The GNU project has a tool for tracking where stuff goes from "make install" so you can remove it, not that I think that is anyway to manage a system just thought you might like to know.
You can't go to the homepage for Firefox or OpenOffice and get instructions "look for it in synaptic first"
Why would you go surfing the Internet for random pieces of software, when they are already under the icon labelled "install software" on your desktop?
I think you really don't get it. Users have a very broken model of how to install software which IT security managers have been trying to bash out of them for years.
Synaptic has user interface issues, that is it's main downfall.
If the tool captures all that information, it could just as easily export a ".deb" file as an autopackage, if it doesn't understand that level of packaging detail the question is "what are we losing?".
My guess if your using gentoo is you ain't losing much, but there is a reason Debian works better than other distros (sufficiently controversial?).
Basically they are saying we might get away with packaging end user applications this way if we can assume some sort of broad base of a system already installed.
I assume it has some sort of security update mechanism to tell it to upgrade then the application has a security issue, so I've just doubled the complexity of my patching by installing one app - yeap beginning to sound like the ease of use of installing and maintaining Windows software.
If people go this way, I suspect Debian will ignore them, and as a result remain the distribution other people build distributions off.
I fail to see how apt (or yum) doesn't scale beyond how maintaining software with dependencies doesn't scale. Now I'd agree maintaining ever bigger suites of software through dependencies creates issues with maintaining that dependency information (although I'd have thought it small compared to maintaining the code itself), although it is presumably possible to use metapackages to define "baselines" to reduce that complexity (or sweep it under someone elses carpet).
Will people stop saying dependencies in "unstable" are sometimes broken, or "unstable" breaks - this is precisely why it is called "unstable". Precisely why my desktop has "testing" on currently.
Sure Debians packaging system isn't perfect, but it is probably the best software packaging system in widespread use in terms of handling dependencies.
Most of the cases presented as problems encountered have simple solutions in "apt" is you know what you are doing (or have read the Debian reference), and if you are troubleshooting installation problems in computer configuration you should know what you are doing, otherwise reinstall and stop wasting your lives.
US law is quite subtle on this, because there are safe guards to keep stuff in the public domain once it is placed there (unlike in Europe).
As such something is required that is "creative", correcting the failing of a automatic character recognition software probably wouldn't count, as I suspect page numbering wouldn't.
The law to look up pertains to organisations that index US legal judgements, these remain public domain because "indexing" isn't a creative endevour (usually!).
Any commentary on the original document would of course be copyrighted. Also I think a photo of a public domain document might well be under a new copyright, but that is just the sort of bizarre result of applying distinctions where little or none really exists.
Sorry I've seen way too many people switch off firewalls - people who in all other aspects have a clue, including experienced Windows C++ coders.
And the W2K != XP is so true - I never really saw any bad malware issues till XP. Sure the odd box would get a virus, maybe two or three if the user was truely clueless, or surfing dodgy websites with default IE security settings, but I've seen XP with the same malware installed many times over, and then several more types for good measure.
People here are still buying PCs with XP SP1 only installed - mean time to compromise 17 minutes and falling.
Most GNU/Linux systems default to saving files without execute permission.
This means you email me an executable, I save it to disk, I have to open up the properties dialogue and tell it "this is an executable".
In the good old days of uuencode you could set the Unix file permissions on attachments as the sender - but that died a LONG time before Microsoft started doing popular email clients - because people could email you malicious executables. Those who do not know their history......
Recent Outlook versions in XP are pretty paranoid about file attachments, you need to know regedit to save a file of certain types. Indeed the paranoia is so extreme that file attachments become a pain in the neck.
Of course if you find a buffer overflow in a common GNU/Linux executable, that is a common default handler for a type of data, you can make a program that spreads as email attachments.
I'm not sure what would pass as a common GNU/Linux file type handler - probably sxw for OpenOffice is the most likely vector. But then how many Windows XP users do you know who patch MS Office - in my experience none outside big corporates for whom it happen magically.
Most GNU/Linux users I know would be pretty suspect of any emailed executable, and would probably want the source code anyway. Others would respond "if 'apt' can't get it, it doesn't exist". Different cultures - different norms.
