Uh, no. What I'm saying is who cares if they can't consider ethnicity? Tons and tons of people fly every day, including arabs. If you flag all arabs, you're going to get too many false positives, and people will eventually ignore the output and other organizations like the ACLU will start screaming so it would've been taken out anyway. Hence, the racial profiling is rendered useless. Furthermore, US citizens have a right to non-discrimination. It doesn't matter if they're Arab or not. In New Mexico, there is a system of setting up roadblocks to catch drunk drivers. The key is that they have to stop everybody and not just latinos or native americans, even though statistically they are at a higher risk for drunk driving. Otherwise, it is discriminatory and illegal.
And what you are doing is bigotry. The definition of bigotry is intolerance. You're being intolerant of arabs because you're assuming that every single one of them is a high risk for terrorism, when this is simply not true. Sure, most terrorists have turned out to be arab, but it is not the case that most arabs are terrorists.
No, actually they passed because they didn't check any luggage. The system automatically passed those that didn't check any luggage. The logic there was that if a person didn't bring luggage, they couldn't bring a bomb and any carryons would be caught in airport security. They didn't think about the scenario that ended up happening on 9/11. Do your research before spouting shit and keep your bigotry to yourself, thanks.
I agree. People fly a bunch of planes into our skyscrapers so they extremely target the airlines as the next victim. Hello?! They're not going to target that next! They've already taken advantage of that vulnerability. They're going to go onto the next thing such as power plants, dams, bridges, take your pick.
Why is this insightful? They wouldn't have the right to know my name, but they can go through all my stuff, which includes probably my wallet, which means that they actually will know my name. We have already heard about people abusing their security powers to do no good. One woman had to drink her OWN FUCKING BREAST MILK to prove that it wasn't poisonous or some other stupid excuse. The professor from MIT that is basically a cyborg was severely damaged by being forced to turn off his computers by stupid-ass security screeners. We all know that if people are put in the power to do searches of this nature, they will abuse it. People are ignorant and just plain fucking dumb.
I personally think this is more sad than funny. The creators of the CAPPS II system say it won't be discriminatory, but we all know that unfortunately this will most likely not be the case.
It's a little different in Lexmark's situation. Most printer companies sell their printers at under cost and try to make up the revenues via selling supplies. If they can't sell their supplies because others are selling refill kits or whatever, this really hurts their business. This is the same tactic that game console manufaturers use. Console manufacturers will sue a company if a game is manufactured to run on their system without a license from the console manufacturer.
With Nabisco or Microsoft, they make most of their money selling their main product (Cookies and Windows) so they don't care milk or mouse you use with it. It's also different because it's not like Nabisco built special technology into their Oreos that only allow them to soak up NabiscoMilk[tm] and then someone comes along with their own milk that Oreos also soak up, circumventing Nabisco's technology.
And this is good. Microsoft should learn something from that. Unfortunately, though, most people when they see a dialog that prompts for 'Are you sure?' as in 'Are you sure you want to install this software from Gator?' or 'Are you sure you want to accept this non-trusted certificate?' most people are just going to say 'Yes' because they just want to do what they want to do or they want to keep doing what they're doing without having to stop their work. It sucks.
Oops wait, you mean microsoft machines. nm then, your right, patching 10,000 machines is a bitch.
And this is something they are trying to change. And what do you mean you code a script that lets the patch propogate. You mean to tell me that you would code up a script that would automatically login to a remote machine AS ROOT and install a patch? Sounds like you're using an 'r' command if you do something like that. Even if you _are_ using something like SSH, your script would have to be storing your password while running. Bad bad bad.
Absolutely the sytem should be more secure by default than a MS os, things like NOT presenting a menu of users when you boot the machine, things like true process level security, things like the lowest level component in the system ie the kernel handling the security.
True. First of all, not presenting a menu of users is an option. In XP, turn off Control Panel->User Accounts->Change the way users log on or off->Use Welcome Screen. Tada, no more menu of users. As for process level security and the kernel handling the security, I'm pretty sure this is how it's done, or it's very similar. The tokenized system used by Windows is very low-level and does allow each process to have specific privileges and to drop the privileges it doesn't need. The main problem is that most windows users run as an admin.
Unless you know how to operate it, you have no buisness operating it without supervision no matter what you paid for it.
So, what you're saying is that you do want stuff like the fritz chip on the mobo to have control, and not the user? You do realize that this would be mandated by congress so no new machines woudl be without this chip?
Security training? Have you worked in a corporate environment before and learned what "training" is? Training was probably a 2hr session to the secretaries that they should not code bugs, bugs are bad.
Funny you should mention this. I happen to work in a very large corporate environment (that shall remain nameless) that recently spent millions and millions of dollars giving their software engineers in-depth training on software security issues. Many people in my team this week are attending all-day onsite talks about secure coding practices.
Bugs aren't the problem in microsoft systems. The problem is giving uninformed users "convience" and "features" they want (or in some cases don't) when the features are in reality security holes by their very nature. Autologin is a good example of this.
This is one of the biggest problems. The customers want these features. They don't understand the security implications. If they don't have these easy-to-use features, they won't purchase the product. This is a reason why many people don't choose Linux as their desktop OS. They don't want to fiddle around for a long time to get a feature to work. They want it to "just work". Security and ease-of-use is, unfortunately, a see-saw. You gain one and lose the other. HOWEVER, I think you'll see that this thought has changed for at least their Server 2003 release. Unless you absolutely need the functionality to boot the machine and login, it will not be turned on.
I bet they still haven't considered the possiblity that an email program has absolutely no legitimate need for the ability to translate vb code or activex controls. Or that vb itself is something that should be scraped for security reasons.
Actually, they have. Unfortunately, the old VB code cannot be done with, but the new VB.NET stuff uses the.NET CLR which moves toward being much more secure. Plus, recent patches to their software have turned off the stupid "auto-load malicious code" options. Of course, people have to apply them before they'll work.
Linux and BSD have holes as well true, but I haven't seen them intentionally incorporate holes like those!
Last I used Mandrake (it was awhile ago), there was an auto-login feature.
75 glitches is no tribute or ban to microsoft though, counting the number of discovered security vulnerabilities is the most ridiculus thing I've ever heard.
I agree. It's like counting number of lines for how much work you accomplished for the day.
Considering that, the having the highest number of vulnerabilities discovered makes you the more secure option not the less, because more of your bugs are caught and fixed. If a program had only one publically found and patched vulnerability I'd never consider using it. Because it means they aren't looking and the only ones who know are the hackers.
This is weird logic. You're telling me that I can go and write the shittiest open-source code riddled with bugs, but because people caught and fixed 100 this year, then I'm much better then closed-source that has (hypothetically) one bug? Just because my 100 open-source bugs got fixed doesn't mean there aren't more. Plus, you'd have to constantly be installing patches (which we already know is a problem). And if my one closed-source bug was disclosed and fixed which means I now have zero bugs, you wouldn't use it? Of course, you can argue that also you wouldn't know how many more bugs could exist for this system, too, but I'm trying to make the point that it can go both ways. I think you have to take in more metrics like "how often was the system broken into?", "how easy is the bug to exploit?", and "how serious of an exploit is it?" Following your logic, you'd only use code that was known to be insecurely designed from the start. You have to code securely from the beginning. Security is a feature. If you rely on just patching tons of times, you'll be doing that forever and probably introduce new problems in the process.
Well, good for you. But when a lot of 10,000 machine corporations get hit by things like Slammer, Code Red, ILoveYou, and Scalper, this is not good. And before you go off on "patch yer crap", actually put yourselves in their shoes.
1) Patching 10,000 machines sucks.
2) Before you can even do this, you have to extensively test the consequences of the patch.
3) Sometimes the patches themselves (like the original Slammer patch) are a bitch to install.
4) Sometimes a patch is re-issued (Sun does this ALL THE TIME with no reason!), which means this whole process has to happen again.
What takes the case on this is that many of these worms propogate because of functionality that should have been turned off by default. Microsoft is trying to say with their "Trustworthy Computing" movement that they're now thinking about being secure by design and deployment in advance. And don't give me that crap about "Linux has been doing this for blah blah blah..." because there are still plenty of stupid coding errors in Linux, or BSD, or just about any other program you select. Just because you have uptime of 100 days, that doesn't mean you haven't been hacked for the past 30 without even knowing it. And before you go "I know I haven't been because I'm super-smart!", it's a hypothetical statement. Not everyone is as super-smart as you, and so no, they don't know everything about their machines and all the interactions that happen in the little box.
