Re: [CentOS] XScreenSaver

[Nicolas Kovacs]

Le 08/04/2018 à 14:53, Jonathan Billings a écrit :
> It appears that the spec file actually patches xscreensaver to change
> the time bomb date to be the build time, so you’d only need to
> rebuild it to make it stop. (The EPEL maintainer could too)
> 
> https://src.fedoraproject.org/rpms/xscreensaver/blob/epel7/f/xscreensaver.spec#_440
>

I just rebuilt XScreenSaver from the EPEL SRPM, and the annoying popup
disappeared indeed. I'll just put the resulting packages in my Yum repo,
along with a reminder to rebuild them once a year.

Thanks!

Niki

-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : i...@microlinux.fr
Tél. : 04 66 63 10 32
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] XScreenSaver

[Valeri Galtsev]

On Mon, April 9, 2018 8:34 pm, Stephen John Smoogen wrote:
> On 9 April 2018 at 04:47, Tom Grace 
> wrote:
>> On 09/04/2018 07:47, Nicolas Kovacs wrote:
>>> I didn't know a screensaver was that critical.
>>
>> It's critical in that XScreenSaver deals with locking the screen/dealing
>> with passwords. I believe the fancy animation bits are separate.
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>
> xscreensaver is security critical for the following reasons:
> 1. Several of the screensavers take user input which may not be the
> main user. If the software has a security problem. those plugins could
> overwrite the users data.
> 2. If the user is expecting that the xscreensaver is locking out a
> user and it does not then that is security related
> 3. The way X works is that every X application can listen to all mouse
> and keyboard actions. This also has a security context.
>
> For many sites, any of these make Xscreensaver into a high security
> item. It makes perfect sense from jwz's point of view because several
> times something 'simple' in an xscreensaver code has turned into a
> meltdown somewhere. And the fact that people email him before emailing
> the EPEL maintainer or opening a bugzilla about it says his time is
> better served saying "not my problem mate."

Thanks, Stephen, for returning the sanity to the World!

Valeri

>
> --
> Stephen J Smoogen.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>



Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] XScreenSaver

[Stephen John Smoogen]

On 9 April 2018 at 04:47, Tom Grace  wrote:
> On 09/04/2018 07:47, Nicolas Kovacs wrote:
>> I didn't know a screensaver was that critical.
>
> It's critical in that XScreenSaver deals with locking the screen/dealing
> with passwords. I believe the fancy animation bits are separate.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos

xscreensaver is security critical for the following reasons:
1. Several of the screensavers take user input which may not be the
main user. If the software has a security problem. those plugins could
overwrite the users data.
2. If the user is expecting that the xscreensaver is locking out a
user and it does not then that is security related
3. The way X works is that every X application can listen to all mouse
and keyboard actions. This also has a security context.

For many sites, any of these make Xscreensaver into a high security
item. It makes perfect sense from jwz's point of view because several
times something 'simple' in an xscreensaver code has turned into a
meltdown somewhere. And the fact that people email him before emailing
the EPEL maintainer or opening a bugzilla about it says his time is
better served saying "not my problem mate."

-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] XScreenSaver

[Tom Grace]

On 09/04/2018 07:47, Nicolas Kovacs wrote:
> I didn't know a screensaver was that critical.

It's critical in that XScreenSaver deals with locking the screen/dealing
with passwords. I believe the fancy animation bits are separate.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] XScreenSaver

[Pete Biggs]

> It's not rocket science: someone on your distro's team just needs to
> update it ONCE A YEAR. If that is too onerous for them, then I'd prefer
> that they not distribute my software at all.

And that just goes to show that he knows not what CentOS is - since
clearly he doesn't realise that it is NOT distributed by CentOS at all.
I suspect RH don't touch it for this very reason.

> 
> If you don't like the way XScreenSaver works, then don't run it. I hear
> GNOME Screensaver is a thing that also exists. See how that works out
> for you instead."
> 
> I didn't know a screensaver was that critical.
> 
I tend to go along with Gnome when it comes to screen savers: they
serve no purpose what so ever other than eye candy. Don't bother with
them. Just configure Gnome to lock the session and blank the screen so
the monitor turns off.

If your corporate masters require uplifting messages to be shown on all
the screens, then require them to provide you with the resources to
sort out the software.

P.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] XScreenSaver

[wwp]

Hello,


On Sun, 08 Apr 2018 18:10:35 -0700 Keith Keller 
 wrote:

> On 2018-04-08, Nicolas Kovacs  wrote:
> > Le 09/04/2018 à 00:33, Keith Keller a écrit :  
> >> I think you can use the --no-splash switch.
> >> 
> >> https://www.jwz.org/xscreensaver/man1.html
> >> 
> >> There's probably also a config setting in .xscreensaver.  
> >
> > No, there's no configuration setting. And no way to turn it off.  
> 
> Not even --no-splash?  That option shows up right on JWZ's site.

