Slashdot Mirror
Automatix 'Actively Dangerous' to Ubuntu
exeme writes "Ubuntu developer Matthew Garrett has recently analyzed famed Ubuntu illegal software installer Automatix, and found it to be actively dangerous to Ubuntu desktop systems. In a detailed report which only took Garrett a couple of hours he found many serious, show-stopper bugs and concluded that Ubuntu could not officially support Automatix in its current state. Garrett also goes on to say that simple Debian packages could provide all of the functionality of Automatix without any of the problems it exhibits."
Illegal for them to distribute, or illegal for the user to download?
'Yes, firefox is indeed greater than women. Can women block pops up for you? No. Can Firefox show you naked women? Yes.'
I have used automatix on 50+ installs of ubuntu edgy and feisty... Not one problem yet.
Why would Ubuntu consider looking at such a thing?
Am I missing something here?
I am the maverick of Slashdot
This is old news, well Automatix being dangerous in general I mean not Mr. Gattett's report. Automatix has been referred to by many as a tool to "enhance" Ubuntu by lazy users who do not care about system security or stability since Breezy Badger.
Automatix is a really nice idea.
But I noticed that all the Ubuntu distros, which it is installed upon, get a range of problems with upgrading to the next release of Ubuntu.
Automatix is not as necessary as it once one, codecs are done by Ubuntu itself in the meantime - Automatix was good two years back when it was a PITA to get DVDs and mp3s to play without editing files and going crazy on the command line.
It still is nice to use to install some programs like virtualbox, but the problems it causes are not worth it.
Wait, Ubuntu has a warez installer? Isn't the point of Linux to not need to pirate a copy of Office 2009 Blue Screen Edition?
Neither automatix site or the article clarifies where the "illegal" comes from.
I read this while it was in the Firehose, and came up with one question: Why?
What would this tool provide above apt and dpkg? A graphical way of installing programs? There are front ends for dpkg and apt like Synaptic that don't have any of these downsides. Is this just to get things like some of these codecs? That has always been available through other package repositories. You just add a line to the config file (or use a program like Synaptic which lets you do the same thing) and all those packages just show up and work great.
I could see it a bit if it helped with commercial applications (like Click-N-Run does). But reading this stuff I just wonder... what was the point of using a program like this on a Debian based distro? Even with it's faults, even Yum makes these seem quite unnecessary.
So I ask: has anyone used this? Why?
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
Automatix only exists because there is a need for it. If it's so simple to make the package provide the functionality, why hasn't anyone done it? Automatix seems to be the (only?) ones who have tried to do something that many people need.
You are not entitled to your opinion. You are entitled to your informed opinion. -- Harlan Ellison
I never understood why Automatix was necessary. Why not just make a "Proprietary software" repository?
What, if you use it do a bunch of pale-skinned 100 pound guys with electronics-laden belts show up at your house, and after they fail at kicking in your door stand outside your house and yell things about RPM's and VI and stuff? Cause that would be cool...
Using Ubuntu is also actively dangerous to your anal virginity.
You might as well run
/usr/lib/klibc/bin/nuke /
sudo
beofore upgrading.
After the launh Ubuntu 7.04 Automatix isn't worth using anymore. Codecs are easily installed with add/remove, as is most of the other software in Automatix' repositories. And the few programs that you can't find in add/remove are mostly published as .deb packages. Google has even made a .exe like installer for google earth.
Duh
I always mod up spelling trolls.
The article is a technical crictism of Automatix, how it doesn't follow proper package rules, etc.
This is the conclusion to the article, which sums it up pretty well
Automatix is barely needed anymore. You can do just about anything through the standard repos these days.
kill all the fucking niggers
You wish your system had security like that.
The Schwartz space ain't from Spaceballs.
Legal issues associated with Automatix are complex, but to refer to Automatix as wholly being 'illegal' is far from accurate.
.S. but are perfectly legal in other countries.
The majority of legal issues deal with the use of proprietary software in conjunction with the GPL.