One way to counterbalance this would be to offer a financial incentive to target a specific platform more attractive to attack. Oh right.
Although I've always thought webserver would make a more attractive target than broadband users, how many broadband users have a 100Mbps connection to the Internet, or even 1GBps. Hack one 1Gbps box and that is like 500+ broadband bots for spamming or DDoS attacks. Even cheaply hosted boxes are on 10Mbps.
I think also the "Apache has many implementations" argument is both right and wrong.
Whilst preventing a simple x86 buffer overflow getting every platform (indeed many platforms Apache runs on have kernel level protection against buffer overflows anyway), anything that gets a Perl shell on any of the most popular Apache implementations could become a pretty nasty worm.
Indeed I think most replicating *nix malware is exploiting perl for cross platform coding these days, but there is so little of the stuff around it is hard to tell.
On a practical level if Apache doesn't present a monoculture for vulnerabilities, surely this is a good argument in favour of using it.
The they are exempt from the GPL requirement to supply source because they aren't distributing classified code (we hope), except for the spies who sell it to the enemy, they have to include the source because they are distributing it.
oscommerce is the main ecommerce module shipped in Mambo - when I looked the wrapping looked quite good, moving the admin interface into the Mambo interface.
Didn't use it to build a site at the time though - my Mambo site didn't need ecommerce - so can't say how it holds up in the real world.
I think you are right about the extra step - I'm working on it.
But Firefox isn't a no brainer, first person I tried to switch (having removed spyware and viralware) discovered the ActiveX missing from his most crucial website.
Convergent evolution happens on earth because different species face similar problems because of a common environment.
i.e. how to graze grass whilst running away predators. How not to oxidise due to all the oxygen in the atmosphere. Keeping warm in the winter, cool in the summer (due to the tilt in the axis). Grass/Oxygen/Orbit...
Similarly eyes assume visible light, eyes as we know them may not work well with other frequencies of light. Or they may as Douglas Adams discussed humorously live on (in? in the atmosphere of?) a planet with a cloud around it blocking their view of the outside world.
Whilst I agree there are probably problems common to all animals, and a good number of the planets and satellites in our own system are not so different from earth (although the atmospheres vary a bit).
Something evolving in the clouds of a gas giant, say, may have some very different challenges - ballast control, pressure changes, dealing with incoming space debris.
Asymetries in the weak nuclear force means all we have to do is describe one isotope of cobalt to them, and they can then switch left/right if they got it wrong first time.
Earth bound animals - who share probably at least 60%-80%+ of our genome and 100% of our environment, since I believe carrots are around the 50% mark. Carrots aren't curious as far as I can tell, but maybe I'm not communicating to them in the right way, and they are a lot more similar genetically than aliens are likely to be.
Curiousity might exist with evolutionary convergence, like many animals have eyes from different evolutionary paths because eyes are an easy and obviously advantagous (well mostly if you have light) adaption, but then it might be a planet with a lot of cave dwelling animals that can kill, and curiosity thus a remarkably unsuccessful strategy unless you are a particularly agressive and unpleasant life form.
Aliens will be very alien, although as a pan-spermia believer, they might share amino acids with us. The only positive side of which is one group or the other might be processable into food, more cheaply than the rocks.
We could take a tip from the Andaman Islanders, believed to be alive and well because they fired bows and arrows at the helicopters used by the US millitary in the Tsunami rescue work.
They resisted all contact, and eventually traded some socialogical information for food. Apparently when pig is plentiful they eat pig, and when pig is scarce they fish. Now that has to be worth a mango.
I think the trade idea is interesting, but if they are so far removed direct contact is unlikely, then by withholding information that might be socially useful to them might be seen as selfish.
i.e. if they withhold the cure for cancer for 50 years, till we tell them the secret of teflon, would we look on them lovingly, after they have traded us the prints for the new inter-stellar drive?
Trusted computing won't help against this sort of thing, trusted computing is about making your computer trustworthy to third parties so they can sell you copyrighted material without you being able to infringe the copyright even if you wanted to. If anything it makes computers less trustworthy to the end user.
