Slashdot Mirror
Debian Struggling With Security
Masq666 wrote to mention a ZDNet article discussing difficulties Debian is having with security updates. From the article: "...Lack of manpower also appears to be adding to Debian's security woes. Michael Stone, another member of Debian's security team, expressed his frustration to the organisation's security e-mail mailing list in mid-June, saying there was no effective tracking of security problems."
They have a huge team focusing on security.
Secure, Convenient, Cheap.
Pick any two.
(General rule, but it does generally follow)
I have no problem with your religion until you decide it's reason to deprive others of the truth.
$ apt-get update security-officer
Problem Solved.
(Its funny. Laugh.)
Now that this has been published on /. it will have to be revised to "no effective tracking of security problems by the good guys".
I'm an American. I love this country and the freedoms that we used to have.
Disturbing to see how the distro that was always renowned for its reliability is now having such troubles.
I wish the debian team all the luck in the world in fixing this matter. They're in a difficult position now that they're both lagging behind (though much less so than a while back) and cannot claim unparalleled reliability.
The tone of the story would be laden with arrogance and derision towards the "Borg", painfully unfunny and unoriginal jokes would follow, and everyone would point to Apple and Linux as the greatest and secure OSes on the planet.
But since it's not Microsoft, it's a fairly sober writeup, and Microsoft jokes would just follow a little bit later.
Funny how things work here at slashdot. no i'm not new here. I'd just figure some people would grow up sooner or later.
It isn't any suprise that the boring and the mundane tasks fall short in manpower.
This is why there needs to be more commercial involvement in FOSS, so that people who just want a day job and a paycheck can do these sorts of things.
Switch to Solaris 10. Even in the very unlikley event you hose your system, just reboot from your last "live upgrade" partition and your back into production.
It's just a random thought, but have the Debian people ever contemplated whether their problems in this regard may stem from the fact that they have too many packages? The package list for the latest stable lists an incredible 16834 individual packages, and even though there are many programs which come in different flavours and thus contribute as more than one package, this still is a huge number.
I can certainly see why security management gets a problem here. Maybe the Debian project should cut down on these and see just how many packages are really needed.
quidquid latine dictum sit altum videtur.
I'm sure the learning curve of swithing from linux to Solaris is a bit steeper than one linuz variant to another, though may be mistaken. Also, this system is a dual P3-600. How's Solaris 10 run on 5-yr old hw?
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
Not to start a flamewar (well maybe a little) - OSS will need to meet the challenge of managing all of the little details of a widely acceted OS. Red Hat is grapling with that problem now with some suceess. Having what you believe to be a better widget is not enough.
I originally posted this on http://bitsofnews.com/ but decided to post it on Slashdot also. It's a bit sad though that Debian is struggling with it's security updates, Debian used to be a nice distro but i've changed to Suse myself due to the lack og updates.
Bits of News Giving you the latest bits.
Solaris runs great on old hardware, though it eats more ram than linux, it is just as fast if you have enough (quite a bit faster for most i/o intensive stuff like servers).
Yes, Debian was *the* technically superior linux distribution for a long time. Those days are pretty much over folks. In fact, I'm surprised that the "BSD is dead" crowd doesn't have a similar mantra for Debian.
There are plenty of well-managed, technically sweet linux distributions out there. Some of them even use apt as their package manager. Let's just agree to learn from what Debian was, and move on to something better. I'll leave the holy war of what "something better" is to the rest of the zealots.
So, if you've used Debian before and then migrated to something else, do tell. Is there anything that compares to apt-get? (no, urpmi is NOT it).
___
If you think big enough, you'll never have to do it.
Darn, that even beats my Dual PIII-450 running CentOS3 (going to CentOS4 tomorrow)
AT&ROFLMAO
This shouldn't surprise anyone who's had to deal with a lot of Debian developers. The KDE ones, for example, constantly complain - on public mailing lists, no less! - about being too busy to forward bugs to upstream or merge in fixes. There are some amazing people working for the project, but also a lot of clowns who want to ride the name.
http://newraff.debian.org/~joeyh/stable-security.h tml is an incomplete list of issues currently affecting stable. It's not 100% correct; in addition to the provisos at the top of the page, it doesn't seem to know about recent updates such as this morning's Gaim update.
