If Mandrake doesn't test a large variety of the most common configurations
They did. They tested on a number of OEM boxes (HP, Dell) and white-boxes that had LG drives, but they all had newer firmware and were not affected.
Additionally, the patch that triggers the problem has been in the kernel since before RC1, and the problem was not reported until the final releases (2 months later). So, it wasn't found by the community in 2 months of beta testing!
then they really don't deserve anyone's money as they are rather amateurish.
Well, then neither does SuSE (who maintain the patch in question) or Gentoo (who fried some drives with their America's Army CD and possibly some release CDs) and didn't figure it out until Mandrake found the cause...
I would actually say it's the hardware company that doesn't deserve your money if they can't make standards-compliant hardware.
It's not about the state of the system *after* the update (since they should all be quite similar), it's more about supporting installation. If driver disks are to be supplied, or installer patches are to be made, it just duplicates the work required to do this (compiling modules for both kernels etc etc), and introduces differences in machines during the installation (so the first question from someone supporting people having troubles installing would have to be which kernel they are booting, and newbies are unlikley to notice...).
But in any case, a company that greets it's potential customers by risking their hardware is one that's never getting my money.
The hardware isn't at risk. You would just have to download the kit from LG to reflash the firmware on the drive.
But of course, remember that even if Mandrake issued new ISOs, your *hardware* would still be vulnerable. The best solution for the end-user is to update their firmware so that it is no longer vulnerable (to say the Gentoo America's Army CD).
Secondly on installing, you say that a liveCD install is worse because of higher system requirements. While I can understand your point I think that this again is linked to the first issue as the system would target a certain level of hardware and if you don't meet them then you would need a lighter weight system.
You can't run a GUI on Knoppix with less than 96MB of ram, unless you know what you are doing (in which case you probably don't need Knoppix).
Mandrake does a GUI installation with about 64, and a usable-by-newbies text installation in 32.
Systems with less than 72MB can easily run Mandrake (though not KDE, but even GNOME should be usable, though fluxbox etc may be better choices).
And I have seen a numeber of machines that can't deal with a 700MB Live CD...
How is installing from a liveCD any different then installing from an installation cd? If you don't trust the source then you won't trust the system. Who is to say the the liveCD is going to install it's own binary content?
If the person who mastered the CD had a trojaned system, yours will be too.
Most LiveCD projects don't have public CVS and changelog lists (which allow easy tracking of changes, patches etc) which cover every package, most distros do. A liveCD also would theoretically allow you to tamper with the package database (ie on RPM-based systems reset the MD5 sums of files you have tampered with) to hide what you have done. This would be largely undetectable.
Granted, this may not be likely, but it is much easier to do than on a large distro where every package is worked on transparently, and the only thing that can tamper with your package database is the installation software (which is also transparent).
Isn't an installation cd simply a different sort of liveCD which is used to install the system?
Yes, but no files on the "Live CD" are copied onto the target machine. And the files on the "Live CD" most likely have revision control.
Just look at the Knoppix remasters out there which cater for everything from medics to dance dancers and clusterers.
So, if I want to try one more piece of software not included on the LiveCD I have, I must download another >600MB ISO to try it?
Thanks, but I would rather just ask someone with a system to image to make a new CD for me with the package I am interested in (which he already likely has since most of the packages are available in real distros anyway).
Time for you to release maybe?
Other priorities (like a thesis to hand in in 17 days). But, others will be released soon.
The full Powerpack is quite a bit more expensive than the DVD-only ($69 vs $54 for the DVD-only), and it quite clearly states that it comes with no docs and no support:
"Support and reference documentation is not provided with the product."
So, I don't think you'll have any luck.
Personally, I prefer the ProSuite CDs+DVD, since the 2 server-only CDs are quite useful, and I don't need no support...
Most SATA chipsets need proprietary (ie, they provide sources which are wrappers for a binary object which they don't supply the source for) drivers.
This means that no-one can legally distribute these drivers with a kernel without violating the GPL.
However, if you want, I can build binary modules for you, any you can stick them on a floppy and have them loaded during installation (before hard disk detection). You would possibly still need to copy them to the drive before booting the machine (I haven't tried this).
The public release was delayed until LG provided fixed firmware for their drives, and a means to salvage machines that had already lost their firmware.
It would be quite complicated supporting essentially two different releases of 9.2, so unfortunately you will just have to do the updates (for now).
