Slashdot Mirror

... to help support your position: It's also absurdly easy to create such a fake identity with cross-referencing information... ... and if you should be running something other than Debian, enjoy.

I don't like seeing the best operating system there is backsliding like this.

Then you'll be happy to know that it's not!

I'm going to focus on your last statement:

Hate to admit it, as much as MS got made fun of for rebooting after every update, it really is the way to go in a practical perspective if you don't want to be bitten by some kernel/glibc vulnerability even after you *think* you've updated.

For the moment I'm simply going to explain what a major update on a Debian box is like:
1. If glibc is updated, then a question comes up which gives the operator an opportunity to restart any and all programs currently using glibc.
2. If the kernel is updated for the same version of the kernel, the operator is warned to reboot into the new kernel as soon as possible, but is not mandated.

What you may not realize is that the reason MS's updates often require a reboot is because MS systems lack inode abstraction, where a filename points to an inode rather than to a file. This is the reason why Unix and Unix-like systems can replace files on disk without changing out the running file in memory, but MS systems can't and instead have store the files to replace in an area to do so at the next reboot.

This isn't an advantage of MS systems, it's a weakness. Because updates likely require a reboot, the updates must be avoided until such time that the machine can be rebooted. Anytime you can install updates without having to take down critical services, it's a win; and you often can't get that on a MS system. Taking that weakness and calling it a strength just doesn't make sense.

xdg-open is the command you're looking for.

Unless you're trying to open a Web page's URL on Debian, in which case you're apparently supposed to use sensible-browser instead (and, if your software uses xdg-open on UN*Xes that don't have the string "Mac OS X" in their name, the Debian package for your software patches it to use sensible-browser). It appears that not all Debian derivatives follow that path, however.

Thanks for your help, but I am pretty sure the package is broken in my case. I have been following the instructions at http://wiki.debian.org/NvidiaGraphicsDrivers, and this is not the first time that graphics support breaks on my computer, so I have dealt with this issue before. I have uninstalled all the nvidia packages and reinstalled them, and some of them complain of missing dependencies... I would show you the console output, but I am away from my main desktop right now. The problem, however, looks suspiciously like the one described here: http://osdir.com/ml/general/2011-07/msg07726.html. As I said in another post, I prefer to use packaged stuff from my distribution (Debian) than to compile the driver from nvidia on my own or use another driver than makes the GPU fan go crazy, so I will just wait it out.

The nVidia packaging was broken in Sid for one day or two because they added the multiarch support IIRC. I rolled back to the version of the previous day using the way back machine (or your package from /var/cache/apt/archives). That's the usual bread and butter for someone who wants to use Sid (is called Debian unstable for a reason).

And nVidia is working perfectly right now. I've been playing Open Arena as always just minutes ago. And the nVidia packaging is pretty damn good. The nvidia-dkms works like a charm, even if you upgrade the kernel. Of course I would still prefer open source drivers, since that would mean even less pain, and everything would be integrated. I'm pretty sure that my next graphics card will have open source drivers.

From the minutes of the March 2011 FTPMaster meeting if it's not ready for some sort of release it will be evicted from the main archives.

The TODO list is getting better ... but we shall see.

In a discussion with the Debian Hurd porters it was decided that the
Hurd port stays on FTPMaster until Wheezy is released. Should they
have managed to get the port into a state that it is released together
with all the others (probably as a technology preview), it is kept in
the archive. Should they not manage this the port will be removed from
the main archive and move fully to debian-ports.org. It may then
reenter the main archive whenever it is ready to get released with the
next release. (Obviously when we say "move to debian-ports" this does
not mean we expect the debian-ports people to "just eat it". They are
running their archive and may have their own needs and pre-conditions
prior to accepting a port, like getting help with the work that needs
to be done or with the hardware for it, so any port who has to look
for new place should ensure to coordinate with the involved people.)
In case it does not work out with debian-ports.org, the removal from
main will still be done, but we are confident that the teams can work
out something acceptable.

