sync because you know i didn't think about it, LastPass has already taken
care of that for me and I can open up the LastPass database
on my Nexus 5 and
Bob's your uncle, I've got my password database
there. I can copy it, I can paste it
and then it cleans up the clipboard for me so that way
that's not lingering around in the clipboard.
It's pretty nice.
The thing is, I've always wanted to try
KeePass, but how do you switch to
something like a different password manager
when you're all in like that?
There's hundreds of sites.
It doesn't seem like something you switch from, Barry.
That's why I want to give this some serious discussion
because once you pick, you kind of need to stick with it for a long time
unless you want to spend a weekend resetting up a bunch of...
Or if you're a masochist.
Yeah, exactly.
Doesn't KeePass have some kind of auto migration tool?
It does from Google Chrome passwords and whatnot.
Oh, big sign.
The chat room says you can export from LastPass into KeePass.
Ooh, that's cool.
That would make it easier to test.
It certainly takes a lot of work out of it.
Yeah, that's really cool.
And the thing is, even with, like, I don't know.
So right now, LastPass, sort of, another thing I like about it is it just sort of comes with me
because I'm back to using Chrome, and Chrome just Google Syncs all of my plugins,
and so it just comes right back.
And every time I set up and log into Chrome on a new computer, LastPass is there.
I don't have to install a separate application or anything like that.
So there's, like, this barrier to entry to get up and running with LastPass.
Pretty much it just requires I log into Chrome.
Yeah.
You don't have to set up multiple programs.
You have to set up your sync program, too, to make it pull all the passwords in.
All right, heaven's revenge.
Go ahead.
Will you add an alternative password manager?
It's not.
Oh, hello. I have a solution which doesn't actually use a database.
It's a solution in which generates the passwords on demand, on the fly,
whichever cryptographic algorithm you actually desire and want most.
So this way, you have a plausible deniability that you do not have a password for,
let's say, this bad website website here if anyone gets access to your
database which you do store and keypass is a trust keypass system i trust no one i generate
my passwords on the fly and you can choose whichever way you want to generate them yourself
which are it doesn't actually require a database to keep track of any
of your passwords. So that is an alternate. You can use any sort of, it's generally a hash algorithm,
but you can also use HMAC hash algorithms as well. The one I use, because I've used it quite
often, is a password maker application. It's got Android, ios apps has a chrome and firefox extension
and has a web page that you can actually just try it out and you do not actually have to install
anything so you can see how the result looks now wasn't there generated are you generated when you
need it yes you generate it on the fly when you need it, and it doesn't even... It can save your master password thing in which generates your password based on the domain name,
or it can be a lot more than the domain name.
You can add many different features to what you want your generated password to be.
I remember a study done that if you do more than the domain name, you're good,
but if you use just the domain name, I can't remember how it worked,
but there were some questions raised if it was totally safe oh well the reason why it's safe is that you can
or at least it's safe in my opinion is that you can use algorithms which are in cannot be reversed
or have been almost impossible to reverse beyond two iterations i use a rip rip-emd slash dash 160. That's almost impossible to go backwards very far.
It's kind of like as if they integrated Keckic or SHA-3 as the hash algorithm. It's almost
impossible to go backwards based on the domain name plus your password or your bump level,
depending on whether you want to change your password for that site and domain
or not. So here's what I'm
grokking from our password manager
conversation. There's a lot of options and
people really don't have any excuse not to
just use something. Just use something.
I don't care what it is. Just use it.
Dang it. There's so many leaks
now. Like there
was Lissy who makes
a lot of external hard drives,
just recently announced that, like, for the last two years,
they were under monitoring, and now they've had, like, credit card
and user information stolen from the past two years of their customers.
The craft store that my wife just shops, that my wife shops at
when she goes to do, like, scrapbooking stuff,
announced that they've had a credit card breach
similar to the Target credit card breach.
I mean, it's just, it's nonstop.
So go out there and get
yourself a password manager.
Do us a solid. Do it for your
buddies at Linux Unplugged.
No longer use the word password for your password.
Always good advice.
Right. Alright. Very good,
Matt. That's great advice, and it's probably a spot
we should stop and thank
Ting, another sponsor of Linux Unplugged.