Years ago I was using xscreensaver with --no-splash and had no problem
with it. But, I must admit that I gave up with xscreensaver just
because I was using the blank screen feature + power management
settings, and the screensaver service provided by GNOME is just
equivalent and more simple to get (anything but a blank screen is NOT a
screen or energy *saver*, it's an entertainment). I presume KDE has its
own too, so, with regards to the feature, we really don't need
xscreensaver and the whole discussion here and without the author is a
loss of time. Even to the OP of this thread, I'd not recommend using
xscreensaver for school computers administration, he's losing time and
energy.


Regards,

-- 
wwp


pgpZlEImimtA0.pgp
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] XScreenSaver

[Nicolas Kovacs]

Le 09/04/2018 à 03:04, Chris Adams a écrit :
> It's Open Source - patching to remove such a nag is legal and a service
> to the users.
> 
> It's a screensaver program - how many updates does it need anyway?  If
> it is just updates to add more fancy animations, there is zero reason to
> demand people upgrade.

Here's the exact response I got from the developer after asking for help:

"I am not going to go out of my way to help you run security-critical
software that is YEARS out of date. In fact, I consider it my
responsibility to do exactly the opposite.

It's not rocket science: someone on your distro's team just needs to
update it ONCE A YEAR. If that is too onerous for them, then I'd prefer
that they not distribute my software at all.

If you don't like the way XScreenSaver works, then don't run it. I hear
GNOME Screensaver is a thing that also exists. See how that works out
for you instead."

I didn't know a screensaver was that critical.

Niki

-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : i...@microlinux.fr
Tél. : 04 66 63 10 32
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] XScreenSaver

[Keith Keller]

On 2018-04-08, Nicolas Kovacs  wrote:
> Le 09/04/2018 à 00:33, Keith Keller a écrit :
>> I think you can use the --no-splash switch.
>> 
>> https://www.jwz.org/xscreensaver/man1.html
>> 
>> There's probably also a config setting in .xscreensaver.
>
> No, there's no configuration setting. And no way to turn it off.

Not even --no-splash?  That option shows up right on JWZ's site.

--keith

-- 
kkel...@wombat.san-francisco.ca.us


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] XScreenSaver

[Chris Adams]

Once upon a time, Nicolas Kovacs  said:
> No, there's no configuration setting. And no way to turn it off. Patrick
> Volkerding wrote about this some time ago in Slackware's ChangeLog.txt,
> explaining he decided to upgrade this single piece of software
> mid-release just to get rid of the nagging warning screen.

It's Open Source - patching to remove such a nag is legal and a service
to the users.

It's a screensaver program - how many updates does it need anyway?  If
it is just updates to add more fancy animations, there is zero reason to
demand people upgrade.
-- 
Chris Adams 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] XScreenSaver

[Nicolas Kovacs]

Le 09/04/2018 à 00:33, Keith Keller a écrit :
> I think you can use the --no-splash switch.
> 
> https://www.jwz.org/xscreensaver/man1.html
> 
> There's probably also a config setting in .xscreensaver.

No, there's no configuration setting. And no way to turn it off. Patrick
Volkerding wrote about this some time ago in Slackware's ChangeLog.txt,
explaining he decided to upgrade this single piece of software
mid-release just to get rid of the nagging warning screen.

-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : i...@microlinux.fr
Tél. : 04 66 63 10 32
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] XScreenSaver

[Keith Keller]

On 2018-04-08, Nicolas Kovacs  wrote:
>
> As far as I can tell, there would be several solutions to this problem.
>
> 1. Ask the EPEL maintainers to keep the application up-to-date.
>
> 2. Patch the darn thing so I don't get the annoying popup.
>
> 3. Maintain my own up-to-date version of XScreenSaver in my private repo.

I think you can use the --no-splash switch.

https://www.jwz.org/xscreensaver/man1.html

There's probably also a config setting in .xscreensaver.

But it was probably worth seeking a patch just to get that classic
response.  ;-)

--keith

-- 
kkel...@wombat.san-francisco.ca.us


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] XScreenSaver

[Frank Cox]

On Sun, 8 Apr 2018 22:28:04 +0200
Nicolas Kovacs wrote:

> This mister JWZ just blogged and tweeted loudly about it,

He apparently doesn't understand what his own software does, either:

"They had to CLICK OK on a dialog box after they rebooted!!"

The dialog box comes up when you log in, not when  you reboot, and there is no 
OK in the box to click on; it just goes away on its own.