(thus whose physical identity has been identified MULTIPLE times by their peers including showing proof of identity in the form of passports or other physical but trusted identification document)

Citation needed

http://www.debian.org/events/keysigning

I see many people who don't use Windows questioning why you would use PuTTY.

It isn't only "PuTTY for Windows", OpenBSD has it available as a port and also a precompiled package.

Surely the Linux crowd can package it too?

Yes, they can: http://packages.debian.org/squeeze/putty

One big reason it's handy is that with it, you can generate and otherwise deal with PuTTY-formatted key files.

I myself prefer debian on servers over ubuntu.

Yea, marginally better, they are both affected by the same huge gaping security holes.

There is no line to draw Android uses the Linux kernel the same as Ubuntu and every other GNU/Linux distro.

It's a bit murkier than that. Debian can actually run without Linux. (See Debian GNU/kfreebsd.)

I've been running Debian on my SheevaPlug and DockStars since they showed up at my door step. I haven't run into many (if any) applications that weren't compiled for ARM but were for i386 or amd_64.

Sure enough, there's Compbiz.

It's bare bones, it's not always pretty, but apt has never failed me. It just works. Sid is almost always more up to date than the latest 'stable' release. They don't hard lock any packages to any release (unlike Ubuntu where if you don't want to go past 10.04, you're either stuck with back ports, adding in additional PPAs or dealing with bugs).
-
Debian / Ubuntu reminds me of a joke an old Rugby player told me. A young bull and an old bull are sitting up on a hill over looking a valley of sweet cows. The young bull gets excited and says, "Lets run down there and fuck one of those cows!". The old bull quiets him down and says, "Lets walk down there and fuck all of those cows."

Speaking of which... what are people recommending for actually dealing with this sort of stuff...?

http://www.debian.org/

Ubuntu is not the only way to use Linux, I would recommend Debian if you are having problems with Ubuntu. Ubuntu is very closely related to Debian.

Per official Debian FAQ, "aptitude is the preferred program for daily package management from console". Which kinda makes sense, since you can ignore the UI and just use "aptitude install foo" etc, same as apt-get - but with all the icing on top.

Just because I wanted to look it up:

Gentoo: Latest stable is 3.6.17, unstable is 4.0.1
http://packages.gentoo.org/package/www-client/firefox

Arch: Latest is 5.0
http://www.archlinux.org/packages/extra/i686/firefox/

Debian: Sid has Iceweasle at 3.5.19
http://packages.debian.org/sid/iceweasel

That's the point behind Iceweasel in Debian : take Firefox, and strip down updates to security fixes for the lifetime of the stable distribution. It's a pity this job isn't done upstream.

And on everyone of the other 8 comparisons, the JavaScript V8 program was slower than the corresponding Java program.

The median JavaScript V8 program was 3x slower than the corresponding Java program.

An essential factor in security is trust

I don't trust you or Microsoft. How secure am I now?

You cannot trust a website you have never seen before to load code of its choosing to be executed on a driver supplied to you by third-party which may or may not have a stellar security record themselves.

Can you trust a website you have seen before? Do you surf with Javascript disabled? And just so you know: my driver happens to be supplied by the OS vendor, who does have a sufficient security record for my desktop needs.

Especially when "modern" operating systems like Linux run drivers as part of their monolithic kernel and so probably WILL crash when the website code messes up the driver runtime.

Pics or it didn't happen. Here's my preemptive cluebat: the Linux OpenGL stack runs in userspace (Mesa), along with the direct rendering manager. The only parts inside the kernel are the modesetting code, the direct rendering interface and the command submission checker. And guess what: the command submission checker is there for security reasons.

Windows is heading in all the right directions moving their graphics driver supporing infrastracture out of the kernel into userspace. At least that way, your entire OS won't crash bringing everything down with it.

From a security standpoint, an entire OS crash is actually safer than trying to recover from an unknown state.

At worst, smart people will figure out doing their favourite things - injecting their code through good old buffer overflows and what not.

