Slashdot Mirror

← Back to Stories (view on slashdot.org)

Automatix 'Actively Dangerous' to Ubuntu

Posted by Zonk on from the don't-tread-on-me dept.

exeme writes "Ubuntu developer Matthew Garrett has recently analyzed famed Ubuntu illegal software installer Automatix, and found it to be actively dangerous to Ubuntu desktop systems. In a detailed report which only took Garrett a couple of hours he found many serious, show-stopper bugs and concluded that Ubuntu could not officially support Automatix in its current state. Garrett also goes on to say that simple Debian packages could provide all of the functionality of Automatix without any of the problems it exhibits."

17 of 284 comments (clear)

  1. Why? by MBCook · · Score: 3, Insightful

    I read this while it was in the Firehose, and came up with one question: Why?

    What would this tool provide above apt and dpkg? A graphical way of installing programs? There are front ends for dpkg and apt like Synaptic that don't have any of these downsides. Is this just to get things like some of these codecs? That has always been available through other package repositories. You just add a line to the config file (or use a program like Synaptic which lets you do the same thing) and all those packages just show up and work great.

    I could see it a bit if it helped with commercial applications (like Click-N-Run does). But reading this stuff I just wonder... what was the point of using a program like this on a Debian based distro? Even with it's faults, even Yum makes these seem quite unnecessary.

    So I ask: has anyone used this? Why?

    --
    Comment forecast: Bits of genius surrounded by a sea of mediocrity.
    1. Re:Why? by Anonymous Coward · · Score: 1, Insightful

      The reason for Automatix is to make a freshly post-Windows user happy. Automatix configures + installs everything as close to what a Windows user would want. That means p2p, proprietary codecs, FileZilla and other nice GUI applications for everything. It's what Windows users are used to, they don't really know any different, this application is meant to make them at home. Of course YOU don't understand because having used Linux for a while (or read about it or understood it), you have different user habits than the traditional Windows using YouTube/MySpace crowd etc.

      Personally I'm happy that these people are trying out Linux, and if they find it suits them, than great. Sure, they're using stuff that might infringe, just like they would be on Windows. There are even "illegal codec packs" for Windows as well, it's impossible to properly license every codec to play every file released, but Windows users are used to having everything bundled so they don't have to worry about dependancies. Programs in Windows are not normally so modular so users expect all claimed supported functionality to be implemented and present in every application.

      However, they may eventually get used to different Linux applications and doing things the OSS way and like that experience, so why prevent them from getting settled and discovering these other elements as they slowly ween themselves from the Windows world? They may just eventually change their ways. If we make them comfortable, they'll be more likely to do so. If we just yell "no!" and put a gun to their head, they might just act resentful and not open their minds. WE don't have to use the software, just don't download it, it's a choice. I'm not even developing that software, I wouldn't use it, and I don't PREFER the idea that others are, but it's leading them to Linux in ways that they wouldn't have experienced had people just said "no", and the more ways to experience Linux, the better.

  2. "...could provide..." by haeger · · Score: 4, Insightful
    Garrett also goes on to say that simple Debian packages could provide all of the functionality of Automatix without any of the problems it exhibits.

    Automatix only exists because there is a need for it. If it's so simple to make the package provide the functionality, why hasn't anyone done it? Automatix seems to be the (only?) ones who have tried to do something that many people need.

    .haeger

    --
    You are not entitled to your opinion. You are entitled to your informed opinion. -- Harlan Ellison
  3. I never understood by Tom9729 · · Score: 2, Insightful

    I never understood why Automatix was necessary. Why not just make a "Proprietary software" repository?

  4. Re:I think it screws up when upgrading. by solcott · · Score: 1, Insightful

    Linux is a kernel sir, not an operating system. What kernels do you know of that can play mp3?

  5. Money quote by Yath · · Score: 2, Insightful

    A more reasonable method of integrating Automatix's functionality into
    Ubuntu would be for the Automatix team to provide deb files to act as
    installers for the software currently provided.


