Ubuntu isn't the most popular Linux for nothing. Their software has been free and easy to install and run by novie users for quite a while now. I'll also bet Ubuntu's mirrors hold more packages than Linspire's.
This is likely a dying gasp from Linspire, who lost their unique selling proposition (graphical software package installation) when Ubuntu rose in popularity, and stuck it under novice user's noses for free.
I work in a datacenter at a billion-dollar software company with many HP and IBM big iron servers. I don't work at IBM or HP. We like HPs **way** better, as they are far easier to manage:
-HP's boot way faster
-HP's have sane BIOS's. IBM's have text-based, very slow BIOS's.
-HP's break down less often. IBM's have more fragile hardware.
-When HP's do break down, the fix is always way faster and straightforward.
-IBM tech support guys need to visit us so often that there is a desk dedicated to them!
-HP's report hardware errors in plain english, IBM error codes always are obscure, like 20EE000B (which means "no bootable disk found")
-HP's website is better when you're searching for updates and such
As a systems admin in a large datacenter with many AIX, Solaris, HPUX, Redhat, and Suse boxes, I'm glad to see a vendor who wants to simplify management of systems (one processor is easier to manage than two). This is to say nothing about all the developer effort that would be saved from not needing to make making SMP-safe code. I want large, enterprise level boxes to be just as easy to administer/use as the cheapest desktop in their line. The OS should see as-simple-as-possible hardware. You wouldn't believe all the different kinds of "system managent consoles" I have to log into, which are always vendor specific and annoying.
An ebook should be universally readable. I want to be able to see it on my pda, website, linux, windows, mac osx. Only a universal, non-proprietary, open standards, DRM-free format allows all this. Namely plain text, OpenDocument, and ACID2-conformant HTML. I think for-profit books will never quite fit into the world of computers because of this. They will perpetually stumble over how to limit access, as there is no such system possible that cannot be circumvented (with enough effort).
Project Gutenburg has it right. They are the only true ebooks in my mind. All their books are plain text files. You can download a DVD with 10,000 public domain books from them, and it all fits on a DVD!
yawn: in linux, it's called a package, not a patch
on
Linux Patch Management
·
· Score: 3, Insightful
Old school commercial Unices like Solaris, HPUX, and AIX have "patches". Modern linux systems have "packages". Anyone who doesn't deal with a modern, automagical package management system like apt or yum is usually slogging through the mud unnecessarily. By updating a package, you get your patches. Most Linux users should never have to patch source code from tarballs, like the kernel or other software. This book may be useful for those few exceptions, however.
We need an online db of IE-only corp. websites!
on
Microsoft Ends IE for Mac
·
· Score: 5, Interesting
Hi all,
I keep hearing "my bank doesn't support firefox", or "The Gap doesn't support firefox". Which bank? Which banks in particular? What other retailers in particular? I want an online list I can refer to!
Where is a webpage I can go to see the list of all the major corporations who develop IE-only websites? This way I can avoid patronizing them with my business altogether. It would save me the time of switching to other competitors (who do "get it") later. It would be nice if each entry in this online db also had a link beside it to where I (and others like me who "get it") can file my complaint about non-conformance to W3C strandards.
If such a page existed and became common knowledge, no corporation in their right mind would want to be on such a list. This public badge of shame would prompt them to hire some real web developers, not loser IE-monopoly-developers who are impersonating real web developers.
This project is nothing less than a breakthrough. Why? There is no "one good LDAP schema". Yet that's what virtually everybody wants.
This project is to LDAP what the Dublin Core is to Zope. It's a common standard that a larger system can be built on (for example, providing complex functionality like Active Directory). Yes, OpenLDAP conforms to the LDAP standard, but a common, standardized LDAP schema that provides a basis for an Active Directory Killer is an even more important standard that everybody doesn't quite seem to realize they are really in lack of.
We shouldn't have 1000 different sites who all want an OSS Active Directory alternative using 1000 different LDAP schemas, all slightly different. That's just stupid.
For those who moan and groan to "just learn LDAP, making a schema is easy", it is your attitude that stifles a real Active Directory killer for emerging.