Because that can never be harmful?

This is what you get when you pair three poorly isolating systems to eachother.

Warmth in the winter, coolness in the summer?

Microsoft may have done a lot of their own mess during the years with their products' security, but for once, they are right. Not the least, becaue they probably have gotten so much flak for it they finally decided enough is enough and started going by security checklist documets and automated programs that eliminate all the obvious bugs.

Doesn't matter if they are right. WebGL affects their bottom line so they have various reasons not to implement it. Given their track record on security, it would have been better not to say anything.

I sincerely hope they're getting it, for I for one am tired of hearing everyone bash them. Look into your own backyard when you get 20 million lines of code running wildly on a several hundred million computers around the globe, thanks. Or reduce your SLOC, but that, again, is another discussion.

I do not want to have wildly running code.

An essential factor in security is trust

I don't trust you or Microsoft. How secure am I now?

You cannot trust a website you have never seen before to load code of its choosing to be executed on a driver supplied to you by third-party which may or may not have a stellar security record themselves.

Can you trust a website you have seen before? Do you surf with Javascript disabled? And just so you know: my driver happens to be supplied by the OS vendor, who does have a sufficient security record for my desktop needs.

Especially when "modern" operating systems like Linux run drivers as part of their monolithic kernel and so probably WILL crash when the website code messes up the driver runtime.

Pics or it didn't happen. Here's my preemptive cluebat: the Linux OpenGL stack runs in userspace (Mesa), along with the direct rendering manager. The only parts inside the kernel are the modesetting code, the direct rendering interface and the command submission checker. And guess what: the command submission checker is there for security reasons.

Windows is heading in all the right directions moving their graphics driver supporing infrastracture out of the kernel into userspace. At least that way, your entire OS won't crash bringing everything down with it.

From a security standpoint, an entire OS crash is actually safer than trying to recover from an unknown state.

At worst, smart people will figure out doing their favourite things - injecting their code through good old buffer overflows and what not.

Because that can never be harmful?

This is what you get when you pair three poorly isolating systems to eachother.

Warmth in the winter, coolness in the summer?

Microsoft may have done a lot of their own mess during the years with their products' security, but for once, they are right. Not the least, becaue they probably have gotten so much flak for it they finally decided enough is enough and started going by security checklist documets and automated programs that eliminate all the obvious bugs.

Doesn't matter if they are right. WebGL affects their bottom line so they have various reasons not to implement it. Given their track record on security, it would have been better not to say anything.

I sincerely hope they're getting it, for I for one am tired of hearing everyone bash them. Look into your own backyard when you get 20 million lines of code running wildly on a several hundred million computers around the globe, thanks. Or reduce your SLOC, but that, again, is another discussion.

I do not want to have wildly running code.

http://packages.debian.org/lenny/crashme Oops this piece of software is now illegal.

The link says that Fedora says the license is dangerous, but doesn't go into it at all.

Here is a more detailed explanation on the dangers from debian-legal, though it's 5 years old so I can't say whether or not it's even still relevant...

If I was going to pick only one language to work with, it would probably be LISP, but Haskell comes a very close second. I like code that does exactly what I want it to do with no side effects.

Google's comparison didn't include those languages, but The Computer Language Benchmarks Game does. SBCL and GHC are near the top in performance, so you wouldn't have to sacrifice much to use them.

Wow, they compared a whole four languages: C++, Java, Go and Scala, of which, C++ is the fastest. Is this seriously a surprise to anyone?

They didn't include several language implementations which perform better than Go according to The Computer Language Benchmarks Game, such as SBCL and GHC. They didn't even include C, which is far simpler than C++. Unless one restricts herself to the C subset of C++, she'll probably always have more overhead for things like method calls.

Perhaps this data would be more interesting.

Google has released a research paper (PDF) that suggests C++ is the best-performing language on the market.