I guess the old saying "you get what you pay for" comes in to play here. I'm not suprised that nobody wants to secure the OS - they aren't getting paid for it.
You'd have better luck walking up to some stranger on the street & asking for 3 months of uninterrupted charity work. That's basically what debian needs to survive, times ten.
but if that is not possible, why not fly to the middle of the sahara with a laptop, solar panel and gear, and just do your buisness there. No worry about hackers, or physical attacks.
How is this even relevant to an article about the difficulties the Debian people are having with their security approach? Not only is what you suggest off-topic, but it is ridiculous. Most companies are interested in still having useful computers while keeping a sane security model.
Personally, I have noticed that as distributions get larger, they also get harder to maintain and more difficult to change, as more people are required for the basic maintenance of the software. On the other hand, more compact Linux/BSD distributions are often known for their security and stability (OpenBSD, Slackware, NetBSD). I hope that the Debian people can get the distro back on track and manageable again.Systemd: the PulseAudio of init systems
People need these packages in Debian to help their career! They wrote something primarily to get a job. Suddenly a bunch of resumes are outdated. Jobs, jobs, jobs!!!
Transcend Humanity. Please.
I wonder, if unstable get's the "latest and greatest", so to speak, are there times that it gets security fixes before "stable"? The article mentions that Gentoo got a fix before Debian, presumably when it was fixed upstream. Did Debian unstable get the fix at the same time?
This is at least partially because the attention that Ubuntu is getting. And rightfully so. IMHO in most situations today, especially desktop situations, an Ubuntu install is vastly preferred to a Debian install. It is the same Debian quality you are used to while simultaneously being even easier than Fedora.
I'm not saying kill Debian, everyone bail to Ubuntu. I'm saying that there is competition for manpower in the open source world. And in a capitalistic/darwinistic manner it's going to be the fittest that survive. And if another project takes your manpower away because it is better in some aspects, then that is what will happen.
I've used Debian and I've used Ubuntu. And I can say that I no longer find much reason to use Debian anymore at all. This story doesn't surprise me in the least.
The GeekNights podcast is going strong. Listen!
How are the downstream distributions coping with the upstream problems?
The Debian site, http://www.debian.org/misc/children-distros , itself lists over 30 children distributions.
Actually, being American on Sahara (and whole muslim-dominated north Africa) makes you pretty prone to physical attacks :).
Faster, better, cheaper
(general rules generally generally follow)
Woah! Wait a moment before you start flaming me on the basis of my subject line...
The problem of providing security support is ill-suited to being solved by the traditional "mob of volunteers" approach which describes most open source development. When you're doing development, it doesn't matter if you have five people coding one week and nobody doing any coding the next week; but when it comes to dealing with a constant stream of security issues which are being reported (in particular, from upstream vendors), it is important to guarantee that there will be someone around to deal with them. When the entire security team consists of people who have other full-time jobs, it's impossible to make sure that someone will be around when they are needed.
The job of "security officer" is really one which should be a job, not a role-played-by-a-volunteer. Go out and raise some money to pay for your security officer, so that he is able to always be available when he is needed, because if he needs to get some other job to support himself, he won't be around when you need him.
Tarsnap: Online backups for the truly paranoid
I played around with just about every distro on the planet, and finally switched to SuSE. Because I want to *use* my Linux computer, not constantly have to dork around with it. SuSE's security is rock solid too, and with Yast Online Updates it retrieves and applies all the latest security patches as effortlessly as Windows Update on an XP box.
Is anyone surprised that this worthless article became just a huge troll-fest?