Some legal issues are relative to the end-users physical location. IIRC, Automatix offers access to a few video codecs that may be illegal to use in the U
Garrett's complaints are actually relatively benign and reflect the views typical of certain Linux developers who consider themselves 'purists'.
Yes, Automatix has some bugs and a few 'security' concerns relating to user privileges. It is not, however, inherently dangerous or illegal.
Erm, did you even read the analysis? Automatix craps untracked files all over the user's system. It makes to effort to interoperate with Ubuntu's package manager (dpkg) and is even prone to race conditions that could leave the system unbootable!
The core value of making Linux easier to manage for the masses is a great cause and you can see many distros making huge gains in usability thanks to the popularity of Ubuntu. That said, the current state of the community and user made docs has gone down over the last year, let's hope comments like this turn it around as I really miss my apt-get (and yes, I know there is an apt tool for RPM distros, but when in Rome...).
First, some of my ex GFs have been happy to show me other naked women. It has worked well. You just need to find the right ones.
Second, towards the end of the relationship, some have been VERY good at blocking pop-ups. All have been good at creating pop-ups. So, I would say that your sig is incorrect.
I prefer the "u" in honour as it seems to be missing these days.
http://easyubuntu.freecontrib.org/
Seems to have the same goals - but does it have the same issues?
Conor "You're not married,you haven't got a girlfriend and you've never seen Star Trek? Good Lord!" - Patrick Stewart
Automatix is a hack
Why not just use a distro that HAS the codecs in the default repositories? It just takes a little research to find one of the MANY.
If I am not for myself, then who will be for me? If I am only for myself, what am I? If not now, when?
Yes I read RTFA. I also use Automatix. If it scares you, don't use the fucking software.
Alternately, learn Linux so that you might know what you're talking about.
then hurry up and fix it, you open-sourced bitches! Seriously, get on it so I can reap the benefits.
Medibuntu is a much safer way to install codecs and some third-party apps than Automatix.
Given that I'm the one who wrote that article, and given that most of the code I've recently written is designed to avoid the need for users to touch the command line, that doesn't seem likely.
What part of "a well regulated militia" do you not understand?
Before the Ubuntu team criticizes add-ons that make the system useful to many more people, they should get their own house in order.
I recently installed a 7.04 system and I found that:
1. The version of RealVNC is broken and possibly insecure.
2. The CDFS-src package is broken, and has been for months.
There are bug reports on both of these issues, yet it does not seem that the Ubuntu team has any interest in fixing them.
3. There does not seem to be any good and easy way to install a firewall. Red Hat seems to have a simple IPTABLES firewall installed as an option in the installation process, why can't Ubuntu do this?
There may be other problems, These are just 2 that I have found. Also my 6.06 LTS system has been unable to connect to open wireless networks since upgrading from 5.10.
So: my message to Canonical is: get your own house in order. Only then should you criticize third-party solutions.
The real "Libtards" are the Libertarians!
for I would surely have modded you up, Anonymous cow herder.
Still cackling quietly to myself. Excellent comment.
Trying to associate Microsoft with "fun" is like trying to associate Satan with aromatherapy. -Tycho
Who cares?
No, not trolling, asking a serious question. What end user really cares its 'illegal' in some jurisdictions for them to use their PC as they wish?
---- Booth was a patriot ----
Then you can start knocking other people's efforts.
I've been running Ubuntu since Hoary, and while i can usually upgrade to new versions using apt dist-upgrade or the ubuntu-supplied upgrade-manager, it has never worked flawlessly. and always required manual searching of the forums and config-editing to get things working again. With the lastest 2 upgrades, Dapper->Edgy made my system unusable after boot due to X problems, and Edgy-> Feisty broke my virtual consoles.
If Canonical themselves can't make an update system that works, how do they expect Automatix to do it?