Microsoft are clearly to a degree culpable for the poor state of the Internet.
I don't see what poor protocols the Internet has that are vulnerable. Almost universally the main vectors for malware are ports 137 to 139 which are used by Microsoft protocols. Or SMTP from poor Windows implementations.
Sure there are issues with plain text passwords in FTP, and spoofing attacks in DNS, but these protocol weaknesses are relatively rarely exploited, and in some cases quite challenging to exploit.
Witness the recent DNS poisoning attack which was only noticed by users of Symantec Firewall products, which suggests it is poor implementations and not the protocols that are the main issue.
There is an argument that SMTP should have more authentication, but then the standards to fix this OpenPGP was agreed with the IETF in 1998 (and inline PGP worked as a defacto standard for years before) and still hasn't been implemented natively in Microsoft email clients. They only implemented S/MIME, the cynical might suggest S/MIME had better revenue generating opportunities. Similarly weaknesses in the SMTP protocol mean you get junk email delivered, nothing says this junk need own your computer.
There is an argument that Microsoft's monopoly position is creating a monoculture weakness. But this we can't blaim on Microsoft (other than for dodgy business practices earlier in its history), they are doing what any other company with the opportunity would do. No company will willingly surrender market share.
For me the worst solution is that Microsft actually wake up to the security problem, wipe out the buffer overflow problems with simple compiler switches (ala XP SP2 but more widely), and start revamping their architectures to eliminate the structural weaknesses, and the problem is solved without eliminating the monopoly position. Because monopolies are bad for quality, and even if we drive them hard to fix security problems through legislation, we can't force them to write good software without competition.
Technically I'm that sort of user as well, although I went Linux desktop years ago, it was after abandoning Outlook Express for more secure email clients, and trying W2K and thinking "oh shit, I don't want anything to do with that".
BSD does I'm sure do all these things and more, but despite being a Unix admin with experience installing SCO/Solaris/HP-UX/DGUX/Linux the first BSD install just left me cold, and I gave up very quickly.
"IBM Job Control Language was written when Kennedy was President, and before some of you were born, concepts in computing have changed somewhat since then".... at the time even the trainer was born after Kennedy was President. Most of the effort from that course was unlearning the junk taught and relearning how you were suppose to do it now.
Unix is a newbie in the software survival stakes, when you've maintained Fortran code obviously written for a pre-Fortran 66 compiler the 1970's begins to feel quite sophisticated.
But the thing that is most impressive about the Unix API is how well it still works. The old IBM mainframe stuff was full of stupid limits, but part of the philosophy that grew at that time was not to have these arbitary limits. But IBM was obsessed with backward compatibility, so many of them still applied last time I touched a mainframe.
No one mention time as a signed 32 bit integer, or 15 character filenames.
Hehe -- I seem to remember slaving a DNS zone managed by EDS once, and about once a month we'd tell them they got the serial number wrong with the latest update.
It wouldn't be so bad if the zone wasn't the Intranet "apex" zone for a major International corporate, and the serial number was in YYYYMMDDNN format.
I hope elsewhere they put the corporate network infrastructure in the hands of someone who at least knows what year it is.
Slashdot Mirror
"Ever try upgrading Gnome using apt-get? Guess not..."
Urm yes I've done this several times, it has always just worked, I'm not quite sure what your point is?
The GNU project has a tool for tracking where stuff goes from "make install" so you can remove it, not that I think that is anyway to manage a system just thought you might like to know.
You can't go to the homepage for Firefox or OpenOffice and get instructions "look for it in synaptic first"
Why would you go surfing the Internet for random pieces of software, when they are already under the icon labelled "install software" on your desktop?
I think you really don't get it. Users have a very broken model of how to install software which IT security managers have been trying to bash out of them for years.
Synaptic has user interface issues, that is it's main downfall.
No, but for my distro of choice it is harder to install it using autopackage than using the distros own tools for same.
Ponder for a moment the detail captured in the deb for Inkscape....