While I agree with most of what you say, I honestly feel that "Linux's best hope for widespread adoption" will be a live CD which allows people to boot up, see that things are going to work and then allows them install it from the liveCDs gui.
I really don't consider this a good way of installing, for a number of reasons (like increased minumum hardware requirements, greater possibilities for someone to trojan the installation, limitations on what you can choose or not choose, etc).
IMHO, Live CDs are currently limited because they aren't tailored more to the target audience, and that is why I have done some work on the mklivecd stuff in Mandrake. If you want to demo a solution to someone without having to remaster Knoppix (which is quite a bit of effort), you can install Mandrake 9.2 and:
# urpmi mklivecd # mklivecd livecd.iso
(there are some issues with the release in 9.2 contrib, we hope to get a newer release out soon with the fixes and features we have in cvs)
but no community nor Mandrake are building one that I know of
One has already been distributed at a conference (based on 9.2). Another one has been ditributed privately. Another one is in the works. I have a few of my own which are used for internal purposes at work, though I may consider releasing one (if I have time and bandwidth to spare). Plus, there is another one coming as a surpise.
I can't unplug my Dell 5800 laptop while running or it locks up, same with plugging it in while running. Working on the cause.
Broken local APIC. Boot with 'nolapic' to workaround it.
Handles 3d hardware acceleration fine for my ATI 9500 card, but no 3d for my 9700 pro (5 install attempts and dozens of fixes) I will not give up... Must..get...CWET...working.
There are updated ATI driver packages on the Club, you may want to try those.
I'm pretty sure I didn't hear of SUSE or RedHat doing this.
AFAIK, SuSE (and Gentoo) did. And, Redhat quite often ships with CVS snapshots of core software (glibc), pre-releases of others (gcc), and other large patches not used by others in stable releases.
The glibc on RH 9.0 caused lots of problems (MySQL apps would not compile, installations with large numbers of users/groups were broken for a few months).
Mandrake is, and always has been, buggy at best.
Probably no worse than Redhat, and pretty close to SuSE and Debian testing. Stable software, new features, choose 1.
The drives re-implemented the FLUSH_CACHE command to update the firmware. The standard allows either to implement it (and do nothing on a CD-ROM drive) or to not implement it (resulting in an error), but not to use it for something else (and they chose to do something potentially catestrophic with it).
So, drives with older firmware aren't compliant, and their degree of non-compliance results in the drive erasing it's own firmware (I mean, they could instead have re-used the command to open the drive tray;-)).
I think we have this better covered than Windows (since you didn't say we had to access all sites made by IE-only people)
E-mail
I think we've got this covered too. You didn't mention calendaring/scheduling (where we are still behind).
Office Software OpenOffice.org is achieving about the same compatability you get between different versions of MS Office.
Custom/Special Application compatibility In a lot of cases, it's feasible to migrate some of these to Web-based apps. For scientific/engineering applications, ports are already available for many products. For anything else, this is problem (that can be solved for a price and some inconvenience via win4lin server or similar).
Central Authentication/Access Control This is done with OpenLDAP (unix clients), Samba3 (for Windows clients). Enforcing settings has not been integrated yet (but they could be enforced - at least with KDE - via config files which could be distributed via the package management system). Updates should not be pushed via AD IMHO. apt-get, urpmi, yum etc can do this well enough (only thing is setting this up initially is not automatic).
Windows Update-like mechanism apt-get, urpmi, yum etc in cron. Use multiple repositories/sources/urpmi media etc to achieve the effects you want.
Integrated Virus protection/Firewalling Firewalling is no problem (available on all distros), Virus protection is *only* necessary on file/mail servers that serve Windows machines. If it really does become necessary, pay Sophos some more money to cover your linux desktops as well. Most distros ship with an open-source virus scanner (such as clamav).
Hardware Support Choose your vendors. Those that don't support Linux will soon see why they should. But, this is an issue still.
ISV/Vendor Support This is probably one of the bigger hurdles.
Re:Still concerns about security errata
on
Fedora Core 1 Released
·
· Score: 2, Interesting
One of the nice things about Fedora being an open source project is that participation by others (eg. the Fedora Legacy people) is encouraged.
(I would use a different description, maybe "with an open development system", rather than "open-source", since the are neither mutually exlusive nor mutually inclusive)
I really wanted to know though how that differed from (say) Debian, Gentoo and Mandrake (who have been had open development systems for at least a year each, especially Debian).
If a lot of people want backported security fixes, there's nobody stopping them from doing the work and putting up an apt or yum repository with those packages.