I gots ta ding a ding dang my dang a long ling long
and it kept on whipping me with the leather crop, over and over, despite my repeated shouts of the "safety word." Eventually an attendant came in and reset the thing, and all was well again except for my swollen bare bottom. It's hard to shout with that leather ball in your mouth.
Not exactly. Microsoft didn't patch the holes that the apps exploited, you can be sure GNU/Linux Distros will. Why? Because people haven't really paid money for all these applications, but Windows would really lose a large part of its share if a new upgrade broke a lot of applications (notice Vista)
But I don't see how you got modded flamebait -- how many problems are from users running with admin privileges, so that their apps will work? Heck, I remember a couple versions back, WINAMP required the user to be an Admin to save settings, because it stored data in the Program Files directory, not the user's home directory.
Ok some issues here and there and I was following his logic right up to the point when
I hit this.
The current design of Automatix precludes any reasonable way to fix
some of these problems.
This is the point where I had to call bullshit, there is nothing that cannot be fixed.
Got Code?
This is an understandable concern, and in the older versions of Ubuntu, I felt the same.
However, in the newest version of Ubuntu (Feisty Fawn, released in April), clicking on an unsupported filetype (such as an MP3, or AVI) brings up a dialogue box which A) Tells you that this codec is not supported, B) Offers to search for and install the codec for you.
I think this is the best trade-off, doesn't involve the CLI, and is something that my mum could easily work around. So actually, at this point, I don't see much reason for Automatix to exist.
Not only that, but you can also run the 32-bit versions of your programs on a 64-bit OS install. In the case of Flash, just install the 32-bit version of Firefox, then all your 32-bit plugins will work fine. The only problem that will be encountered when running a 64-bit install is if you have a binary-only driver (kernel module) that is only available for 32-bit.
netfilter is part of the Linux kernel, you don't have to install it. iptables is just a command to control it. If you want a GUI frontend, check out firestarter.
You're right about VNC though, they need to fix that shit.
You are all wienies.
./configure
./configure
;)
If the child never has to learn to walk why would it bother.
make
make install
For you anal security types
make
su
make install
I'll go now and leave this for the mods
The real "Libtards" are the Libertarians!
Let's keep in mind that both WMV and WMA have native, free software decoders available that don't require agreeing to Microsoft's licensing.
This may be modded funny, but it's actually insightful as hell...
What does this button d$#%* NO CARRIER
It has about 60 codecs from unidentified sources with no particular attention to licensing that I can see. This package is often used as a workaround for Linux's generally poor support for video playback.
Actually, Ubuntu can do a pretty good job with most things with just the gstreamer plugins.
This "workaround" however, is quite often used as a workaround for WINDOWS generally poor OOTB media handling. Of course, Windows has other, even more "special" packages similar to this one - like that wonderful and friendly K-Lite codec pack.
So far as other companies looking the other way on "my infringement" - of what? What large companies? And how would they find out?
Duh. It's not about use, it's about distribution.
I understand that users don't want to have to change their touchpad configuration just because they're using an ALPS pad instead of a Synaptics one. I understand that users would like their Wacom touch screens to work without having to edit xorg.conf. I understand that users don't want to have to configure their hotkeys in order to get them to do anything useful. I understand that users want their laptops to suspend and resume correctly. Those are issues that I understand and have had the time and skills to do something about.
I also understand that users want to be able to play their MP3s, their DIVXs and use their ipods. The reason I do less for these people is that I have very limited time (I have a full-time job that's nothing to do with Linux development). Does that mean I want everything to be done via the CLI? Am I ignoring the needs of users? Do I have a fundamental misunderstanding of what people actually want to use Linux for? No, I don't think so. I just contribute where I can with the resources I have. I'd prefer to be able to solve all of these problems, but I'm limited by actually having to do other stuff with my life.
Even with automatix I still had to find an illegal patch for X just to have true clear type rendering in addition to installing the ms fonts.
On a laptop its painful and it makes me wish I had WinXP back on it without those 2 things. Automatix makes this task easier.