What is Ting?
Ting is mobile that makes sense.
My mobile service provider and Matt's mobile service provider.
And what's so outrageously awesome about Ting is you only pay for what you use,
and there is no contract and no early termination fees.
It's really awesome.
You can get started by going to linux.ting.com to check them out.
Linux.ting.com will take $25 off your first device.
If you've already got a device you want to bring with you,
they've got a whole BYOD page,
then go over there and just get a $25 credit for your first month
or however long it'll last you.
It might last you into your second month like it did me.
And here's, you know, I've talked a lot about Ting over the year.
What I still am impressed by is what an awesome company they are.
So today, they posted that they gave this guy, his name is Joe,
$10,000 because he has just been an awesome advocate for Ting.
See, Ting has this Ting Ground Crew program where you can actually become a Ting advocate yourself, much like I am, and you can get rewards.
And I don't know if I'll be able to find the spot in the video here, but let me see if I can.
How would you kind of rate your experience with Ting and what would you say?
All right, hold on.
There it is.
I see it.
Okay, so he's just sitting there.
This is great.
So they're going to post the video on their YouTube channel in full.
So they have this guy in at Ting, and he just thinks that, oh, I'm here today because I'm doing a job interview, right?
So dude's hanging out, thinking he's going to get a job interview.
They're asking him a whole bunch of questions.
And then next thing you know, like, they walk in, like, hey, you just won $10,000.
And if you're watching the video version, his reaction is so awesome. Do you have any questions, and then next thing you know, they walk in and are like, hey, you just won $10,000. And if you're watching the video version, his reaction is so awesome.
Do you have any questions, Andrew?
I don't think that clap went.
I didn't catch that clap.
Sorry, can I just give you a clap?
Really loudly.
Perfect.
Hey, Joe.
I might be a bit random, but all of a sudden, I wanted to say thank you and give you this
check for $10,000 just for being awesome.
Are you serious?
Absolutely.
That is amazing.
That's like publishing.
That's amazing.
For real.
Yeah, what's funny is on their Instagram feed later on,
they posted a video of them cleaning up from the confetti.
So they give Joe his $10,000 for being an awesome Ting ground
crew. And he just loves it.
And they did that on a Google Hangout too.
So if you were watching live, you got to see that happen live.
So Ting just does a lot
of awesome stuff. And their ground crew is part
of it. They're just a great company. They're
just a bunch of great people over there. And they always are posting really good stuff over on their
blog. So go over to linux.ting.com and then click on the Ting blog to see what I've been talking
about. And remember, every Ting phone is just $6 a month flat rate and just your usage and taxes on
top of that. Every Ting plan includes tethering, hotspots. You get your picture message and your
text message and all the stuff you'd expect, plus their awesome dashboard, which makes it crazy easy to manage and see where you're at
so you have full control over your cell service.
This is a great place to go get a phone, linux.ting.com.
And a big thank you to Ting for sponsoring Linux Unplugged.
Woo-hoo.
All right.
Man, that guy, I mean, how cool is that?
Can you imagine that?
Yeah, you're getting $10,000.
You think you're getting a job review, right?
It's like, hey, you know what?
You're awesome.
We appreciate you getting the word out about this great service.
And, hey, we're just going to show you a little bit of a thank you.
That's amazing.
All right.
So I want to talk a little bit about this client-side diva.
I mean client-side decorations thing that's going on right now.
So I'm not totally, totally like Mr. Expert on this, but there's two camps.
Essentially, there's the camps that think client-side decorations on Windows,
the things you'll see like on the new G edit and the new files on GNOME,
all of these with the new border where they've integrated the close
and minimize buttons into the title bar.
These are client-side decorations.
Now, the thing is, these only really work very well on GNOME.
You're on any other desktop, and they kind of look atrocious.
Sometimes you have double title bars.
The title bars are offset.
It looks like amateur hour.
So Martin took to his blog, KWinDeveloper.
He took to his blog with an open letter that he wrote on his blog.
He posted it to a mailing list, and he sent it to the developers.
He said, I decided to CC this mailing list and publish this letter as an open letter on my blog.