No, they didn't. They compared four languages (C++, Go, Java and Scala) using a single algorithm, and two implementations (initial and improved) per language. Out of those, the optimized C++ turned out to be the fastest and the least memory hungry, whereas the improved Scala version used the least source code, and the improved Go version compiled the fastest.

None of this allows generalization to "best-performing programming language on the market".

It's not for everyone, though. They write, '...it also required the most extensive tuning efforts, many of which were done at a level of sophistication that would not be available to the average programmer.'

This is a very important point. If you are Google, you probably have developers who can do this kind of tuning, and you will probably benefit from it (the developer effort is expensive, but inefficient software may well be more expensive at Google's scale).

In general, though, what you want to consider is not only the best performance that has been produced by the world on a single problem, but also the performance on different problems, the variation in performance between implementations, the average performance, and the development time.

In 2000, Erann Gatt (now Ron Garret) published a paper (PDF) that showed the results of comparing 16 implementations written by 14 programmers, in C or C++ (lumped together), Java, and Common Lisp or Scheme (lumped together). These results show that the fastest programs were written in C or C++, Lisp produced the fastest programs on average, and offered the least variation in performance. Lisp also offered the shortest development time on average.

Of course, this is old data. If anyone has performed a similar study more recently, or including different problems to be solved rather than a single one, I would be very interested.

Meanwhile, the Computer Language Benchmarks Game compares many language implementations across several different tasks, with multiple programs for each task, and shows that the results differ depending on exactly how you measure.

Apparently, if you want the fastest programs, you should go with C, C++, Ada, ATS (Fortran, Common Lisp, and Python also produced fast programs, but weren't as good on average). If you want short programs (which may be expected to correlate with short development time), you might want to go with Ruby, Python, Perl, Lua, or JavaScript. If you want short development time, but also reasonable performance, then Go, Scala, or Haskell may be good choices (or you could go the time-tested route of writing what you can in rapid development languages, and the parts that need to be fast in high-performance languages).

This jibes with "common sense" and the computer-language shoot-out

It's not useless. It's nice to see multiple studies with different approaches coming to the same conclusions.

Choosing an another system may cause you to restrict your freedom on where the device runs on. GNU is incompatible with iOS app store for example.

You are mistaking between 2 different notion: freedom and possibilities. Using a GNU application will certainly add some freedom, but I may not have the possibility to use it. The later has absolutely nothing to do with freedom.

Microsoft is all about making money. FOSS developers have a large slew of reasons to release FOSS. Not all of them are good and right.

We don't care what the other FOSS developers intention are, what counts is what type of license they use. It shall not be possible for a given FOSS application to restrict my freedom, even after the application is released. If the developer is not doing a good job, someone else must be able to take over his work, and release a new version, forked from the original work. You may want to have a look to the DFSG for example, which explains this very well: DFSG.

How do you know you are not being spied with other systems as well? Systems like Skype need some infrastructure. So if there is a central repository of data for routing then it could be modified to tee the data to someone else. Heck they can just pipe off the ISPs and send some of that traffic the other way.

I know I'm not being spied on, because I use state of the art encryption, either SRTP/ZRTP for the transport and TLS for SIP, or simple TLS when I use mumble. The ISP can just pipe my data if they like, they will still not be able to spy on me.

Citation Needed. If MS can make money off of skype for linux they will put more coders on the job. Oddly enough software developers can work on multiple platforms and languages.

I specifically pointed out the bug tracker system of Skype because it's there. Feel free, search in it, and you'll find it out. I've done my homework, please do yours before replying to someone.

Because not too many people use Skype on Linux... Sorry... Linux is a Server OS not a desktop OS. If it crashes perhaps because Linux is open source you can make a patch to work around those issues.

Well, I've been using Debian as my main Desktop system since 2004. My wife, her father, mother and sister are also using Debian or Ubuntu as their operating system. Oddly enough, for all of them, it was more easy and safer to use Ubuntu. I didn't have to reinstall the OS (it just worked), and as they didn't know Windows much, they didn't complain, and were very happy about it. Why are you saying Linux isn't for Desktop? Are you frustrated?
As for the crashes of Linux, no, we do not have the source code of Skype, so we can't fix it. Are you saying that suddenly, they released an open source version? Gosh, this should make the headlines of Slashdot!

