Dakons blog

Zitat aus einem Heise-Artikel: Die CDU/CSU-Fraktion verwies dagegen darauf, dass Sicherheitsstandards geschaffen würden, die weit über die bei einer normalen E-Mail hinausgingen. Es komme einem "Quantensprung" gleich, dass die Bürger künftig elektronisch mit der Verwaltung über sichere Verfahren kommunizieren könnten.. Ich werde das jetzt mal den tatsächlichen Fakten gegenüberstellen, weil das ein klassisches Beispiel von Neusprech ist.

Der höhere Sicherheitsstandard gegenüber klassischer Email liegt an der Verschlüsselung zwischen den am Transport der Mail legitimer Weise beteiligten Systemen. Das ist im SMTP-Standard (der regelt den Mailtransport) nicht vorgeschrieben. Es gibt aber eine Erweiterung (STARTTLS) für normalen Mailtransport, der dies nachrüstet. Sie ist aber halt optional. Und normale Email (in Deutschland also: via web.de oder GMX) bietet soetwas tatsächlich nicht. Das liegt aber nur daran das diese beiden Provider das nicht integrieren, vermutlich weil es die Last auf ihren Servern erhöhen würde. Jeder Mailserver, der was auf sich hält, implementiert diese optionale Erweiterung.

Es ist also tatsächlich ein Quantensprung was De-Mail hier bringt: die kleinste messbare Veränderung. Ansonsten ändert sich nichts. Und wer wirklich sichere Mail haben will muss sowieso die Mail von Ende zu Ende verschlüsseln, d.h. S/MIME oder PGP/GPG einsetzen.

Neulich beim Teekochen auf der Arbeit kam mir bei einem kurzen Gespräch mit einem Kollegen folgender Einfall: eine Woche lang schreiben die jetzt arbeitslosen Redakteure der Frankfurter Rundschau für Deutschlands größte schriftliche Zumutung. In genau der gleichen Aufmachung, mit genau dem gleichen Wortschatz. Nur halt nicht nur völlig belangloses oder erfundenes Zeug. Am Ende hat Deutschland auf jeden Fall gewonnen, egal welcher Fall eintritt:

1. ein paar Arbeitslose waren eine Woche in Lohn und Brot
2. die Informationsmenge in Deutschlands Bildungs-Unterschicht hat sich rapide erhöht
3. falls nicht #2, dann hat sich doch die Menge der Leser dieser riesigen Volksverdummungsmaschine vielleicht ein wenig verringert

Heise (The H) today released an article about a TLS test site from the University of Hannover. They mentioned that even newer browser don't support the 5 year old TLSv1.2 specification. Reason enough to fire up my collection of browsers and share the results.

• Opera 12.14 (Build 1738): TLSv1, DHE-RSA-AES256-SHA
• Firefox 19.0.2: TLSv1, DHE-RSA-CAMELLIA256-SHA
• Chromium 27.0.1425.0 (185065): TLSv1.1, DHE-RSA-CAMELLIA256-SHA
• Konqueror 4.10.1: TLSv1.2, DHE-RSA-AES256-GCM-SHA384

The article suggests that with some fiddling you can get Internet Explorer to support TLSv1.1 and TLSv1.2, but I can't test that because of the lack of a supported platform. So, out of the box we have the most secure TLS implementation available. We rock!

The last time I wrote about KGpg is nearly a year back, so I thought I give it some attention again. What has happened meanwhile? Nothing too important, actually. I have fixed some bugs, introduced some new, fixed them also. I did some internal improvements, but nothing earthshaking. Last week I fixed signing keys, this was probably broken the whole SC 4.9 cycle but noone noticed. Finally I ported KGpg away from synchronuous calls to KPasswordDialog, which I started at least 3 times before but never finished. Since starting gpg-agent is currently not happening automatically on login anymore in my openSUSE installations I was forced to fix it once I saw it fail.

While I was distracted from KGpg work I meanwhile did some stuff that likely most of you are already using, probably without noticing. I started pushing a bunch of patches to CMake which finally led to me getting write access to the repository, which in turn led to me doing even more cleanups there. Now most Find*.cmake modules have version selection support, the automatic handling of distinct debug and release versions for one module has been improved (wanted especially by the (KDE-)Windows people), and the usual amount of bug fixes, breakages, and fixes for these breakages have happened.