Version: 0.41-1
Depends: libatk1.0-0 (>= 1.7.2), libc6 (>= 2.3.2.ds1-4), libfontconfig1 (>= 2.2.1), libfreetype6 (>= 2.1.5-1), libgc1, libgcc1 (>= 1:3.4.1-3), libglib2.0-0 (>= 2.6.0), libglibmm-2.4-1, libgtk2.0-0 (>= 2.6.0), libgtkmm-2.4-1, libpango1.0-0 (>= 1.8.0), libpng12-0 (>= 1.2.8rel), libpopt0 (>= 1.7), libsigc++-2.0-0 (>= 2.0.2), libstdc++5 (>= 1:3.3.4-1), libx11-6 | xlibs (>> 4.1.0), libxft2 (>> 2.1.1), libxml2 (>= 2.6.16), libxrender1, libxslt1.1 (>= 1.1.12), zlib1g (>= 1:1.2.1)
Suggests: dia, libwmf-bin, pstoedit, sketch, imagemagick, perlmagick
If the tool captures all that information, it could just as easily export a ".deb" file as an autopackage, if it doesn't understand that level of packaging detail the question is "what are we losing?".
My guess if your using gentoo is you ain't losing much, but there is a reason Debian works better than other distros (sufficiently controversial?).
Basically they are saying we might get away with packaging end user applications this way if we can assume some sort of broad base of a system already installed.
I assume it has some sort of security update mechanism to tell it to upgrade then the application has a security issue, so I've just doubled the complexity of my patching by installing one app - yeap beginning to sound like the ease of use of installing and maintaining Windows software.
If people go this way, I suspect Debian will ignore them, and as a result remain the distribution other people build distributions off.
I fail to see how apt (or yum) doesn't scale beyond how maintaining software with dependencies doesn't scale. Now I'd agree maintaining ever bigger suites of software through dependencies creates issues with maintaining that dependency information (although I'd have thought it small compared to maintaining the code itself), although it is presumably possible to use metapackages to define "baselines" to reduce that complexity (or sweep it under someone elses carpet).
Will people stop saying dependencies in "unstable" are sometimes broken, or "unstable" breaks - this is precisely why it is called "unstable". Precisely why my desktop has "testing" on currently.
Sure Debians packaging system isn't perfect, but it is probably the best software packaging system in widespread use in terms of handling dependencies.
Most of the cases presented as problems encountered have simple solutions in "apt" is you know what you are doing (or have read the Debian reference), and if you are troubleshooting installation problems in computer configuration you should know what you are doing, otherwise reinstall and stop wasting your lives.
Next week they'll sue groklaw for stealing their copyrighted material.
US law is quite subtle on this, because there are safe guards to keep stuff in the public domain once it is placed there (unlike in Europe).
As such something is required that is "creative", correcting the failing of a automatic character recognition software probably wouldn't count, as I suspect page numbering wouldn't.
The law to look up pertains to organisations that index US legal judgements, these remain public domain because "indexing" isn't a creative endevour (usually!).
Any commentary on the original document would of course be copyrighted. Also I think a photo of a public domain document might well be under a new copyright, but that is just the sort of bizarre result of applying distinctions where little or none really exists.
Sorry I've seen way too many people switch off firewalls - people who in all other aspects have a clue, including experienced Windows C++ coders.
And the W2K != XP is so true - I never really saw any bad malware issues till XP. Sure the odd box would get a virus, maybe two or three if the user was truely clueless, or surfing dodgy websites with default IE security settings, but I've seen XP with the same malware installed many times over, and then several more types for good measure.
People here are still buying PCs with XP SP1 only installed - mean time to compromise 17 minutes and falling.
Most GNU/Linux systems default to saving files without execute permission.
This means you email me an executable, I save it to disk, I have to open up the properties dialogue and tell it "this is an executable".
In the good old days of uuencode you could set the Unix file permissions on attachments as the sender - but that died a LONG time before Microsoft started doing popular email clients - because people could email you malicious executables. Those who do not know their history......
Recent Outlook versions in XP are pretty paranoid about file attachments, you need to know regedit to save a file of certain types. Indeed the paranoia is so extreme that file attachments become a pain in the neck.
Of course if you find a buffer overflow in a common GNU/Linux executable, that is a common default handler for a type of data, you can make a program that spreads as email attachments.