Is there a way I can do this with synaptic? Not that I know of for legal reasons.
http://saveie6.com/
-- QED
If you were to learn Linux you would not need Automatix,
Climate Progress - Hell and High Water
Are you saying that anyone not an "anal security type" is running as root? What the hell? Do you drive a car without brakes too?
He assumed that you update your operating system more than once a year. Granted, LTS is nice but it does not get new features - hence why it is supported for a long time. ;)
Grammar Nazi
You are incorrect about DVD playback. 3rd party software is required to play dvds in windows media player. A fresh install of windows won't play dvds. Of course most computers ship with that installed, but that is not what you claimed.
Also, I would imagine that every single contributor to Ubuntu knows that people want dvds, mp3s, etc to work out of the box. But if they did it, they would risk lawsuits, maybe even criminal cases.
subj
I run the 32 bit version of Firefox on 64-bit Ubuntu for flash myself, but there's no reason to force non-technical users to screw with that sort of thing. Non-technical users on computers with up to 3 gigs of RAM should get a 32 bit OS. Anything else is just making things hard for them for no good reason.
-- The act of censorship is always worse than whatever is being censored. Always.
Seriously, we've seen exactly this sort of awful, awful bundling written for a lot of RPM repositories as well. Filtering out the badly written ones and providing work-arounds for them is really painful. I'm not surprised at all that some amateur software bundler wrote their "great idea to put it all in one place!" software but proceeded to violate all sorts of basic software standards.
For excellent examples of just this sort of conflict and mispackaging craziness, take a good look at any of the Oracle installers of the last 8 years or so, or any of the hardware vendor's driver installation tools. Serously, most of them are not as bad as this, but lord, they're not good. This is why I worship the names of DAG and DRIES, the primary third-party RPMforge repository maintainers for the RedHat based world. They just do things right and set an amazing example for this sort of repository manager wanna-be.
Yeah, and like Windows, there are better alternatives.
I don't actually remember what it was, but I do remember adding exactly one repository to my sources.list (a process that is getting increasingly easier) in order to get all the codecs for my Linux. I think I even have a 32-bit mplayer somewhere with the win32 codecs, but I so rarely come across a file that my 64-bit mplayer (or VLC) won't play.
Don't thank God, thank a doctor!
I mean, sacrifying *virgins*. I was going to mention something about bloodied keyboards but that opened such a vast gulf of associated thoughts that I'm not going there, grin.
Insert
I don't care what you Linux purist eggheads say. I love Automatix2. Why should I spend a day fiddling around trying to edit /etc/fstab and a host of other files in order to get my video and wifi cards to work, when I can use Automatix2 to install and configure them in a matter of minutes. As to the question of illegality, I couldn't care less. I'm playing MP3s and DVDs on my computer and that's that!
Everyone is not a computer science major. For most people, a computer is merely a tool to facilitate projects having nothing to do with computers. If you Stallman-types understood that, Linux would have a much larger user base.
Whoops, I used that on a few computers - can anybody link me to reports of problems?
The problem is that AMD changed a lot with x86-64 beyond doubling the register size. They also added a few more registers and tidied up the instruction set a fair bit. Running in 64-bit mode is typically faster, since you get a lot less register churn. On something like SPARC, it's typical to run pretty much everything in 32-bit mode, because all you get by going 64-bit is a load of extra overhead on loads and stores of pointers. On x86 you get this overhead, but it's offset by the extra registers. This makes running 64-bit software on x86 much more attractive, even if you don't need the extra address space.
I am TheRaven on Soylent News
i would really like to induce you to change your irksome signature, and/or to see all your comments downgraded to troll or flamebait on that basis.
try substituing 'men' for 'women' in that statement and rearrange your perspective. seems like a pretty feeble mindset either way. (sure, i know, you just thought it was clever, but whatever.)
That is a totally different situation. If you were able to install anyting on your own as an 'end user', their security is inadequate in the first place.
---- Booth was a patriot ----
"Automatix exists to satisfy a genuine need Yes, it certainly does.