Nobody wants to learn how to create an LDAP schema. The LDAP notation is ugly. Making a good schema that is will stand the test of time and work with various LDAP-aware programs that are already out there is not trivial. Think LDAP-aware address books in email clients, that expect certain fields in the schema.
This project promises to insulate the end user from needing to learn the internals of writing LDAP schemas. And it provides one LDAP schema to code to in all OSS that has any form of authentication, providing the possibility of the holy grail of "single sign on" (AKA "SSO") in the OSS world. Think data bases, web tools, CMS, email, workstation login, VPN login, etc.
No doubt Slashdot geeks will scoff at this article. Geeks want to discover for themselves the best way to do anything and everything on their computer. They shun having all related functionality served up to them on a silver platter as a coherent piece of software, which geeks been trained to distrust because slimy corporations usually make them (and contain slimy commercial intrerests over user interests).
The author is suggesting "hey geeks, why don't you be the ones to make the pan-functionally coherent software"? Then there will actually be alternatives (from a novice user, non-geek perspective) to, say, Windows Media Player, which does not expose your ripped files to the filesystem at all (a slimy corporate tactic)!
The author is suggesting that all the little tools laying around like "grep" or "awk" (that novice users will never learn) be combined into larger software that is easy to use by novice users. A few nice Open Source programs are pioneering this effort, like K3B, and the author is suggesting, "hey, now do that everywhere, for everything, and Open Source will win the day." Which I agree with.
Yes, it is far more fun to nitpick his choice of the term "Type Manager", but there is a big lesson here for geeks, who often times have a hard time understanding what novice users want. Novice users (ie. the other 98% of computer users who are not geeks) want software that beautifully presents them all the best choices in a coherent application for a given activity. Open Source Geeks have the opportunity to do this and win, by doing it and leaving out the corporate slime that nobody wants.
One of VMware's killer features, making and reverting from snapshots, is not available in the player. But I'm still impressed with it none the less.
VMware, you rock! Thank you!
Now it makes sense for all linux distros to have VM images of their new releases available by torrent for demo, which would be much easier than making a live CD (as Ubuntu does).
Considering that Ubuntu is arguably the most popular linux distro, (at least according to distrowatch) doesn't it deserve a suitable Ubuntu icon at Slashdot? What's up with the Debian Icon? I'm a bit offended that the Debian icon got used, since Ubuntu is a different beast than Debian. It wouldn't be right to potentially confuse newbies into thinking that a for-profit company is actually a non-profit organization.
Debian and Ubuntu both rock, btw. I just think they deserve to be well-distinguished from each other since they represent fundamentally different philosophies and economic models.
At least, could you please use the penguin icon only until you can get a proper Ubuntu icon? Come on guys, professionalism!;)
Hi, I've successfully installed Debian, Ubuntu, and Kubuntu to SCSI disks and it installs the bootloader, and boots just fine in all cases. I used their default settings with no hassle.
Are you installing inside VMware? I ask because your error seen when you couldn't boot to your freshly-installed SCSI disk sounds just like a VMware-related problem I ran into. And VMware uses a SCSI disk by default.
If you are in fact installing in VMware, at the time of the VMware BIOS loading (just after installing), tap Escape twice to get to the boot device menu. Choose the hard drive to boot from. Then it will boot fine. The "removable device" in your boot order occurring first is what's screwing up the booting, and is the fault of VMware, not Debian/Ubuntu/Kubuntu. You'll later on want to change your boot order in the BIOS if this is the case and put that pesky "Removable Device" last.
Openoffice comes with a wizard to do mass conversions. It can recursively sweep through a file structure, creating a.sxw file every time a.doc file is encountered (keeping the same name).
So this strengthens the point made by the author of the article:
"Unless the cost of conversion right now is awfully damn high, this sounds like a good investment."
To find this insanely under-hyped feature:
File -> AutoPilot -> Document Converter
If your file server has enough room for a bunch of new.sxw files for every.doc file, why not give give it a test on some smaller portion of your folder tree.