I've built my own "unstable on stable libc/perl" packages and after a while dependencies will kill you. The latest version of a package requires A, A requires B, B requires C, and the new version of C breaks a lot of things.
Security backports require more effort, but they're unlikely to trigger cascading updates.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Sorry! But Debian doesn't need constant upgrades!
It is already sooo much more secure than everybody's favorite whipping boy, Windows, that I don't need @#$%%^^... [NO CARRIER]
Just a bad joke! I am still here and so are most people running Debian. The only ones who dropped off are Windows users, whose machines show a lifetime of about 12 minutes connected to the Web unprotected!
Blow me, Windows users! When you can show an unprotected corruption time even approaching 12 minutes for Debian, then post this again!
All of the BSDs currently have excellent package-management systems that can elegantly handle both binary and source packages. pkgsrc in particular is a really nice system---further, it has the advantage of not being tied to one OS. Although it is developed primarily for NetBSD, it can be used from any of the other BSDs, Linux, several Unices, and even Windows (with Internix, i.e. Windows Services for Unix).
In fact, it's definitely worth checking NetBSD out; the 2.x line has been really interesting, and development is continuing to move forward at a rapid pace. If you're on a single-processor system, it's arguably one of the best-performing OSes available at the moment, and it in general will work. Add that to the fact that you could probably port it to your toaster if you were dedicated enough, and it's worth giving serious consideration to as an alternative to Debian, or indeed anything else.
I've always thought (because people have informed me) that Debian is the most secure distro... what went wrong?
While not personally familiar with how the builds in Debian happen, a cross compiling build system is how a lot of vendors deal with this very issue.
I know of vendors that support equipment they don't have a single sample of. Of course, they warn their customers and typically have one or a very small number of early-adopter customers who maybe get a good price break or simply want new features enough to explicitly desire bleeding edge to serve as testing for their releases.
XML is like violence. If it doesn't solve the problem, use more.
You have two number 7s on your list there guy.
Also you forgot, apple is teh suck
I thought that this sub-thread was so stupid that it was not worthy of a response but this list of incredible flaws in Linux that are supposedly fixed in OS X or Windows is so ridiculous, I just had to respond.
7. (you probably meant 8 right?) See above statements. OS X is mostly FreeBSD which means they do not own the code. The GUI, they own, but so what. The kernel is still UNIX!
1. More secure? Not true. All Operating Systems have problems, closed sources Operating Systems have more problems than others becuase there are fewer people viewing and fixing the bugs and other problems. An Operating System's security depends greatly on the configuration and administration not that is is created or modified by a certain company.
2. Not true either. Speed depends on configuration and administration. Mac's are tuned for certain things where Linux can be tuned in any cofiguration you so desire.
3. More advanced or aged only because it is running a version of FreeBSD which is so close to linux how can you call it anything but *NIX?
4. Built for idiots that rather the computer maintain control. I, on the otherhand, like to control my computer.
5. Linux is backed by many successful companies such as IBM, Novell, Redhat, etc., etc as well as a world of seasoned programmers.
6. See above. Open source programming does not mean amateurs. Most of the open source programmers are seasoned vets that work full time for large companies.
7. Most of OS X is open source because it is Free BSD. Note the "Free" part of that. (see http://www.freebsd.org/copyright/copyright.html)
If the list goes on I would like to see it because this preliminary list is bogus.
Caleb Walker
To keep such a large and sprawling project active requires huge volunteer resources, which obviously simply isn't available, no matter how much rhetoric we write here.
Maybe Debian distribution is simply being susperceded by others who do better on some of theses things, in which case, it will (must) either adapt or for face further decline.
That is a natural process of evolution. Look at some of it's wonderful spin offs, such as Umbunto (now how easy is that to get going, get it's based around Debian).
-Richard
Sorry to make yet another jab at the editors, but it needed to be done.
More like:
And after you install CVS to update your ports tree you get the newer versions. Granted, it's not releasing fixes for the old ones, but saying there is no consistent way of doing stuff in FreeBSD is just flat out wrong.