In a way, yes Trustworthy Computing is a mechanism to get people to go "Oh, ok, they're going to care now.", but I think it's better to keep your customers informed on your major movements. I didn't see RedHat doing this when they decide to completely screw with KDE and Gnome to make BlueCurve. We had to hear it through a newsgroup comment posted on Slashdot. And before you can really judge them on whether they've failed or not, first realize the immense task this is (the article talks about this. You read the article, right?) so it won't happen overnight. Also, wait until you see Server 2003. This is the first major flagship product to come out with the new security training everyone received. Give things time. Besides, if Microsoft says they want to make stuff more secure, why not just freakin' let them try? If you don't like it, you're free to use the alternatives.
Actually, I think Trustworthy computing is a lot about *you* trusting your computer. Things like Security and Reliability should come out of the box by design and in deployment. You should not have to worry about risking your data to crashes and/or attackers. Only when this happens with your platform be "Trustworthy".
I'd rather have something that works on one or two platforms really really well than something like Java that works like shit on all platforms. I can never get consistent behavior from Java programs and they're always so slow. So, really I think Java is what sucks. Have you ever read about or used.NET? Doesn't sound like it. Sounds like you're spouting your useless zealot opinions. I won't bother going into the Mono project, because a person of your ignorance probably wouldn't bother reading about it either.
Uh, it's a ONE TIME DOWNLOAD! Once you download the.NET framework once, you can run any.NET application. If they install it by default, you complain about bloat. If they give it as a separate download, you whine about big downloads. You have to do the same thing if you're going to run a Java app. You have to do a big 15MB JVM download to run a 200k Java app. Same idea...
I'm sure as soon as the Mono project gets far along enough you'll be able to run it under Linux, FreeBSD, etc. That's the whole goal of Mono, to provide an open-source version of the.NET common language runtime environment so it can run on other systems. This is actually something Microsoft touts as a benefit of.NET -- portability. Except, in their eyes, you write one piece of software and it runs on WinXP, WinCE, Win64, etc.
No, because this isn't directly related to Microsoft. If it was "Microsoft Locutus" and it was their venture into the p2p market, then it would prolly warrant that icon. It just happens to run on Windows.
Yup, that's right, I'm a Microsoft employee. Well, not yet, actually. I've accepted a job with them to start this January. So, needless to say I'll be using Windows at work.:) I accepted a job with them because the environment looks cool, I have friends up there already, and they gave me a damn good offer.
Right now, I run Gentoo. I've been running Linux for 4 years. Next week, it'll be WinXP Pro and then Win.NET Server when it comes out. Something I've noticed while I've been using Linux over the past four years is that while stability and power has been increasing, desktop ability is not increasing at nearly the same rate. Linux is too fractured. Normal users don't like man pages. They want some sort of web-structure they can use to jump around to different help information quickly. It's a pain in the ass to get internationalization, syncing between laptop/desktop, etc. Sure, all of this stuff _can_ be done, but they don't make it fsck'ing easy, which hurts the OS for everyday use.
There needs to be more interoperation between components. Rather than each developer saying "this will be the coolest piece of software if I do it like this" without much thought to how it should operate with other programs to make things super-duper easy for normal users. Thus, you're left with leaving the nerds to tinkering. It's fun when you do get it to work and you feel satisfaction, but you then look back and say "That took me 6 HOURS?!" when it takes 10 minutes under Win2k. Now that I am getting a real job, I don't have time to mess around for 6 hours on a task that should be available out of the box and work good without having to make weird symlinks and scripts. Fonts are a bitch. This really really really hurts Linux. Plus, I love Photoshop, MS Office, and a lot of other apps that might have free counterparts available for Linux, but just don't look that good or work quite as you think they should.
Don't get me wrong, I love Linux. Like I said I've been using it for 4 years. It's going to be hard to switch back after all this time. Among the things I will miss are: command line, speed, stability, customizability and the fact that a lot of good software comes for free. I will still use Mozilla on my Windows box at home and I will probably use vim at work to write code (yes, many MS employees use vim and emacs).
I will continue to use Linux for my NAT/firewall box until Windows gets up to speed (if ever) in this area. However, for now, my desktop box will be a desktop OS.
My job will be in a department just recently started to create secure networked software. I'm hoping to do a really awesome job in this area and hopefully give Microsoft a good name. Even Linux has security flaws. No matter what OS you work on, if you can get it to have better security then you're bettering everyone's computer experience and the economy.
I'll still read Slashdot, though. Why? Because it's still a damn good place to get News for Nerds.
It'll be nice to have this, but this is really just another good argument for competition and choice. If Mozilla (and Opera) didn't have this first, how long would it have been before the features came to IE? The same can be said for things that appeared in IE first and finally made their way to Netscape / Mozilla. This is why it's really nice to have some choices.
This is completely true. I think Mozilla is giving IE a run for its money and Microsoft is realizing this. It's kinda nice to watch them play catchup in the browser market. It's been awhile.:)
Not really. E-mail is Outlook's domain. Not IE. I think that list of 101 things is a great way to show the power
and flexibility over IE, but some of them
are just filler. For example:
98. Supports IRC Protocol - This is something I don't even use. This is just another program which should be separate but isn't and gives rise to the "mozilla is bloated" argument.
99. Open Source - Yeah, but good luck sifting through it;)
100. Bugzilla - OK, lots of people use this, but Bugzilla != Mozilla. So it's not like Mozilla has built-in Bugzilla features... This is unrelated to the list.
101. Giant Lizards are Cool - 'Nuff said.
So, that brings it down to, what, 97? Still a pretty good list. However, I've heard that popup blockers and tabbed browsing are making their way into IE (and MS employees can already use these
features), but we'll see if they're actually integrated.
This is really a great thing. I've been wanting something like this for a long time. Unfortunately, it looks like there's still so much to do that it'll be a few versions before it's super stable. However, I know when it's finished, it'll work great just like the rest of Mozilla. I'm really excited for it to be merged in and released for testing.
...some consumers don't understand why the sales tag on a CD is so much higher than the cost of producing the actual physical disc, a cost, which in fact, has decreased over the years.
Then why has the cost stagnated over the years or in some cases risen?
CD manufacturing costs may be lower, but it takes more money than ever before to put out a new recording.
They then try to justify this saying that it costs so much to pay for the time for the artist using their creative energies to come up with songs, but this is a load of crap. The real reason is that the recording industry is constantly churning out boy bands and other equally untalented bands, hoping that one of them will strike it big. Since it takes 10+ to actually strike one that will sell some albums, they have to jack up the prices on those albums of the sellers to make up for all the crap that nobody else is buying.
Instead of just throwing their money at the next fad band, they should actually have some criteria to get good music out there and not just trying to make a buck. Then they'll make good profit and be able to offer their music at a decent price. But hey, this is a cartel we're talking about.
This is a critical review of Debian 3.0, but I want to say right from the start that I'm not trying to bait anyone. However I feel that reviewers often root for Debian as the open-source underdog, and give it marks which it doesn't deserve. If RedHat 8.0 came out with installation software like Debian 3.0 it would be savaged. I think it's time for an honest review, to spur the Debian developers into making the best possible distribution. I really want Debian to succeed. I want to use it daily, and recommend it to my friends. But I can't do that right now and I think it's important people understand why.
Installation My first experience of Linux came with a boxed version of SuSE 6.0, back in the middle of 1999 when Linux was starting to get noticed in a big way. The entire thing was a text-mode affair, powered by the venerable YaST version 1. I spent days just poring through the manual, trying to wrap my head around fdisk, and hoping it would all turn out okay. It did, and I never looked back. Six months later a version of RedHat (five point something or the other I think) was shipped with a magazine I bought, and I gave it a whirl. This too was backed with a text-based installer, but it was a lot easier to use than YaST. I didn't even bother with the documentation, I just slipped it in the CD drive and winged it. Shortly thereafter I tried the first version of Mandrake, which had pretty much the exact same installation process..