CSD, which is client-side decorations, is a topic that is very important for every user
and nothing that should be discuss in a small group.
This is his biggest
problem he has with it. He says,
consistent window decoration. The fact
here is my greatest doubt, he goes
on to say. The current situation is that
all windows have the same window decoration.
For CSD to work, applications
have to be changed to support them. This will
render the changed applications using CSD
while other applications are decorated by the window manager.
I think it is impossible to have the same behavior
with both client-side decorations
and window manager decorations.
So, for example, an application freezes up
and you click the X button.
With server-side decorations,
the window manager notices that that application never closed
and said, hey, would you like me to force quit?
With client-side decorations,
the title bar is part of the process,
part of the application process.
So when the application hangs, the close button hangs,
and you can't just quickly and easily close it anymore.
Oh, okay.
Yeah, there's other kind of little minor things
that would bug users.
He says, my biggest concern is that we'll end up
with applications shipping their own style
and doing their own kind of decorations.
We'll end up in a situation like where it has one window
that has buttons on the left,
one window that has buttons on the right,
one with order, close, maximize, minimize,
the other in close, minimize, maximize, et cetera.
He says, just look at Microsoft Windows desktop
to see what proprietary applications tend to do
when they get a chance to influence their own decorations.
And that is a very good point.
It is.
And I think, actually, you know, first I was going to think I was going to scoff at the idea.
And that's kind of like, you know, the more I hear it, the more it's like, you know, actually, it's a valid point.
Yeah.
And you see this in Chromium today.
Chromium already has its own buttons.
Like right now on my Ubuntu 14.04 desktop I'm still running, you know, the buttons are on the wrong side of the window because they're using their own decorator.
They're not taking advantage of the operating system's decorator.
And I've heard, too, that client-side decorations
were meant to improve support for Wayland
in the sense that it takes less code from the back end
and moves that code into GTK,
and that's where you can manage it, and that's a little easier.
However, Martin disagrees that that's really an important feature or a necessary feature.
Where we're at now, and I want to bring in the mumble room on this,
because where we're at is we have this mismatch right now.
We're in this transitionary phase.
It's been starting with GNOME 3.10.
It's escalated with GNOME 3.12.
It means that these GTK applications that are using client-side decorations
will look funky on all GNOME desktops.
So Mumble Room, question for you.
Does anybody in here want to be an advocate for client-side decorations?
Anybody think they're a great idea or like them?
No.
No.
All right.
I think at least in this state.
I will take that position then because I kind of do like them.
From an end user perspective, I think they look kind of nice.
I like the functionality, especially with a theme
that has the Numix theme where it takes very little room.
I feel like it's very effective.
I get my close buttons, I get a title bar all in one.
It takes up less space.
I think they're kind of nice looking.
Performance is better when you resize the window.
It looks better.
You don't necessarily have the tearing between the title bar
and the application when you're moving it around.
I think that's nice.
I think it looks a little more elegant. So these are the things that client-side decorations
bring us. I kind of have to agree with Chris on some of that. I believe
that having the client-side decorations makes the application
seem a lot more cohesive. It allows that extra functionality
in the title bar like you have with the GNOME 3 applications
I should say. Or even look at steam for example right right you see you have to look at that i think you have to
look at the current state of client-side decorations at least what we saw in the cinnamon 2.2
uh look uh a they're not very good you know they still have the minimize button thing they still
look very large they still look look very, very ugly themselves
with or without the window manager
decorations. So they may
be a good idea in the future when they're
absolutely implemented. But at this point,
they just get in
the way of window manager
decorations. And secondly,
they already don't look as good.
Yes, they add added functionality,
but the client-side decorations themselves, I don't think, look as good. Yes, they add added functionality, but the client-side decorations themselves,
I don't think look as good or as functional as they should be.
I have to agree with that.
I can't stand a way to GNOME 3 GTK3 looks.
I cannot stand it like that.
It's too blocky.
I don't like it.
I can't stand that look.
I generally like GNOME and prefer the technical
superiority of server side
decorations. There is one
thing I can do is blame Poppy
because this is all because
of canonical and Unity
ripping out the menu, the file menu
and putting it as a global menu
leaving the top bar
there just by itself
Generally, it was not I've never really used global menu, leaving the top bar there just by itself.