"... in its current form Automatix is actively dangerous to systems" So far I've been lucky. But then, I've been working with Windows since Windows 3.1 so maybe I'm just used to having a dangerous system. I just installed iTunes on the Windows system and it's now failing to boot. Anything less hostile than that is an improvement.
"A more reasonable method of integrating Automatix's functionality into Ubuntu would be for the Automatix team to provide deb files to act as installers for the software currently provided. These could then be installed through the existing package manager interfaces. This would solve many of the above problems while still providing the same level of functionality." So ... do it!
I went here http://ubuntuforums.org/ and typed Automatix into the search box.
And the result was:
" The following errors occurred with your search:
1. Sorry - no matches. Please try some different terms.
The following words are either very common, too long, or too short and were not included in your search : automatix"
I'm just a stupid user trying to find information on ubuntuforums.org about automatix.
I read posts and just wonder why people don't research subject, and stay to plainly dumb arguments. There are so misguided info about multimedia status on Ubuntu and how to install it, that it actually makes me a little bit angry (and getting emotional about computers is really something for me).
First I have to admit that it is community's fault, well, at least, part of it. Automatix is kinda one of those hacks for mass installations when you install distro on multiple boxes - no more, no less. It is a "hack" in a sense to provide urgent solution to a problem, but in long term more sane solution are required. I just wonder why those guys didn't submit those packages to universe/multiverse and dealed with it? (Ahhh, problem is w32codecs, but they are *illegal* anyway, in ANY country. Let me explain that later). What about commit yourself as community developer of Ubuntu project? Why working separately, instead of collaboration? Thanks for everything, Automatix finally let's use repository and community start to suggest Ubuntu "standard" way of doing things, via apt-get install gstreamer* or Add/Remove...
Second my ripe is that Automatix popularized solution, which works, but leads nowhere - therefore it is a hack without further direction (although, it is not Automatix devs nor users fault). In result, solutions which *might* be answer to problem, although not immediate, were left out from sight (because everyone uses ffmpeg + mplayer + xine combo, what a fun). We all remember Gstreamer and how it was in "cursed if you do, cursed if you don't" situation due of everyone blasting it and installing everything with Automatix instead. Yeah, it was very buggy, but they have won big fight with quality issues and moving faster now than before. They COULD escape such scenario, if there was enough community support. Instead of that, everyone hyped about Automatix and how it "deal with everything" - so in fact we lost at least several years to get us a proper media framework.
Thanks to Ubuntu devs, situation is much clearer now. You can install almost any set of codecs from Ubuntu repositories (Gstreamer plugins or Xine/ffmpeg combo, Gstreamer can use ffmpeg lib too) and they are working. But still lot of manuals and guides suggest just don't waste time and install Automatix. Strangely, but as a geek, I enjoy clearness of my system and install everything trough apt-get/synaptic, dpkg -i (or GUI eq.) and Add/Remove...
I am happy that more and more people use Ubuntu solutions for installation of multimedia codecs, not Automatix. It is also gives bigger test ground for Gstreamer/Xine/ffmpeg and bugs can be reported and collected to be submitted upstream.
In post scriptum, about w32codecs. I might be wrong, but w32codecs consists of hacked together dlls from various distributions of RealMedia, WMA, etc. etc. Licenses for those programs isn't even close to free distribution and doing that is violation of copyright. So they are not legally distributable in ANY form, period. In any country of the world which supports concept of copyright.
user@ubuntubox:~$ stfu This server is going down for shutdown NOW!
Same here... A link would be much appreciated. I've never found any problems with it, but I haven't looked very hard.
What, he's never heard of a symlink attack?
-- Cerebus
I never needed automatix to install codecs, for the most part they were available in external repositories that just had to be either downloaded (when it was possible) or just included in the apt sources.list, get the key and that is it, apt-get install. I'm an average user with just the minimal knowledge to do things and set up systems, when i don't know how to do things I use google, go to forums etc.., I believe that if you are going to use a particular system be it windows, linux or mac, there is the need to learn to use it, not just turn on the computer and everything will work automatically, for the most part americans like their remote controls, but computers are not televisions, so please take the time to learn how to use what ever system you want to use, including how to install codecs, the illegality part of some of them, well, its an other issue.