The point of all this reminiscing is to show that I'm not a complete neophyte (though I'm nowhere near being a guru for that matter). Since then I've tried the RedHat and Mandrake graphical installs, and while RedHat is the one I like best, Mandrake has been the distribution I've stuck with solely because of drakconf and it's associated tools, which make configuring a Linux system a breeze. However lately I've been aspiring to ascend to guru status, or at the very least PFY, so I gave Debian a whirl. I have to admit I was disappointed both with the installation procedure and the finished system. In all my time with Linux, Debian's is the worst installer I've ever had to use.
Setup There is a lot wrong with it, but mainly the fact is that it's an awfully stupid piece of software. And I don't mean stupid as in bad, I mean as in not clever. It expects the user to know everything. So, for example, even though XFree86 has fully documented the branded names that each driver supports, Debian simply supplies a list of the driver names themselves. People with, say, a GeForce card packaged by Creative will have a hard time picking the nv driver. However they should be glad that they have a choice at all - a lot of screens only give highly technical examples and refer the users to documentation that hasn't even been installed yet! For example why couldn't a list of keyboards, e.g. Irish Keyboard, US Keyboard, Sun US Keyboard etc. be given instead of expecting the user to type in xfree86, pc105, ie with uk as alternative.
This is simple fundamental stuff, the kind of thing most other distros had sorted out back in '99 when everything was via textmode and the Linux GUI was new and exciting. However, in this day and age, I would expect far more from a distribution. There should be no need for me to enter in the same locale based settings over and over again. Once I'd selected Europe->Western->Dublin as the timezone, the system should have realised that the appropriate locale was en_IE@euro, that the keyboard should be set up with proper Euro support (it doesn't seem to be, AltGr is mapped as Alt so I can't easily print bars, the Euro symbol, or accents for stuff I write in Irish), that the Euro packages should be installed by default (they weren't) and a whole raft of other tiny stuff like KDE and Gnome localisation. Certainly people should be presented with the chance to confirm these options, but it should be a simple matter of hitting Enter most of the way. If they want to change the default, they should first be presented with a list of preconfigured settings for, e.g. keyboards, out of which they can then opt into the sort of technical xfree86, pc105, etc. settings.
This willfull stupidity of the installer extends to other aspects of the setup also - with so many kernels available, Debian should pick the most appropriate one to use for my system. It's not that hard to open up/proc/cpuinfo. Instead I was confronted with a maze of kernels once I got to the software selection stage, installed 2.4.18, and then belatedly realised that only 2.4.16 had the ALSA drivers I wanted. Why not offer two defaults in the final base install screen Kernel-2.2.20-$arch and Kernel-2.4.16-$arch (where $arch is the probed value of the most suitable CPU) with a third option to select the kernel yourself. And for the record, I have no idea what the point of the modules page was - was I meant to manually install each and every module?!
Package Selection This brings me nicely along to package selection. Tasksel wasn't too bad, though I'd expect more options. For example, instead of X11 have X11, Typical Desktop (Gnome & KDE) and Esoteric Desktop (WindowMaker and Enlightenment) and so on. I was mystified to see I could select Fortran and Tcl/Tk support, but not Perl, PHP, or Java - some of the most popular languages today. However nothing, not in all my 22 years on this Earth, could prepare me for the horrors of dselect. Sweet merciful divine!
Firstly the developers should check out Eugenia's comments on osnews.com about the new Yast2 package manager, as many of the same things apply. In the end it all boils down to the old KISS clich, keep it simple! Instead of giving a load of choices for dependency resolution with half a million optional packages thrown in, just give n + 1 choices, one for each of the n package/package-combinations that fixes the dependency, and one to install without resolving it. Similarly with conflict resolution it should be remove selected, remove conflicting or ignore.
Worse yet are the help screens that pop up at every opportunity, yet which don't actually explain everything (like the meaning of those EIOM headers at the top of the screen). At the end of the day, it should be fairly obvious what's going on. Leave complex package selection tools for the post install, at this stage people just want to get the damn thing working. It drove me nuts having to pass through that stupid help screen every time a dependency
arose.
What's worst of all is that if, for example, dselect fails to download a package from the Internet, it prompts the user with a basic text mode question asking them if they want to cancel. I assumed this meant just cancel that particular package. It didn't, and I found myself dumped into the console on a base system. I knew enough to extricate myself, but this is hardly something the average newbie is going to be able to cope with.
The Installation Overall I want to make sure people realise I'm not trying to advocate a graphical installer. It would be a good move ahead, and should be available for Debian 4.0, but all the stuff I've mentioned here could be easily implemented in a text-mode installer written using ncurses. In fact, I would recommend a Model-View-Controller approach, with the Model, the bit that does all the actual work, being packed into a library, and two Views being created with, say, ncurses and Qt, each of which uses the Model library to do what's needed.
Debian's installer does have some redeeming features. For one thing it is rock solid. With several versions of Mandrake I have had proble
ms setting up the mouse and getting the package selector to install all the selected packages. This didn't happen in Debian. Downloading updates from the web during the install is also a great idea (though I was a little aghast to find my 56K modem facing into 100M of updates). The provision of non-free sites is a great help, given the conflict between Debian's all-free stance and the wants of the average user.
The crucial factor is that the installer should be made as intelligent as possible, and to hide the actual de
tails behind Advanced buttons. Guess as much as possible from initial locale data. Use branded names instead of driver names for hardware, be it keyboards, mice, graphics cards or soundcards. I hadn't mentioned this but Debian should aim to have sound working as a default in every new installation, prompting users for their soundcard make from a list in a similar in fashion to the XFree one. In this day and age, every OS should have sound support. By all means, let one of the brands on the list be No Soundcard, but offer to install and configure it at any rate.
Dselect needs to be totally re-designed. I can appreciate its power, but it's far to complex and hard to use. Aim to replicate the way things work in graphical GUIs - have drop down lists and checkboxes which can be ticked to install items, even if said boxes are represented by [ ] and [X]. There is a case to be made for complex package installation software, but half way through an OS install isn't really the place.
The Configured System Having finally got everything installed, I was, I confess, pretty disappointed with the results. Bugs started appearing. Firstly, when selecting the Irish locale in KDE 2.2.2, I found KDE trying to tell me that the Irish currency was the pound, something which hasn't been the case since the Euro was introduced in 2000, two and a half years ago. Then kwrite decided it wouldn't display documents it opened and konqueror decided all pages should be 2000 pixels wide, even though the window was about 800.
Sound didn't work, and consequently the KDE bootup screen stalled for ages at the window manager stage while arts slowly died, then popped up a No Sound message box. None of the PPP connection tools wor
ked when not used by root. None of the hard disk partitions were configured (even though they had been recognised by the piece of code that set up LILO). My CDRW at/dev/hdd wasn't set up, not even as a plain CD-ROM. The menus were all over the place. The fonts in GTK apps were hideously big. XftConfig wasn't set up to disable antialiasing for standard size fonts, nor were the workarounds for symbol and console fonts (mentioned here) included. Another bug.
It was a mess.
Firstly the menus. In Enlightenment and Gnome you have a special Debian menu included with the rest in the app launchers. These menus contain everything. Thus, when you're looking for a program, you just go to the Debian menu and it's all gravy. However the Debian menu wan't included in KDE, instead there were a load of Debian submenus, which didn't seem to include everything. What made this especially heinous was that if a Debian menu had been included in KDE, I could have made a launcher out of it. At this stage, though, I don't believe that's enough. Debian should follow the lead of every other major distro and offer the exact same menu layout throughout. All you need is for graphical packages to install an information file in, e.g./etc/debmenus, and in the post-install stage run a script which creates from it th
e necessary menu entries in all the window managers and environments.
I've got most of the sound and KDE stuff off my chest, though frankly its deeply disappointing. It's the first time I've experienced functional bugs in any KDE version, and I started with 0.99. The only other time I've seen a major bug was a cosmetic issue with KDE 2.1 (?) in SuSE 7.3 which caused vertical stripes to appear on widget background
s.
Again I've dealt with the appalling foul up of Euro-support. The support packages should have been installed by default when I selected en_IE@euro. The AltGr-4 keymap should have been set up. As far as I'm concerned these are functional bugs.
