GNU-Darwin Goes Beta

← Back to Stories (view on slashdot.org)

Posted by CmdrTaco on Monday October 29, 2001 @04:28AM from the now-that's-easy dept.

proclus writes "OSX.1 users can now install the GNU-Darwin base distribution automatically with one command. As Root: "curl http://gnu-darwin.sourceforge.net/one_stop | csh"." This assummes you have curl or wget or something. From there you can install gnome, abiword, gimp or whatever. Looks pretty smooth (although I'm kinda confused how you get back to OSX.1 from there ;)

6 of 150 comments (clear)

Min score:

Reason:

Sort:

gnome over x? by macsox · 2001-10-29 04:35 · Score: 4, Insightful

i am truly at a loss as to why one would install gnome over os x. i understand the issue of an os being open-source, etc., but you can pick up a $99 pentium box to run gnome, if you're that interested in having it.

(and what's with this 20 seconds before post rule? does everyone on slashdot think really slowly?)

--
go get it
1. Re:gnome over x? by vanguard · 2001-10-29 05:33 · Score: 3, Insightful
  
  i am truly at a loss as to why one would install gnome over os x
  
  I'm surprised nobody else said this; It's let's me run my X apps. As a long time linux user who just switched to OSX I find myself missing gvim, gaim, etc. With X11, I can get these things going again. Now I have the beauty of OSX, the stability of unix (bsd), and the apps of the open source world. I like my apple.
  
  --
  That which does not kill me only makes me whinier
curl | csh? Danger will Robinson, danger!!! by Mike+McTernan · 2001-10-29 06:52 · Score: 3, Insightful

curl http://gnu-darwin.sourceforge.net/one_stop | csh

Erm. Isn't this a bit of a dangerous install strategy? e.g. sourceforge get hacked again and http://gnu-darwin.sourceforge.net/one_stop points to a script that starts with 'rm -rf /'. Not so fun now...

Wouldn't it be better to use something that does a bit of public key crypto and verifies that you are really downloading something signed by a darwin guy or sourceforge? At least using https would help to stop a man in the middle attack...

--
-- Mike
No more security risk than usual by mbrubeck · 2001-10-29 07:10 · Score: 3, Insightful

The more users get used to seeing installation instructions that involve piping the output of an arbitratory web download into a root shell, the more they'll start to believe that's just the way it's done.
When's the last time you read the entire Makefile and all external files that it calls, before typing 'make install'?
This is no different from downloading a tarball with a Makefile inside. You are downloading a script from the net and running it as root. You either check the script yourself beforehand, or you rely on the fact that a reputable party is providing the script and that more paranoid users will be checking it and publicizing any trojans inside (and ruining the reputation of the author).
The situation I would really warn against is running an unexamined script that isn't provided by a known author, or even worse a compiled binary with no source available. As long as the source is public, it is no different from what Unix admins have been doing for decades every time they install software.
1. Re:No more security risk than usual by Get+Behind+the+Mule · 2001-10-29 09:56 · Score: 3, Insightful
  
  When's the last time you read the entire Makefile and all external files that it calls, before typing 'make install'?
  
  Dunno about you, but when I download a tarball, I sure as hell don't su to root and blast away with 'make install' right after I get it. I read the READMEs and install instructions, read some docs, check out the available install options, and generally have a look around. Then I make the binaries under my usual login account, take a look at the results, and finally 'make install' as root as the very last step.
  
  Sure I could still get fooled that way, but it does give me a good chance at an informed opinion about whether the stuff I downloaded and will install is indeed what I thought I was getting. And in fact, sometimes I've stopped the process, because the package in question required something for the install that I wasn't willing to do.
  
  Piping the output of a web page into the C-shell as root is about the most cockamamie idea I have ever seen! And this is in a headline on Slashdot! You've got no chance to decide whether you're installing something legit -- even the most cursory inspection is impossible. Sheesh, if this is what people running Unix boxen are going to start doing, then it won't be long before the Unix world is just as saturated with Code Reds and Nimdas and God knows what-all the Microserfs have to live with.
  
  --
  Always keep a sapphire in your mind
Re:GNU? by Anonymous Coward · 2001-10-29 15:50 · Score: 3, Insightful

What the shit is this? Are you RMS in the form of a teenager?

GNU != free

...and it sure would be nice if RMS and his commie-butties would quit trying to give such a singular meaning to a word that has so many interpretations within our language.

It's absurd, I tell you. Websters has it right. There's multiple definitions of the word "free". Therefore, assuming a singular meaning for a term like "free software" is bunk.

By the way, I find you and your project boring and trollsome. I'm glad you prefixed it with "GNU" so I can toss it into the same loony bin linux belongs in.

(pre-emptive "fuck you" to the moderator who mods this down - I'm damn right with respect to the word free, don't cover it up with slashtrash points)