Slashdot Mirror
Automatix 'Actively Dangerous' to Ubuntu
exeme writes "Ubuntu developer Matthew Garrett has recently analyzed famed Ubuntu illegal software installer Automatix, and found it to be actively dangerous to Ubuntu desktop systems. In a detailed report which only took Garrett a couple of hours he found many serious, show-stopper bugs and concluded that Ubuntu could not officially support Automatix in its current state. Garrett also goes on to say that simple Debian packages could provide all of the functionality of Automatix without any of the problems it exhibits."
This is old news, well Automatix being dangerous in general I mean not Mr. Gattett's report. Automatix has been referred to by many as a tool to "enhance" Ubuntu by lazy users who do not care about system security or stability since Breezy Badger.
Automatix is a really nice idea.
But I noticed that all the Ubuntu distros, which it is installed upon, get a range of problems with upgrading to the next release of Ubuntu.
Automatix is not as necessary as it once one, codecs are done by Ubuntu itself in the meantime - Automatix was good two years back when it was a PITA to get DVDs and mp3s to play without editing files and going crazy on the command line.
It still is nice to use to install some programs like virtualbox, but the problems it causes are not worth it.
Wait, Ubuntu has a warez installer? Isn't the point of Linux to not need to pirate a copy of Office 2009 Blue Screen Edition?
I read this while it was in the Firehose, and came up with one question: Why?
What would this tool provide above apt and dpkg? A graphical way of installing programs? There are front ends for dpkg and apt like Synaptic that don't have any of these downsides. Is this just to get things like some of these codecs? That has always been available through other package repositories. You just add a line to the config file (or use a program like Synaptic which lets you do the same thing) and all those packages just show up and work great.
I could see it a bit if it helped with commercial applications (like Click-N-Run does). But reading this stuff I just wonder... what was the point of using a program like this on a Debian based distro? Even with it's faults, even Yum makes these seem quite unnecessary.
So I ask: has anyone used this? Why?
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
Automatix only exists because there is a need for it. If it's so simple to make the package provide the functionality, why hasn't anyone done it? Automatix seems to be the (only?) ones who have tried to do something that many people need.
You are not entitled to your opinion. You are entitled to your informed opinion. -- Harlan Ellison
I never understood why Automatix was necessary. Why not just make a "Proprietary software" repository?
What, if you use it do a bunch of pale-skinned 100 pound guys with electronics-laden belts show up at your house, and after they fail at kicking in your door stand outside your house and yell things about RPM's and VI and stuff? Cause that would be cool...
After the launh Ubuntu 7.04 Automatix isn't worth using anymore. Codecs are easily installed with add/remove, as is most of the other software in Automatix' repositories. And the few programs that you can't find in add/remove are mostly published as .deb packages. Google has even made a .exe like installer for google earth.
Duh
I always mod up spelling trolls.
The article is a technical crictism of Automatix, how it doesn't follow proper package rules, etc.
This is the conclusion to the article, which sums it up pretty well
Automatix is barely needed anymore. You can do just about anything through the standard repos these days.
kill all the fucking niggers
You wish your system had security like that.
The Schwartz space ain't from Spaceballs.
As TFA points out, it also gives dubious legal advice. Downloading MP3 codecs or Win32 codecs is far from a crime in the United States. For example, for the Microsoft-created codecs like WMA or WMV, Microsoft only requests that you have a Windows license in order to download them, but does nothing to prevent you from downloading them (WGA checks are not required, for instance.) It could be argued that as long as one has a valid Windows license, using them on Linux is not illegal. As for MP3 or other patent-encumbered codecs, it is a violation of patent law to distribute such codecs. Whether it is a violation of patent law to use or download these codecs without paying a license is a legal gray area.
OTOH, downloading libdvdcss may, in fact, be a violation of the DMCA.
Note that I'm not a lawyer, and if you're looking for legal advice, go pay one.