The PPP tools could definitely have been set up better. The default setting is only an invitation to newbies to use root for web-browsing. They could be set up
using sudo, or else set up them with rwsr-sr-- permissions and root.pppusers ownership. That way, at the user creation screen you could ask if people should have permission to connect to the net, and make them members of the pppaccess group if permission was granted.
GTK, and consequently Mozilla, looked atrocious due to the oversized fonts (look at Windows, MacOS, BeOS, other Linux distros - they all have fonts a
round 11px), and changing the default font in GTK is a bit of a struggle for newbies (how obvious is Theme Selector after all). I changed it to Helvetica at 12, and now things look okay.
The fact is, I'm going to have to invest a considerable amount of time just to get things to the same level that Mandrake and RedHat give straight out of the default install. This is not something that will attract new people. Oth
erwise the system seems reasonable. I'll have to wait a while before I can make any pronouncements with regard to stability. Anecdotal evidence is extremely positive, but my initial experience hasn't matched. I was a little disappointed with the way files were arranged. I had hoped Debian would lead the world away from RedHat's madness and stick KDE and Gnome in their own subdirectories, e.g./usr/kde2 ->/usr/kde-2.2.2 and/usr/gnome1 ->/usr/gnome-1.4.1. The fact is, that given what I've had, and will probably get when RedHat 8.0 inevitably starts going around the magazines, it's hard to be upbeat about the Debian desktop.
Conclusions I'm sure you're aware that this isn't going to be glowing. Debian's installer is several years out of date, and needs a serious overhaul. It's not fit for commercial consumption, and is only good enough for established Debian users and poor wannabe PFYs like myself. This is not a sustainable situation. Apt-get is good, but RPM has caught up with it for the most part thanks to apt-rpm and urpmi. I'll take everyone's word for it and say that Debian is, for the most part, stable. I like the fact that the packagers are willing to hold back and patch existing stable software to get a decent system, and not one that seems to be in permanent beta. This is why I went for it in the first place.
But people who chose Debian aren't rewarded. Installation and post-install configuration is a bit of a nightmare. Debian should organise people to collect code from the Webmin, Linuxconf and Mandrake configuration programs and create Debian's own configuration framework. At this stage of Linux development it's compulsory, even RedHat has finally copped on to this. Indeed, I would recommend following RedHat in several arenas. I believe Bluecurve is free, Debian should package it - it gives everything a nice polished look. People can then change things if they want to. Having worked in MIS a bit, I know that people will always find a way to
muck about with display settings, even if word-processors give them palpitations.
I think peopl e should get together and form a DebianDesktop group, committed to creating a package which will install several different themes, configurations and menus. People can be asked near the end of the install if they would like their desktop customised - if they answer yes, this package could be installed. Similarly work should be done on intelligent installers and hardware auto-detection (though the latter is obviously going to be especially difficult for a multi-platform system). The priority should be the simple installer though, hardware detection can wait.
The inspiration for this article was an article I saw on this site a while back bemoaning Debian's loss of mindshare, attributing it in part due to the lack of attention in the media. Most of the pertinent points were made in the article and accompanying comments. An open-source distribution needs mindshare to survive, but the media won't cover distros which don't have the latest whiz-bang desktop software. If Debian formally released a distribution based on the Test tree compiled with GCC 3.2 for 686mmx, its marketshare would explode. Just look at Gentoo, a hideous installation process, but a system equivalent to a Honda Civic with added spoiler, exhausts, alloy wheels and, of course, go-fast stripes. In other words, something for the lads to show off.
Such a system would have the benefit of bringing a lot more bug-reports into the system, g
iving a better stable distro. Mandrake are sucking a lot of the talent Debian needs through cooker. They've openly thought about making the distribution packaging process totally open and building a value-added distro around it like Progeny. If this were to happen it would place Debian into a very tough place.
The new Debian needs to blow people away. It needs to be Granny-proof. It needs an installer that people
can bluff their way through, with an attractive, well configured desktop on the other side. Debian maintainers should check out the competition now and again, to see where they can improve. Because if they don't, Debian will lose developers, and become less and less of a force in the Linux world
If you still don't believe me, just consider what would happen if Adobe ported Photoshop to Linux. 10 or 15 people would actually buy it. It would get press coverage. And then, nothing would happen and no other company will bother porting anything. Kind of like what happened to Loki.
No, I don't think this is like Loki. The problem with Loki is that they would release their games a year or so after the game was released originally. By that time, everyone who _really_ wanted the game went ahead and bought the Windows version. So, you had to pay $30 for a game that was already old.
I have two Loki games that run better than the Windows versions did, but I bought them when they were marked down to $10 because I already owned the Windows versions and didn't want to spend even more money on a game that I'll hardly get to play. If a publisher releases a game for all platforms right off the bat, then the people who want to run Mac, Linux, or Windows can get whichever version they wish.
Neverwinter Nights is also a great idea. Sure, they don't have the Linux version done yet, but when they finish it, all of those people who purchased the Windows version will be able to download and run the Linux version. Hopefully it will run well. Loki did a great job on their ports. The key is either the original publisher writing cross-platform code or another publisher making a deal with the original to co-develop and release at the same time.
If Photoshop came out for Linux or even M$ Office, I would consider purchasing them both. I personally don't find the GIMP very intuitive to use and I don't think the documentation is all that great (although I really like script-fu). As for Office, people are pushing OpenOffice, but I don't think it's quite up to the caliber of M$ Office. I would really love for them to be able to do with OpenOffice that Mozilla is able to do with respect to IE. Mozilla kicks the socks off of IE! Also, I really am against giving Micro$oft any of my money.
I have no problem with paying for good software for Linux. If I had to purchase Mozilla, I would have happily sent in $30 for a license. It's just that good.
This is very true that it depends on your situation. I'm a student sysprog at my university and we have to keep backups for quite awhile (although I can't remember how long it is). With our email, we don't even back it up because if we did, we would have to keep it backed up indefinitely in case it was ever needed in a court case. This becomes infeasible with the amount of email we pump through our systems every day.
I also worked at Sandia where as far as I know they have variable policies depending on the department and what the higher ups say they have to do. Many times normal policies are suspended for certain documents in certain departments. I've seen cases where some documents are destroyed after 7 years, but then in other cases the documents must be kept indefinitely just because of a certain keyword that happened to be in the document. Plus, the documents might be classified and I believe that changes the policy as well.
This is definitely something that is not "open and shut" and requires much planning. Plus looking at it from a standpoint from "it's not how long to keep them around, but how to destroy them so they can't be used against you" means that you're probably dealing with some shady execs (that's what I think anyway), but I've not yet worked in a corporate environment yet so I'm not sure.
>If people can get used to using Debian tools >and programs on Windows, then they won't be >nearly as nervous about using them in a GNU/Linux >environment.
I'm sorry, but I can't agree with your above assumption. I just can't see why this would really help Linux at all. If we're just porting apps, how does this help the OS known as Linux get a better rep? People will say "This is a great app, good thing it runs for windows so I don't have to switch to Linux". It sounds like the same thing I say for apps ported from Windows to Linux. Besides, I also have to admit that many apps for Windows are better. StarOffice sucks in comparison to Office and many apps that do show promise (Mozilla) are already available for Win32. We need great programs like Evolution to be available for Linux exclusively because it may help persuade people to go the other way. If when I first thought about switching to Linux, there was a software package available to help the stability of my Win98 so it's just as stable as Linux, I may have never switched because Linux seemed hard and Windows seemed easy.
I just don't think this is the right way to go. There's other things we should be doing to promote Linux.
I've been working at Sandia National Labs over the summer and had the priveledge of visiting this facility today. I found it to be very cool, but there is still much to be done. The resolution and graphics didn't actually seem all that great. I dunno if it was the video they were showing or what, but it was getting pretty choppy. The synchronization works pretty well from side-to-side due to overlapping, but the top-to-bottom still has issues. There were also a couple times where a rogue projector would decide to do its own thing and it would throw the whole thing out of sync. They were saying that a major goal of theirs is to get up to about 65 million pixels as that would really match what the eye is capable of noticing. One other thing is that because the light bulbs in all of the projectors go out at different times, the different intensities of the lights cause discolorations throughout the different projections.