Not Buzzword 2.0 compliant. Please speak english.
s/800/8000/
Dammit, it's only a troll if it isn't true. Give the guy a break mods, or at least attempt to pull your head outta your ass.
Ubuntu: If at first you don't succeed, blindly slap a sudo in front of it
asshat as well.
if linux users got what they paid for, they'd get nothing, you.. you..you bill hates follower.
I'd rather pay nothing, take that money and either put it towards a hardware router for security (just plug it in).. or save that money for something else fun..and set up a linux software firewall/router (easy, just point&click).
If people didn't have windoz forced on them when they buy in major oulets, they would get used to linux quicker.
at least with linux, when you put the effort into fixing it the way you want (note: linux at least has that option!), then we have a functional & hardened box.
I hope I didn't use tooo many big words there, mr coward :)
I will gladly loose all of life's battles.. in order to win the war..
i dont think that's true
The article didn't go quite as in depth as I would have liked. Specifically, the Debian apt repositories have literally, and you may quote me, zillions* of packages. I'm fairly certain they have quite a few more than, say, Red Hat has binary packages in their repositories.
Therefore, it would follow that if 4% of Debian packages had security vulnerabilities that would equate to a substantially greater number of packages than would the same 4% of Red Hat packages.
The other important thing to keep in mind is that it's unlikely many users would install all zillion packages at one time.
Finally, the article implies Debian and Red Hat are in competition. However, as literate geeks will know, Debian is the OS of "Software in the Public Interest" http://www.spi-inc.org/about which is a non-profit entity. Therefore, while one could argue that Red Hat (a for-profit enterprise) and Debian are in competition for userbase, by no means are they in direct competition for 'business'.
*Debian website says "over 15490." Which begs the question, how many more than 15490? 15491?
If in order to make whatever your point is, you have to make up hypothetical opinions held by people you also made up under a hypothetical situation you also made up...
You don't actually have a point at all.
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
'Nuff said. People always root for the underdog. If MS had 0$ in the bank, people wouldn't be so critical. But since they've got billions, well... Doesn't it seem a bit ridiculous that they aren't bulletproof?
Pathological Lier!!
You do know that there is help out there for you?
It's called Open Software, and it allows you to modify your own OS-- if some other hacker/programmer hasn't gotten around to doing it for you yet!!
You NO LONGER need to wait for bill hates to NOT GET AROUND to it-- at all!!
Yes, it is true..
see.. you'll be ok. :)
I will gladly loose all of life's battles.. in order to win the war..
OS X is mostly FreeBSD which means they do not own the code. The GUI, they own, but so what. The kernel is still UNIX!
No, not really. The kernel is Apple's own creation (Xnu, I think they call it, but I'm not positive on that). As I recall, it's a Mach-derived kernel. The user-space is all FreeBSD-based, but the core microkernel is not.
And Apple owns more than just the GUI. They own the APIs, too. You know, CoreFoundation, Cocoa, Carbon, all those fancy things that allow Mac developers to quickly and easily make all those wonderful programs.
Mac OS X is far, far more than simply FreeBSD with a proprietary window server...
A big issue that is causing so many distros to not have enough volunteer support is that there are plenty of volunteers, but there are too many distros.
/opt, /usr), as an example outside of security, is not exactly a mark of usability or effective file organization for today's software on the desktop or server. I'm sorry, but when you have to read a technical document just to understand where to put a file or install a program and even that is of questionable meaning, it's no wonder finding a file requires locate or some other form of search. And before anyone gives me any of the POSIX file system is a tradition, etc., remember that in technology, tradition = obsolete.
I'm sorry, but I've been watching distroWatch and there are so many ill-fated redundant distros. I'm concerned that it hurts the success of bigger distros that could easily be updated to encompass the improvements that many of the younger one's are trying to create.
There are also the improvements that the linux community has been ignoring for a long time. The basic file system directory structures (/etc,
Building on previous functionality is a great thing and it is time some things are improved without the creation of one small purpose based distros.