My blog
Erm, did you even read the analysis? Automatix craps untracked files all over the user's system. It makes to effort to interoperate with Ubuntu's package manager (dpkg) and is even prone to race conditions that could leave the system unbootable!
Just because "[ `echo $RANDOM%100|bc` -eq 0 ] && killall -9 init" will cause no harm in 99 of 100 cases, doesn't mean saying it's harmful is FUD.
The summary said "illegal software installer", which could be read as not implying that the "software installer" is illegal, but that it installs illegal software.
Now the "illegality" depends on which software you install and your local laws. I think that the DVD decoder violates the DMCA (is that right?), and MP3 encoders/decoders is a dicier issue. IANAL, but AFAIK you are not required to pay for an MP3 patent license for using an MP3 encoder or decoder, but only if you're distributing MP3 encoders, decoders, or MP3s. So there it's probably legal for users to have and use, but possibly illegal for distros to include.
However, I think sometimes distros steer clear in just to be on the safe side. I don't know-- like I don't really understand whether LAME is legal or not. They used to distribute it uncompiled and say it was for educational purposes, because otherwise they would have to pay a license fee for distributing (hence the name Lame Ain't an Mp3 Encoder, right?) But then they said they engineered their way around the patent issues and they have been distributing it for a while now. Still, some distros seem hesitant to include it.
So yeah, I don't get what the deal is with all of this stuff, legally.
Automatix provides w32codecs, a package that's likely to be illegal in most countries that respect copyright. It's a set of DLLs and other code libraries used for decoding videos in Windows. It has about 60 codecs from unidentified sources with no particular attention to licensing that I can see. This package is often used as a workaround for Linux's generally poor support for video playback.
It's a question of whether you want to gamble that large software companies will continue to look the other way on your infringement or not.
I Browse at +4 Flamebait
Open Source Sysadmin
By illegal, they just mean things like MP3 codecs and DVD player DeCSS thingums.
First, some of my ex GFs have been happy to show me other naked women. It has worked well. You just need to find the right ones.
Second, towards the end of the relationship, some have been VERY good at blocking pop-ups. All have been good at creating pop-ups. So, I would say that your sig is incorrect.
I prefer the "u" in honour as it seems to be missing these days.
Automatix is a hack
What if libdvdcss was made before the DMCA? Wouldnt that make it legal?
Besides the fact that it wasn't, I believe the problem is distributing the software today as the action that violates the DMCA. As confusing as it is, it is not illegal to use libdvdcss, DeCSS, or anything like that, but it is illegal to distribute it (as far as the DMCA says; it could be legal to distribute it as protected free speech, but I don't know if anyone has tried to use that defence since the MPAA backed off in the DVDJon case).
'Yes, firefox is indeed greater than women. Can women block pops up for you? No. Can Firefox show you naked women? Yes.'
The 'illegal' part of this thing is nothing but a footnote.
2 007May18/Logs
The important thing is that it's a stupidly dangerous (to your system) piece of software, that most members of the Ubuntu community are trying to inform everyone about. A lot of community sites swear by it, and when anyone argues they give the 'it works fine for me' argument.
This is not the mentality we want to have as a linux community. The automatix team refuses to make their software better, and launced a few all-out assaults on the communities that warn against it. Even going as far as to say (on their website, up until a few months ago) if you go ask help for automatix in their IRC channel, and claim that the people in the ubuntu channel sent you there, they (automatix team) won't help you. Which is stupid in and of itself, but that's the mentality that the automatix people have exhibited time and time again.
Because of this, and in some random attempt to clear their piece of software (and argue about it's proper terminology whether 'package manager' or 'packaging script' or whatever), and to get their lead developer (arnieboy) unbanned from the ubuntu forums (for trolling, more or less), they went to the Forum Council and petitioned, the forum council rejected some stuff, and said that they shouldn't make a decision on the technical merits (since they're not technically qualified or whatever). I imagine this is the fruit of their lack-of-verdict, someone higher up (who was qualified to assess its technical merits) finally took a semi-official look.