I've never really used the manager
at all, to be honest.
So now, Mane kind of
jimmy-rigged something to make the window
look good while they're in the file menu
over there.
Web Wizard, WizardJed
over there says that what we
are seeing today is not a fully done,
fully baked version of client-side decorations.
Enlighten me as to what you mean, sir.
You did.
Oh, okay.
Well, if you're going to –
Sorry.
Yeah.
The problem with it is that essentially there's not going to be full client-side only decorations.
I don't think anyone has gone out and said, purely client-side decorations,
you know, everything done in one process, everything one thread is perfect. The thing is, you can't have more than one thread in a single application. It's very simple. So all
you'd have to do is implement a listener to go and close. And so you have the problem with,
oh, well, if the application freezes, the Xbox freezes, or this freezes, or that.
It's like a kind of moot point because at the current time where we are right now,
if the server itself freezes, we have the exact same problem.
So, except now it affects everything, and you need to restart the actual server. Well, that doesn't happen as often, though.
Okay.
All right, so Wimpy wants to chime in with a perspective for using client-side decorations on other desktops. Go ahead, Wimpy. So yeah, I was being a little
facetious when I yelled out no so vociferously earlier. Client-side decorations are an intelligent
design and ultimately a good idea. The way they stand at the moment though is that some of the
way that they're rendered is sort of being forced upon other
desktops so not everyone subscribes to the design philosophies behind gnome 3 right um and you could
be trying to use gtk3 just as a toolkit to develop an application but some of these design choices from gnome 3 are being in some cases forced upon
you in other cases it requiring you to make changes to your existing code in order to accommodate
their design choices and there are other projects out there that don't subscribe to the gnome 3
metaphors so there's the mate desktop there's xfce yeah there's cinnamon there's the Marte desktop, there's XFCE, there's Cinnamon, there's LXDE. All of these
projects use GTK and all of them are now impacted by a decision that's been made by an upstream
project. Well, I guess my question is similar to Ick's. Go ahead, ask your question because I think
you're kind of echoing my thoughts too. Yeah, well can't those who are implementing the client-side decorations make the code check for whatever desktop environment they're running before?
And then go ahead and use that, but only in GNOME 3?
That's my question.
The clue's in the name.
It's client-side decorations, so it's nothing to do with the desktop.
It's a GTK toolkit facility.
side decorations so it's nothing to do with the desktop it's a gtk toolkit facility and whilst there are a number of opportunities to override the new title bar behavior there is also the
facility as an application designer to absolutely enforce and hard code a look and feel and there
are good examples for why you would want things this way so if you look at the new version of gedit that came out with gnome 312 that uses the split split title bar arrangement and therefore
it requires that the close button is is positioned in a different place so giving that power to the
application designer to ensure that their application is displayed the way they intended is a powerful feature.
But the knock-on effect of that is that other applications and desktop environments in the meanwhile,
whilst we adapt and update the theming, have sort of had some breakage.
So I want to give Daredevil a chance to respond to you, and then we'll go to Web Wizard G or whatever is going by this week.
So go ahead, Daredevil.
All right.
So my understanding of the – I've actually recently went to GTK folks and said, look, I've been seeing more and more projects switching to Qt.
I'm trying to understand more deeply what are the root causes for these. And it pretty much boiled
down to the fact that GDK folks have been developing these features and documenting
the stuff and making it available and not many people were actually interested in participating
in the changes before they were made. It's not like there was not a discussion about
the changes. It just appears that people didn't join the conversation.
And once the changes were accepted by those that were in the conversation, people are complaining.
At that point, it's already decided.
The second part of that is that GTK actually, I think I actually put a link in the Reddit.
But they've actually made a video explaining more or less what's their approach,
and they want more to be platform than actually integrate.
And therefore, some choices rely on that vision.
Now, on the project that selected GTK, I guess they need to engage more in the conversation,
and that should actually solve much of the problems we are
finding so do you think you feel do you feel like the gnome project is sort of mandating a standard
is that what you're saying so what they've actually said uh said is a clear path so for
for instance they will prefer be platform than integrate in their vision for example europe when
you develop an application,
they don't think about the application should look exactly like a Windows application on Windows.