I tried Debian for the first time as soon as Sarge 3.1 went to stable. I've tried about ten Linux distros (ranging from popular installs like Red Hat and Slackware, to live distros like Knoppix, and even floppy-based like Tom's root-boot and Hal91), and sorry to have to say it, but every other Linux I've ever worked with combined didn't give me as much trouble as Debian. The whole thing left me with an impression of fantastic disorganisation. It was just a shambles! And I might not be so quick to lay blame, but other distros manage with a handful of maintainers releasing every six months, and they get their act together better than Debian, which brags about their "hundreds of developers worldwide" and had a leisurely THREE YEARS to release the new version. I bet they're plagued with all *sorts* of problems, but at least some good Debian-based distros come from the huge package archive.
No kidding, I've fooled around with building my own system from scratch a little, (nowhere near getting a whole major title together!) but enough to gain a basic understanding for how it's done. All it really takes to make your own Linux distro is fdisk and create some partitions, set up a few folders, get a few basic components installed from source compiled on a host system, and then just download tarballs and compile from source. Any Linux distro, logically, should be even LESS trouble to get going than it would be to do-it-yourself. I vowwed on my first Debian-day to conquor the difficulties and perhaps even contribute some small fixes when I get going. By the third Debian day, I looked at the whole mess and just shook my head and zeroed the drive. My effort is much better spent writing programs to enhance *other* distros, which aren't so bad off to start with. Of course, it would also be an easier job for me!
No, I don't hate Debian. I wanted like *damn* to experience the super-cool, ultimate-Linux, uber-geek joygasm that Debian fans have been selling me. I do, however, feel sorry for Debian, and hope it perhaps gets redone right from scratch? I can conceive of no other solution for it.
Parent post is a flamebait and I wonder what moderators are smoking today.
s g00142.html
Debian is much more than a distribution. And there is unfortunately nothing better than Debian (as in the distro) to move on to. There is a reason why many distributions are build on Debian.
Please point me to a distro that can manage version upgrades even half as gracefully as Debian.
There was a discussion about Ubuntu on Slashdot and it was argued that if Ubuntu continues to be diverge further from sid and stay incompatible it will eventually dissolve, because the team will never be able to support the huge package base.
I am a desktop Linux user that started out with Debian 2.1 Slink and I also have the feeling that Debian has had some major issues lately.
About the security issue:
Heise security published it first 10 days ago:
http://www.heise.de/newsticker/meldung/61076
As a result of this a discussion on the Debian security mailing list ensued:
http://lists.debian.org/debian-security/2005/06/m
Heise Online then reported on that as a result of that discussion:
http://www.heise.de/newsticker/meldung/61125
For those that can't read German the article says that of the five members that should make up the security team four are not active at the moment if they ever were. The only remain one is Martin Schulze aka Joey. He has been pretty busy with the organisation of the Linuxtag. So he was cut off from the action. Debian people are working on the problem.
Everyone that is not satiesfied with the current state of affairs should get their hand dirty helping instead of complaining. After all Debian forms the bases of "plenty of well-managed, technically sweet linux distributions out there".
Like Knoppis, Ubuntu or Xandros. Full list here:
http://www.debian.org/misc/children-distros
why don't you tell us?
I'd say they have the same problems.. if not more. If I'm not mistaken, the freebsd project is headed by one person, and much less volunteers than deb.
Considering sooo many distros are eating-off deb with very little in return, i'm suprised deb is still alive.
However, everything IS working out as planned, as can be attested to by the growth of distros and users in the linux/unices communities.
I will gladly loose all of life's battles.. in order to win the war..
The have had 11 arches in the last two stable releases. It didn't seem to affect woody. Why is it affecting sarge? In any case, the maddening thing is that x86-64 isn't one of those 11 arches. It is an official unofficial arch. And there have been zero security updates for it... the directory is even missing on the security server even though they announced that it would have official security support. If Debian would release fixes for arches as they were avaliable I think people would be ok with that. In fact, that is what is happening. The problem is that there aren't enough people to do the work (seven people part time with multiple levels of approvals and verification) and the automation is a bit broken.