Sure, but considering it takes time and hard work to get on the early vulnerability annoucement lists, it is unlikely for this to happen any time soon, so Fedora-lagacy updates will be a few days behind other distros.
Hardware is expensive for those of us not living in alice's-wonderland-with-7%-GDP-growth-in-one-semes ter.
And how is this relevant? If you have a drive affected by this, return it, and LG will replace it or give you a refund, since this is a hardware defect which they are responsible for. Many users have already.
You either put up with that and write safe software for sub-par nonstandard tienda-de-descuentos hardware,
And how do you know which standards-compliant methods will damage bad hardware? You have to test it. Why wasn't this bug (in a failry popular kernel patch) discovered before? Because it wasn't tested by a large enough group of people before, so it was difficult to isolate the problem. Now that we know what the problem is, it is easy to spot other occurences of the bug (Gentoo's America's Army CDs for instance).
or you create clear specifications of what kind of system you must have for Linux to even work.
There are specifications for the hardware, and LG is the only manufacturer not following them, which is why they are the only ones affected by this patch.
(By the way, am I the only one annoyed by the fact that even the modern-est Linux distros only support 10% of the ethernet cards supported by Win95?)
Are you talking about ancient plug-n-play network cards? Linux does support them, but they're such a mission to set up if you don't have the DOS utilities they shipped with to set the IRQ and base address (since you have to guess).
Maybe you would like to tell me why Windows 2003 doesn't support the PCI network cards I have in my linux box (which work fine with windows95->Windows 2000)?
When I get back to work Monday I'll post that info (and the firmware versions, if I can get them) to the Mandrake Club Install forum. Of course, that's where I should have posted it in the first place.
Actually, you might want to try a route that will get you to developers more directly, either by filing a bug in the bug tracking system for stable releases or by posting to the cooker list.
It took over a day to get from the Club to developers, as I picked it up a bit late on the Club, and could only post to the maintainers list the next morning.
Anyway, posting to a news site is not the first thing you should do if you're interested in having it fixed quickly (people don't take kindly to getting bad press without you giving them an opportunity to investigate first).
While it is nice that Slashdot posts this as a service to the community, it could have been an idea to at least try and get more facts before posting this.
Firstly, it seems to be only (or mostly) CD-ROM drives, and not CD-RW drives or CD/DVD drives, however Mandrakesoft is compiling a list of the affected model numbers.
Secondly, not all drives of the same model number are affected, since some drives of the same model, but with differing firmware revisions, have different results.
Thirdly, this is a hardware/firmware defect, which seems to be triggered by the packet writing patch (I believe SuSE has shipped with this patch for some time, so LG drives could be affected under SuSE). If your drive is still under warranty, LG should replace it.
It may also be possible to reflash the drives with a working firmware, but no-one has reported success with that yet.
Instead of posting a link to alt.os.linux.mandrake, maybe next time Slashdot can link to the thread on the cooker mailing list which has been posted to by the Mandrakesoft people investigating the issue? But I guess that's too much to ask of Slashdot.
It would help if you posted specifics... but is that an NForce2-based board? If so, install 9.2, but be sure to grab the current tmb-kernel from contrib (kernel-tmb-2.4.22.12tmb IIRC), which has just fixed ACPI on the NForce2.
I've noticed that in the review they commented that the volume on your soundcard is set to 0 by default.
This was still the case in 9.2rc2, but has been fixed for 9.2 final (I specifically tested this with latest cooker).
It's been like this since 9.0.
Actually, it's been like that since ALSA-0.9, but Mandrake has just been defaulting more cards to ALSA than most other distros (for good reason).
I like Mandrake and all, but find the Linux distribution virtually unusable due to the tons of little bugs and quirks Mandrake has out of the box (for example, in 9.2 VNC dosen't work).
I think you mean 9.1? Well, that was fixed quite soon after release (it was only fully identified after 9.1RC2...).
What's the deal with this lack of attention to detail?
You tell me! I tested cooker and 9.2RCs, and my bugs are fixed...
Mandrake is free to do what they want with their commercial versions with proprietary addons.
And they are free to do as they wish with the GPL version too. They don't have to make the sources available to anyone but paying customers. They don't have to make the binaries available either.
But they do.
They simply legally and ethically can't do the same with the GPL vesion.
Well, you can legally redistribute the GPL version, but that doesn't make it ethical (legality and ethics are very diffirent things...).
It will never be right in a million years for anyone to try and limit the distribution of GPL software.
