SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The reality is people shouldn't be using konqueror from KDE4 if they want a secure browsing experience (no clue if the one from Plasma5 is any better).
If Konqueror was a monolithic program, then not using it would be easy --> one could ignore it, or remove it with no concern of breaking anything.
However, Konqueror is not monolithic --- it is /usr/bin/konqueror", and at least three libraries: "khtml", "webkit", and "kjs". These libraries are available for use by all other software which runs on the computer, and it appears that at least some of these libraries are obsolete. Since I am aware of the Spectre attack which is implemented using JavaScript, I have been concentrating my investigation on "kjs".
Quote:
Originally Posted by bassmadrigal
I highly doubt the webengine for KDE4 or Plasma5 sees as much development as Blink (from Chromium) and Gecko (from Firefox).
Did you know Blink is a fork of the WebCore part of Webkit; and WebKit has two parts WebCore and JavaScriptCore, which are forks of "khtml" and "kjs"? It is not clear what the developers of all this software are doing, however it appears that some of the new code for Blink is being backported into WebKit, and that some of the new code for WebKit was being backported into "khtml" up until it was discontinued (I read "khtml" was discontinued on 2019/Dec/14).
I think it is very important that the libraries of KDE do not have vulnerabilities. It appears that a few years ago the developers of KDE4 essentially put KDE4 out to pasture (from what I read, KDE4 gets very little attention (which is reasonable for something that has been put out to pasture)).
I am somewhat aware of KDE5/Plasma, and have read that there is some large difficulty with getting KDE5 and Slackware to work together. Somewhere over the last few months I came across a good article or weblog entry about this difficulty, and now I can not find this in order to re-read it. :-(
Distribution: Slackware64-current with "True Multilib" and KDE4Town.
Posts: 9,126
Rep:
Quote:
Originally Posted by baumei
......I am somewhat aware of KDE5/Plasma, and have read that there is some large difficulty with getting KDE5 and Slackware to work together. Somewhere over the last few months I came across a good article or weblog entry about this difficulty, and now I can not find this in order to re-read it. :-(
AlienBob provides step-by-step instructions on how to remove kde4 and then install kde5, for Slackware-current. Once installed kde5 works.
It comes down to a matter of personal preference.
Some users like kde5, some do not.
I realize that many people have said to cease with 14.2, and to use -current instead. If the candidate computer was only a single computer for me, then I would consider doing so, despite it being well understood that using development grade software for production-use computers is not a good idea --- because it would be only my stuff which would be trashed if something went wrong. However, I maintain quite a few Slackware 14.2 computers for other people, and I think it would be inappropriate for me to put -current on their production computers.
From my reading about KDE4, I think at least some parts of it are so obsolete that these are no longer reasonable to use on production-grade computers. Based on the earlier posts in this thread, and based on my other reading, it appears to me that KDE4 was put out to pasture several years ago, and these days gets little to no inspection for vulnerabilities, and any fixing of KDE4 by the developers is on the back-burner (which is reasonable for software in the pasture).
So, it appears to me:
(a) AlienBOB says KDE-5_17.11 for Slackware 14.2 is not fit to use, because 5_17.11 has not been maintained in several years;
(b) at least some important parts of KDE4 are obsolete; and
(c) Slackware-current is not reasonably suitable for production use.
According to my recollection, for Slackware 14.2, the article I [have] not yet been able to find again said that AlienBOB stopped on the version of KDE5 which he did (5_17.11), because later versions of KDE5 were <impossible(?), very difficult(?), (I do not remember)> to install on Slackware 14.2.
So, it appears to me:
(a) AlienBOB says KDE-5_17.11 for Slackware 14.2 is not fit to use, because 5_17.11 has not been maintained in several years;
(b) at least some important parts of KDE4 are obsolete; and
(c) Slackware-current is not reasonably suitable for production use.
According to my recollection, for Slackware 14.2, the article I not yet been able to find again said that AlienBOB stopped on the version of KDE5 which he did (5_17.11), because later versions of KDE5 were <impossible(?), very difficult(?), (I do not remember)> to install on Slackware 14.2.
However, Konqueror is not monolithic --- it is /usr/bin/konqueror", and at least three libraries: "khtml", "webkit", and "kjs". These libraries are available for use by all other software which runs on the computer, and it appears that at least some of these libraries are obsolete. Since I am aware of the Spectre attack which is implemented using JavaScript, I have been concentrating my investigation on "kjs".
I don't know of any browsers that rely on the KDE libraries that aren't a part of KDE itself.
Quote:
Originally Posted by baumei
Did you know Blink is a fork of the WebCore part of Webkit; and WebKit has two parts WebCore and JavaScriptCore, which are forks of "khtml" and "kjs"? It is not clear what the developers of all this software are doing, however it appears that some of the new code for Blink is being backported into WebKit, and that some of the new code for WebKit was being backported into "khtml" up until it was discontinued (I read "khtml" was discontinued on 2019/Dec/14).
Yes, There has been a lot of forks over the years, but blink is probably quite a bit different now than when it was originally forked. KHTML was forked to webkit by Apple, which was then forked to blink by Google.
There's really only 3 major engines that led to what we have today (which is really based off of 2 engines). Gecko is the longtime engine of Mozilla, Trident is the engine for Internet Explorer (which has been discontinued as they've switched to Edge, which is now using Blink), and KHTML, which as I mentioned, led to webkit (still in use by Apple for iOS browsers and Safari on other platforms), then to blink.
Quote:
Originally Posted by baumei
I think it is very important that the libraries of KDE do not have vulnerabilities. It appears that a few years ago the developers of KDE4 essentially put KDE4 out to pasture (from what I read, KDE4 gets very little attention (which is reasonable for something that has been put out to pasture)).
The browsing libraries that are vulnerable appear to only be used when using the browsers included with KDE are used. If you aren't using Konqueror and are using Chrome/Firefox/Vivaldi/etc, those are not using the vulnerable libraries in KDE and are only tied to the vulnerabilities that might be in the browsers themselves.
Quote:
Originally Posted by baumei
I am somewhat aware of KDE5/Plasma, and have read that there is some large difficulty with getting KDE5 and Slackware to work together. Somewhere over the last few months I came across a good article or weblog entry about this difficulty, and now I can not find this in order to re-read it. :-(
Pat hasn't announced why Plasma5 hasn't made it into -current yet. It's been speculated that he was waiting on certain other things to present in -current before adding Plasma5 (and xfce-4.14) and many speculate that it was waiting for PAM to be added (once we found out that Pat was working on it). It is obvious that Plasma5 works without PAM as Alien has been providing packages for quite some time without PAM. Hopefully PAM was the hindrance and he's now working in the background to get Plasma5 to the level he wants to to get it added to Slackware.
There's really only 3 major engines that led to what we have today (which is really based off of 2 engines). Gecko is the longtime engine of Mozilla, Trident is the engine for Internet Explorer (which has been discontinued as they've switched to Edge, which is now using Blink), and KHTML, which as I mentioned, led to webkit (still in use by Apple for iOS browsers and Safari on other platforms), then to blink.
I wonder what engine chrome and chromium are using (and deratives, of course).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.