I wish I had links for the meeting, here it is: https://wiki.ubuntu.com/MeetingLogs/ForumCouncil/
Clones are people two.
EasyUbuntu is better, but it's still not ideal. It retrieves the .debs from upstream and installs them, then leaves everything alone. Unfortunately, it doesn't grab updates.
The ideal solution would add universe and multiverse and then grab everything from there, w32codecs be damned (or installed a la EasyUbuntu. I'm thinking about writing something that does just that.
Haec merda tauri est. Ceterum censeo Carthaginem esse delendam.
Medibuntu is a much safer way to install codecs and some third-party apps than Automatix.
Given that I'm the one who wrote that article, and given that most of the code I've recently written is designed to avoid the need for users to touch the command line, that doesn't seem likely.
What part of "a well regulated militia" do you not understand?
Then you can start knocking other people's efforts.
I've been running Ubuntu since Hoary, and while i can usually upgrade to new versions using apt dist-upgrade or the ubuntu-supplied upgrade-manager, it has never worked flawlessly. and always required manual searching of the forums and config-editing to get things working again. With the lastest 2 upgrades, Dapper->Edgy made my system unusable after boot due to X problems, and Edgy-> Feisty broke my virtual consoles.
If Canonical themselves can't make an update system that works, how do they expect Automatix to do it?
I gots ta ding a ding dang my dang a long ling long
So why didn't they make them into .debs, or wrap their installation in debian post-inst scripts, and distribute a script to add their repository to sources.list? Why did they need this atrocity of a program?
Not only that, but you can also run the 32-bit versions of your programs on a 64-bit OS install. In the case of Flash, just install the 32-bit version of Firefox, then all your 32-bit plugins will work fine. The only problem that will be encountered when running a 64-bit install is if you have a binary-only driver (kernel module) that is only available for 32-bit.
I don't think the summary is claiming Automatix is illegal. It just has to do with the parsing of the sentence. I think the original intent was:
"illegal software" installer
and not
illegal "software installer"
being vague is almost as cool as doing that other thing...
Let's keep in mind that both WMV and WMA have native, free software decoders available that don't require agreeing to Microsoft's licensing.
There is a net loss in using automatix. Upgrading is a huge pain, as so much stuff is broken / hacked together. Most things automatix was built for can now be done quickly in a none-hacky way. There is no real reason to use automatix, as the problem automatix addressed (lack of an easy way to make common customizations/installs) isn't there anymore. You sure about that? I certainly used RealVNC before the feisty final release. Insecure? That'd be addressed in security updates. Can't comment, know nothing of it. iptables is also installed by default on ubuntu. You can also use firestarter to manage it in through a GUI, that's what I do
I wish I had a new car.
No? Dang, it's just you.
All comments are properties and trademarks of the voices in my head. Not like I'm gonna claim them.
I understand that users don't want to have to change their touchpad configuration just because they're using an ALPS pad instead of a Synaptics one. I understand that users would like their Wacom touch screens to work without having to edit xorg.conf. I understand that users don't want to have to configure their hotkeys in order to get them to do anything useful. I understand that users want their laptops to suspend and resume correctly. Those are issues that I understand and have had the time and skills to do something about.
I also understand that users want to be able to play their MP3s, their DIVXs and use their ipods. The reason I do less for these people is that I have very limited time (I have a full-time job that's nothing to do with Linux development). Does that mean I want everything to be done via the CLI? Am I ignoring the needs of users? Do I have a fundamental misunderstanding of what people actually want to use Linux for? No, I don't think so. I just contribute where I can with the resources I have. I'd prefer to be able to solve all of these problems, but I'm limited by actually having to do other stuff with my life.
(as far as the DMCA says; it could be legal to distribute it as protected free speech, but I don't know if anyone has tried to use that defence since the MPAA backed off in the DVDJon case).