Then you can all easily see how good OpenOffice is in it's conversions on your existing data RIGHT NOW, and everyone can learn firsthand how realistic a switch to OpenOffice REALLY is.
Aren't you dying to know first hand if it's actually just that easy and we can all quit theorizing about how viable this whole thing is?
Pardon the obvious comment I'm compelled to spew in Apache's defense:
Due to the Open Source nature of apache, anyone who is ready to actually improve apache (in ways that the apache people potentially don't like and won't accept into the code) can fork apache and make their own even-easier-to-configure web browser.
Also remember that functionality comes before user friendliness. It should be no suprise there are warts on the config syntax, just be glad the damn thing works at all! If you want a real taste of ugly, go use IIS or (shudder) Weblogic. You'll run back to apache so fast your legs will fly off.
As apache matures even more, no doubt these warts will eventually get addressed. Maybe some kind of little task force will even form with this goal in mind.
Let me guess, Bill's new foundation will fix this obsolescense in schools by selflessly providing a bunch more Windows computers to every school. Gates' commitment of this money (which may just be in MS software licensing fees that cost nothing for MS to provide) would sound more altruistic if he mentioned how the money would be spent, and what in particular (ie. invoicable items) it would be spent on.
Since this detail is neglected, one can only assume this is MS' latest attempt to furtherly penetrate schools for market share, while at the same time looking like heroes to society. This is an old trick.
Look at how generous I am, giving away all these free razors! Now come and buy the razor blades from me.
If anyone knows how the money will be spent, by all means, post it and prove me wrong!
I have to say I highly doubt this book will get effectively get Kerberos "everywhere". Not even close. Only once a new layer of administrative convenience is painted over Kerberos (and OpenAFS, OpenLDAP, which all together make something tremendously useful), will Kerberos ever matter.
I've been a Unix System Administrator for 4 years, and trust me, I would love to see Kerberos, OpenAFS, and OpenLDAP are to get together in a convenient way.
All three are extremely flexible and therefore complex systems. Sadly, there are no best practices that clearly show a "best standard" way to integrate them all to truly be that silver bullet SSO system for the all-singing, all-dancing universal access to local login, distributed filesystem, email, web, etc.
Why should you believe me? Case study: I know of one commercial product that does sucessfully combine these three into a worthy-of-geek-praise general solution/product: the "bkbox" (www.bkbox.com).
I've met and spoken to the main developer (Noel Burton-Krahn) several times. And no, I don't work for him. He's got a Masters in Computer Science and it took him many months FULL TIME to truly understand these three and integrate them. Only by using low level tools like "strace" and combing the mailing lists did he finally understand enough to combine these three into a server where both Linux and Windows clients could connect in various ways (including web and email). This goes to show the complexity and obviously poor documentation out there.
In summary: Kerberos, OpenAFS, and OpenLDAP are intensely complex, poorly documented (for use in real-world scenarios), and are therefore years away from being on the LAN of Joe Linuxnut, much less the nearest elementary school computer lab.
I think that there is a huge oppurtunity for fame by creating a layer of convenience on top of these 3 that actually make a best-practices SSO solution a snap. Will it be implimented as a webmin module? Some simple Wizards in Gnome or KDE? A Plone Product? Using D-bus?
McGrath does have a point about a lack of single sign-on. Yes, patchwork, complex solutions exist in Linux, but where is a "Wizard"-based solution, making it ACCESSIBLE TO THE MASSES?
I've wrestled with this problem (trying to find an easy solution, that is worthy of recommendation to others on tight budgets, who are not necessarily as geeky as me) for a long time.
What combination of networked/ditributed filesystem and distributed authentication can anyone recommend that someone with a couple years experience in the world of Debian Linux can handle (ie. someone who knows about "man" "apt-get install"/usr/share/docs/*/var/log/*/etc/*)
There are a few close candidates it seems as far as I can tell:
-Kerberos + OpenAFS + OpenLDAP -> waaay to complex to set up. There is poor/none/intimidating documentation on all three, let alone any utilities/Wizards that ask you simple questions in plain English that would help you tie them all together.