They didn't. But, they are trying to make money at this, while sticking to the spirit and the letter of open-source. It seems like you're the one sticking to the letter, but not the spirit. They also have a right to make money (the GPL does actually provide for this).
Somehow I don't think the authors of Gnome or KDE or even the author of some package rarely used want to see their software being restricted in this way.
I am quite sure two contributors to KDE and GNOME won't quite agree with you. I am sure Laurent Montel and Fred Crozat (both employed by Mandrakesoft to work mostly on KDE and GNOME respectively) would like to keep their jobs, so they can continue contributing to free software development.
Mandrake knew what they were getting into when they decided to piggy back on the work of others to create their distro. If now they are somehow regretting the terms of the software they have adopted, then maybe they need to rethink the business they are in.
I think they had hoped people would have some integrity, and respect their business plan.
But it seems they were too optimistic.
I guess it's not possible to make money on distributing open-source software (besides those you charge development licenses for as is the case with Qt and MySQL), because of people like you, who can't respect their business plan.
Would it really hurt you guys to wait two weeks? Is there some reason you can't use the FTP tree? If you need Mandrake so badly, what are you going to do in 6 months time if they don't survive to release 10.0? Distro-hop until you kill the next distributor, and all we are left with is Debian (who AFAIK don't fund any full-time KDE/GNOME/kernel developers - so Debian development will stagnate even further to 5 year release cycles) and Lindows, with Redhat only making money off Oracle/RHAS clients, and Gentoo which you can't really give a Windows newbie?
Sorry, but I can't respect you, or your motivations.
The only way forward is an online software distribution and management system such as Portage: now your distro hits the streets every day.
My distro gets updated every day too, via urpmi, and it *is* Mandrake (cooker).
A distro that offers KDE 3.1.3 or lower is by definition old. I want the latest and greatest
Oh, you want the latest *number*, you don't actually care about the software then? Mandrake's KDE-3.1.3 has most of the bugfixes from the 3.1 tree that were available a week before 3.1.4, and you would notice that most KDE apps actually have 3.1.4 as the version number.
But all you care about is the version number on the package.
My impression of Linux/Unix systems has always been that each host has it's own set of user accounts and if I have 3 hosts it means that I have to maintain 3 sets of passwords. With NT4/Win2000, my servers share a common userspace so that you only have to maintain a single user account.
And you would have a similar impression if you only deployed individual Windows NT/2k servers...
Is there something under Linux/Unix that does this?
Unix typcially uses NIS, NIS+ or LDAP, however samba also provides Winbind for using groups and users from a Windows domain.
Plus, samba3 can use LDAP for storing it's account details, making LDAP the best choice for enterprise account management (if anyone was thinking about using NIS...).
The mandrakesecure.net site has some good articles on setting LDAP and samba (2.2.x with ldap support compiled in) up as a single authentication source.
How easy is it to drop a Samba server into an existing Win2000 network?
With samba3, trivial. With samba-2.2.x, you had to set certain options on the win2k domain controller (due to samba-2.2.x not having AD support).
Last time I touched samba, there were issues joining machines to a domain where I had to manually add LDAP entries for machines, then join them.. Kinda tedious..
Those two documents cover a setup which will give you a PDC-BDC setup where any member of the right group (adm by default) will be able join machines to the domain without having to pre-make machine accounts.
Also, passwd sync was hell, I ended up writing a password change web CGI that fed values into ldapmodify and smbpasswd to keep passwds in sync, since samba used LM and NT passwd fields within the samba ldap schema.
This can be addressed by using 'pam password change' and ensuring your pam_ldap setup is correct.
The biggest issue that samba-3.0.0 addresses (IMHO) is password expiry, which could be hacked onto 2.2.8a, but not easily...
Slashdot Mirror
If Mandrake doesn't test a large variety of the most common configurations
...
They did. They tested on a number of OEM boxes (HP, Dell) and white-boxes that had LG drives, but they all had newer firmware and were not affected.
Additionally, the patch that triggers the problem has been in the kernel since before RC1, and the problem was not reported until the final releases (2 months later). So, it wasn't found by the community in 2 months of beta testing!
then they really don't deserve anyone's money as they are rather amateurish.
Well, then neither does SuSE (who maintain the patch in question) or Gentoo (who fried some drives with their America's Army CD and possibly some release CDs) and didn't figure it out until Mandrake found the cause
I would actually say it's the hardware company that doesn't deserve your money if they can't make standards-compliant hardware.