Perhaps it is purple from Pidgins fault not skype.

It's not. We don't know the way Skype works, because it's a closed technology. Unless you are really good with reverse engineering, it's going to be very hard to understand Skype protocol. So yes, it's the fault of Skype if Pidgin can't connect to the Skype network.

So it didn't happen in 2 days so it will never happen. Boo-Hoo

Yearh, 2 days, right... In your post, you can reduce the YEARS of waiting from the Linux community into 2 days, but it wont change the real facts.

So they also didn't say they are going to remove it either.

Did you read the article which is on top the very page you are reading right now?

Linux audio support is bad and it crashes often... Heck Linux Copy and paste support is bad too.

Did you care reading my post? I wrote that Skype audio support was bad, not the audio in Linux, which works very well. And copy pas

http://www.oszoo.org/wiki/index.php/Debian_lenny_arm_small.aj.qcow2.zip

"
arm vs armel

Apparently there is some new version of ARM called EABI and instead of breaking compatability, debian decided to go with a whole new 'arch' to support the changes.

'armel' is the 'new arm'. 'arm' is apparently deprecated.

Please see http://www.debian.org/ports/arm/ and http://wiki.debian.org/ArmEabiPort
"

http://www.oszoo.org/wiki/index.php/Debian_lenny_arm_small.aj.qcow2.zip

"
arm vs armel

Apparently there is some new version of ARM called EABI and instead of breaking compatability, debian decided to go with a whole new 'arch' to support the changes.

'armel' is the 'new arm'. 'arm' is apparently deprecated.

Please see http://www.debian.org/ports/arm/ and http://wiki.debian.org/ArmEabiPort
"

Stop allowing password-based access. There is no way anyone is going to be able to guess a key by connecting and trying them.

yeah?

here you go. Try typing "ls -" then push tab twice. magic!

While cool, bash completion still only works for commands for which the completion has been defined. In PowerShell cmdlets, functions, aliases and even script files inherently interact with the shell to provide metadata about parameters, types, defaults etc so that

• tab-completion is defined by the very same declarations that drive parameter parsing. As soon as you declare a parameter for a command, function or even your own script file, tab completion is working
• help is integrated and will document the parameters using the same declarations, regardless of whether you actually provide textual descriptions for the paraneters (help documentation is integrated and you can document parameters with a simple comment convention - which goes for both cmdlets, functions and script files).
• tab-completion will also *dynamically* reflect on the actual objects if invoked for a .NET, COM or WMI object.

Every linux command works a little differently. Wouldn't it be nice if ever command had a --getCMDLineOptionsJSON that returned JSON that bash could use to auto complete...powershell's "tab" will autocomplete --arguments.... At the very least it would nice if they all implemented --version

here you go. Try typing "ls -" then push tab twice. magic!

Yes, repositories for the win!!

Sid continually gets updates from experimental.

Nitpick: Most updates go to Sid directly, experimental is more for dangerous stuff, like major upgrades (Firefox 4, Gnome 3, etc).
http://www.debian.org/doc/manuals/developers-reference/resources.html#experimental

Well, it's stupidly easy to switch out of Unity and forget about it.

Indeed it is.

From personal experience, for a normal user I would recommend Sid too, because you get the latest software, and breakages happen very rarely.

I really don't know why people bother with all this MS-based virus-infected crap when they can run debian/ubuntu/mint and have 25000+ tested, verified apps from a trustworthy source.

Like OpenSSL and UnrealIRCD?