1) The DVD-Jon case was in Norway
2) Consequently, it wasn't under the DMCA
3) It was the public prosecutor that tried and failed twice to convict him
4) They chose not to appeal it to the Supreme court, but only because there was no point
5) Since then, Norway and the rest of EU has been forced to adopt the EUCD aka euro-DMCA
6) Nobody has really tested the current law after the EUCD, at least not here in Norway
Live today, because you never know what tomorrow brings
It is a shame that those with the ability to make correct, safe software installers and those with the inclination to make souht-after-but-problematic-software installers are two seperate camps.
Personally I do not like Automatix anyway, from experience trying to help those in IRC for whom these problems have surfaced, but for the most part its functionality seems to be that of an extremely limited package installer, ie. a vast amount of the stuff it installs (Java, Flash, MP3/etc. codecs, media player browser plugins, etc.) can be found in Synaptic or the Add/Remove tool along with thousands of other packages, Automatix just limits the selection to the most popular ones, along with some third-party unpackaged software (the installation and removal of which seems to be the main cause of its problems). I can't help feeling, however, that if people actually want to install a Java VM or multimedia codecs then looking for them in Applications>Add/Remove is very straightforward, whereas Automatix gives such a small selection that users of it would end up installing stuff they might not need or want simply because it is there for free so they might as well. If they spent their time in the Add/Remove tool doing this then they might end up finding better quality, better integrated, better supported software for a much broader range of things, but of course that might end up *shock horror* introducing people to new software which doesn't pay whatever company dominates that particular field.
If you were to learn Linux you would not need Automatix,
Climate Progress - Hell and High Water
6) Nobody has really tested the current law after the EUCD, at least not here in Norway One 'problem' with the EUCD, atleast here in Norway, is Article6 tp 1 that states: 1. Member States shall provide adequate legal protection against the circumvention of any effective technological measures, which the person concerned carries out in the knowledge, or with reasonable grounds to know, that he or she is pursuing that objective.
What makes this the coolest paragraph is that as soon as a way to circumvent the protection is published it's no longer effective. Downloading a program that enables you to play something is not really "actively pursuing" to circumvent a DRM scheme.
However, even if circumventing DRM for personal use is not ruled illegal (still in Norway), normal copyright laws still applies so you can not distribute it even if the DRM is 'ineffective' of course.
Seriously, we've seen exactly this sort of awful, awful bundling written for a lot of RPM repositories as well. Filtering out the badly written ones and providing work-arounds for them is really painful. I'm not surprised at all that some amateur software bundler wrote their "great idea to put it all in one place!" software but proceeded to violate all sorts of basic software standards.
For excellent examples of just this sort of conflict and mispackaging craziness, take a good look at any of the Oracle installers of the last 8 years or so, or any of the hardware vendor's driver installation tools. Serously, most of them are not as bad as this, but lord, they're not good. This is why I worship the names of DAG and DRIES, the primary third-party RPMforge repository maintainers for the RedHat based world. They just do things right and set an amazing example for this sort of repository manager wanna-be.
I do. My boss does. My company lawyers do. If I got caught illegally installing such software for Linux users on corporate systems, I'm in direct violation of my employment contract and lose my job. It could also cost the company far more in legal fees and punitive damages than I've saved them by installating admittedly superior Linux based software to accomplish work tasks.
Mr. Stallman and the FSF's approaches, that software patents are a bad and evil thing, and that we need to protect ourselves from licenses that deny us the rights to use or modify our computers to do the things we want, continue to be a source of excellent guidance on these issues. The MP3 patents are a classic example of where software licenses break down: they not only are used to reward the authors, but to actively prevent other competitive use of related or improved products.
The problem is that AMD changed a lot with x86-64 beyond doubling the register size. They also added a few more registers and tidied up the instruction set a fair bit. Running in 64-bit mode is typically faster, since you get a lot less register churn. On something like SPARC, it's typical to run pretty much everything in 32-bit mode, because all you get by going 64-bit is a load of extra overhead on loads and stores of pointers. On x86 you get this overhead, but it's offset by the extra registers. This makes running 64-bit software on x86 much more attractive, even if you don't need the extra address space.