-- 
MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] XScreenSaver

[(RS) Tyler Schroder]

Yikes, that's a good baseline for drama. That twitter profile picture should be 
a big enough red flag

Archived for posterity: 
https://web.archive.org/web/20180408204046/https://www.jwz.org/blog/2018/04/looks-like-todays-the-day-that-centos-users-lose-their-god-damned-minds/
 && 
https://web.archive.org/web/20180408204243/https:/twitter.com/jwz/status/983061118863032320
 

R. S. Tyler Schroder

-Original Message-
From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Nicolas Kovacs
Sent: Sunday, April 8, 2018 4:28 PM
To: centos@centos.org
Subject: Re: [CentOS] XScreenSaver

Le 08/04/2018 à 21:47, Stephen John Smoogen a écrit :
> Yeah that is pretty classic JWZ... well except he didn’t say something 
> anatomically impossible. I think he may have mellowed a bit.

This mister JWZ just blogged and tweeted loudly about it, and it looks like he 
hates CentOS as much as he hates Debian. Coming from a guy whose blog looks 
like a russian porn site from around 1998, I guess this is some form of praise.

https://www.jwz.org/blog/2018/04/looks-like-todays-the-day-that-centos-users-lose-their-god-damned-minds/

I'm a bit tired of these drama queens.

Niki

--
Microlinux - Solutions informatiques durables 7, place de l'église - 30730 
Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr 
Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] XScreenSaver

[Nicolas Kovacs]

Le 08/04/2018 à 21:47, Stephen John Smoogen a écrit :
> Yeah that is pretty classic JWZ... well except he didn’t say something
> anatomically impossible. I think he may have mellowed a bit.

This mister JWZ just blogged and tweeted loudly about it, and it looks
like he hates CentOS as much as he hates Debian. Coming from a guy whose
blog looks like a russian porn site from around 1998, I guess this is
some form of praise.

https://www.jwz.org/blog/2018/04/looks-like-todays-the-day-that-centos-users-lose-their-god-damned-minds/

I'm a bit tired of these drama queens.

Niki

-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : i...@microlinux.fr
Tél. : 04 66 63 10 32
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] XScreenSaver

[Nicolas Kovacs]

Le 08/04/2018 à 21:47, Stephen John Smoogen a écrit :
> Yeah that is pretty classic JWZ... well except he didn’t say
> something anatomically impossible. I think he may have mellowed a
> bit. I will see if the EPEL version can be updated. Also to make sure
> that he doesn’t get the bugs since he doesn’t want them :)

Thanks very much. Judging from the follow-up mail I just got, the guy's
just your average drama queen who believes his software is more critical
to any Linux system than the kernel, the libc and the shell combined.

Yeah, updating the package in EPEL would be nice.

Cheers,

Niki

-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : i...@microlinux.fr
Tél. : 04 66 63 10 32
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] XScreenSaver

[Stephen John Smoogen]

On Sun, Apr 8, 2018 at 1:06 PM Nicolas Kovacs  wrote:

> Le 08/04/2018 à 13:54, Nicolas Kovacs a écrit :
> > As far as I can tell, there would be several solutions to this problem.
> >
> > 1. Ask the EPEL maintainers to keep the application up-to-date.
> >
> > 2. Patch the darn thing so I don't get the annoying popup.
> >
> > 3. Maintain my own up-to-date version of XScreenSaver in my private repo.
> >
> > Any thoughts about this?
>
> I just got the following response from Jamie Zawinski, the XScreenSaver
> developer:
>
> "Yes, your distro sucks, and I wish they would stop redistributing my
> software if they refuse to keep it up to date."
>
> He apparently had the same reaction with the Debian guys.



Yeah that is pretty classic JWZ... well except he didn’t say something
anatomically impossible. I think he may have mellowed a bit. I will see if
the EPEL version can be updated. Also to make sure that he doesn’t get the
bugs since he doesn’t want them :)


>
> Niki
>
> --
> Microlinux - Solutions informatiques durables
> 7, place de l'église - 30730 Montpezat
> Site : https://www.microlinux.fr
> Blog : https://blog.microlinux.fr
> Mail : i...@microlinux.fr
> Tél. : 04 66 63 10 32
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] XScreenSaver

[Nicolas Kovacs]

Le 08/04/2018 à 13:54, Nicolas Kovacs a écrit :
> As far as I can tell, there would be several solutions to this problem.
> 
> 1. Ask the EPEL maintainers to keep the application up-to-date.
> 
> 2. Patch the darn thing so I don't get the annoying popup.
> 
> 3. Maintain my own up-to-date version of XScreenSaver in my private repo.
> 
> Any thoughts about this?