That would be Medibuntu.
look! it's a bird, it's a plane, it's....a girl? yes, a girl browsing Slashdot on Linux
I don't have it on Feisty either .
killall -9 dpkg
May well leave the system in an inconsistent and unbootable state, and
is carried out without warning. This is entirely unacceptable and will
leave a stale lockfile in any case.
If this can leave the system in an "inconsistent and unbootable state", then there is something wrong with dpkg; all package operations should amount to atomic transactions.
install only .deb files of things (things, which are not in the reps). never install tar files for system wide usage.
install tar files in your home directory, always. if the program will not work like that it is probably bad anyway.
using these rules you will never screw up your ubuntu install, and you will always be able to upgrade without problems too.
On a long enough timeline, the survival rate for everyone drops to zero.
Then you're either blind, lying, or using Kubuntu. There is no version of the Restricted Driver Manager for Kubuntu, though I believe that is planned for Gutsy.
Grammar Nazi
Sounds like you removed it?
7 /05/beryl6.png
http://www.ridinglinux.org/wp-content/uploads/200
Most of the "3rd parties" that cause problems with "3rd party apps" in Windows are infact various divisions of Microsoft.
A Pirate and a Puritan look the same on a balance sheet.
That stuff's all true. Thing is - a non-technical user who's running non-CPU-bound tasks could care less. It's great that you, as a geek, know that stuff - but a little bit more efficient CPU usage is no reason to screw a non-technical user out of Flash.
I really wish that the performance gains were so blatantly obvious that even non-technical users would give up flash / win32codecs rather than use a 32-bit OS, but the fact of the matter is they can't tell the difference. So there's no reason to (from a non-technical) cripple a friend's computer for a purely-theoretical performance gain.
-- The act of censorship is always worse than whatever is being censored. Always.
I call BS on that last one, guv. Some package management is better than no package management any day of the week. I have no time to spare on tracking down libs and whatnot. Automatix fills the need for conveniency. If there was no such need, we'd all be using LFS.
Something bad is coming when people are suddenly anxious to tell the truth.
Are you saying that anyone not an "anal security type" is running as root? What the hell? Do you drive a car without brakes too?
:-)
No, they are running as Administrator. And their brakes just caused a STOP CONDITION in module ABSBRAKE.VXD
I never said anything about no package management. If you know a reasonable amount about Linux, it is pretty darn easy to use [insert favorite package manager] to install the packages automatix installs, and to make the adjustments it makes. Automatix makes it *slightly* more convenient, but it does too many bad things to make that slight convenience worth it.
Climate Progress - Hell and High Water
"Permission" is based on the notion that one may be infringing. These packages are hosted in places where such permission is generally NOT NEEDED because the laws are not the same as the US. How is this any differnt at all than Google or Yahoo working with the Chinese government to nail dissidents who have done nothing illegal under US law? Or the US LEA working in other nations to pressure those governments into arresting their own citizens for doing things that violate no local laws, but violate US law?
It's a big world out there, and as "consumers" we are constantly being played by those in power. Why should we be above exploiting these same channels of control when we are able?
How about adobe acroread? It was there in the previous version of Ubuntu, and then it disappeared. Also, when VMware changed its version you had to either manually install its latest player (to support new virtual machines), or get it via Automatix. Or email client, or ...
In response to libdvdcss being illegal it is no more illegal than your home DVD player.
The average DVD player decrypts the DVD as well (just to play it), so the premise that libdvdcss is illegal because it allows the playback of encrypted DVDs is false.
And you can also copy DVDs with your DVD player at home (all you need is a VCR or a DVD recorder to dub it over).
libdvdcss does (almost) nothing more than the average DVD player.