It's not about the state of the system *after* the update (since they should all be quite similar), it's more about supporting installation. If driver disks are to be supplied, or installer patches are to be made, it just duplicates the work required to do this (compiling modules for both kernels etc etc), and introduces differences in machines during the installation (so the first question from someone supporting people having troubles installing would have to be which kernel they are booting, and newbies are unlikley to notice ...).
But in any case, a company that greets it's potential customers by risking their hardware is one that's never getting my money.
The hardware isn't at risk. You would just have to download the kit from LG to reflash the firmware on the drive.
But of course, remember that even if Mandrake issued new ISOs, your *hardware* would still be vulnerable. The best solution for the end-user is to update their firmware so that it is no longer vulnerable (to say the Gentoo America's Army CD).
Secondly on installing, you say that a liveCD install is worse because of higher system requirements. While I can understand your point I think that this again is linked to the first issue as the system would target a certain level of hardware and if you don't meet them then you would need a lighter weight system.
...
You can't run a GUI on Knoppix with less than 96MB of ram, unless you know what you are doing (in which case you probably don't need Knoppix).
Mandrake does a GUI installation with about 64, and a usable-by-newbies text installation in 32.
Systems with less than 72MB can easily run Mandrake (though not KDE, but even GNOME should be usable, though fluxbox etc may be better choices).
And I have seen a numeber of machines that can't deal with a 700MB Live CD
How is installing from a liveCD any different then installing from an installation cd? If you don't trust the source then you won't trust the system. Who is to say the the liveCD is going to install it's own binary content?
If the person who mastered the CD had a trojaned system, yours will be too.
Most LiveCD projects don't have public CVS and changelog lists (which allow easy tracking of changes, patches etc) which cover every package, most distros do. A liveCD also would theoretically allow you to tamper with the package database (ie on RPM-based systems reset the MD5 sums of files you have tampered with) to hide what you have done. This would be largely undetectable.
Granted, this may not be likely, but it is much easier to do than on a large distro where every package is worked on transparently, and the only thing that can tamper with your package database is the installation software (which is also transparent).
Isn't an installation cd simply a different sort of liveCD which is used to install the system?
Yes, but no files on the "Live CD" are copied onto the target machine. And the files on the "Live CD" most likely have revision control.
Just look at the Knoppix remasters out there which cater for everything from medics to dance dancers and clusterers.
So, if I want to try one more piece of software not included on the LiveCD I have, I must download another >600MB ISO to try it?
Thanks, but I would rather just ask someone with a system to image to make a new CD for me with the package I am interested in (which he already likely has since most of the packages are available in real distros anyway).
Time for you to release maybe?
Other priorities (like a thesis to hand in in 17 days). But, others will be released soon.
The full Powerpack is quite a bit more expensive than the DVD-only ($69 vs $54 for the DVD-only), and it quite clearly states that it comes with no docs and no support:
...
"Support and reference documentation is not provided with the product."
So, I don't think you'll have any luck.
Personally, I prefer the ProSuite CDs+DVD, since the 2 server-only CDs are quite useful, and I don't need no support
Most SATA chipsets need proprietary (ie, they provide sources which are wrappers for a binary object which they don't supply the source for) drivers.
This means that no-one can legally distribute these drivers with a kernel without violating the GPL.
However, if you want, I can build binary modules for you, any you can stick them on a floppy and have them loaded during installation (before hard disk detection). You would possibly still need to copy them to the drive before booting the machine (I haven't tried this).
The public release was delayed until LG provided fixed firmware for their drives, and a means to salvage machines that had already lost their firmware.
It would be quite complicated supporting essentially two different releases of 9.2, so unfortunately you will just have to do the updates (for now).
While I agree with most of what you say, I honestly feel that "Linux's best hope for widespread adoption" will be a live CD which allows people to boot up, see that things are going to work and then allows them install it from the liveCDs gui.
I really don't consider this a good way of installing, for a number of reasons (like increased minumum hardware requirements, greater possibilities for someone to trojan the installation, limitations on what you can choose or not choose, etc).
IMHO, Live CDs are currently limited because they aren't tailored more to the target audience, and that is why I have done some work on the mklivecd stuff in Mandrake. If you want to demo a solution to someone without having to remaster Knoppix (which is quite a bit of effort), you can install Mandrake 9.2 and:
# urpmi mklivecd
# mklivecd livecd.iso
(there are some issues with the release in 9.2 contrib, we hope to get a newer release out soon with the fixes and features we have in cvs)
but no community nor Mandrake are building one that I know of
One has already been distributed at a conference (based on 9.2). Another one has been ditributed privately. Another one is in the works. I have a few of my own which are used for internal purposes at work, though I may consider releasing one (if I have time and bandwidth to spare). Plus, there is another one coming as a surpise.
-kernel-source not included
kernel-source was in 9.1, not on the 9.2 ISOs though
After I ran Mandrake Update all my KDE and GNOME menus were EMPTY!
Never seen this reported for 9.1
Python couldn't find itself
This normally only affects users who installed cooker packages on 9.1, and didn't remove the old libpython2.2 package.
Couldn't compile and run Karamba or SuperKaramba(ay carumba!)
Superkaramba-0.32b is in contrib for 9.2. So, maybe you weren't running 9.2?
Its just little things like that, that need to be ironed out of Mandrake and I think it'll be a great OS.
/etc/modules
Indeed, but no-one is going to iron it out if it isn't reported.
This looks like a hotplug/coldplug issue. Does it come up if you boot up, remove the dongle and plug it back in?
It looks like this ight be your bug. Please subscribe to it, and/or add any additional info that would help use fix it.
Another issue may just be that the modules aren't loaded, you can hack around this by adding the necessary modules to
I can't unplug my Dell 5800 laptop while running or it locks up, same with plugging it in while running. Working on the cause.
Broken local APIC. Boot with 'nolapic' to workaround it.
Handles 3d hardware acceleration fine for my ATI 9500 card, but no 3d for my 9700 pro (5 install attempts and dozens of fixes) I will not give up... Must..get...CWET...working.
There are updated ATI driver packages on the Club, you may want to try those.
I'm pretty sure I didn't hear of SUSE or RedHat doing this.
AFAIK, SuSE (and Gentoo) did. And, Redhat quite often ships with CVS snapshots of core software (glibc), pre-releases of others (gcc), and other large patches not used by others in stable releases.
The glibc on RH 9.0 caused lots of problems (MySQL apps would not compile, installations with large numbers of users/groups were broken for a few months).
Mandrake is, and always has been, buggy at best.
Probably no worse than Redhat, and pretty close to SuSE and Debian testing. Stable software, new features, choose 1.
The drives re-implemented the FLUSH_CACHE command to update the firmware. The standard allows either to implement it (and do nothing on a CD-ROM drive) or to not implement it (resulting in an error), but not to use it for something else (and they chose to do something potentially catestrophic with it).
;-)).
So, drives with older firmware aren't compliant, and their degree of non-compliance results in the drive erasing it's own firmware (I mean, they could instead have re-used the command to open the drive tray
Web Browser
I think we have this better covered than Windows (since you didn't say we had to access all sites made by IE-only people)
E-mail
I think we've got this covered too. You didn't mention calendaring/scheduling (where we are still behind).
Office Software
OpenOffice.org is achieving about the same compatability you get between different versions of MS Office.
Custom/Special Application compatibility
In a lot of cases, it's feasible to migrate some of these to Web-based apps. For scientific/engineering applications, ports are already available for many products. For anything else, this is problem (that can be solved for a price and some inconvenience via win4lin server or similar).
Central Authentication/Access Control
This is done with OpenLDAP (unix clients), Samba3 (for Windows clients). Enforcing settings has not been integrated yet (but they could be enforced - at least with KDE - via config files which could be distributed via the package management system). Updates should not be pushed via AD IMHO. apt-get, urpmi, yum etc can do this well enough (only thing is setting this up initially is not automatic).
Windows Update-like mechanism
apt-get, urpmi, yum etc in cron. Use multiple repositories/sources/urpmi media etc to achieve the effects you want.
Integrated Virus protection/Firewalling
Firewalling is no problem (available on all distros), Virus protection is *only* necessary on file/mail servers that serve Windows machines. If it really does become necessary, pay Sophos some more money to cover your linux desktops as well. Most distros ship with an open-source virus scanner (such as clamav).
Hardware Support
Choose your vendors. Those that don't support Linux will soon see why they should. But, this is an issue still.
ISV/Vendor Support
This is probably one of the bigger hurdles.
One of the nice things about Fedora being an open source project is that participation by others (eg. the Fedora Legacy people) is encouraged.
