Helix Code's Red Carpet Simplifies Package Updates

Ur@eus writes "There are some nice screenshoots of Red Carpet available from the Helix site. Red Carpet is Helix Code's upcomming package manager and it looks really great. Look here for the screenshots." This is a quite amazing looking little application... even looks to support Debian, so I'm happy as a clam. Very pretty and well designed. It'll be cool to test it out for real.

Not to knock it, but...

[ptomblin]

The first screen (the rest timed out on my company's poxy proxy server) looks so much like Microsoft Outlook that it's scary.

As for other complaints that an automatic updater is dangerous because people could insert dangerous programs that way: That's why RPMs are cryptographically signed. Sure, a cracker could put a dangerous RPM on updates.rpm.com, but since it wouldn't be signed with RedHat's key, autorpm (my automatic updater of choice) won't install it.

--

Re:Slowly morphing into Windows...

[LizardKing]

What is there to stop a malicious hacker from penetrating Helix's servers and sending "updates" which reformat your root partition?
Exisiting package formats (RPM, deb, etc) are already insecure

\begin{sarcasm}

Oh shit! You better not install any more software off of the web - I mean, who knows what could be lurking in that tarball from ftp.gnu.org? Anyone could have hacked the server and put a backdoor into the GCC code! And those ISO images on the RedHat site ... ohmygawd!

\end{sarcasm}

But seriously, while a little bit of paranoia is good for raising security conscousness, I think you're taking it to an extreme.

Chris

On package management

[Jeffrey+Baker]

I have some thoughts on the concept of package management, and the implementation of Linux package managers.

Package management has a core problem, and it is that the management system maintains an information database that may or may not reflect reality. RPM, for example, has a database of installed packages. All you need to do is delete a few files, or install something from source, and the package management database is invalid.

Instead, I propose that package management systems should always rely on authoritative information when checking for installed packages. A new package Foo which is to be installed contains a list of dependencies: functions a, b, and c in lib123, and function d in lib456. The package manager checks for these symbols and libraries. If they are not available, the package manager can recursively install these libraries and any packages upon which they depend.

Further, an advanced package manager should keep track of these dependencies and offer to update any packages which might be affected by updating a library. For example, updating Evolution might also update Dia, Gnumeric, and GEdit because the gnome-print which Evolution requires breaks the old API.

Thoughts? Is there a package manager which does these things already?

Re:I havent looked at the screenshots yet, but..

[miguel]

We will keep your comment in mind for Red Carpet.

Please, if you have more suggestions on how to improve Helix's updater, let us know by sending mail to beta@helixcode.com.

Miguel

Re:It's the existing helix-update with a sidebar.

[miguel]

There were a lot of improvements in GNOME 1.2 (Bongo GNOME), that came from different people. Jacob Berkman lead the effort to 1.2 and was one of the key people that were polishing little bits everywhere: improving, fixing, making it more usable and giving love to the user interface.

The GNOME UI team (you can find them at developer.gnome.org) provided an organized effort that helped developers improve the GNOME user interface. This team lead by Jim Cape produced mockups, screenshots, and glade files for developers to use. They provided concrete suggestions and did everything they could in their hands.

There is still a lot left to do, but we realize that there are problems in the GNOME UI, and we will keep improving it.

Tuomas kept improving the GNOME artwork for 1.2 and he is still doing this for 1.4.

And we recently hired Anna to work on user interface design. Joakim has also been providing a lot of input with full rationales and mockups based on his previous experience to improve the GNOME.

Correct link:

[drivers]

Corrected link:
here

Why all the complaints?

[bozone]

Helix has been working hard and fast on creating a solid and attractive Gnome distro. It has a tight feel to it that was lacking previously in Gnome (IMHO). With upcoming KDE2 and the Helix / Evolution releases, Linux as a desktop has made great strides. The developers should be congratulated for their efforts.

*mini-rant on**
Why all the complaints about package managers?! Automatic (requested) retreival and installation of already installed packages is a bad thing(TM)?! A better solution is to manually search the web for updates? Sure, if you are into computers and like tinkering with your OS, that can be fun, but for the someone using a computer for e-mail, surfing, development etc, the package managers take the pain out of managing their PC.

I don't think a user should be required to know gzip, tar, make et al. to use Linux. For those that like that level of control, therein lies the beauty of Linux, you have a choice. I mostly go the .tgz route but there are times (usually late at night) where I need something installed and am in no mood play the missing dependancy game, rpm is great.

The comments about the Helix design looking too 'Windowish' are funny. I agree that Miguel's admiration of Windows may influence the design a little too much. How would you have it? We can't look like Windows, so we must design a fugly interface to show that we are different?! That's an insecure stance. The design needs to be end user motivated not techno-political.
**mini-rant off**

If the goal is to move Linux to the desktops of 'users', familiarity will only help the cause...

Slowly morphing into Windows...