If they don't shape up I'll have to start using another distribution on my Athlon 64 box.
"When the entire security team consists of people who have other full-time jobs, it's impossible to make sure that someone will be around when they are needed."
.002 for widget X that isn't widely used and gets abandoned for lack of interest and now has a security issue, how is that different than in the commercial world? At least with OSS someone/anyone can fix the problem. With commercial software you literally have to stop using the software because no fix will ever come.
Your wrongly basing your entire arguement on the idea that OSS programmer(s)=loner(s) with other "real" jobs. That is simply not the case for many OSS projects. Commercial OSS companies like Red Hat, Suse/Novell, et al are and have been the driving force in OSS for some time now. Look at any big distro, any major software project etc and at this point chances are they are being bankrolled and supported by commercial copanies that are paying people to work on them and deal with things like security issues. And if a popular project has a security flaw that an author won't address, and distros won't fix because its not part of their distro...well you know the deal, use the source luke.
I see what your trying to say but again your arguement is flawed as "traditional" OSS development no longer means unpaid and non-commercial. I don't think that the people buying Red Hat linux and getting security support for years and years would share the same viewpoint. And I also don't think that commercial companies put more into security than OSS programmers do. History just doesn't show that.
For version
OSS is particulary well suited to dealing with security issues IMHO and the problems it has with security are more or less the same problems that commercial software makers face. Your floating down a well known river in Egypt if you think that in the commercial world all projects have people who are paid to soley to work on security.
If you wanna get rich, you know that payback is a bitch
The lead post is titled "Debian Struggling With Security," in part because the Debian team is short-handed.
There are 200 or so Linux distros. But Open Source doesn't magically endow you with the organization, money and manpower needed to maintain any one of them.
4. Built for idiots that rather the computer maintain control. I, on the otherhand, like to control my computer.
George Eastman had a slogan: "You click the button, we do the rest." Once a technology becomes accessible to the masses, the hobbyist and his obsessions are driven to the margins. Calling your opponents idiots doesn't change a damn thing.
yeah, and i hope you like having jack shit for software to run on the linux besides 80 different calendar programs & a dozen sub-par web browsers.
Sorry, but people dont like releasing source code for software that they've spent millions of dollars on to develop. Money gets stuff done, in case you didn't know.
I'd rather drive a ferrari i paid for then a geo metro which was given to me.
Regarding the first point, there are no guarantees (and it's often not the case) that OSS has more eyeballs checking a particular piece of code than in the case of closed source, especially when compared to mainstream commercial OSs such as OS X and Windows. When you are guaranteed to get more eyeballs is once the version is released, since every user can look for vulnerabilities, whereas in closed source most researchers have to rely on binaries for looking for flaws.
But at that point you can't solve the problems retroactively, and what you have is patching, lots of it, or even worse, vulnerabilities discovered that don't get disclosed.
Slightly less than 15500
http://www.dieblinkenlights.com
Informative??? WTF? Are you mad? Mod parent troll.
i am not suprised. not supirised at all
13 million whoo!
Quote from the original article:
--
As one developer put it: "The problem we're currently seeing isn't that the job is hard, but that only a very small number of people have the authority/ability to push the update out."
Another agreed, calling for the size of the security team to be increased from seven to 21.
--
So maybe it is not about the amount of people who contribute updates and patches, but rather the amount of people with authority to revise and release the patches and updates.
LOL!!
Gee, i wonder who YOU work for!! LOL still!!
Linux is based on the OS that built the worlds phone-nets and later on, InterNet. Your going to compare THAT with Ms. !!
if *Ms.* (pronounced: mizz) released it's code, it would become a much better program because people who WANTED to work/fix it, would, instead of those who HAVE TO.