-Samba + OpenLDAP + GNUTLS -> much better documented, however this documentation could use a non-trivial update to be relevant to Debian Sarge, not just Woody:
http://aqua.subnet.at/~max/ldap/#configure-openlda p
-Plone, eGroupWare, and several other "all-singing, all-dancing" web-based systems: in time one of these could realistically develop into a web-based platform that "does it all". These are all relatively easy to install but slow in performance for serious usage.
Am I missing anything here that anyone wants to share?
"The Diebold GEMS central tabulator contains a stunning security hole":
Submitted by Bev Harris on Thu, 08/26/2004 - 11:43.
Investigations Issue: Manipulation technique found in the Diebold central tabulator -- 1,000 of these systems are in place, and they count up to two million votes at a time.
By entering a 2-digit code in a hidden location, a second set of votes is created. This set of votes can be changed, so that it no longer matches the correct votes. The voting system will then read the totals from the bogus vote set. It takes only seconds to change the votes, and to date not a single location in the U.S. has implemented security measures to fully mitigate the risks.
This program is not "stupidity" or sloppiness. It was designed and tested over a series of a dozen version adjustments."
But I assume you all already knew this...
were FreeSwan users afforded "luxury of ignorance"
on
FreeS/WAN Project Bows Out
·
· Score: 5, Insightful
I've been a Linux user for 10 years, and a Unix System Administrator for 3 years, but Freeswan was among the most challenging things I've ever installed.
I found that nothing less than reading the documentation from cover to cover is sufficient to understand it.
I'm not suprised that it never caught with any sort of mainstream. Don't get me wrong, I am all for the vision of a secure-by-default internet. But unfortunately, it's so tough to install that only die hard security buffs have the patience to figure it out.
Where is the ncurses-based "kernel setup wizard" script with forward and backward buttons? A checklist-based helper to point out what is missing next in getting the damn thing installed properly? A webmin module? A gui based connection configurator, called, say, [g|k]freeswan-conf?
ESR has it dead on: without a thick slathering of user friendliness, this sort of project cannot succeed on any widespread level. Them's the breaks. I wish things were diffrent, believe me.
Slashdot Mirror
Ubuntu isn't the most popular Linux for nothing. Their software has been free and easy to install and run by novie users for quite a while now. I'll also bet Ubuntu's mirrors hold more packages than Linspire's. This is likely a dying gasp from Linspire, who lost their unique selling proposition (graphical software package installation) when Ubuntu rose in popularity, and stuck it under novice user's noses for free.
I work in a datacenter at a billion-dollar software company with many HP and IBM big iron servers. I don't work at IBM or HP. We like HPs **way** better, as they are far easier to manage:
-HP's boot way faster
-HP's have sane BIOS's. IBM's have text-based, very slow BIOS's.
-HP's break down less often. IBM's have more fragile hardware.
-When HP's do break down, the fix is always way faster and straightforward.
-IBM tech support guys need to visit us so often that there is a desk dedicated to them!
-HP's report hardware errors in plain english, IBM error codes always are obscure, like 20EE000B (which means "no bootable disk found")
-HP's website is better when you're searching for updates and such
As a systems admin in a large datacenter with many AIX, Solaris, HPUX, Redhat, and Suse boxes, I'm glad to see a vendor who wants to simplify management of systems (one processor is easier to manage than two). This is to say nothing about all the developer effort that would be saved from not needing to make making SMP-safe code. I want large, enterprise level boxes to be just as easy to administer/use as the cheapest desktop in their line. The OS should see as-simple-as-possible hardware. You wouldn't believe all the different kinds of "system managent consoles" I have to log into, which are always vendor specific and annoying.
An ebook should be universally readable. I want to be able to see it on my pda, website, linux, windows, mac osx. Only a universal, non-proprietary, open standards, DRM-free format allows all this. Namely plain text, OpenDocument, and ACID2-conformant HTML. I think for-profit books will never quite fit into the world of computers because of this. They will perpetually stumble over how to limit access, as there is no such system possible that cannot be circumvented (with enough effort).
