💾 Archived View for gemlog.blue › users › BaronHK › 1692943321.gmi captured on 2023-09-08 at 16:19:19. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Good Software Doesn’t Change Very Much
(Originally posted on Wordpress.com on August 11th, 2023)
In as many ways as possible, I continue using older desktop programs, some in Wine even.
It greatly annoys me that when a problem has been solved, we have to bury the thing alive in layers of garbage until it can barely move anymore, like modern Web browsers, or Windows.
I was mentioning earlier in IRC that I continue using Winamp 2 in Wine, and it doesn’t stop working. I use an unreleased leaked build from 2003 called “2.95”.
AOL never did anything about the leak. It was them that leaked it by mistake and when they leaked it, it had the same license as any other version of Winamp, meaning that there was nothing they could do really.
20 years later, it still runs. MP3 hasn’t changed. Ogg Vorbis hasn’t changed. Not in any way that affects playing it back.
There’s now an Opus plug-in that’s compiled for Winamp 2 that would still even work on Windows 9x.
Other than it looking a little funky with the interface scaled to 2x and the minibrowser you close anyway not doing anything (in Wine at least, because IE isn’t there), it works like it was supposed to.
Best of all, there’s nobody changing the interface.
The program was designed such that everything’s a plug-in. People have created alternative MP3 decoders based on mpg123, and new versions of in_vorbis.dll as well.
So basically, why shouldn’t I still use it?
I keep hearing that Audacious exists and is Free Software and is maintained.
Well, of course it is, but I don’t honestly like that. The GUI changes, the GUI toolkit gets “upgraded” and toolkit people are notorious for making pointless GUI changes and adding bugs.
Winamp 2.95 does everything I need it to do and apparently enough people agree or else it wouldn’t continue having community updates through the plug-in system.
Yes, there are newer audio programs, Free Software and otherwise, but this was the first program that actually played MP3s and didn’t make a huge issue out of the GUI. I ended up using it in the 90s (before AOL even) and even with the old “Nitrane” MP3 decoder (which wasn’t accurate and failed the ISO conformance) because it was good enough to work even then.
Roy Schestowitz mentioned engineers as practical people. I’m not an engineer, but I am practical. There’s really nothing that’s been done on the front of Human Interfaces since the early 2000s that’s worth a warm pitcher of piss.
Firefox was a regression from Mozilla Suite at the time and I still use SeaMonkey because the Firefox HIG is an ungodly mess.
By attempting to be “simple” and “clean”, they end up actually throwing all the settings, icons, and preferences into a few “junk drawers” and they change the interface again every few years and it’s really just a form of negative work.
Modern HIGs are basically a march to dumb down the PC until it’s like cell phone apps.
Everyone waving a cell phone with one button on it in one hand and their dick in the other hand.
I’m considering jumping over to a non-GNOME desktop environment for this reason.
The inmates run the asylum, and IBM Red Hat has so much influence over it that it’s basically a wing of IBM at this point.
Every time I update GNOME it feels more like a broken iPhone.
I played around with Fedora Kinoite on my older laptop and Wayland seems to work in KDE now. I’m considering getting all of my files properly backed up and nuking Fedora, because IBM is a disease, as I’ve blogged about previously.
I could probably put Debian 12 KDE on my system, but I asked and they don’t have a SeaMonkey package.
Roy mentioned PCLinuxOS and they not only don’t have GNOME at all, but they also package the current SeaMonkey. (Big positive factor.)
Some posers and trolls needle me for using SeaMonkey, but here’s the truth about security. There’s not really much you can do about “security” that’s better than just installing your patches and limiting the Web garbage that can run active code and watching where you get your software. The corporations in the driver’s seat are making all of this harder to manage. Red Hat making people turn to untrustworthy software sources for lack of resources to maintain the Fedora project, Google and Mozilla making the Web 100 times more bloated every time they shit a browser update. It’s horrific.