I'm not sure what would pass as a common GNU/Linux file type handler - probably sxw for OpenOffice is the most likely vector. But then how many Windows XP users do you know who patch MS Office - in my experience none outside big corporates for whom it happen magically.
Most GNU/Linux users I know would be pretty suspect of any emailed executable, and would probably want the source code anyway. Others would respond "if 'apt' can't get it, it doesn't exist". Different cultures - different norms.
Parent isn't flamebait... damn out of mod points (for once) I thought "interesting" or "informative" ?
Market share must make a target more attractive.
One way to counterbalance this would be to offer a financial incentive to target a specific platform more attractive to attack. Oh right.
Although I've always thought webserver would make a more attractive target than broadband users, how many broadband users have a 100Mbps connection to the Internet, or even 1GBps. Hack one 1Gbps box and that is like 500+ broadband bots for spamming or DDoS attacks. Even cheaply hosted boxes are on 10Mbps.
I think also the "Apache has many implementations" argument is both right and wrong.
Whilst preventing a simple x86 buffer overflow getting every platform (indeed many platforms Apache runs on have kernel level protection against buffer overflows anyway), anything that gets a Perl shell on any of the most popular Apache implementations could become a pretty nasty worm.
Indeed I think most replicating *nix malware is exploiting perl for cross platform coding these days, but there is so little of the stuff around it is hard to tell.
On a practical level if Apache doesn't present a monoculture for vulnerabilities, surely this is a good argument in favour of using it.
The they are exempt from the GPL requirement to supply source because they aren't distributing classified code (we hope), except for the spies who sell it to the enemy, they have to include the source because they are distributing it.
oscommerce is the main ecommerce module shipped in Mambo - when I looked the wrapping looked quite good, moving the admin interface into the Mambo interface.
Didn't use it to build a site at the time though - my Mambo site didn't need ecommerce - so can't say how it holds up in the real world.
I think you are right about the extra step - I'm working on it.
But Firefox isn't a no brainer, first person I tried to switch (having removed spyware and viralware) discovered the ActiveX missing from his most crucial website.
"A natual progression of an advanced species is to grow food instead of relying on hunting it"
Based on incomplete observation of one species?
They might eat up all our sunlight, and we'll die from the cold in their shadow.
Convergent evolution happens on earth because different species face similar problems because of a common environment.
i.e. how to graze grass whilst running away predators. How not to oxidise due to all the oxygen in the atmosphere. Keeping warm in the winter, cool in the summer (due to the tilt in the axis). Grass/Oxygen/Orbit...
Similarly eyes assume visible light, eyes as we know them may not work well with other frequencies of light. Or they may as Douglas Adams discussed humorously live on (in? in the atmosphere of?) a planet with a cloud around it blocking their view of the outside world.
Whilst I agree there are probably problems common to all animals, and a good number of the planets and satellites in our own system are not so different from earth (although the atmospheres vary a bit).
Something evolving in the clouds of a gas giant, say, may have some very different challenges - ballast control, pressure changes, dealing with incoming space debris.
Left/right is an old problem for physicists.
Asymetries in the weak nuclear force means all we have to do is describe one isotope of cobalt to them, and they can then switch left/right if they got it wrong first time.
Up/down is fairly easy if they have gravity.
"curiosity is an inherent trait even in animals"
Earth bound animals - who share probably at least 60%-80%+ of our genome and 100% of our environment, since I believe carrots are around the 50% mark. Carrots aren't curious as far as I can tell, but maybe I'm not communicating to them in the right way, and they are a lot more similar genetically than aliens are likely to be.
Curiousity might exist with evolutionary convergence, like many animals have eyes from different evolutionary paths because eyes are an easy and obviously advantagous (well mostly if you have light) adaption, but then it might be a planet with a lot of cave dwelling animals that can kill, and curiosity thus a remarkably unsuccessful strategy unless you are a particularly agressive and unpleasant life form.
Aliens will be very alien, although as a pan-spermia believer, they might share amino acids with us. The only positive side of which is one group or the other might be processable into food, more cheaply than the rocks.