I just got the following response from Jamie Zawinski, the XScreenSaver
developer:

"Yes, your distro sucks, and I wish they would stop redistributing my
software if they refuse to keep it up to date."

He apparently had the same reaction with the Debian guys.

Niki

-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : i...@microlinux.fr
Tél. : 04 66 63 10 32
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] XScreenSaver

[Nicolas Kovacs]

Le 08/04/2018 à 16:25, Valeri Galtsev a écrit :
> This is a big change, so it must be prompted by substantial reason.
> Would you mind share it: what about slackware was that bad to prompt
> it.
> 
> Thanks a lot for your insights!

At the time of the change, about a year ago, I've written a short blog
text (in english) about the subject.

https://blog.microlinux.fr/slackware-centos/

Cheers,

Niki

-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : i...@microlinux.fr
Tél. : 04 66 63 10 32
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] XScreenSaver

[Valeri Galtsev]

On Sun, April 8, 2018 6:54 am, Nicolas Kovacs wrote:
> Hi,
>
> I'm currently moving all our local school's desktop clients from
> Slackware 14.1 to CentOS 7 + Xfce. Right now I'm fine-tuning the default
> user profile.

This is a big change, so it must be prompted by substantial reason. Would
you mind share it: what about slackware was that bad to prompt it.

Thanks a lot for your insights!

Valeri

>
> I have a problem with XScreenSaver. The application per se works very
> well. Only there's a hard-coded pop-up window that reminds the user that
> he's not running the latest version. So, if I'm running version 5.36 as
> provided by the EPEL repo and not the latest and greatest 5.38 as
> provided upstream, I get a pestering pop-up window informing me that
> YOUR VERSION OF XSCREENSAVER IS VERY OLD. This functionality is
> apparently hard-coded, since there's no way to deactivating it.
>
> The Slackware distribution seems to have solved the problem by promising
> upstream to keep things up-to-date.
>
> For the moment I simply work without it, because I'm annoyed by my users
> phoning me and asking me what's this thing with their screensaver being
> too old.
>
> As far as I can tell, there would be several solutions to this problem.
>
> 1. Ask the EPEL maintainers to keep the application up-to-date.
>
> 2. Patch the darn thing so I don't get the annoying popup.
>
> 3. Maintain my own up-to-date version of XScreenSaver in my private repo.
>
> Any thoughts about this?
>
> Cheers,
>
> Niki
> --
> Microlinux - Solutions informatiques durables
> 7, place de l'église - 30730 Montpezat
> Site : https://www.microlinux.fr
> Blog : https://blog.microlinux.fr
> Mail : i...@microlinux.fr
> Tél. : 04 66 63 10 32
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>



Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] XScreenSaver

[Jonathan Billings]

On Apr 8, 2018, at 07:54, Nicolas Kovacs  wrote:
> 
> Hi,
> 
> I'm currently moving all our local school's desktop clients from
> Slackware 14.1 to CentOS 7 + Xfce. Right now I'm fine-tuning the default
> user profile.
> 
> I have a problem with XScreenSaver. The application per se works very
> well. Only there's a hard-coded pop-up window that reminds the user that
> he's not running the latest version. So, if I'm running version 5.36 as
> provided by the EPEL repo and not the latest and greatest 5.38 as
> provided upstream, I get a pestering pop-up window informing me that
> YOUR VERSION OF XSCREENSAVER IS VERY OLD. This functionality is
> apparently hard-coded, since there's no way to deactivating it.
> 
> The Slackware distribution seems to have solved the problem by promising
> upstream to keep things up-to-date.
> 
> For the moment I simply work without it, because I'm annoyed by my users
> phoning me and asking me what's this thing with their screensaver being
> too old.
> 
> As far as I can tell, there would be several solutions to this problem.
> 
> 1. Ask the EPEL maintainers to keep the application up-to-date.
> 
> 2. Patch the darn thing so I don't get the annoying popup.
> 
> 3. Maintain my own up-to-date version of XScreenSaver in my private repo.
> 
> Any thoughts about this?

It appears that the spec file actually patches xscreensaver to change the time 
bomb date to be the build time, so you’d only need to rebuild it to make it 
stop. (The EPEL maintainer could too)

https://src.fedoraproject.org/rpms/xscreensaver/blob/epel7/f/xscreensaver.spec#_440

JWZ would prefer people not patch out the time bomb (and stop calling the time 
bomb a time bomb, too bad). He’d rather people not use xscreensaver at all. He 
probably is annoyed about getting bug reports from users of distros that have 
an out of date version, but I have to say his solution is pretty caustic. 

--
Jonathan Billings

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos