Slashdot Mirror
Helix Code's Red Carpet Simplifies Package Updates
Ur@eus writes "There are some nice screenshoots of Red Carpet available from the Helix site. Red Carpet is Helix Code's upcomming package manager and it looks really great. Look here for the screenshots." This is a quite amazing looking little application... even looks to support Debian, so I'm happy as a clam. Very pretty and well designed. It'll be cool to test it out for real.
I used to be a die hard slackware fan. I started with slack 2.0 as my first distro (actually the first one I bought on CD, my very first was a .99 kernel via SLS (I think) ) and stayed there until about three years ago, when I went to debian. Don't get me wrong, I *LOVE* playing around with linux, but when I entered a linux job I found I didn't have the time to "play" anymore and needed to get stuff done. For me, Debian (or redhat or distro X to disuade any holy wars) gave me what I wanted from slackware... a text centric system, files you have to configure yourself, no fancy gui system management tools, and package management.
./configure, make, make install, or I could type "apt-get install unzip", wait 30 seconds and then unzip the file.
While I enjoy knowing exactly what's in a system, I also sometimes need to "just install it". Ie: I need to unzip a program. I could go to freshmeat, search, go to the homepage, download, untar,
Yes, package management does loose some control (not optimized for your processer, missing some options, that sort of thing) but IMHO the productivity I gain from not having to do the extra hacking to get things going is worth it.
That's on my work system of course, my home system (where I do have time to play) is another matter all togeather....
Actually, this looks to be a new version of the "helix-update" package that already comes with helix-gnome. It's nice to have LESS information on one screen- It's very uncluttered, and while you may have to scroll a bit it doesn't take much time. It would be nice to be able to turn off the blurbs about each package, but I find the interface fairly easy to use.
I came across these shots yesterday afternoon, and was shocked. HelixCode is integrating more and more and making things soo much easier to use it's great.
People are complaining about trying to be like Windows and that's bad, but they aren't trying to be like Windows. The software is simply being worked on to make it easier to use for the average joe. Linux will gain users with a nice GUI interface, not with a black and white console screen.
But the most important part of Red Carpet has to be Debian support! I don't know how long I've waited for debian support in the helix-updater. Sure, I use apt and love it, but I felt left out while all of the RedHat users were having a nice little interface to enjoy.
So I'm one happy guy, and I know this will make lots of other people happy as well. Good work HelixCode, and I can't wait to see what comes from you in the future!
--
Scott Miga
suprax@linux.com
Has anyone been reading BugTraq lately? It's full of complaints about how insecure HelixCode is!
The installer had several issues, that's all.
Chris
Not only does KDE support Slackware, their latest beta rlease is available as Slackware packages. /sbin/installpkg *.tgz and you're done, no dependency headaches required.
Red Carpet will be an integral part of the Helix Setup Tools (see http://www.helixcode.com/setuptools.php3).
The Helix Setup Tools are tools targeted to simplify management of a computer, and it is targeted to end users.
We have been working towards making the Helix Setup Tools address a number of needs of our users:
1. Location management (reconfiguring your system to different kind of configuration setups easily. Useful for laptop users that use a computer at home, at work, and while traveling).
2. Cluster support: configure clusters of machines, updgrade packages in clusters of machines, backup configuraiton of clusters of machines.
3. Rollback support: restore the system configuration to a date in the past.
So yes, clustering is important for us (more from the point of view of "we have a lab with computers, and we do not want to manually run helix-update on each machine" than from "we are doing a high availability cluster that does this very specific task" though).
Miguel.
GNOME is a project. The GNOME project produces source code and ships it in the form of compressed tar files.
Helix GNOME is an easy-to-install, pre-compiled GNOME that ships things as packages that are easy to install and upgrade.
Helix GNOME does not support Slackware, but anyone can contribute Slackware packages to the GNOME project and put them up on ftp.gnome.org.
We do not have resources at Helix to maintain Slackware right now. We hope we will be able to in the future (and also add FreeBSD to the list).
Nobody has stepped forward to produce Slackware packages, but I am sure that if you convert the rpms to Slackware packages, we can put them up on gnome.org
Miguel.
Yes, it will show who is the "provider" for a given channel. As you can see from the screenshots, part of the information for the Debian channel that Vlad had a screenshot for, includes the debian web page.
Making the retrieval of source code simpler is also something I know Joe and Vlad want to do as part of their "locate file" feature on Red Carpet.
Miguel.
Floyd, I think that you're wise to think about these concerns, but I don't think it matters. (No offense intended.) If we all want Linux to take over the world, we need to make it possible for non-technically-inclined people to use it. HelixCode is the absolute best way, and I wouldn't change a thing if I could.
But I've got to say: Do I trust Nat Friedman with my home computer's security? Hell yeah, I do.
-Waldo
-------------------
Doesn't anyone here use Helix-GNOME yet? This is just the existing Helix-update application shipped with Helix-GNOME swallowed into a window with a siebar.
In any event, helix-update is very nice stuff, probably the nicest end-user or small-network admin interface yet for RPM and dpkg. It's very friendly, very non-technical in its presentation, and well-designed. It's every bit as good and pleasant as the similar interfaces in MacOS 9 and Win98 and Win2K.
I find it endlessly fascinating that the core GNOME team, especially Miguel, made such an interface mess out of GNOME itself but have somehow managed to make the Helix stuff look and feel "right". Have they secretly hired a good human interface designer?
You better not install any more software off of the web - I mean, who knows what could be lurking in that tarball from ftp.gnu.org? Anyone could have hacked the server and put a backdoor into the GCC code! And those ISO images on the RedHat site
Oh, you mean like when someone hacked a server and replaced the sources to TCP Wrappers?
Or, speaking of GCC, how about when Ken Thompson, Granddaddy to things Unix, stashed a self-reproducing hack of the 'login' program in the operating system's own compiler?
Granted the TCP wrappers thing was quickly caught, but IIRC, Mr. Thompson's hack wasn't caught so quickly. Either way, the point is, if someone weren't raising the flags, worrying about the unlikely, working to secure the system, you'd be just another node in the DoS machine.
Maybe you are already.
*shrug*
How about getting the RPM source packages and making the binary RPM packages yourself, if you really like compiling X (of all things!) yourself? I used to do that do compile inf the "offensive" cookies that Redhat insisted on chopping off fortune-mod. You have to read up a little on RPM package building, but this is no rocket science...
--
Information wants to be beer, or something like that.
All I saw were broken image links. That is really nice to look at. I know I know.. troll, moderate -1, blah blah. But you'd think that slashdto would check to make sure these images would show up. ;-)
~~~~~~~~~~~~~~~~~~~~
I don't want a lot, I just want it all
Flame away, I have a hose!
Only 'flamers' flame!
No, not the source code to the installer, but to the packages being downloaded.
Does the Helix Gnome Installer make it clear where various packages are being downloaded from (assuming different packages can come from different places) so that end users know where they have the right to get source from (for GPL'd packages)?
Or will the Helix Gnome make the retrieval of source for installed packages even easier?
Boffoonery - downloadable Comedy Benefit for Bletchley Park
Well, yes, there is. Check freshmeat for installwatch, which includes inst2rpm, a script I wrote. These tools together will allow you to do a configure; ./make; make install and have the information in the RPM data base. Best of all, deinstallation is then just a matter of rpm -e.
-Jon
I put HelixGnome on our Ultra 5 the other day running Solaris 2.7 and the install went just fine. It loads up with no problems and I get the comfort of my Gnome environment. :)
A major gribe I have about RPM (and one of the reasons I moved to Slackware) is that it assumes that you'll do everything through RPM. It doesn't mesh well with non-RPM data. What I'd really like to see added is the ability to merge additional non-RPM-installed files into the RPM database. For example, I prefer to compile X myself, so forever afterwards, RPM keeps complaining about missing X libraries. And no, --nodeps isn't a viable option.
BTW> Maybe it already allows you to do this. However, there is nothing in the RPM docs, nor on the net that shows how.
A deep unwavering belief is a sure sign you're missing something...
The "Official" Debian-packaged debs are very well done, AFAIK, but they don't cover everything (they're only human) and not all of them may address small issues like this for any variety of reasons.
Ultimately, however you do this - even with RPMs - you'll be at the mercy of the package maintainer.
-Jo Hunter
If we do not change our direction we are likely to end up where we are headed.
This looks like another good step towards making linux usable as an average joe desktop os. The average non geek who has enough trouble using a mac doesn't even want to think about something like rpm -Uvh package.rpm from the command line. And while there are gui package managers out there, i've found that it's even more confusing to install something i just downloaded using the gui as opposed to the command line.
A package manager/installer system that is highly customizable, from easy as hell for the non geeks, to complicated as your feelings about cheeze for ubergeeks. There are some distros that take a decent step in making the newbie comfortable (like mandrake)... but some things are still missing. being able to find the package easily on the desktop, double click it, and have it install, with icons in the gnome/kde menus and the who kabong would go a long way in helping linux get over the "it's too hard to use" barrier that stops it from being a widely accepted desktop os.
now if only there was a decent media player....
---
/bin/fortune | slashdotsig.sh
OK, technically, apt is not the package manager for Debian. The package manager is dpkg. However, everyone uses apt because it makes things so very nice. The main reason is auto-resolution of dependencies. If I say:
/etc/apt/sources.list. If I already have package foo, it will see if there is an upgrade available
:) I also like the way it will mark certain files as "configuration files", and then ask you what to do when upgrading that package (replace with the new default file, keep yours, or see the differences). For ease of use, apt/dpkg can't be beat. The only similar thing is the much-revered BSD ports system. Of course, every package manager I've seen has an option to list the files installed by a package.
apt-get install foo
Apt will check to make sure that I have the right versions of all the libraries that I need for package foo to function. If it needs other packages, it will ask for my permission to get those packages, too. It will then automatically download and install/upgrade the packages from the list of FTP/HTTP sites I've specified in
I prefer dpkg itself to RPM because (in my experience), dpkg has you configure the package at install time, instead of wondering "where did RPM put those config files?", going and finding them, etc. Of course, real control freaks like me will always do that anyway
Of course, you do lose some control when you don't compile packages yourself. However, a good percentage of the time I wouldn't have changed anything anyway...and apt just makes it so easy to keep things up to date that it's too tempting.
Supposedly Mandrake now has something like apt for RPMs, but I haven't tried it.
WMBC freeform/independent online radio.
Apt will do the 2nd thing for you; if you're installing/upgrading a package, then it will check for dependencies, and say "Do you want me to update this other stuff, or not do anything?".
.deb packages depend on other packages, so that would go unnoticed (except that things would be broken :) Perhaps apt could be refined down to the file level? An interesting idea...the overhead/indexing would SUCK, so maybe it shouldn't do that by default.
However, you have a most valid point about the deleted files bit. Since RPM makes packages depend on files (sometimes), it will probably catch some of that. However,
WMBC freeform/independent online radio.
Who cares if Helix-Gnome ends up dominating 80% of all Linux distros? So what? Nobody is *forcing* you to use it. That's what Linux is about. Choice -- not CLI elitism.
Lemme guess -- you're an ex-Windows user that cannot make the jump to a free mindset, aren't you? One of those people for whom there must always be ONE "correct" answer to any computing problem?
Don't like it? Don't use it. Simple as that.
I have no
What is QNX? What is sawfish?
- I don't care if they globalize against free speech. All my best free thoughts are done in my head.
Ease of removal: removing an application manually installed by a "make install" is difficult, and usually not thorough.
Ease of upgrading: you don't have to remove/replace manually all your old files. If the application has moved/removed/added/changed files since the last version, the package manager handles everything for you.
Auto-dependencies: The package can tell you what other packages it needs to function.
"Evil beware: I'm armed to the teeth and packing a hampster!"
Lex orandi, lex credendi.
I'm sure that security will not be much of a concern with Evolution, and, as with windows, I'm sure you will be able to turn off VBS.
As for putting bad packages in their upgrade system... Debian, RedHat and others seem to be surviving with no problem. BTW, you obviously don't know anything about APT (the package retrever for Debian), as it already does something VERY similar to this (without the eye-candy).
BTW, do you read every line of code you download and compile? Doubt it. I'd be more worried about someone putting a trojan in code then someone hacking an ftp server and putting a bad package in.
-- [ta]
Tell me - Is package distribution becoming the normal way to distribution software? Forgive my ignorance, but I always go for the .tgz - I feel I know better what's going where if I do that. That said, I haven't really used packages since the early RedHat and I certainly haven't seen the newer package managers. What are the pros and cons of both methods?
.iMMersE
codegolf.com - smaller *is* better.
The first screen (the rest timed out on my company's poxy proxy server) looks so much like Microsoft Outlook that it's scary.
As for other complaints that an automatic updater is dangerous because people could insert dangerous programs that way: That's why RPMs are cryptographically signed. Sure, a cracker could put a dangerous RPM on updates.rpm.com, but since it wouldn't be signed with RedHat's key, autorpm (my automatic updater of choice) won't install it.
--
The next Cmdr Taco duplicate will be ready soon, but subscribers can beat the rush and see it early!
What is there to stop a malicious hacker from penetrating Helix's servers and sending "updates" which reformat your root partition?
... ohmygawd!
Exisiting package formats (RPM, deb, etc) are already insecure
\begin{sarcasm}
Oh shit! You better not install any more software off of the web - I mean, who knows what could be lurking in that tarball from ftp.gnu.org? Anyone could have hacked the server and put a backdoor into the GCC code! And those ISO images on the RedHat site
\end{sarcasm}
But seriously, while a little bit of paranoia is good for raising security conscousness, I think you're taking it to an extreme.
Chris
Package management has a core problem, and it is that the management system maintains an information database that may or may not reflect reality. RPM, for example, has a database of installed packages. All you need to do is delete a few files, or install something from source, and the package management database is invalid.
Instead, I propose that package management systems should always rely on authoritative information when checking for installed packages. A new package Foo which is to be installed contains a list of dependencies: functions a, b, and c in lib123, and function d in lib456. The package manager checks for these symbols and libraries. If they are not available, the package manager can recursively install these libraries and any packages upon which they depend.
Further, an advanced package manager should keep track of these dependencies and offer to update any packages which might be affected by updating a library. For example, updating Evolution might also update Dia, Gnumeric, and GEdit because the gnome-print which Evolution requires breaks the old API.
Thoughts? Is there a package manager which does these things already?
We will keep your comment in mind for Red Carpet.
Please, if you have more suggestions on how to improve Helix's updater, let us know by sending mail to beta@helixcode.com.
Miguel
Corrected link:
here
Helix has been working hard and fast on creating a solid and attractive Gnome distro. It has a tight feel to it that was lacking previously in Gnome (IMHO). With upcoming KDE2 and the Helix / Evolution releases, Linux as a desktop has made great strides. The developers should be congratulated for their efforts.
.tgz route but there are times (usually late at night) where I need something installed and am in no mood play the missing dependancy game, rpm is great.
*mini-rant on**
Why all the complaints about package managers?! Automatic (requested) retreival and installation of already installed packages is a bad thing(TM)?! A better solution is to manually search the web for updates? Sure, if you are into computers and like tinkering with your OS, that can be fun, but for the someone using a computer for e-mail, surfing, development etc, the package managers take the pain out of managing their PC.
I don't think a user should be required to know gzip, tar, make et al. to use Linux. For those that like that level of control, therein lies the beauty of Linux, you have a choice. I mostly go the
The comments about the Helix design looking too 'Windowish' are funny. I agree that Miguel's admiration of Windows may influence the design a little too much. How would you have it? We can't look like Windows, so we must design a fugly interface to show that we are different?! That's an insecure stance. The design needs to be end user motivated not techno-political.
**mini-rant off**
If the goal is to move Linux to the desktops of 'users', familiarity will only help the cause...