And ask anyone over the last 40+ years, if the money spent on the wars on: Drugs, Crime or Poverty has detered those problems.
I do stand corrected on one thing though, Sir..
You are NOT an *asshat*...
Buhhhhhht, you are an...
ASSWHOLE!! LOL!! :)
I will gladly loose all of life's battles.. in order to win the war..
"1. More secure? Not true. All Operating Systems have problems, closed sources Operating Systems have more problems than others becuase there are fewer people viewing and fixing the bugs and other problems. An Operating System's security depends greatly on the configuration and administration not that is is created or modified by a certain company."
Saying that closed source operating systems are less secure due to this is simply rubbish. The vast majority of people using open source products could be looking at code that would produce security concerns and wouldn't know it. As most people are well aware open source depends on a very select number of developers who do most of the work.
"3. More advanced or aged only because it is running a version of FreeBSD which is so close to linux how can you call it anything but *NIX?"
How about you talk to the FreeBSD guys about this. MacOS X is not FreeBSD and never will be. Calling it secure because it is FreeBSD is a complete and utter lie and anyone with any knowledge of the underlying OS will tell you this. It has some parts that are similar to FreeBSD however so much has been changed that it can't be compared. Furthermore, making the assumption that it is secure based on this premise is nonsense.
"5. Linux is backed by many successful companies such as IBM, Novell, Redhat, etc., etc as well as a world of seasoned programmers."
So is Windows......
"7. Most of OS X is open source because it is Free BSD."
OS X is not FreeBSD. Please do some research on the subject before you just assume it is FreeBSD.
Perhaps that's because the "vast majortiy" of computers run closed source software. As soon as 95% of the world uses open source operating systems, then we'll start comparing security.
I think, therefore I doh.
I ditched Debian for the same reason.
....
Pick one:
Stable---Totally out of date, useless for a desktop IMHO.
Testing---STILL pretty out of date, but varies. Probably OK for a desktop, but a good number of packages (to be current for builds) requires...
Unstable. Usually current, MANY broken packages, but NOWHERE near as "stable" as say
Mandrake//Mandriva Cooker, which sort of amazed me when it didn't crater... (It never borked on an upgrade while I used it ~6 months)
This has been fun. I have frequented the forums for a while now and have never really posted anything other than brief comments here and there but this one I thought I would go at it full board. Thanks for replies and you are all right. My response has been short and to the point with many technicalities left out because it was a spur of the moment post. That's what makes this fun and able to enjoy everyone elses take on matters.
As far as OS X being FreeBSD is absurd and I should have stated that more correctly in that it is derived from FreeBSD. It is as close to FreeBSD as Linux is to UNIX as well as OS X is UNIX.
Stating that open source is just plain more secure is an obvious over-simplification. But the fact is that open source applications, especially the Linux kernel has a better chance of being more secure with more eyes on the code world-wide.
For somone to call Windows and Mac users my opponents is funny as well. I dont have opponents in the computer world. I support all of them. I have built fairly complex web server environments on both Linux and Windows. I have had to support Mac users in a graphics environment and have enjoyed it all. I like to express opinions as well as listen to them. And when I said "idiots" it meant that an entirely graphical Operating System to me and to most SysAdmins is a limitation more than a benefit. If you are a user of the operating system it is better through and through. In other words, at times, GUI OSes are "idiot proof" not that only idiots use them. In fact, I want to buy a Mac for my own personal use but I cant afford one for one.
In the end, my statements were just as short and rash as the original statement.
I am sure you have already read this but check this out as well http://www.apple.com/macosx/features/unix/
Also, take a look at this especially under the heading "BSD": http://www.kernelthread.com/mac/osx/arch_xnu.html
Thanks.
Caleb Walker
There is no double standard.
The standard is honesty -- Debian has it, and Microsoft doesn't.
Debian is just a bunch of guys, mostly volunteers, trying to make the best Linux distribution they can.