    Duh
    --
    I always mod up spelling trolls.
  6. Re:Illegal? by nine-times · · Score: 2, Insightful

    The summary said "illegal software installer", which could be read as not implying that the "software installer" is illegal, but that it installs illegal software.

    Now the "illegality" depends on which software you install and your local laws. I think that the DVD decoder violates the DMCA (is that right?), and MP3 encoders/decoders is a dicier issue. IANAL, but AFAIK you are not required to pay for an MP3 patent license for using an MP3 encoder or decoder, but only if you're distributing MP3 encoders, decoders, or MP3s. So there it's probably legal for users to have and use, but possibly illegal for distros to include.

    However, I think sometimes distros steer clear in just to be on the safe side. I don't know-- like I don't really understand whether LAME is legal or not. They used to distribute it uncompiled and say it was for educational purposes, because otherwise they would have to pay a license fee for distributing (hence the name Lame Ain't an Mp3 Encoder, right?) But then they said they engineered their way around the patent issues and they have been distributing it for a while now. Still, some distros seem hesitant to include it.

    So yeah, I don't get what the deal is with all of this stuff, legally.

  7. Re:I think it screws up when upgrading. by Chandon+Seldon · · Score: 2, Insightful

    Why'd you give her 64 bit Linux? Does her computer have more than 3 gigs of RAM?

    In a year or two we may be to the point where a 64 bit OS is essential, but we're not there yet. Give your non-technical friends the 32 bit version.

    --
    -- The act of censorship is always worse than whatever is being censored. Always.
  8. Re:Old News by Conor+Turton · · Score: 2, Insightful

    Automatix has been referred to by many as a tool to "enhance" Ubuntu by lazy users who do not care about system security or stability since Breezy Badger. Or in other words, people who quite rightly find installing things like codecs and then having to modify countless config files so the media player and the browser can use them either difficult or, quite rightly, a bloody ridiculous thing to have to do.

    When Linux distros finally sort out the farce that is installing vendor provided graphics card drivers, software and codecs etc, then tools like Automatix won't be needed.

    --
    Conor "You're not married,you haven't got a girlfriend and you've never seen Star Trek? Good Lord!" - Patrick Stewart
  9. Re:I think it screws up when upgrading. by jZnat · · Score: 3, Insightful

    Does this run in user space or kernel space? If kernel space, I hope they've developed the most secure decoders possible without any side-effects!

    --
    'Yes, firefox is indeed greater than women. Can women block pops up for you? No. Can Firefox show you naked women? Yes.'
  10. Re:And the reason Automatix exists? by mjg59 · · Score: 4, Insightful

    Given that I'm the one who wrote that article, and given that most of the code I've recently written is designed to avoid the need for users to touch the command line, that doesn't seem likely.

  11. Re:Old News by wordsnyc · · Score: 4, Insightful

    I used Automatix in my first Ubuntu install. No problems, but I took the warnings seriously, and for my second I simply hunted through the Ubuntu wiki and other places and installed all the codecs, etc., myself. The point is that all the unsafe stuff Automatix does is unnecessary -- why take the risk? The files are out there, not "in" Automatix -- just go get them and install them properly.

    --
    Sent from the iPad I found in your car.
  12. Re:Illegal? by miro+f · · Score: 5, Insightful

    I don't think the summary is claiming Automatix is illegal. It just has to do with the parsing of the sentence. I think the original intent was:

    "illegal software" installer

    and not

    illegal "software installer"

    --
    being vague is almost as cool as doing that other thing...
  13. Re:Illegal? Misleading and Misconstrued FUD by Randle_Revar · · Score: 5, Insightful

    Alternately, learn Linux


    If you were to learn Linux you would not need Automatix,
    --
    Climate Progress - Hell and High Water
  14. Re:Bigger Question by Antique+Geekmeister · · Score: 3, Insightful

    I do. My boss does. My company lawyers do. If I got caught illegally installing such software for Linux users on corporate systems, I'm in direct violation of my employment contract and lose my job. It could also cost the company far more in legal fees and punitive damages than I've saved them by installating admittedly superior Linux based software to accomplish work tasks.