"Hatred is the coward's revenge for being intimidated"
Brilliant. An automated update tool. An integrated browser and email client (with VB scripting, no less). A host of unresolved security issues. Is Miguel de Icaza really that excited about turning Linux into a complete Windoze clone?
What is there to stop a malicious hacker from penetrating Helix's servers and sending "updates" which reformat your root partition? Exisiting package formats (RPM, deb, etc) are already insecure (who knows what could be in those scripts they execute), but at least those require the used to actively search, download, and install. It looks like GNOME will be "updated" behind your back. Given the heated flamefests between KDE develpers and frothing GNOME advocates (including Miguel himself), it can't be discounted that the next Helix update will "disable" your pre-existing KDE install much the way Winblowz over-writes ext2 partitions.
"Ease of use" is not worth sacrificing Linux over. Let Windoze be insecure and "easy". Linux should stay the way it is.
-- Floyd
-- Floyd
Red Carpet supports multiple packaging formats unlike the previous version of the helix installer/updater. It works with both RPM and Debian packagescurrently and we plan on adding support for Solaris packages in the future as well (indeed the screenshots show the Debian version running).
You can customize your panels in pretty much any way you want. Try hitting the right mouse button in the applets and in the panel to explore the options in the panel.
Miguel.
This is exactly the intention.
As you notice there is a bar on the right that lists the channels you are subscribed to, and you can get a list of those you are not subscribed to.
We will be providing other channels besides the regular Helix GNOME channel. For instance, you can see a channel for the distribution installed in your system and a channel for testing the Helix Evolution groupware client.
Other channels will be available with other types of software as well.
Miguel.
Helix GNOME is just a packaged version of the latest GNOME. We took special care into making things pretty and Tuomas, Joakim and Anna have been working very hard to provide nice, pleasant user interfaces.
But all the contributions of Helix are contributed back to the main GNOME sources.
We just happen to ship the latest GNOME in a real-time fashion: you can always update to the new improvements as developers produce the code.
With Red Carpet (something that you do not see on the screenshots) we will roll three levels of updates: emergency updates, latest packages, and long-term tested packages. The intention is to catter to both people who always want the latest applications and fixes, and those who want a tested and reliable system.
Miguel.
Is it just me or is Helix code deserving of some serious respect for taking care of alot of the nasty details of the Linux desktop, and doing it while looking better than any group of applications I've ever seen on any *nix.
I recommend all their stuff to anyone who's new to Unix and it always leads to a much better first impression for Linux in general.
If they can finish their Outlook replacement apps then they will have brought Linux perhaps 40% closer to being a windows desktop replacement for many companies.
Good work guys and keep it up.
I'm sure most people will agree with me, when I say that Helix-gnome has taken Gnome from being a collection of highly usable but unorganized applications, and shrink wrapped them together.
From the installer to the login screen, everything is well designed, looks very pretty, is well organized and just makes sense.
It it weren't for Helix-Gnome I would stick with KDE.
It seems to me that Helix-Gnome should perhaps become the default install of Gnome. I feel that Gnome is very much misconceived when compared to the likes of KDE et al. Helix-Gnome would help bring together all the applications. And let's be honest, first impressions are the most valuable. Your average linux newbie loads up gnome and thinks, well this is pretty neat. Then when he/she noticis all the inconsistencies and lack of organization they run screaming to KDE. Not so with Helix.
In fact I did a recent comparison in a group of 15 people, asking them to give their initial impressions on 1) kde (2.0 beta) 2) Gnome, 3) Helix-Gnome and 4)Windows 2000.
The questions revolved around usability, eye candy and easy of use. The results put KDE on top, Helix-gnome next, Window2000 and then Gnome. However the Windows2000 is somewhat misleading for most users had experience in windows. But the default install of Windows2000 lost major points on the eye candy factor, it really isn't very pretty by default.
The main comments were that people liked KDE's single click to open up icons. These were mostly adults who had used, but were not proficient with computers. I think especially for people who have not grown up using computers, the distinction between when to double click and when to single-click, or right-click, is very unclear. KDE did well in this area.
Helix-gnome received lots of compliments on organization and overall look and feel.
S.t.e.v.e.