0 /10802
Project Gutenburg has it right. They are the only true ebooks in my mind. All their books are plain text files. You can download a DVD with 10,000 public domain books from them, and it all fits on a DVD!
ftp://ibiblio.org/pub/docs/books/gutenberg/1/0/8/
Old school commercial Unices like Solaris, HPUX, and AIX have "patches". Modern linux systems have "packages". Anyone who doesn't deal with a modern, automagical package management system like apt or yum is usually slogging through the mud unnecessarily. By updating a package, you get your patches. Most Linux users should never have to patch source code from tarballs, like the kernel or other software. This book may be useful for those few exceptions, however.
Hi all,
I keep hearing "my bank doesn't support firefox", or "The Gap doesn't support firefox". Which bank? Which banks in particular? What other retailers in particular? I want an online list I can refer to!
Where is a webpage I can go to see the list of all the major corporations who develop IE-only websites? This way I can avoid patronizing them with my business altogether. It would save me the time of switching to other competitors (who do "get it") later. It would be nice if each entry in this online db also had a link beside it to where I (and others like me who "get it") can file my complaint about non-conformance to W3C strandards.
If such a page existed and became common knowledge, no corporation in their right mind would want to be on such a list. This public badge of shame would prompt them to hire some real web developers, not loser IE-monopoly-developers who are impersonating real web developers.
This project is nothing less than a breakthrough. Why? There is no "one good LDAP schema". Yet that's what virtually everybody wants.
This project is to LDAP what the Dublin Core is to Zope. It's a common standard that a larger system can be built on (for example, providing complex functionality like Active Directory). Yes, OpenLDAP conforms to the LDAP standard, but a common, standardized LDAP schema that provides a basis for an Active Directory Killer is an even more important standard that everybody doesn't quite seem to realize they are really in lack of.
We shouldn't have 1000 different sites who all want an OSS Active Directory alternative using 1000 different LDAP schemas, all slightly different. That's just stupid.
For those who moan and groan to "just learn LDAP, making a schema is easy", it is your attitude that stifles a real Active Directory killer for emerging.
Nobody wants to learn how to create an LDAP schema. The LDAP notation is ugly. Making a good schema that is will stand the test of time and work with various LDAP-aware programs that are already out there is not trivial. Think LDAP-aware address books in email clients, that expect certain fields in the schema.
This project promises to insulate the end user from needing to learn the internals of writing LDAP schemas. And it provides one LDAP schema to code to in all OSS that has any form of authentication, providing the possibility of the holy grail of "single sign on" (AKA "SSO") in the OSS world. Think data bases, web tools, CMS, email, workstation login, VPN login, etc.
So this is a big deal, IMHO.
Hi all,
No doubt Slashdot geeks will scoff at this article. Geeks want to discover for themselves the best way to do anything and everything on their computer. They shun having all related functionality served up to them on a silver platter as a coherent piece of software, which geeks been trained to distrust because slimy corporations usually make them (and contain slimy commercial intrerests over user interests).
The author is suggesting "hey geeks, why don't you be the ones to make the pan-functionally coherent software"? Then there will actually be alternatives (from a novice user, non-geek perspective) to, say, Windows Media Player, which does not expose your ripped files to the filesystem at all (a slimy corporate tactic)!
The author is suggesting that all the little tools laying around like "grep" or "awk" (that novice users will never learn) be combined into larger software that is easy to use by novice users. A few nice Open Source programs are pioneering this effort, like K3B, and the author is suggesting, "hey, now do that everywhere, for everything, and Open Source will win the day." Which I agree with.
Yes, it is far more fun to nitpick his choice of the term "Type Manager", but there is a big lesson here for geeks, who often times have a hard time understanding what novice users want. Novice users (ie. the other 98% of computer users who are not geeks) want software that beautifully presents them all the best choices in a coherent application for a given activity. Open Source Geeks have the opportunity to do this and win, by doing it and leaving out the corporate slime that nobody wants.
FYI:
One of VMware's killer features, making and reverting from snapshots, is not available in the player. But I'm still impressed with it none the less.
VMware, you rock! Thank you!
Now it makes sense for all linux distros to have VM images of their new releases available by torrent for demo, which would be much easier than making a live CD (as Ubuntu does).