(I would use a different description, maybe "with an open development system", rather than "open-source", since the are neither mutually exlusive nor mutually inclusive)
I really wanted to know though how that differed from (say) Debian, Gentoo and Mandrake (who have been had open development systems for at least a year each, especially Debian).
If a lot of people want backported security fixes, there's nobody stopping them from doing the work and putting up an apt or yum repository with those packages.
Sure, but considering it takes time and hard work to get on the early vulnerability annoucement lists, it is unlikely for this to happen any time soon, so Fedora-lagacy updates will be a few days behind other distros.
Hardware is expensive for those of us not living in alice's-wonderland-with-7%-GDP-growth-in-one-semes ter.
And how is this relevant? If you have a drive affected by this, return it, and LG will replace it or give you a refund, since this is a hardware defect which they are responsible for. Many users have already.
You either put up with that and write safe software for sub-par nonstandard tienda-de-descuentos hardware,
And how do you know which standards-compliant methods will damage bad hardware? You have to test it. Why wasn't this bug (in a failry popular kernel patch) discovered before? Because it wasn't tested by a large enough group of people before, so it was difficult to isolate the problem. Now that we know what the problem is, it is easy to spot other occurences of the bug (Gentoo's America's Army CDs for instance).
or you create clear specifications of what kind of system you must have for Linux to even work.
There are specifications for the hardware, and LG is the only manufacturer not following them, which is why they are the only ones affected by this patch.
(By the way, am I the only one annoyed by the fact that even the modern-est Linux distros only support 10% of the ethernet cards supported by Win95?)
Are you talking about ancient plug-n-play network cards? Linux does support them, but they're such a mission to set up if you don't have the DOS utilities they shipped with to set the IRQ and base address (since you have to guess).
Maybe you would like to tell me why Windows 2003 doesn't support the PCI network cards I have in my linux box (which work fine with windows95->Windows 2000)?
When I get back to work Monday I'll post that info (and the firmware versions, if I can get them) to the Mandrake Club Install forum. Of course, that's where I should have posted it in the first place.
Actually, you might want to try a route that will get you to developers more directly, either by filing a bug in the bug tracking system for stable releases or by posting to the cooker list.
It took over a day to get from the Club to developers, as I picked it up a bit late on the Club, and could only post to the maintainers list the next morning.
Anyway, posting to a news site is not the first thing you should do if you're interested in having it fixed quickly (people don't take kindly to getting bad press without you giving them an opportunity to investigate first).
(vdanen being Vincent Danen who is responsible for updates).
While it is nice that Slashdot posts this as a service to the community, it could have been an idea to at least try and get more facts before posting this.
Firstly, it seems to be only (or mostly) CD-ROM drives, and not CD-RW drives or CD/DVD drives, however Mandrakesoft is compiling a list of the affected model numbers.
Secondly, not all drives of the same model number are affected, since some drives of the same model, but with differing firmware revisions, have different results.
Thirdly, this is a hardware/firmware defect, which seems to be triggered by the packet writing patch (I believe SuSE has shipped with this patch for some time, so LG drives could be affected under SuSE). If your drive is still under warranty, LG should replace it.
It may also be possible to reflash the drives with a working firmware, but no-one has reported success with that yet.
Instead of posting a link to alt.os.linux.mandrake, maybe next time Slashdot can link to the thread on the cooker mailing list which has been posted to by the Mandrakesoft people investigating the issue? But I guess that's too much to ask of Slashdot.
I think that is a FANTASTIC idea.
...
OK, so you mean that you actually *prefer* using free-beer proprietary software over free-speech software?
I think you're using the wrong distro, the next SuSE release is out quite soon I hear
It would help if you posted specifics ... but is that an NForce2-based board? If so, install 9.2, but be sure to grab the current tmb-kernel from contrib (kernel-tmb-2.4.22.12tmb IIRC), which has just fixed ACPI on the NForce2.
I've noticed that in the review they commented that the volume on your soundcard is set to 0 by default.
...).
...
This was still the case in 9.2rc2, but has been fixed for 9.2 final (I specifically tested this with latest cooker).
It's been like this since 9.0.
Actually, it's been like that since ALSA-0.9, but Mandrake has just been defaulting more cards to ALSA than most other distros (for good reason).
I like Mandrake and all, but find the Linux distribution virtually unusable due to the tons of little bugs and quirks Mandrake has out of the box (for example, in 9.2 VNC dosen't work).
I think you mean 9.1? Well, that was fixed quite soon after release (it was only fully identified after 9.1RC2
What's the deal with this lack of attention to detail?