In the last few weeks I was going even one level deeper, heavily patching KWSys. This is likely something you have not heard of, but you are still using it. This is a collection of tool classes from Kitware (the guys behind CMake and other stuff) that handles platform abstraction. My point of interest was the SystemInformation class, which gives you things like logical and physical processor count (that is Hyperthreading processor vs. core), memory size and stuff like that. It started with getting some more beautiful information about my HP PA-RISC boxes (I own a Apollo 705, a C3600, and a C8000), then fixing some ARM processor flag stuff, finally adding CPU feature gathering to Win64, Irix, the BSDs, HP-UX, and AIX where they were almost entirely lacking before. And then doing the same for memory size for some of this system. Currently under review are some final cleanups to make the code more readable.

That's it from my side for the moment, let's see what happens next ;)

Wie jeder inzwischen mitbekommen haben dürfte haben sich die angekündigten Katastrophenszenarien nicht erfüllt. Und dabei meine ich nicht nur den "Jahrtausendwechsel" im Maya-Kalender. Der dabei befürchteten Weltuntergang ist zwar auch ausgefallen, aber die Ursache ist noch nicht ganz geklärt. Zur Wahl stehen neben Planungsfehlern auch noch Mängel beim Brandschutz, Lieferprobleme bei Siemens, eine plötzliche Verteuerung um 1,5 Milliarden Euro mit unklarer Kostenübernahme und ähnliches.

Im Schatten dieses Großereignisses ist eine andere angekündigte Katastrophe ausnahmsweise ausgefallen: der plötzliche, unerwartete, aber genau vorhersagbare Anstieg der Benzinpreise kurz vor den Feiertagen. Alle reden ständig von freier Marktwirtschaft, aber wenn Preisregulierung über Angebot und Nachfrage plötzlich mal funktionieren dann gibt es Proteste. (Wobei ich nicht abstreite das das geschickte Geldmacherei ist.) Die interessante Frage ist jetzt: war das Absicht oder Versehen? Wahrscheinlich wird man uns beim Anstieg zu Ostern dann erzählen das es ja alles nur Zufall ist, weil es Weihnachten 2012 keinen solchen Anstieg gegeben hat.

Der heutige Bonus für überraschende Anwandlungen von Logik bei politischen Entscheidungen geht an: die Republikaner. Die US-Amerikanischen. Das ist fast so überraschend wie es bei den hiesigen gewesen wäre. Sie haben gemerkt das das Copyright-System kaputt ist.

Gekifft haben muss wohl Frau Wulff, geb. Körner. Sie verklagt Google und andere wegen ihrer angeblichen Rotlichtvergangenheit. Ich empfehle ihr da zunächst mal die Lektüre passender Wikipedia-Artikel. Und ganz unabhängig von der Unfähigkeit ihrer PR-Berater sollte sie sich mal eines fragen: ist eine Rotlichtvergangenheit eine schwerwiegende Rufschädigung? Zumal das Gegenteil ja vermutlich zu beweise wäre. Ich jedenfalls würde mich viel mehr schämen wenn ich mir vorwerfen lassen müsste Christian Wulff geheiratet zu haben. Oder auch nur in mein Bett gelassen. (Die Autovervollständigung schlug mir da gerade Bettina vor, wie passend). Außer vielleicht man wäre jung und brauchte das Geld. Womit wir wieder am Anfang wären.

I was playing around with some content tags in CSS. Looks like I have been wrong recently when I said that Firefox still doesn't support it at all. In fact it looks like it is the only browser that does it all right.

So I created a test page and loaded it in 4 browsers. You see on the picture on top left Konqueror from KDE SC 4.8.4, Chromium 21.0.1145.0 (svn138062) to the right, bottom left Opera 11.64 (build 1403), and finally Firefox 12.0. Just in case anybody complains: I upgraded to Chromium 22.0.1190.0 (144885), Opera 12.00 (build 1467), and Firefox 14.0.1, but the rendering is still exactly the same. Benjamin Dietrich send me a screenshot showing that Safari 6.0 (8536.25) behaves exactly like Chromium. Patrick Spendrin sent in screenshots showing that Internet Explorer 8 and 9 behave the same as Firefox.

So, what's up there? If you download the file and comment out the display:none for h1 you will see explanations what happens in the different versions of the test. I will just talk about the bugs here.