[Floyd+Tante]

Brilliant. An automated update tool. An integrated browser and email client (with VB scripting, no less). A host of unresolved security issues. Is Miguel de Icaza really that excited about turning Linux into a complete Windoze clone?

What is there to stop a malicious hacker from penetrating Helix's servers and sending "updates" which reformat your root partition? Exisiting package formats (RPM, deb, etc) are already insecure (who knows what could be in those scripts they execute), but at least those require the used to actively search, download, and install. It looks like GNOME will be "updated" behind your back. Given the heated flamefests between KDE develpers and frothing GNOME advocates (including Miguel himself), it can't be discounted that the next Helix update will "disable" your pre-existing KDE install much the way Winblowz over-writes ext2 partitions.

"Ease of use" is not worth sacrificing Linux over. Let Windoze be insecure and "easy". Linux should stay the way it is.

-- Floyd

Re:Slowly morphing into Windows...

[miguel]

Helix will not be updated behind your back. That is a security concern we have always had. Although we could have done an automatic updater, we are aware of privacy concerns people have and the different levels of security that people want.

The new version will have an option to do automatic updates if you choose to, but it is not the default.

We would love to hear your opinion on security matters and we would be glad to tell you how things are done internally, but lets do that without attacking each other and by making informed comments instead of worst-case-scenario-assumptions.

Miguel.

Re:But this isn't Helix GNOME!

[miguel]

Red Carpet supports multiple packaging formats unlike the previous version of the helix installer/updater. It works with both RPM and Debian packagescurrently and we plan on adding support for Solaris packages in the future as well (indeed the screenshots show the Debian version running).

You can customize your panels in pretty much any way you want. Try hitting the right mouse button in the applets and in the panel to explore the options in the panel.

Miguel.

Re:Helix Contrib

[miguel]

This is exactly the intention.

As you notice there is a bar on the right that lists the channels you are subscribed to, and you can get a list of those you are not subscribed to.

We will be providing other channels besides the regular Helix GNOME channel. For instance, you can see a channel for the distribution installed in your system and a channel for testing the Helix Evolution groupware client.

Other channels will be available with other types of software as well.

Miguel.

Re:Congrats to the Helix-Gnome Team

[miguel]

Helix GNOME is just a packaged version of the latest GNOME. We took special care into making things pretty and Tuomas, Joakim and Anna have been working very hard to provide nice, pleasant user interfaces.

But all the contributions of Helix are contributed back to the main GNOME sources.

We just happen to ship the latest GNOME in a real-time fashion: you can always update to the new improvements as developers produce the code.

With Red Carpet (something that you do not see on the screenshots) we will roll three levels of updates: emergency updates, latest packages, and long-term tested packages. The intention is to catter to both people who always want the latest applications and fixes, and those who want a tested and reliable system.

Miguel.

Helix code deserves serious thanks.

[Matt2000]

Is it just me or is Helix code deserving of some serious respect for taking care of alot of the nasty details of the Linux desktop, and doing it while looking better than any group of applications I've ever seen on any *nix.

I recommend all their stuff to anyone who's new to Unix and it always leads to a much better first impression for Linux in general.

If they can finish their Outlook replacement apps then they will have brought Linux perhaps 40% closer to being a windows desktop replacement for many companies.

Good work guys and keep it up.

Congrats to the Helix-Gnome Team

[Foxman98]

I'm sure most people will agree with me, when I say that Helix-gnome has taken Gnome from being a collection of highly usable but unorganized applications, and shrink wrapped them together.

From the installer to the login screen, everything is well designed, looks very pretty, is well organized and just makes sense.

It it weren't for Helix-Gnome I would stick with KDE.

It seems to me that Helix-Gnome should perhaps become the default install of Gnome. I feel that Gnome is very much misconceived when compared to the likes of KDE et al. Helix-Gnome would help bring together all the applications. And let's be honest, first impressions are the most valuable. Your average linux newbie loads up gnome and thinks, well this is pretty neat. Then when he/she noticis all the inconsistencies and lack of organization they run screaming to KDE. Not so with Helix.

In fact I did a recent comparison in a group of 15 people, asking them to give their initial impressions on 1) kde (2.0 beta) 2) Gnome, 3) Helix-Gnome and 4)Windows 2000.

The questions revolved around usability, eye candy and easy of use. The results put KDE on top, Helix-gnome next, Window2000 and then Gnome. However the Windows2000 is somewhat misleading for most users had experience in windows. But the default install of Windows2000 lost major points on the eye candy factor, it really isn't very pretty by default.

The main comments were that people liked KDE's single click to open up icons. These were mostly adults who had used, but were not proficient with computers. I think especially for people who have not grown up using computers, the distinction between when to double click and when to single-click, or right-click, is very unclear. KDE did well in this area.

Helix-gnome received lots of compliments on organization and overall look and feel.