Overall, very cool and I'm glad I was able to see it (and the teraflops too:), but it looks like they still have quite a bit of work to do before they'll really be able to do everything they want to do with it.
Slashdot Mirror
Uh, no. What I'm saying is who cares if they can't consider ethnicity? Tons and tons of people fly every day, including arabs. If you flag all arabs, you're going to get too many false positives, and people will eventually ignore the output and other organizations like the ACLU will start screaming so it would've been taken out anyway. Hence, the racial profiling is rendered useless. Furthermore, US citizens have a right to non-discrimination. It doesn't matter if they're Arab or not. In New Mexico, there is a system of setting up roadblocks to catch drunk drivers. The key is that they have to stop everybody and not just latinos or native americans, even though statistically they are at a higher risk for drunk driving. Otherwise, it is discriminatory and illegal.
And what you are doing is bigotry. The definition of bigotry is intolerance. You're being intolerant of arabs because you're assuming that every single one of them is a high risk for terrorism, when this is simply not true. Sure, most terrorists have turned out to be arab, but it is not the case that most arabs are terrorists.
No, actually they passed because they didn't check any luggage. The system automatically passed those that didn't check any luggage. The logic there was that if a person didn't bring luggage, they couldn't bring a bomb and any carryons would be caught in airport security. They didn't think about the scenario that ended up happening on 9/11. Do your research before spouting shit and keep your bigotry to yourself, thanks.
I agree. People fly a bunch of planes into our skyscrapers so they extremely target the airlines as the next victim. Hello?! They're not going to target that next! They've already taken advantage of that vulnerability. They're going to go onto the next thing such as power plants, dams, bridges, take your pick.
Why is this insightful? They wouldn't have the right to know my name, but they can go through all my stuff, which includes probably my wallet, which means that they actually will know my name. We have already heard about people abusing their security powers to do no good. One woman had to drink her OWN FUCKING BREAST MILK to prove that it wasn't poisonous or some other stupid excuse. The professor from MIT that is basically a cyborg was severely damaged by being forced to turn off his computers by stupid-ass security screeners. We all know that if people are put in the power to do searches of this nature, they will abuse it. People are ignorant and just plain fucking dumb.
I personally think this is more sad than funny. The creators of the CAPPS II system say it won't be discriminatory, but we all know that unfortunately this will most likely not be the case.
It's a little different in Lexmark's situation. Most printer companies sell their printers at under cost and try to make up the revenues via selling supplies. If they can't sell their supplies because others are selling refill kits or whatever, this really hurts their business. This is the same tactic that game console manufaturers use. Console manufacturers will sue a company if a game is manufactured to run on their system without a license from the console manufacturer.
With Nabisco or Microsoft, they make most of their money selling their main product (Cookies and Windows) so they don't care milk or mouse you use with it. It's also different because it's not like Nabisco built special technology into their Oreos that only allow them to soak up NabiscoMilk[tm] and then someone comes along with their own milk that Oreos also soak up, circumventing Nabisco's technology.
And this is good. Microsoft should learn something from that. Unfortunately, though, most people when they see a dialog that prompts for 'Are you sure?' as in 'Are you sure you want to install this software from Gator?' or 'Are you sure you want to accept this non-trusted certificate?' most people are just going to say 'Yes' because they just want to do what they want to do or they want to keep doing what they're doing without having to stop their work. It sucks.
Oops wait, you mean microsoft machines. nm then, your right, patching 10,000 machines is a bitch.
.NET CLR which moves toward being much more secure. Plus, recent patches to their software have turned off the stupid "auto-load malicious code" options. Of course, people have to apply them before they'll work.
And this is something they are trying to change. And what do you mean you code a script that lets the patch propogate. You mean to tell me that you would code up a script that would automatically login to a remote machine AS ROOT and install a patch? Sounds like you're using an 'r' command if you do something like that. Even if you _are_ using something like SSH, your script would have to be storing your password while running. Bad bad bad.
Absolutely the sytem should be more secure by default than a MS os, things like NOT presenting a menu of users when you boot the machine, things like true process level security, things like the lowest level component in the system ie the kernel handling the security.
True. First of all, not presenting a menu of users is an option. In XP, turn off Control Panel->User Accounts->Change the way users log on or off->Use Welcome Screen. Tada, no more menu of users. As for process level security and the kernel handling the security, I'm pretty sure this is how it's done, or it's very similar. The tokenized system used by Windows is very low-level and does allow each process to have specific privileges and to drop the privileges it doesn't need. The main problem is that most windows users run as an admin.
Unless you know how to operate it, you have no buisness operating it without supervision no matter what you paid for it.
So, what you're saying is that you do want stuff like the fritz chip on the mobo to have control, and not the user? You do realize that this would be mandated by congress so no new machines woudl be without this chip?
Security training? Have you worked in a corporate environment before and learned what "training" is? Training was probably a 2hr session to the secretaries that they should not code bugs, bugs are bad.
Funny you should mention this. I happen to work in a very large corporate environment (that shall remain nameless) that recently spent millions and millions of dollars giving their software engineers in-depth training on software security issues. Many people in my team this week are attending all-day onsite talks about secure coding practices.
Bugs aren't the problem in microsoft systems. The problem is giving uninformed users "convience" and "features" they want (or in some cases don't) when the features are in reality security holes by their very nature. Autologin is a good example of this.
This is one of the biggest problems. The customers want these features. They don't understand the security implications. If they don't have these easy-to-use features, they won't purchase the product. This is a reason why many people don't choose Linux as their desktop OS. They don't want to fiddle around for a long time to get a feature to work. They want it to "just work". Security and ease-of-use is, unfortunately, a see-saw. You gain one and lose the other. HOWEVER, I think you'll see that this thought has changed for at least their Server 2003 release. Unless you absolutely need the functionality to boot the machine and login, it will not be turned on.
I bet they still haven't considered the possiblity that an email program has absolutely no legitimate need for the ability to translate vb code or activex controls. Or that vb itself is something that should be scraped for security reasons.
Actually, they have. Unfortunately, the old VB code cannot be done with, but the new VB.NET stuff uses the
Linux and BSD have holes as well true, but I haven't seen them intentionally incorporate holes like those!
Last I used Mandrake (it was awhile ago), there was an auto-login feature.
75 glitches is no tribute or ban to microsoft though, counting the number of discovered security vulnerabilities is the most ridiculus thing I've ever heard.
I agree. It's like counting number of lines for how much work you accomplished for the day.
Considering that, the having the highest number of vulnerabilities discovered makes you the more secure option not the less, because more of your bugs are caught and fixed. If a program had only one publically found and patched vulnerability I'd never consider using it. Because it means they aren't looking and the only ones who know are the hackers.
This is weird logic. You're telling me that I can go and write the shittiest open-source code riddled with bugs, but because people caught and fixed 100 this year, then I'm much better then closed-source that has (hypothetically) one bug? Just because my 100 open-source bugs got fixed doesn't mean there aren't more. Plus, you'd have to constantly be installing patches (which we already know is a problem). And if my one closed-source bug was disclosed and fixed which means I now have zero bugs, you wouldn't use it? Of course, you can argue that also you wouldn't know how many more bugs could exist for this system, too, but I'm trying to make the point that it can go both ways. I think you have to take in more metrics like "how often was the system broken into?", "how easy is the bug to exploit?", and "how serious of an exploit is it?" Following your logic, you'd only use code that was known to be insecurely designed from the start. You have to code securely from the beginning. Security is a feature. If you rely on just patching tons of times, you'll be doing that forever and probably introduce new problems in the process.
Well, good for you. But when a lot of 10,000 machine corporations get hit by things like Slammer, Code Red, ILoveYou, and Scalper, this is not good. And before you go off on "patch yer crap", actually put yourselves in their shoes.
1) Patching 10,000 machines sucks.
2) Before you can even do this, you have to extensively test the consequences of the patch.
3) Sometimes the patches themselves (like the original Slammer patch) are a bitch to install.
4) Sometimes a patch is re-issued (Sun does this ALL THE TIME with no reason!), which means this whole process has to happen again.