Dear Slashdot,
;)
Considering that Ubuntu is arguably the most popular linux distro, (at least according to distrowatch) doesn't it deserve a suitable Ubuntu icon at Slashdot? What's up with the Debian Icon? I'm a bit offended that the Debian icon got used, since Ubuntu is a different beast than Debian. It wouldn't be right to potentially confuse newbies into thinking that a for-profit company is actually a non-profit organization.
Debian and Ubuntu both rock, btw. I just think they deserve to be well-distinguished from each other since they represent fundamentally different philosophies and economic models.
At least, could you please use the penguin icon only until you can get a proper Ubuntu icon? Come on guys, professionalism!
Hi, I've successfully installed Debian, Ubuntu, and Kubuntu to SCSI disks and it installs the bootloader, and boots just fine in all cases. I used their default settings with no hassle.
Are you installing inside VMware? I ask because your error seen when you couldn't boot to your freshly-installed SCSI disk sounds just like a VMware-related problem I ran into. And VMware uses a SCSI disk by default.
If you are in fact installing in VMware, at the time of the VMware BIOS loading (just after installing), tap Escape twice to get to the boot device menu. Choose the hard drive to boot from. Then it will boot fine. The "removable device" in your boot order occurring first is what's screwing up the booting, and is the fault of VMware, not Debian/Ubuntu/Kubuntu. You'll later on want to change your boot order in the BIOS if this is the case and put that pesky "Removable Device" last.
Openoffice comes with a wizard to do mass conversions. It can recursively sweep through a file structure, creating a .sxw file every time a .doc file is encountered (keeping the same name).
So this strengthens the point made by the author of the article:
.sxw files for every .doc file, why not give give it a test on some smaller portion of your folder tree.
"Unless the cost of conversion right now is awfully damn high, this sounds like a good investment."
To find this insanely under-hyped feature:
File -> AutoPilot -> Document Converter
If your file server has enough room for a bunch of new
Then you can all easily see how good OpenOffice is in it's conversions on your existing data RIGHT NOW, and everyone can learn firsthand how realistic a switch to OpenOffice REALLY is.
Aren't you dying to know first hand if it's actually just that easy and we can all quit theorizing about how viable this whole thing is?
Pardon the obvious comment I'm compelled to spew in Apache's defense:
Due to the Open Source nature of apache, anyone who is ready to actually improve apache (in ways that the apache people potentially don't like and won't accept into the code) can fork apache and make their own even-easier-to-configure web browser.
Also remember that functionality comes before user friendliness. It should be no suprise there are warts on the config syntax, just be glad the damn thing works at all! If you want a real taste of ugly, go use IIS or (shudder) Weblogic. You'll run back to apache so fast your legs will fly off.
As apache matures even more, no doubt these warts will eventually get addressed. Maybe some kind of little task force will even form with this goal in mind.
Let me guess, Bill's new foundation will fix this obsolescense in schools by selflessly providing a bunch more Windows computers to every school. Gates' commitment of this money (which may just be in MS software licensing fees that cost nothing for MS to provide) would sound more altruistic if he mentioned how the money would be spent, and what in particular (ie. invoicable items) it would be spent on.
Since this detail is neglected, one can only assume this is MS' latest attempt to furtherly penetrate schools for market share, while at the same time looking like heroes to society. This is an old trick.
Look at how generous I am, giving away all these free razors! Now come and buy the razor blades from me.
If anyone knows how the money will be spent, by all means, post it and prove me wrong!
I have to say I highly doubt this book will get effectively get Kerberos "everywhere". Not even close. Only once a new layer of administrative convenience is painted over Kerberos (and OpenAFS, OpenLDAP, which all together make something tremendously useful), will Kerberos ever matter.
I've been a Unix System Administrator for 4 years, and trust me, I would love to see Kerberos, OpenAFS, and OpenLDAP are to get together in a convenient way.
All three are extremely flexible and therefore complex systems. Sadly, there are no best practices that clearly show a "best standard" way to integrate them all to truly be that silver bullet SSO system for the all-singing, all-dancing universal access to local login, distributed filesystem, email, web, etc.