You tell me! I tested cooker and 9.2RCs, and my bugs are fixed
Mandrake is free to do what they want with their commercial versions with proprietary addons.
...).
And they are free to do as they wish with the GPL version too. They don't have to make the sources available to anyone but paying customers. They don't have to make the binaries available either.
But they do.
They simply legally and ethically can't do the same with the GPL vesion.
Well, you can legally redistribute the GPL version, but that doesn't make it ethical (legality and ethics are very diffirent things
It will never be right in a million years for anyone to try and limit the distribution of GPL software.
They didn't. But, they are trying to make money at this, while sticking to the spirit and the letter of open-source. It seems like you're the one sticking to the letter, but not the spirit. They also have a right to make money (the GPL does actually provide for this).
Somehow I don't think the authors of Gnome or KDE or even the author of some package rarely used want to see their software being restricted in this way.
I am quite sure two contributors to KDE and GNOME won't quite agree with you. I am sure Laurent Montel and Fred Crozat (both employed by Mandrakesoft to work mostly on KDE and GNOME respectively) would like to keep their jobs, so they can continue contributing to free software development.
Mandrake knew what they were getting into when they decided to piggy back on the work of others to create their distro. If now they are somehow regretting the terms of the software they have adopted, then maybe they need to rethink the business they are in.
I think they had hoped people would have some integrity, and respect their business plan.
But it seems they were too optimistic.
I guess it's not possible to make money on distributing open-source software (besides those you charge development licenses for as is the case with Qt and MySQL), because of people like you, who can't respect their business plan.
Would it really hurt you guys to wait two weeks? Is there some reason you can't use the FTP tree? If you need Mandrake so badly, what are you going to do in 6 months time if they don't survive to release 10.0? Distro-hop until you kill the next distributor, and all we are left with is Debian (who AFAIK don't fund any full-time KDE/GNOME/kernel developers - so Debian development will stagnate even further to 5 year release cycles) and Lindows, with Redhat only making money off Oracle/RHAS clients, and Gentoo which you can't really give a Windows newbie?
Sorry, but I can't respect you, or your motivations.
The only way forward is an online software distribution and management system such as Portage: now your distro hits the streets every day.
My distro gets updated every day too, via urpmi, and it *is* Mandrake (cooker).
A distro that offers KDE 3.1.3 or lower is by definition old. I want the latest and greatest
Oh, you want the latest *number*, you don't actually care about the software then? Mandrake's KDE-3.1.3 has most of the bugfixes from the 3.1 tree that were available a week before 3.1.4, and you would notice that most KDE apps actually have 3.1.4 as the version number.
But all you care about is the version number on the package.
My impression of Linux/Unix systems has always been that each host has it's own set of user accounts and if I have 3 hosts it means that I have to maintain 3 sets of passwords. With NT4/Win2000, my servers share a common userspace so that you only have to maintain a single user account.
...
...).
And you would have a similar impression if you only deployed individual Windows NT/2k servers
Is there something under Linux/Unix that does this?
Unix typcially uses NIS, NIS+ or LDAP, however samba also provides Winbind for using groups and users from a Windows domain.
Plus, samba3 can use LDAP for storing it's account details, making LDAP the best choice for enterprise account management (if anyone was thinking about using NIS
The mandrakesecure.net site has some good articles on setting LDAP and samba (2.2.x with ldap support compiled in) up as a single authentication source.
How easy is it to drop a Samba server into an existing Win2000 network?
With samba3, trivial. With samba-2.2.x, you had to set certain options on the win2k domain controller (due to samba-2.2.x not having AD support).
Last time I touched samba, there were issues joining machines to a domain where I had to manually add LDAP entries for machines, then join them.. Kinda tedious..
...
<plug>
Implementing a Samba LDAP PDC Setup
and
Implementing Disconnected Authentication and PDC/BDC Relationships Using Samba and OpenLDAP
</plug>
Those two documents cover a setup which will give you a PDC-BDC setup where any member of the right group (adm by default) will be able join machines to the domain without having to pre-make machine accounts.
Also, passwd sync was hell, I ended up writing a password change web CGI that fed values into ldapmodify and smbpasswd to keep passwds in sync, since samba used LM and NT passwd fields within the samba ldap schema.
This can be addressed by using 'pam password change' and ensuring your pam_ldap setup is correct.
The biggest issue that samba-3.0.0 addresses (IMHO) is password expiry, which could be hacked onto 2.2.8a, but not easily