    Mr. Stallman and the FSF's approaches, that software patents are a bad and evil thing, and that we need to protect ourselves from licenses that deny us the rights to use or modify our computers to do the things we want, continue to be a source of excellent guidance on these issues. The MP3 patents are a classic example of where software licenses break down: they not only are used to reward the authors, but to actively prevent other competitive use of related or improved products.

  15. Re:I think it screws up when upgrading. by cyclop · · Score: 2, Insightful

    This is pure FUD. On Windows, it takes me several hours to install decent image retouching support, a feed reader, a PDF reader, a vector graphics editor, a decent audio player (what WMP is not), a decent browser, a decent Office suite, a decent mail client etc.etc. And still you have to download codecs for a LOT of widespread formats.

    On Linux you just have to look a bit for mp3 and dvd codecs, but everything else you need is there. On Windows, yeah, maybe WMP plays mp3s by default, but on a nearly unusable system.

    --
    -- Patent no.123456: A way to personalize /. comments with a sig attached to the end.
  16. Warning: a little rant about multimedia thingies by Pecisk · · Score: 3, Insightful

    I read posts and just wonder why people don't research subject, and stay to plainly dumb arguments. There are so misguided info about multimedia status on Ubuntu and how to install it, that it actually makes me a little bit angry (and getting emotional about computers is really something for me).

    First I have to admit that it is community's fault, well, at least, part of it. Automatix is kinda one of those hacks for mass installations when you install distro on multiple boxes - no more, no less. It is a "hack" in a sense to provide urgent solution to a problem, but in long term more sane solution are required. I just wonder why those guys didn't submit those packages to universe/multiverse and dealed with it? (Ahhh, problem is w32codecs, but they are *illegal* anyway, in ANY country. Let me explain that later). What about commit yourself as community developer of Ubuntu project? Why working separately, instead of collaboration? Thanks for everything, Automatix finally let's use repository and community start to suggest Ubuntu "standard" way of doing things, via apt-get install gstreamer* or Add/Remove...

    Second my ripe is that Automatix popularized solution, which works, but leads nowhere - therefore it is a hack without further direction (although, it is not Automatix devs nor users fault). In result, solutions which *might* be answer to problem, although not immediate, were left out from sight (because everyone uses ffmpeg + mplayer + xine combo, what a fun). We all remember Gstreamer and how it was in "cursed if you do, cursed if you don't" situation due of everyone blasting it and installing everything with Automatix instead. Yeah, it was very buggy, but they have won big fight with quality issues and moving faster now than before. They COULD escape such scenario, if there was enough community support. Instead of that, everyone hyped about Automatix and how it "deal with everything" - so in fact we lost at least several years to get us a proper media framework.

    Thanks to Ubuntu devs, situation is much clearer now. You can install almost any set of codecs from Ubuntu repositories (Gstreamer plugins or Xine/ffmpeg combo, Gstreamer can use ffmpeg lib too) and they are working. But still lot of manuals and guides suggest just don't waste time and install Automatix. Strangely, but as a geek, I enjoy clearness of my system and install everything trough apt-get/synaptic, dpkg -i (or GUI eq.) and Add/Remove...

    I am happy that more and more people use Ubuntu solutions for installation of multimedia codecs, not Automatix. It is also gives bigger test ground for Gstreamer/Xine/ffmpeg and bugs can be reported and collected to be submitted upstream.

    In post scriptum, about w32codecs. I might be wrong, but w32codecs consists of hacked together dlls from various distributions of RealMedia, WMA, etc. etc. Licenses for those programs isn't even close to free distribution and doing that is violation of copyright. So they are not legally distributable in ANY form, period. In any country of the world which supports concept of copyright.

    --
    user@ubuntubox:~$ stfu This server is going down for shutdown NOW!