Konqueror

The width calculation is slightly wrong when the content is set to "", which is done right when it is set to none (the first 2 boxes). This leads to a spurious linebreak. (Bug K1 (#304357))

When there is no content at all there is also the spurious linebreak. (Bug K2, example #4).

When there is no content at all the first elemtent shows a content that I have no idea where it comes from, possibly from invalid memory read? (Bug K3, example #4)

When there are 2 consecutive elements of the same classes that differ in their text Konqueror will completely ignore the text content of the second one and use the one of the previous (Bug K4, example #5 and last element of example #6)

CSS 2.1 spec says content applies to :before and :after pseudo elements. Konqueror nevertheless applies it to the main element also if it is specified there. Which is fine as it is allowed in CSS3 (K5 (#304355), example #1 and #2).

Chromium

if the elements have no contents element 2 is drawn on top of element 1, while the width of the ul that I use to hold the elements is big enough to hold both (bug C1, example #4).

Only supports CSS2.1 (examples #1 and #2)

Opera

shares bug K4. I assume this is also the reason why example #4 is rendered wrong here, the "T" text that should be there is just dropped because the previous example didn't have it, but the rest is rendered correctly. (Reported by Martin Riethmayer as Opera bug DSK-371115)

shares bug K5Also supports CSS3.

Firefox

Pass.

Only supports CSS2.1 (examples #1 and #2)

What's missing? I have not seen what Internet Explorer and Safari do. I assume Safari will be more or less the same as Chromium. And I have not reported all of these bugs yet. I'll do myself for the Konqueror bugs eventually, but will not do for any of the other browsers. If you would like to report any of these bugs anywhere please drop me a note so I can add links to the bug reports.

Edit: K5 was actually E1: Opera and Konqueror support CSS3 generated content where this is allowed.

Edit2: Added findings by other people and reference to Opera bug report.

... but nobody notices. I've been subscribed to kde-core-devel for a while but KHTML development seemed pretty dead. Or have you heard of cool new things in Konqueror for a while? Also the KDE changelogs did not show anything of interest, besides some small corner case and crash fixes every now and then. I'm one of those people that still have Konqueror/KHTML as their default browser. I guess most people meanwhile have switched to something else, either the engine to Webkit or to a different default browser. One day our KDE bugzilla got an upgrade, a new style, and it looked even worse than before (see the footer in the image). I can understand if people have problems with Konqueror, there are way to many things that don't work, e.g. pages heavily using JavaScript (Twitter anyone?). I for my part don't like the Webkit part because it lacks some things like edit autocomplete because of missing interfaces in Webkit. Firefox drives me insane because of the missing clear buttons in edits. And it still does not support "content" in CSS as I found out yesterday. Unbelievable.

Some month back something unexpected happen: I saw a flow of patches for KJS flow in. And from what I see Bernd Buschinski does an awesome job implementing some stuff that has been missing for a while. He is not the only one working on KHTML/KJS these days, but the one who is mostly visible on kde-core-devel through his review requests and the one who made me look at this stuff. In fact I made an offline JS compliance test through CMake possible as the online test wasn't easily configurable to run only specific tests (or omit some that were not working at all). And I even fixed one or small absolutely minor compliance issues.

So even if you did not hear much about Konqueror for a while, there has been some progress. Here are some things I remember from the not too distant past that made my daily web experience better (or will do so as some of the patches are not yet in a released version). Too bad they have not been in the official changelogs, but better those guys keep fixing stuff and forget to write it down than stop fixing it ;)

• the maximum allowed stack size usable by KJS has been raised, making e.g. the twitter log of a person work again (fixed by Martin Sandsmark)
• fix the usage of "short" variable type for position calculation which too easily overflows (fixed by Andrea Iacovitti, will be in 4.8.5 and 4.9.0, would have fixed the layout of e.g. bugs.kde.org)
• after Andrea Iacovitti found out what is wrong Sayak Banerjee and Ingo Malchow fixed the CSS on paste.kde.org and bugs.kde.org to not use text-indent: -99999px which would overflow the short, but smaller values getting the same effect, so this now even works with older Konqueror versions
• the onhashchange event is now supported by Konqueror, adding support to even more JS heavy sites making probably e.g. even more twitter stuff working (done by Martin Sandsmark)
• do not ask if a mailto: link is clicked, but just open the mail program (fixed by Martin Koller)
• patches currently under review from Bernd Buschinski will e.g. add JSON support to KJS

Ich war's nicht.