They think it should look exactly like you developed to be looking like initially. They will make Linux first class citizen and the rest they want to allow you to write to those,
but it's not like if something is going to be added to
gtk uh it's not going to be like not not enter the gtk because it doesn't work exactly on windows
uh they are working around those to allow the application to execute the there but they want
to be platform first if that's their vision i guess it's understandable that they want to kind of create a way of, okay, to do things, and they are inviting people to engage in the conversation.
If they don't, I guess it's going to be the way they define it.
Well, and I wanted to give some time for more response, but I want to also sort of shift the conversation here a second.
But Wizard Jed, did you have any final thoughts you wanted to get on that?
Yeah, just to kind of
respond to Dardavlin's thing and to go on
what I was trying to say as well is that
it is happening.
The problem is that
it's happening in kind of different
camp. So yes, I'll admit that
that is definitely going on in the Gnome camp
and they are discussing how to
do client-side decoration. The problem is the QT guys are also discussing, and they are discussing how to do client-side decoration.
The problem is the QT guys are also discussing this, and they're discussing it in their own way.
And at the end of the day, there's two totally different ways of what they're going about doing it.
GNOME guys are trying to push it out, get it out now, so we can see how it's working, get it done.
QT guys want to have a fully set-out standard, then push it.
The problem is that they're conflicting in that way.
Someone's going on
in the background over there. I think, too,
I have to wonder if maybe
this kind of approach,
which seems to be upsetting some folks,
and also creating inconsistencies
across other desktops.
And GNOME isn't like it's in some sort of powerhouse
position. You can see maybe why
they want to have a GNOME OS, right?
Is this going to drive people away from using GTK?
What do you think?
Go ahead, Matt.
What do you think?
Do you think more people are going to say, you know what,
if GTK wants to push forward with this kind of stuff,
if there's somebody that's not on board with the vision,
don't you think it's going to be more likely they're not going to choose GTK
for their future project?
I think you're going to have some overflow.
I think at the end of the day you're going to have some overflow. I think at the end of the day, you're going to have some initial people, well, a little
bit like what we saw with Unity and various things that the Ubuntu team has run into.
I think initially you're going to get some blowback, but I think in the long term, it
might actually pay off.
It's gutsy, it's edgy, and it might blow up in their face, but I think there's a possibility
that it might pay off.
Hold on.
This is way bigger than what
Unity was doing.
That was a soft example,
though. Very soft.
I'm not comparing variables.
Let's go to Daredevil, and he says that there's already a few things
that client-side decorations have already brought us. What are those?
Oh, not exactly client-side
decorations, but the fact that
the changes, just
GNOME 2 to GNOME 3 as an example,
they broke the
API, yes.
Initially people were saying, oh, what the hell is
going on with GNOME folks? This is unbearable.
And suddenly
we're seeing more projects
that were using GTK2
moving to
GTK3. I would
consider that as a positive thing. Initially people ditched the GTK3. I would consider that as a positive thing.
Initially, people ditched the GTK3,
and now the projects are moving.
Now, the benefits I'm talking about is,
for example, the shell.
Cinnamon came out.
It's not exactly the same shell of this GNOME shell,
but their idea when they built GNOME shell
was to allow actual extensibility to
be done on the shell or to build up on top of that shell and still be compatible and to be the
base technology and it's happening and i see that they are being like looked um on the side a little bit,
and projects are reluctant to change,
and it is a burden to maintain something that is drifting,
but once it's documented, it doesn't drift as much.
So I guess people are poking on the API
using the nice features that appear on the undocumented API,
and then say, oh, well, it missed. It disappeared from the API.
Well, it wasn't documented.
And it's not like they're breaking something.
It's not set as, okay, we already released this.
All right.
So, Wimpy, I want to give you a chance to wrap us up on this topic.
What are your closing thoughts?
Well, I was just going to reply on the migrating to GTK
and also acknowledge that Daredevil is quite correct.
This debate has been rolling for about four years now, and there's been some dialogue about client-side decorations going back to 2010.