Microsoft, on the other hand, is the company that:
1. Sabotaged Java:
> Strategic Objective [is to] kill cross-platform Java by grow[ing] the polluted Java market.
2. Defrauded Their Own Customers:
> At this point its [sic] not good to create MORE noise around our win32 java classes. Instead we should just quietly grow j++ share and assume that people will take advantage of our classes without ever realizing they are building win32-only java apps."
3. Blackmailed Apple:
> Gates informed those Microsoft executives most closely involved in the negotiations with Apple that the discussions "have not been going well at all." One of the several reasons for this, Gates wrote, was that "Apple let us down on the browser by making Netscape the standard install." Gates then reported that he had already called Apple's CEO (who at the time was Gil Amelio) to ask "how we should announce the cancellation of Mac Office...."
4. Is Trying To Sabotage Linux:
> OSS projects have been able to gain a foothold in many server applications because of the wide utility of highly commoditized, simple protocols. By extending these protocols and developing new protocols, we can deny OSS projects entry into the market.
5. Stole from Stacker. Stole from Go. Sabotaged WordPerfect. Sabotaged DR-DOS. Commited perjury in a federal court. Sabotaged GeoWorks. Sabotaged AmiPro. Paid companies to break their contracts with Netscape. Fudded DR-DOS. Fudded OS/2. Is currently fudding Linux. And so on.
In short: Microsoft is a criminal organization. If we treated Microsoft the same as Debian, then _that_ would be a double standard.
7. More gay than anything else
YHL HYBT HAND
With unstable and experimental:
/var/cache/apt/available.
Reading package lists... Done
Merging available information
Replacing available packages info, using
Information about 17228 package(s) was updated.
I think it's indicative of the quality of this zdnet article that it attributes a page I maintain to Martin Schulze. More details in my blog entry, here:
7 -06-11-28.html
http://kitenet.net/~joey/blog/entry/secfud-2005-0
see shy jo
ZDNet confirms it, Debian is dying.
Seriously how could anyone mod it as troll? Oh yeah that's right the truth hurts.
The only flaw with the parent post is that Ubuntu while much better than Debian, is still to heavily based on Debian. Hopefully the manpower which has flowed to Ubuntu will start releasing the missing security updates. Otherwise we all need to start looking towards RHEL or someother not exactly free Linux.
I concur with the AC from what I've heard about older hardware. You will need about 6-10Gb on your hdd for a typical full install - the hardware you indicate should be okay to run as long as you have enough RAM, just don't expect to run circles around the new hardware. ;)
x86 suppport for strange hardware is not currently as good as Linux, but, like Linux, this only matters if you have that strange hardware.
Give it a try. I first tried Solaris last December/January and I've just recently converted all of my Linux installs to Solaris 10. IMHO, Solaris 10 runs circles around Linux. Also look into OpenSolaris.org.
I've installed all of the popular distros on a few different pc's with different components. This is what I've found that may/may not assist you.
1. Is your install CD okay?
Large file transfers (CD ISO's) are not perfect. Even though you can successfully burn the ISO, the ISO you burned might not be exactly right. That's why they have those handy checksums.
2. The dog (distro) just won't hunt.
It happens sometimes that the hardware/software package you have is not well implemented in a particular distro or even in Linux at all. I've had it happen a number of different times, on different pc's. Ex. I have a dual-monitor setup that set-up great in KDE, but fails miserably in Gnome.
3. I've got problems (maybe lots)that don't come up in Google.
It's unlikely you will discover show-stopper issues that others have not already documented somewhere on the web. See #1 first.
Seek help:
www.linuxquestions.org is a good place. Try to be specific.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
You are right, I can attest to having had very little trouble with Debian.
:)
On top of my regular work, it actually plays Doom 3, playstation emulation, SNES emulation and Neverwinter Nights, Diablo 2 as well as Warcraft III.
(another debian box, running the Stable branch, is running mail, web and other services on my LAN) All for the cost of old hardware
" What luck for rulers that men do not think" - Adolf Hitler