Why should you believe me? Case study: I know of one commercial product that does sucessfully combine these three into a worthy-of-geek-praise general solution/product: the "bkbox" (www.bkbox.com).
I've met and spoken to the main developer (Noel Burton-Krahn) several times. And no, I don't work for him. He's got a Masters in Computer Science and it took him many months FULL TIME to truly understand these three and integrate them. Only by using low level tools like "strace" and combing the mailing lists did he finally understand enough to combine these three into a server where both Linux and Windows clients could connect in various ways (including web and email). This goes to show the complexity and obviously poor documentation out there.
In summary: Kerberos, OpenAFS, and OpenLDAP are intensely complex, poorly documented (for use in real-world scenarios), and are therefore years away from being on the LAN of Joe Linuxnut, much less the nearest elementary school computer lab.
I think that there is a huge oppurtunity for fame by creating a layer of convenience on top of these 3 that actually make a best-practices SSO solution a snap. Will it be implimented as a webmin module? Some simple Wizards in Gnome or KDE? A Plone Product? Using D-bus?
I hope someone can prove me wrong.
McGrath does have a point about a lack of single sign-on. Yes, patchwork, complex solutions exist in Linux, but where is a "Wizard"-based solution, making it ACCESSIBLE TO THE MASSES?
/usr/share/docs/* /var/log/* /etc/*)
a p
I've wrestled with this problem (trying to find an easy solution, that is worthy of recommendation to others on tight budgets, who are not necessarily as geeky as me) for a long time.
What combination of networked/ditributed filesystem and distributed authentication can anyone recommend that someone with a couple years experience in the world of Debian Linux can handle (ie. someone who knows about "man" "apt-get install"
There are a few close candidates it seems as far as I can tell:
-Kerberos + OpenAFS + OpenLDAP -> waaay to complex to set up. There is poor/none/intimidating documentation on all three, let alone any utilities/Wizards that ask you simple questions in plain English that would help you tie them all together.
-Samba + OpenLDAP + GNUTLS -> much better documented, however this documentation could use a non-trivial update to be relevant to Debian Sarge, not just Woody: http://aqua.subnet.at/~max/ldap/#configure-openld
-Plone, eGroupWare, and several other "all-singing, all-dancing" web-based systems: in time one of these could realistically develop into a web-based platform that "does it all". These are all relatively easy to install but slow in performance for serious usage.
Am I missing anything here that anyone wants to share?
...and blackboxvoting.org were the ones to discover it, back in Late August:
http://www.blackboxvoting.org/?q=node/view/78
Quotations from that article:
"The Diebold GEMS central tabulator contains a stunning security hole":
Submitted by Bev Harris on Thu, 08/26/2004 - 11:43.
Investigations Issue: Manipulation technique found in the Diebold central tabulator -- 1,000 of these systems are in place, and they count up to two million votes at a time.
By entering a 2-digit code in a hidden location, a second set of votes is created. This set of votes can be changed, so that it no longer matches the correct votes. The voting system will then read the totals from the bogus vote set. It takes only seconds to change the votes, and to date not a single location in the U.S. has implemented security measures to fully mitigate the risks.
This program is not "stupidity" or sloppiness. It was designed and tested over a series of a dozen version adjustments."
But I assume you all already knew this...
I've been a Linux user for 10 years, and a Unix System Administrator for 3 years, but Freeswan was among the most challenging things I've ever installed. I found that nothing less than reading the documentation from cover to cover is sufficient to understand it. I'm not suprised that it never caught with any sort of mainstream. Don't get me wrong, I am all for the vision of a secure-by-default internet. But unfortunately, it's so tough to install that only die hard security buffs have the patience to figure it out. Where is the ncurses-based "kernel setup wizard" script with forward and backward buttons? A checklist-based helper to point out what is missing next in getting the damn thing installed properly? A webmin module? A gui based connection configurator, called, say, [g|k]freeswan-conf? ESR has it dead on: without a thick slathering of user friendliness, this sort of project cannot succeed on any widespread level. Them's the breaks. I wish things were diffrent, believe me.