What takes the case on this is that many of these worms propogate because of functionality that should have been turned off by default. Microsoft is trying to say with their "Trustworthy Computing" movement that they're now thinking about being secure by design and deployment in advance. And don't give me that crap about "Linux has been doing this for blah blah blah..." because there are still plenty of stupid coding errors in Linux, or BSD, or just about any other program you select. Just because you have uptime of 100 days, that doesn't mean you haven't been hacked for the past 30 without even knowing it. And before you go "I know I haven't been because I'm super-smart!", it's a hypothetical statement. Not everyone is as super-smart as you, and so no, they don't know everything about their machines and all the interactions that happen in the little box.
In a way, yes Trustworthy Computing is a mechanism to get people to go "Oh, ok, they're going to care now.", but I think it's better to keep your customers informed on your major movements. I didn't see RedHat doing this when they decide to completely screw with KDE and Gnome to make BlueCurve. We had to hear it through a newsgroup comment posted on Slashdot. And before you can really judge them on whether they've failed or not, first realize the immense task this is (the article talks about this. You read the article, right?) so it won't happen overnight. Also, wait until you see Server 2003. This is the first major flagship product to come out with the new security training everyone received. Give things time. Besides, if Microsoft says they want to make stuff more secure, why not just freakin' let them try? If you don't like it, you're free to use the alternatives.
Actually, I think Trustworthy computing is a lot about *you* trusting your computer. Things like Security and Reliability should come out of the box by design and in deployment. You should not have to worry about risking your data to crashes and/or attackers. Only when this happens with your platform be "Trustworthy".
I'd rather have something that works on one or two platforms really really well than something like Java that works like shit on all platforms. I can never get consistent behavior from Java programs and they're always so slow. So, really I think Java is what sucks. Have you ever read about or used .NET? Doesn't sound like it. Sounds like you're spouting your useless zealot opinions. I won't bother going into the Mono project, because a person of your ignorance probably wouldn't bother reading about it either.
Do five more minutes of work and you'll discover Mono.
Uh, it's a ONE TIME DOWNLOAD! Once you download the .NET framework once, you can run any .NET application. If they install it by default, you complain about bloat. If they give it as a separate download, you whine about big downloads. You have to do the same thing if you're going to run a Java app. You have to do a big 15MB JVM download to run a 200k Java app. Same idea...
I'm sure as soon as the Mono project gets far along enough you'll be able to run it under Linux, FreeBSD, etc. That's the whole goal of Mono, to provide an open-source version of the .NET common language runtime environment so it can run on other systems. This is actually something Microsoft touts as a benefit of .NET -- portability. Except, in their eyes, you write one piece of software and it runs on WinXP, WinCE, Win64, etc.
No, because this isn't directly related to Microsoft. If it was "Microsoft Locutus" and it was their venture into the p2p market, then it would prolly warrant that icon. It just happens to run on Windows.
Yup, that's right, I'm a Microsoft employee. Well, not yet, actually. I've accepted a job with them to start this January. So, needless to say I'll be using Windows at work. :) I accepted a job with them because the environment looks cool, I have friends up there already, and they gave me a damn good offer.
Right now, I run Gentoo. I've been running Linux for 4 years. Next week, it'll be WinXP Pro and then Win.NET Server when it comes out. Something I've noticed while I've been using Linux over the past four years is that while stability and power has been increasing, desktop ability is not increasing at nearly the same rate. Linux is too fractured. Normal users don't like man pages. They want some sort of web-structure they can use to jump around to different help information quickly. It's a pain in the ass to get internationalization, syncing between laptop/desktop, etc. Sure, all of this stuff _can_ be done, but they don't make it fsck'ing easy, which hurts the OS for everyday use.
There needs to be more interoperation between components. Rather than each developer saying "this will be the coolest piece of software if I do it like this" without much thought to how it should operate with other programs to make things super-duper easy for normal users. Thus, you're left with leaving the nerds to tinkering. It's fun when you do get it to work and you feel satisfaction, but you then look back and say "That took me 6 HOURS?!" when it takes 10 minutes under Win2k. Now that I am getting a real job, I don't have time to mess around for 6 hours on a task that should be available out of the box and work good without having to make weird symlinks and scripts. Fonts are a bitch. This really really really hurts Linux. Plus, I love Photoshop, MS Office, and a lot of other apps that might have free counterparts available for Linux, but just don't look that good or work quite as you think they should.
Don't get me wrong, I love Linux. Like I said I've been using it for 4 years. It's going to be hard to switch back after all this time. Among the things I will miss are: command line, speed, stability, customizability and the fact that a lot of good software comes for free. I will still use Mozilla on my Windows box at home and I will probably use vim at work to write code (yes, many MS employees use vim and emacs).
I will continue to use Linux for my NAT/firewall box until Windows gets up to speed (if ever) in this area. However, for now, my desktop box will be a desktop OS.
My job will be in a department just recently started to create secure networked software. I'm hoping to do a really awesome job in this area and hopefully give Microsoft a good name. Even Linux has security flaws. No matter what OS you work on, if you can get it to have better security then you're bettering everyone's computer experience and the economy.
I'll still read Slashdot, though. Why? Because it's still a damn good place to get News for Nerds.
It'll be nice to have this, but this is really just another good argument for competition and choice. If Mozilla (and Opera) didn't have this first, how long would it have been before the features came to IE? The same can be said for things that appeared in IE first and finally made their way to Netscape / Mozilla. This is why it's really nice to have some choices.
:)
This is completely true. I think Mozilla is giving IE a run for its money and Microsoft is realizing this. It's kinda nice to watch them play catchup in the browser market. It's been awhile.
So, that brings it down to, what, 97? Still a pretty good list. However, I've heard that popup blockers and tabbed browsing are making their way into IE (and MS employees can already use these features), but we'll see if they're actually integrated.
This is really a great thing. I've been wanting something like this for a long time. Unfortunately, it looks like there's still so much to do that it'll be a few versions before it's super stable. However, I know when it's finished, it'll work great just like the rest of Mozilla. I'm really excited for it to be merged in and released for testing.
From the article:
...some consumers don't understand why the sales tag on a CD is so much higher than the cost of producing the actual physical disc, a cost, which in fact, has decreased over the years.
Then why has the cost stagnated over the years or in some cases risen?
CD manufacturing costs may be lower, but it takes more money than ever before to put out a new recording.
They then try to justify this saying that it costs so much to pay for the time for the artist using their creative energies to come up with songs, but this is a load of crap. The real reason is that the recording industry is constantly churning out boy bands and other equally untalented bands, hoping that one of them will strike it big. Since it takes 10+ to actually strike one that will sell some albums, they have to jack up the prices on those albums of the sellers to make up for all the crap that nobody else is buying.
Instead of just throwing their money at the next fad band, they should actually have some criteria to get good music out there and not just trying to make a buck. Then they'll make good profit and be able to offer their music at a decent price. But hey, this is a cartel we're talking about.
-Shippy
An Unbiased Review of Debian 3.0
/proc/cpuinfo. Instead I was confronted with a maze of kernels once I got to the software selection stage, installed 2.4.18, and then belatedly realised that only 2.4.16 had the ALSA drivers I wanted. Why not offer two defaults in the final base install screen Kernel-2.2.20-$arch and Kernel-2.4.16-$arch (where $arch is the probed value of the most suitable CPU) with a third option to select the kernel yourself. And for the record, I have no idea what the point of the modules page was - was I meant to manually install each and every module?!
/dev/hdd wasn't set up, not even as a plain CD-ROM. The menus were all over the place. The fonts in GTK apps were hideously big. XftConfig wasn't set up to disable antialiasing for standard size fonts, nor were the workarounds for symbol and console fonts (mentioned here) included. Another bug.
/etc/debmenus, and in the post-install stage run a script which creates from it th
e necessary menu entries in all the window managers and environments.
/usr/kde2 -> /usr/kde-2.2.2 and /usr/gnome1 -> /usr/gnome-1.4.1. The fact is, that given what I've had, and will probably get when RedHat 8.0 inevitably starts going around the magazines, it's hard to be upbeat about the Debian desktop.
