Windows vs Ubuntu – Usability

A couple of days ago I received a new laptop, and it came with Windows (Vista). I thought I’d give it a try (haven’t touched Vista at all so far). This Windows thingy came preinstalled on this laptop, so I was thinking I could jump right into it. Wrong. Of course, I had to go through the usual post-installation procedure. Ok, no problem, just enter name, password and go. Wrong. I had to click a million times on some button to confirm or deny installations of several crapwares (no), a couple of ‘do you want to register?’ (no!), some ‘please activate!’ (nooo!), accept a hundred EULAs (ok, if I don’t I can’t get into, so, hrmpf, yes). All in all, it surely took me 20 minutes to get into the OS. And it continued to not impress me. They (MS) seem to have the leading principle of getting in the way of the user. Stupid confirmation boxes around every corner. I quickly decided to remove that stupid OS that treats me either like a criminal or like an idiot, or both.

On the positive side, doing all the installation of Ubuntu was much less fuzz than go through the Windows post installation only. Click, click, click, wait 20 minutes, ready. And in the end I have all the important stuff on my computer. I can’t even imagine how painful it would be to get all the important applications and drivers on Windows (find, download, install, confirm gazillion boxes, reboot, repeat ad infinitum – *shudder*).

The Times They Are A-Changin’

This song has been on my mind all day.

Come gather ’round people
Wherever you roam
And admit that the waters
Around you have grown
And accept it that soon
You’ll be drenched to the bone.
If your time to you
Is worth savin’
Then you better start swimmin’
Or you’ll sink like a stone
For the times they are a-changin’.

Come writers and critics
Who prophesize with your pen
And keep your eyes wide
The chance won’t come again
And don’t speak too soon
For the wheel’s still in spin
And there’s no tellin’ who
That it’s namin’.
For the loser now
Will be later to win
For the times they are a-changin’.

Come senators, congressmen
Please heed the call
Don’t stand in the doorway
Don’t block up the hall
For he that gets hurt
Will be he who has stalled
There’s a battle outside
And it is ragin’.
It’ll soon shake your windows
And rattle your walls
For the times they are a-changin’.

Come mothers and fathers
Throughout the land
And don’t criticize
What you can’t understand
Your sons and your daughters
Are beyond your command
Your old road is
Rapidly agin’.
Please get out of the new one
If you can’t lend your hand
For the times they are a-changin’.

The line it is drawn
The curse it is cast
The slow one now
Will later be fast
As the present now
Will later be past
The order is
Rapidly fadin’.
And the first one now
Will later be last
For the times they are a-changin’.

How should OpenJDK handle security?

I recently posted a problem report to an OpenJDK mailing list. I wasn’t even sure if it was a real problem, so I thought I’d bring it up for discussion. A Sun developer then replied in private and told me that this is actually a security issue, that a (non-public) bug entry has been filed in Sun bug DB and that it will be fixed soon.

I understand that Sun has special requirements for handling security issues. But this doesn’t feel right. I post a problem in public (so the info for evil hackers is out anyway), then things happen in secret labs, and at some point a fix pops up in the repos.

It could be argued that it was my fault because I bring up security issues in public in the first place, instead of first discussing them in private. But then, where is the private channel for reporting OpenJDK security issues? And more importantly, how should an innocent hacker like me (*ahem*) know that something is infact a security issue? Of course, I had a feeling that it could be one, this is why I wanted it evaluated, but then everything must be reported private-first, because many bugs can turn out to be a security issue. In closed source days, this might have made sense, because initial bugreports didn’t become public until somebody evaluated them. But for an open project like OpenJDK it doesn’t make so much sense.

So how should OpenJDK handle security issues? Some people are in the mood of refactoring OpenJDK processes, so I thought it would make sense to bring it up now.

Caciocavallo Docs

When hacking, you sometimes forget the obvious things. Like people going to your project page and seeing completely outdated information. I started updating the Cacio docs, and will add more in the next couple of days. They are now located here. The new API docs are here. Ah! I noticed that the Caciocavallo peer framework now builds with latest OpenJDK7, seems all our patches have now tickled into the main tree. Except the FontManager thing, but this is not required to build Cacio.