Even the same people who push these bloated software updates out admit that once you use their product you’ve already lost, so they go looking for ways to “contain” all of the exploit code they know they’re adding with more “sandbox” layers.
Tor Browser is dangerous for being based on Firefox and having most of the same holes.
The latest Tor Browser, showing it’s configured to run WASM by default.
The monthly Mozilla patches show us all the lovely WASM CVEs that are discovered, but in a system so complex, it’ll never end. So enjoy the Tor browser and when the State Actors say “WAASM UPPPPPPPP!?” don’t say nobody warned you.
Anything with WASM support is a damn hazard. In addition to browsing with ublock-origin and NoScript on SeaMonkey, I turned WASM off. Active Code is a never ending security mess that will never get better. Don’t look for it to. Be happy with what you have.
“Hey Firefox, put all this garbage, active code, sandbox escapes for malware implants, and fingerprinting crap on all eight cores please! LOAD IT UP!”
"I’m just a little black rain cloud
Hovering under the honey tree
I’m only a little black rain cloud
Pay no attention to little me
Oh, everyone knows that a rain cloud
Never eats honey, no, not a nip
I’m just floating around over the ground
Wonderin’ where I will drip
Oh, everyone knows that a rain cloud
Never eats honey, no, not a nip
I’m just floating around over the ground
Wonderin’ where I will drip"
-Winnie The Pooh – Little Black Rain Cloud
(Why on Earth would anyone feel safe browsing with Tor Browser in the default state? Obvious honeypot is obvious.)
I disable a ton of junk (backported from Firefox) in my browser and mostly read static documents and check my email and use IRC. SeaMonkey is great for me.
Recently Reddit made it difficult to use “New Reddit” with SeaMonkey. I tried various user agents from less capable Modern browsers like Safari, and even tried to provoke an Internet Exploder 11 fallback if they had one, but the new code is just fucked. Thankfully, there’s still Old Reddit and the various libreddit proxies if I want to look at something. I also use the Gemini NewsWaffle and Chilly Weather through a Gemini Web Proxy. That way I don’t get a mountain of JavaShit and cookies I don’t want, and paywalls, and IBM’s other monster, the Weather Channel.
If it gives SeaMonkey problems, the site is misbehaved and poorly designed and possibly malicious, and there’s usually another way to get at it.
The way I use SeaMonkey, it’s much more pleasant, and safer, than Firefox.
Debian probably dropped SeaMonkey first. The way I recall Ubuntu having SeaMonkey was one of Canonical’s usual “copy Debian’s repo at some point and THEN never patch anything for security”. They did it to Epiphany and WebkitGTK as well!
Michael Catanzaro blogged about the CVEs they allowed to pile up.
He shamed them into straightening up on those two packages, but here’s the situation when he blogged about it in 2016.
"Ubuntu
Ubuntu releases WebKitGTK+ updates somewhat inconsistently. For instance, Ubuntu 14.04 came with WebKitGTK+ 2.4.0. 2.4.8 is available via updates, but even though 2.4.9 was released upstream over eight months ago, it has not yet been released as an update for Ubuntu 14.04.
By comparison, Ubuntu 15.10 (the latest release) shipped with WebKitGTK+ 2.8.5, which has never been updated; it’s affected by about 40 vulnerabilities fixed in the latest upstream release. Ubuntu organizes its software into various repositories, and provides security support only to software in the main repository. This version of WebKitGTK+ is in Ubuntu’s “universe” repository, not in main, so it is excluded from security support. Ubuntu users might be surprised to learn that a large portion of Ubuntu software is in universe and therefore excluded from security support; this is in contrast to almost all other distributions, which typically provide security updates for all the software they ship.
I’m calling out Ubuntu here not because it is specially-negligent, but simply because it is our biggest distributor. It’s not doing any worse than most of our other distributors."
-Michael Catanzaro
As if that wasn’t bad enough, Canonical also broke WebkitGTK so that some images wouldn’t display and YouTube videos were broken.