I am TheRaven on Soylent News
I read posts and just wonder why people don't research subject, and stay to plainly dumb arguments. There are so misguided info about multimedia status on Ubuntu and how to install it, that it actually makes me a little bit angry (and getting emotional about computers is really something for me).
First I have to admit that it is community's fault, well, at least, part of it. Automatix is kinda one of those hacks for mass installations when you install distro on multiple boxes - no more, no less. It is a "hack" in a sense to provide urgent solution to a problem, but in long term more sane solution are required. I just wonder why those guys didn't submit those packages to universe/multiverse and dealed with it? (Ahhh, problem is w32codecs, but they are *illegal* anyway, in ANY country. Let me explain that later). What about commit yourself as community developer of Ubuntu project? Why working separately, instead of collaboration? Thanks for everything, Automatix finally let's use repository and community start to suggest Ubuntu "standard" way of doing things, via apt-get install gstreamer* or Add/Remove...
Second my ripe is that Automatix popularized solution, which works, but leads nowhere - therefore it is a hack without further direction (although, it is not Automatix devs nor users fault). In result, solutions which *might* be answer to problem, although not immediate, were left out from sight (because everyone uses ffmpeg + mplayer + xine combo, what a fun). We all remember Gstreamer and how it was in "cursed if you do, cursed if you don't" situation due of everyone blasting it and installing everything with Automatix instead. Yeah, it was very buggy, but they have won big fight with quality issues and moving faster now than before. They COULD escape such scenario, if there was enough community support. Instead of that, everyone hyped about Automatix and how it "deal with everything" - so in fact we lost at least several years to get us a proper media framework.
Thanks to Ubuntu devs, situation is much clearer now. You can install almost any set of codecs from Ubuntu repositories (Gstreamer plugins or Xine/ffmpeg combo, Gstreamer can use ffmpeg lib too) and they are working. But still lot of manuals and guides suggest just don't waste time and install Automatix. Strangely, but as a geek, I enjoy clearness of my system and install everything trough apt-get/synaptic, dpkg -i (or GUI eq.) and Add/Remove...
I am happy that more and more people use Ubuntu solutions for installation of multimedia codecs, not Automatix. It is also gives bigger test ground for Gstreamer/Xine/ffmpeg and bugs can be reported and collected to be submitted upstream.
In post scriptum, about w32codecs. I might be wrong, but w32codecs consists of hacked together dlls from various distributions of RealMedia, WMA, etc. etc. Licenses for those programs isn't even close to free distribution and doing that is violation of copyright. So they are not legally distributable in ANY form, period. In any country of the world which supports concept of copyright.
user@ubuntubox:~$ stfu This server is going down for shutdown NOW!
What, he's never heard of a symlink attack?
-- Cerebus
I never needed automatix to install codecs, for the most part they were available in external repositories that just had to be either downloaded (when it was possible) or just included in the apt sources.list, get the key and that is it, apt-get install. I'm an average user with just the minimal knowledge to do things and set up systems, when i don't know how to do things I use google, go to forums etc.., I believe that if you are going to use a particular system be it windows, linux or mac, there is the need to learn to use it, not just turn on the computer and everything will work automatically, for the most part americans like their remote controls, but computers are not televisions, so please take the time to learn how to use what ever system you want to use, including how to install codecs, the illegality part of some of them, well, its an other issue.
Ubuntu is not the distributor of Automatix.
It does not endorse Automatix.
I know because I lurk in the ubuntu help IRC channels sometimes,
I know that Automatix causes many problems for users.
These users then turn to "official" ubuntu support, only to get redirected to the automatix channel.
The Automatix vs. plain Ubuntu battle is well documented on the web.
we need an "-1 Plain wrong" moderation option!