We could take a tip from the Andaman Islanders, believed to be alive and well because they fired bows and arrows at the helicopters used by the US millitary in the Tsunami rescue work.
They resisted all contact, and eventually traded some socialogical information for food. Apparently when pig is plentiful they eat pig, and when pig is scarce they fish. Now that has to be worth a mango.
I think the trade idea is interesting, but if they are so far removed direct contact is unlikely, then by withholding information that might be socially useful to them might be seen as selfish.
i.e. if they withhold the cure for cancer for 50 years, till we tell them the secret of teflon, would we look on them lovingly, after they have traded us the prints for the new inter-stellar drive?
Trusted computing won't help against this sort of thing, trusted computing is about making your computer trustworthy to third parties so they can sell you copyrighted material without you being able to infringe the copyright even if you wanted to. If anything it makes computers less trustworthy to the end user.
Microsoft are clearly to a degree culpable for the poor state of the Internet.
I don't see what poor protocols the Internet has that are vulnerable. Almost universally the main vectors for malware are ports 137 to 139 which are used by Microsoft protocols. Or SMTP from poor Windows implementations.
Sure there are issues with plain text passwords in FTP, and spoofing attacks in DNS, but these protocol weaknesses are relatively rarely exploited, and in some cases quite challenging to exploit.
Witness the recent DNS poisoning attack which was only noticed by users of Symantec Firewall products, which suggests it is poor implementations and not the protocols that are the main issue.
There is an argument that SMTP should have more authentication, but then the standards to fix this OpenPGP was agreed with the IETF in 1998 (and inline PGP worked as a defacto standard for years before) and still hasn't been implemented natively in Microsoft email clients. They only implemented S/MIME, the cynical might suggest S/MIME had better revenue generating opportunities. Similarly weaknesses in the SMTP protocol mean you get junk email delivered, nothing says this junk need own your computer.
There is an argument that Microsoft's monopoly position is creating a monoculture weakness. But this we can't blaim on Microsoft (other than for dodgy business practices earlier in its history), they are doing what any other company with the opportunity would do. No company will willingly surrender market share.
For me the worst solution is that Microsft actually wake up to the security problem, wipe out the buffer overflow problems with simple compiler switches (ala XP SP2 but more widely), and start revamping their architectures to eliminate the structural weaknesses, and the problem is solved without eliminating the monopoly position. Because monopolies are bad for quality, and even if we drive them hard to fix security problems through legislation, we can't force them to write good software without competition.
You haven't seen Google news have you.
The MSNBOT browser has taken 0.2% of market share, most of this gain was at the expense of Microsoft Internet Explorer. ;)
Technically I'm that sort of user as well, although I went Linux desktop years ago, it was after abandoning Outlook Express for more secure email clients, and trying W2K and thinking "oh shit, I don't want anything to do with that".
BSD does I'm sure do all these things and more, but despite being a Unix admin with experience installing SCO/Solaris/HP-UX/DGUX/Linux the first BSD install just left me cold, and I gave up very quickly.
From memory from the training book we used....
... at the time even the trainer was born after Kennedy was President. Most of the effort from that course was unlearning the junk taught and relearning how you were suppose to do it now.
"IBM Job Control Language was written when Kennedy was President, and before some of you were born, concepts in computing have changed somewhat since then".
Unix is a newbie in the software survival stakes, when you've maintained Fortran code obviously written for a pre-Fortran 66 compiler the 1970's begins to feel quite sophisticated.
But the thing that is most impressive about the Unix API is how well it still works. The old IBM mainframe stuff was full of stupid limits, but part of the philosophy that grew at that time was not to have these arbitary limits. But IBM was obsessed with backward compatibility, so many of them still applied last time I touched a mainframe.
No one mention time as a signed 32 bit integer, or 15 character filenames.
Hehe -- I seem to remember slaving a DNS zone managed by EDS once, and about once a month we'd tell them they got the serial number wrong with the latest update.
It wouldn't be so bad if the zone wasn't the Intranet "apex" zone for a major International corporate, and the serial number was in YYYYMMDDNN format.
I hope elsewhere they put the corporate network infrastructure in the hands of someone who at least knows what year it is.