Some of the largest and most corporate Linux distributions are also the most sloppy and terrible.
Brimming with security holes and a lot of hacks and bad patches.
There’s nothing about Ubuntu that screams professionalism. It barely works at all, when it does, here be dragons. There’s all sorts of horrors I could go into, including what it took for me to fork a Linux kernel and make it work with all the crackpot asshattery going on that passes for engineering at Canonical.
I’m not even a software engineer and when I went digging it soon became obvious to me that I probably shouldn’t be trusting anything terribly important to a computer running Ubuntu. I’ve heard (although I never used Ubuntu during the ZFS file system debacle), that they even managed to add ways to lose data to ZFS. Which isn’t terribly surprising considering it’s a crackpot driver under a non-GPL compatible license, that’s not part of the kernel, and Ubuntu has sort of kludged together something that maybe boots if you don’t piss it off terribly by mistake. I didn’t even have to use ZFS to get this impression. When the bugs started hitting Launchpad it was a “get the popcorn out” moment.
Who needs cable?
Anyway, Ubuntu’s out. It’s garbage, it’s not secure, it’s got crackpot patches and copyright-violating modules. And they’re a Microsoft Azure partner, of course.
I may spin up several candidates to replace Fedora in Fedora on GNOME Boxes and play around with them and press all the buttons and see how easy they are to break.
When I used to occasionally distro hop on older computers in the 2000s, I ended up with shoddy craftsmanship like YaST on OpenSUSE circa 2007-2008 which would break the whole damn system if you added a couple extra software repos, and Sabayon Linux where you would click a button and have to wait for it to install a package for like an hour.
Even Ubuntu and Fedora aren’t shit shows in those ways (but they almost try to invent new ways to be a shit show of their own).
When you have a spare computer it’s easier to laugh when you press a button and chant “BROKEN SYSTEM CHA CHA CHA! BROKEN SYSTEM CHA CHA CHA!”
The Free Software community has been nearly obliterated by sabotage and subterfuge.
Microsoft on a bullhorn (with their moles in tow) shouting “Don’t run, we are your friends!” (“And we have a CoC!”)
It’s sort of like, “Why are you on Fedora?” (Edit: I have since replaced Fedora with openSUSE Leap KDE)
I ask that so I can answer. Because other major distributions have been infiltrated and ruined.
Like the damned Terminator in the bunker that got past the dogs and guards.
That’s why the #Fedora moderators on Libera Chat gets away with, basically, hate crimes and disorderly conduct, even though there’s a CoC.
They are a collection of toxic individuals that are “untouchable” because they’re in thick with the muckity mucks on the network.
Every time you re-settle somewhere, the bad guys roll over the border again and set up another vassal state of Microsoft.
I must stress that it’s not Free Software that’s the problem here. It’s a couple lousy corporations and Microsoft causing a lot of problems in distributions that used to be really popular. And I’m just some aging hipster that doesn’t currently know what the cool kids are using.
Although I have to say I was amused that “Mr. Hate Crime” & Friends in the Fedora room is still reading my blog intently, obsessed with what I might say about their rotting pile of crap (apparently without enough developers to package LibreOffice at this point) next.
I think I’ve vented enough of my frustrations about the toxic quacks that they’ll let into some of these communities lately.
Recommendations about competent distributions of GNU/Linux are welcome.
(As a quick aside, Matthew Garrett mentioned on his blog about taking the utterly pointless long way around when he found a Fedora laptop that was 5 YEARS out of date…..very secure…and he went poking around trying to skip 10 versions by opening things in hex editors when he could have done things like just tell RPM here’s a package, don’t verify it, and clobber this other one clobber clobber, and it’s the next RPM and the fedora-gpg-keys. It amused me. It’s like watching Mr. Bean trying to figure out how to perform dentistry on himself after whacking the dentist out cold, and filling three extra teeth as he rotated the x-ray around, just to be sure.)