But with regards to migrating to GTK3, I spoke to you a few months ago about the Marte desktop and how we were migrating to GTK3,
and the next release was going to be based on GTK3.
And then a few weeks later, we pumped out Marte 1.8
and we didn't complete the port to GTK3.
And that's because GTK3 is evolving rapidly.
And every time we rebuild against it we find something new something different that we
have to accommodate for so what we're doing is we're on a slow burn now and i imagine other
application developers who've got small teams are probably approaching this in a similar way
which is gently gently catchy monkey slowly port your code to gtk3 dual support GTK2 and GTK3,
and only release on GTK3 when you're absolutely certain
all of the shifting sand beneath you has stopped moving.
So it isn't an easy thing to target at the moment.
Right. Yeah, that makes a lot of sense.
Well, I appreciate the insight on that.
All right. Well, so this is, there we go.
We have now logged in the journal on that. All right. Well, so this is, there we go. We have now, we have logged in
the journal that is Linux Unplugged, our first
discussion around this
topic, and I think we'll follow it as it goes on.
We'll gauge what the audience's interest is and see
if there's a further discussion to be had.
I know that I find it to be particularly
interesting because the user side of me
kind of likes them, but the technical side
of me definitely sees what the problems are
and thinks that perhaps that should be handled by the server,
especially when you have cross-operating systems
and cross-desktop environments to consider.
But I think it's worth seeing how it plays out,
and I'm curious to see where the GNOME camp's going,
because I'm, as a GNOME desktop user, liking it a lot so far.
But Martin did have a really, really good blog post, very long,
and very pro-KWIN, as you might expect.
His, basically, Martin's solution is just use K-Win for everything.
But we do have that linked in the show notes, and I recommend you give it a read.
Also linked in the show notes for this week's episode are the reasons from the Gnome Camp.
You know, they state on their wiki, for example, that under Wayland,
it's just simply preferred that clients render their own window decorations.
Since Gnome Shell will need to keep support for decorating ex-clients, it would be good if GTK Plus and Gnome Shell could use the same CSS theming.
And then they also talk a little bit about performance.
But again, it's all kind of rough stuff.
Like, I haven't seen any hard analysis, but there you go.
It's all linked in the show notes if you guys want to do some further reading right there.
Now, Linux Unplugged is live on Tuesdays over at jblive.tv.
We start at 2 p.m. Pacific.
And this weekend, coming up on Saturday and Sunday, if all goes as planned,
we should be streaming live from LinuxFest Northwest Saturday and Sunday.
So just check jblive.tv throughout the weekend
and see what shenanigans we're up to over at the fest.
Matt, are you excited? Are you ready? Are you pumped?
I'm excited and nervous about the whole ill thing.
Yeah, I know.
I know.
I'm like, I've got water next to me.
I've got a box of Kleenexes.
I'm like totally like, I'm trying to eat good today.
I'll definitely, I'm more in the sanitize everything down, wiping down counters, you know, just start like just really trying.
And then, of course, the body stuff too.
We'll see how it goes though.
Get ahead of it.
Get ahead of it, Matt.
Get ahead of it.
It snuck up on me.
I didn't even know until I got home last night from the studio, and I was like, wait a minute.
I'm not feeling very good. Oh, no.
Oh, boy. Yeah, definitely get ahead
of that. And then last night, I didn't get much
sleep, so you know what?
The two things, it's not a winning
combo, Matt. It's not a winning combo.
Now, we'd love to get your feedback. This show runs
on your feedback, so go over to jupiterbroadcasting.com,
click that contact link,
and choose Linux Unplugged from the drop-down.
And don't forget about our awesome subreddit, linuxactionshow.reddit.com.
And be sure to tune in on Sunday for Linux Action Show.
We'll be doing Last Live from LinuxFest Northwest,
and we should have a good recap.
So if you aren't able to catch all the live coverage,
we should have a good roundup in Sunday's Linux Action Show.
All right, Matt, I'll see you on Sunday, okay?
See you Sunday.
All right, everyone, thanks so much for tuning in to this week's episode of Linux Unplugged.
See you right back.
Tuesday.
Bye-bye.