This is a critical review of Debian 3.0, but I want to say right from the start that I'm not trying to bait anyone. However I feel that reviewers often root for Debian as the open-source underdog, and give it marks which it doesn't deserve. If RedHat 8.0 came out with installation software like Debian 3.0 it would be savaged. I think it's time for an honest review, to spur the Debian developers into making the best possible distribution. I really want Debian to succeed. I want to use it daily, and recommend it to my friends. But I can't do that right now and I think it's important people understand why.
Installation
My first experience of Linux came with a boxed version of SuSE 6.0, back in the middle of 1999 when Linux was starting to get noticed in a big way. The entire thing was a text-mode affair, powered by the venerable YaST version 1. I spent days just poring through the manual, trying to wrap my head around fdisk, and hoping it would all turn out okay. It did, and I never looked back. Six months later a version of RedHat (five point something or the other I think) was shipped with a magazine I bought, and I gave it a whirl. This too was backed with a text-based installer, but it was a lot easier to use than YaST. I didn't even bother with the documentation, I just slipped it in the CD drive and winged it. Shortly thereafter I tried the first version of Mandrake, which had pretty much the exact same installation process..
The point of all this reminiscing is to show that I'm not a complete neophyte (though I'm nowhere near being a guru for that matter). Since then I've tried the RedHat and Mandrake graphical installs, and while RedHat is the one I like best, Mandrake has been the distribution I've stuck with solely because of drakconf and it's associated tools, which make configuring a Linux system a breeze. However lately I've been aspiring to ascend to guru status, or at the very least PFY, so I gave Debian a whirl. I have to admit I was disappointed both with the installation procedure and the finished system. In all my time with Linux, Debian's is the worst installer I've ever had to use.
Setup
There is a lot wrong with it, but mainly the fact is that it's an awfully stupid piece of software. And I don't mean stupid as in bad, I mean as in not clever. It expects the user to know everything. So, for example, even though XFree86 has fully documented the branded names that each driver supports, Debian simply supplies a list of the driver names themselves. People with, say, a GeForce card packaged by Creative will have a hard time picking the nv driver. However they should be glad that they have a choice at all - a lot of screens only give highly technical examples and refer the users to documentation that hasn't even been installed yet! For example why couldn't a list of keyboards, e.g. Irish Keyboard, US Keyboard, Sun US Keyboard etc. be given instead of expecting the user to type in xfree86, pc105, ie with uk as alternative.
This is simple fundamental stuff, the kind of thing most other distros had sorted out back in '99 when everything was via textmode and the Linux GUI was new and exciting. However, in this day and age, I would expect far more from a distribution. There should be no need for me to enter in the same locale based settings over and over again. Once I'd selected Europe->Western->Dublin as the timezone, the system should have realised that the appropriate locale was en_IE@euro, that the keyboard should be set up with proper Euro support (it doesn't seem to be, AltGr is mapped as Alt so I can't easily print bars, the Euro symbol, or accents for stuff I write in Irish), that the Euro packages should be installed by default (they weren't) and a whole raft of other tiny stuff like KDE and Gnome localisation. Certainly people should be presented with the chance to confirm these options, but it should be a simple matter of hitting Enter most of the way. If they want to change the default, they should first be presented with a list of preconfigured settings for, e.g. keyboards, out of which they can then opt into the sort of technical xfree86, pc105, etc. settings.
This willfull stupidity of the installer extends to other aspects of the setup also - with so many kernels available, Debian should pick the most appropriate one to use for my system. It's not that hard to open up
Package Selection
This brings me nicely along to package selection. Tasksel wasn't too bad, though I'd expect more options. For example, instead of X11 have X11, Typical Desktop (Gnome & KDE) and Esoteric Desktop (WindowMaker and Enlightenment) and so on. I was mystified to see I could select Fortran and Tcl/Tk support, but not Perl, PHP, or Java - some of the most popular languages today. However nothing, not in all my 22 years on this Earth, could prepare me for the horrors of dselect. Sweet merciful divine!
Firstly the developers should check out Eugenia's comments on osnews.com about the new Yast2 package manager, as many of the same things apply. In the end it all boils down to the old KISS clich, keep it simple! Instead of giving a load of choices for dependency resolution with half a million optional packages thrown in, just give n + 1 choices, one for each of the n package/package-combinations that fixes the dependency, and one to install without resolving it. Similarly with conflict resolution it should be remove selected, remove conflicting or ignore.
Worse yet are the help screens that pop up at every opportunity, yet which don't actually explain everything (like the meaning of those EIOM headers at the top of the screen). At the end of the day, it should be fairly obvious what's going on. Leave complex package selection tools for the post install, at this stage people just want to get the damn thing working. It drove me nuts having to pass through that stupid help screen every time a dependency arose.
What's worst of all is that if, for example, dselect fails to download a package from the Internet, it prompts the user with a basic text mode question asking them if they want to cancel. I assumed this meant just cancel that particular package. It didn't, and I found myself dumped into the console on a base system. I knew enough to extricate myself, but this is hardly something the average newbie is going to be able to cope with.
The Installation Overall
I want to make sure people realise I'm not trying to advocate a graphical installer. It would be a good move ahead, and should be available for Debian 4.0, but all the stuff I've mentioned here could be easily implemented in a text-mode installer written using ncurses. In fact, I would recommend a Model-View-Controller approach, with the Model, the bit that does all the actual work, being packed into a library, and two Views being created with, say, ncurses and Qt, each of which uses the Model library to do what's needed.
Debian's installer does have some redeeming features. For one thing it is rock solid. With several versions of Mandrake I have had proble ms setting up the mouse and getting the package selector to install all the selected packages. This didn't happen in Debian. Downloading updates from the web during the install is also a great idea (though I was a little aghast to find my 56K modem facing into 100M of updates). The provision of non-free sites is a great help, given the conflict between Debian's all-free stance and the wants of the average user.
The crucial factor is that the installer should be made as intelligent as possible, and to hide the actual de tails behind Advanced buttons. Guess as much as possible from initial locale data. Use branded names instead of driver names for hardware, be it keyboards, mice, graphics cards or soundcards. I hadn't mentioned this but Debian should aim to have sound working as a default in every new installation, prompting users for their soundcard make from a list in a similar in fashion to the XFree one. In this day and age, every OS should have sound support. By all means, let one of the brands on the list be No Soundcard, but offer to install and configure it at any rate.
Dselect needs to be totally re-designed. I can appreciate its power, but it's far to complex and hard to use. Aim to replicate the way things work in graphical GUIs - have drop down lists and checkboxes which can be ticked to install items, even if said boxes are represented by [ ] and [X]. There is a case to be made for complex package installation software, but half way through an OS install isn't really the place.
The Configured System
Having finally got everything installed, I was, I confess, pretty disappointed with the results. Bugs started appearing. Firstly, when selecting the Irish locale in KDE 2.2.2, I found KDE trying to tell me that the Irish currency was the pound, something which hasn't been the case since the Euro was introduced in 2000, two and a half years ago. Then kwrite decided it wouldn't display documents it opened and konqueror decided all pages should be 2000 pixels wide, even though the window was about 800.
Sound didn't work, and consequently the KDE bootup screen stalled for ages at the window manager stage while arts slowly died, then popped up a No Sound message box. None of the PPP connection tools wor ked when not used by root. None of the hard disk partitions were configured (even though they had been recognised by the piece of code that set up LILO). My CDRW at
It was a mess.
Firstly the menus. In Enlightenment and Gnome you have a special Debian menu included with the rest in the app launchers. These menus contain everything. Thus, when you're looking for a program, you just go to the Debian menu and it's all gravy. However the Debian menu wan't included in KDE, instead there were a load of Debian submenus, which didn't seem to include everything. What made this especially heinous was that if a Debian menu had been included in KDE, I could have made a launcher out of it. At this stage, though, I don't believe that's enough. Debian should follow the lead of every other major distro and offer the exact same menu layout throughout. All you need is for graphical packages to install an information file in, e.g.
I've got most of the sound and KDE stuff off my chest, though frankly its deeply disappointing. It's the first time I've experienced functional bugs in any KDE version, and I started with 0.99. The only other time I've seen a major bug was a cosmetic issue with KDE 2.1 (?) in SuSE 7.3 which caused vertical stripes to appear on widget background s.