Try Debian, Mint Debian, or Mint Ubuntu.

http://jeffhoogland.blogspot.com/2010/02/why-mint-over-ubuntu.html

"gonna look for an alternative."

http://www.debian.org/

Yup that's what I'm going to when 10.04 is no longer supported. Debian with KDE. I'm really sick of Ubuntu's Drama moving buttons around and changing the Desktop.
Part of my attraction to Linux was the customization ability that Ubuntu now seams determined on restricting.
I had trouble getting Nvidia drivers working on Debian last time but will give it another try soon.
Then after that my parents computer will also go from Ubuntu to Debian KDE then some other family members!

"gonna look for an alternative."

http://www.debian.org/

Debian.org was compromised back in 2003. You can read a blow-by-blow account of the attack at: http://lists.debian.org/debian-devel-announce/2003/11/msg00012.html and http://lists.debian.org/debian-devel-announce/2003/12/msg00001.html

It took Debian about 3 weeks to get all affected services back online after the attack.

Debian.org was compromised back in 2003. You can read a blow-by-blow account of the attack at: http://lists.debian.org/debian-devel-announce/2003/11/msg00012.html and http://lists.debian.org/debian-devel-announce/2003/12/msg00001.html

It took Debian about 3 weeks to get all affected services back online after the attack.

What is Linux?

No, seriously, what is Linux?

In spite of all his craziness, RMS and the FSF are right about one thing, Linux is just a kernel. Ubuntu, Red Hat, Suse, etc. could all be built on a different kernel. In fact, just to prove the point, Debian built a port of their OS to a version using the FreeBSD kernel.

So, IMO, anything using the Linux kernel, POSIX-compatible or not, is a Linux OS. Otherwise, you're playing pedantics.

I will answer that. I use Ubuntu as a repository that is fairly current and debugged and nothing else. I used Debian for years, but Testing is always way out of date and I got real tired of debugging someones broken Perl script to get my system working again in Unstable. Ubuntu is a fairly current but debugged Unstable. I use Fluxbox as my Desktop (I even still login at a terminal and type startx when I want X), WICD for managing my wifi, and whatever else I want. Ubuntu is what you want it to be. I have all of the Debian package management tools and none of the Unstable branch headaches.

BTW I still very much love Debian, use it regularly for when I want a highly stable server that doesn't need to be uber current, and am eternally grateful for the awesome things they do!!! Without Debian there is no Ubuntu. They are a cause worth supporting with your donations if you have some extra coin. http://www.debian.org/donations.

The awesome folk at statusnet have posted this : http://status.net/2011/04/01/new-federated-social-bookmarks-service-freelish-us So basically, that's statusnet + a plugin to add tags , and sahre them lie any microblogging tool, and it is federated. You can install your own service on your server if you want, or use one hosted somewhere. Too bad, the statusnet package in debian is still not uploaded ( http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=491723 ).

http://www.truecrypt.org/

There we go.. I don't understand this is still a question.

This is why. Also, dm-crypt/luks is included with Linux by default and Debian makes it dead simple to setup whole disk encryption on a fresh install; I believe that truecrypt won't work for whole disk encryption for Linux.

All due respect to the truecrypt guys and their work (cross-platform encrypted images are awesome), but the only reason Windows and OSX need truecrypt is because they don't have something like Linux's dm-crypt. Truecrypt really isn't necessary for Linux, unless you have to share encrypted images with other OSes, and you could also do that with GNUPG.

> No one has ever heard of Jitsi or similar.

Now they, have, thanks!
http://jitsi.org/

Skype doesn't work with my webcam, even though the OS supports it with other programs. My family (don't know about yours) won't mind installing Jitsi, ... win!

GNOME's empathy is another: http://packages.debian.org/sid/empathy

Pidgin too.

That's like saying Debian could do this and still be Debian. So what? Android is using Linux. That means they're making Linux drivers for their devices, they're writing code that runs on Linux, they're making devices you can easily port Linux applications to, etc.

wow, this was coordinated
http://www.gentoo.org/news/20110401-canterbury.xml
http://www.opensuse.org/
http://www.debian.org/News/2011/20110401
http://lists.debian.org/debian-user/2011/04/msg00006.html