Again I've dealt with the appalling foul up of Euro-support. The support packages should have been installed by default when I selected en_IE@euro. The AltGr-4 keymap should have been set up. As far as I'm concerned these are functional bugs.
The PPP tools could definitely have been set up better. The default setting is only an invitation to newbies to use root for web-browsing. They could be set up using sudo, or else set up them with rwsr-sr-- permissions and root.pppusers ownership. That way, at the user creation screen you could ask if people should have permission to connect to the net, and make them members of the pppaccess group if permission was granted.
GTK, and consequently Mozilla, looked atrocious due to the oversized fonts (look at Windows, MacOS, BeOS, other Linux distros - they all have fonts a round 11px), and changing the default font in GTK is a bit of a struggle for newbies (how obvious is Theme Selector after all). I changed it to Helvetica at 12, and now things look okay.
The fact is, I'm going to have to invest a considerable amount of time just to get things to the same level that Mandrake and RedHat give straight out of the default install. This is not something that will attract new people. Oth erwise the system seems reasonable. I'll have to wait a while before I can make any pronouncements with regard to stability. Anecdotal evidence is extremely positive, but my initial experience hasn't matched. I was a little disappointed with the way files were arranged. I had hoped Debian would lead the world away from RedHat's madness and stick KDE and Gnome in their own subdirectories, e.g.
Conclusions
I'm sure you're aware that this isn't going to be glowing. Debian's installer is several years out of date, and needs a serious overhaul. It's not fit for commercial consumption, and is only good enough for established Debian users and poor wannabe PFYs like myself. This is not a sustainable situation. Apt-get is good, but RPM has caught up with it for the most part thanks to apt-rpm and urpmi. I'll take everyone's word for it and say that Debian is, for the most part, stable. I like the fact that the packagers are willing to hold back and patch existing stable software to get a decent system, and not one that seems to be in permanent beta. This is why I went for it in the first place.
But people who chose Debian aren't rewarded. Installation and post-install configuration is a bit of a nightmare. Debian should organise people to collect code from the Webmin, Linuxconf and Mandrake configuration programs and create Debian's own configuration framework. At this stage of Linux development it's compulsory, even RedHat has finally copped on to this. Indeed, I would recommend following RedHat in several arenas. I believe Bluecurve is free, Debian should package it - it gives everything a nice polished look. People can then change things if they want to. Having worked in MIS a bit, I know that people will always find a way to muck about with display settings, even if word-processors give them palpitations.
I think peopl e should get together and form a DebianDesktop group, committed to creating a package which will install several different themes, configurations and menus. People can be asked near the end of the install if they would like their desktop customised - if they answer yes, this package could be installed. Similarly work should be done on intelligent installers and hardware auto-detection (though the latter is obviously going to be especially difficult for a multi-platform system). The priority should be the simple installer though, hardware detection can wait.
The inspiration for this article was an article I saw on this site a while back bemoaning Debian's loss of mindshare, attributing it in part due to the lack of attention in the media. Most of the pertinent points were made in the article and accompanying comments. An open-source distribution needs mindshare to survive, but the media won't cover distros which don't have the latest whiz-bang desktop software. If Debian formally released a distribution based on the Test tree compiled with GCC 3.2 for 686mmx, its marketshare would explode. Just look at Gentoo, a hideous installation process, but a system equivalent to a Honda Civic with added spoiler, exhausts, alloy wheels and, of course, go-fast stripes. In other words, something for the lads to show off.
Such a system would have the benefit of bringing a lot more bug-reports into the system, g iving a better stable distro. Mandrake are sucking a lot of the talent Debian needs through cooker. They've openly thought about making the distribution packaging process totally open and building a value-added distro around it like Progeny. If this were to happen it would place Debian into a very tough place.
The new Debian needs to blow people away. It needs to be Granny-proof. It needs an installer that people can bluff their way through, with an attractive, well configured desktop on the other side. Debian maintainers should check out the competition now and again, to see where they can improve. Because if they don't, Debian will lose developers, and become less and less of a force in the Linux world
If you still don't believe me, just consider what would happen if Adobe ported Photoshop to Linux. 10 or 15 people would actually buy it. It would get press coverage. And then, nothing would happen and no other company will bother porting anything. Kind of like what happened to Loki.
No, I don't think this is like Loki. The problem with Loki is that they would release their games a year or so after the game was released originally. By that time, everyone who _really_ wanted the game went ahead and bought the Windows version. So, you had to pay $30 for a game that was already old.
I have two Loki games that run better than the Windows versions did, but I bought them when they were marked down to $10 because I already owned the Windows versions and didn't want to spend even more money on a game that I'll hardly get to play. If a publisher releases a game for all platforms right off the bat, then the people who want to run Mac, Linux, or Windows can get whichever version they wish.
Neverwinter Nights is also a great idea. Sure, they don't have the Linux version done yet, but when they finish it, all of those people who purchased the Windows version will be able to download and run the Linux version. Hopefully it will run well. Loki did a great job on their ports. The key is either the original publisher writing cross-platform code or another publisher making a deal with the original to co-develop and release at the same time.
If Photoshop came out for Linux or even M$ Office, I would consider purchasing them both. I personally don't find the GIMP very intuitive to use and I don't think the documentation is all that great (although I really like script-fu). As for Office, people are pushing OpenOffice, but I don't think it's quite up to the caliber of M$ Office. I would really love for them to be able to do with OpenOffice that Mozilla is able to do with respect to IE. Mozilla kicks the socks off of IE! Also, I really am against giving Micro$oft any of my money.
I have no problem with paying for good software for Linux. If I had to purchase Mozilla, I would have happily sent in $30 for a license. It's just that good.
This is very true that it depends on your situation. I'm a student sysprog at my university and we have to keep backups for quite awhile (although I can't remember how long it is). With our email, we don't even back it up because if we did, we would have to keep it backed up indefinitely in case it was ever needed in a court case. This becomes infeasible with the amount of email we pump through our systems every day.
I also worked at Sandia where as far as I know they have variable policies depending on the department and what the higher ups say they have to do. Many times normal policies are suspended for certain documents in certain departments. I've seen cases where some documents are destroyed after 7 years, but then in other cases the documents must be kept indefinitely just because of a certain keyword that happened to be in the document. Plus, the documents might be classified and I believe that changes the policy as well.
This is definitely something that is not "open and shut" and requires much planning. Plus looking at it from a standpoint from "it's not how long to keep them around, but how to destroy them so they can't be used against you" means that you're probably dealing with some shady execs (that's what I think anyway), but I've not yet worked in a corporate environment yet so I'm not sure.
>If people can get used to using Debian tools
>and programs on Windows, then they won't be
>nearly as nervous about using them in a GNU/Linux
>environment.
I'm sorry, but I can't agree with your above assumption. I just can't see why this would really help Linux at all. If we're just porting apps, how does this help the OS known as Linux get a better rep? People will say "This is a great app, good thing it runs for windows so I don't have to switch to Linux". It sounds like the same thing I say for apps ported from Windows to Linux. Besides, I also have to admit that many apps for Windows are better. StarOffice sucks in comparison to Office and many apps that do show promise (Mozilla) are already available for Win32. We need great programs like Evolution to be available for Linux exclusively because it may help persuade people to go the other way. If when I first thought about switching to Linux, there was a software package available to help the stability of my Win98 so it's just as stable as Linux, I may have never switched because Linux seemed hard and Windows seemed easy.
I just don't think this is the right way to go. There's other things we should be doing to promote Linux.
I've been working at Sandia National Labs over the summer and had the priveledge of visiting this facility today. I found it to be very cool, but there is still much to be done. The resolution and graphics didn't actually seem all that great. I dunno if it was the video they were showing or what, but it was getting pretty choppy. The synchronization works pretty well from side-to-side due to overlapping, but the top-to-bottom still has issues. There were also a couple times where a rogue projector would decide to do its own thing and it would throw the whole thing out of sync. They were saying that a major goal of theirs is to get up to about 65 million pixels as that would really match what the eye is capable of noticing. One other thing is that because the light bulbs in all of the projectors go out at different times, the different intensities of the lights cause discolorations throughout the different projections.
:), but it looks like they still have quite a bit of work to do before they'll really be able to do everything they want to do with it.
Overall, very cool and I'm glad I was able to see it (and the teraflops too