Nearly forgotten about this but I revoked all of my public keys not because anything was compromised but due to much needed catching up on janitorial type work. So please don't freak out if you get a weird reaction to the new one from your mail client. I wouldn't mention this but one person has already asked. Get the new public keys from the usual places or alternately:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP PUBLIC KEY BLOCK-----
Sorry if this inconveniences or bugs anyone. The old keys were just really old and needed to go bye bye. Thanks.
Timothy Butler is going to get my hitting the nail right on the fucking head merit badge this week for succintly and clearly making an argument that I've been struggling with for some time. There is a huge crowd of people who love love love Mac OS X and continually wonder why we the GNU/Linux cavepeople don't simply switch religions like so many of their favorite rock stars and nu celebrity stoners already have. Timothy Butler has your answer smartypants.
It all started at the beginning of this month, when I published the article Mac OS X: An Apple a Day keeps the Penguins Away?, which clearly noted that in every area, GNU/Linux was nearly as good, as good, or even better than Mac OS X for the average user. I was not surprised that my mail box was flooded with dissenting opinions, particularly from Mac users, however something did surprise me - the supposed reasons I was being given for Mac OS X being better than GNU/Linux did not even make sense in the context of my article.
I expected to be told about how easy it was to use Mac OS X, or how much better the software was. Instead, the majority of "reasons" I was given were focused on specialty applications such as Photoshop and Final Cut. One person asked me something to the effect of "tell me where I can get Quark Xpress for Linux."
Preach on Brother Butler. I'm glad that someone finally got around to writing this instead of letting me continually beat my head against the subject.
I decided to take a day off tomorrow mainly to get caught up with school work which I've actually been pretty diligent about but the usual deluge of last minute assignments from professors who don't have a solid grasp of the there-are-so-many-weeks-in a-semester concept is killing me. Besides reading a couple hundred pages of journal fodder tomorrow I'm also going to try to get at least one of the longer things I've been planning up here. I feel like I haven't been doing anything but school work. Gotta keep in touch with the geeky obsessive compulsive side of my nature.
For the moment go read Linux Orbit review of the Evil Entity distribution. Although I'm not particularly fond of goth themed anything I have to admit that it looks very nice which probably also has to do with Enlightenment being the default (and only as far as the end user uninterested in modifications is concerned) window manager. Not really the best distribution for those with limited resources in terms of display and memory but the truth of the matter is that people in general are willing to take all manner of hits on performance as long as things look cool - think OS X and this will make much more sense. I'm glad there are projects like this that break off from the usual RedHat plus optimized KDE or Gnome package. Linux doesn't have to look like a Windows knock off and I'm happy to see people trying to get away from it. Their package management also looks promising. It's modelled after (and actually uses) the Slackware system but they're promising their own deal called Mausoleum or some goofy shit like that in the future. Go check it.
You can't beat some self-indulgent weblogging to force yourself to break from reading countless (well, over sixty if precision is your poison of choice) journal articles and page upon page of bibliographical information that interests three people in the entire universe. By the way I am calling an official moratorium on the noun "blog" or the verb "blogging." Well, maybe not official but I'm trying to avoid using it myself. This isn't because I'm some squeamish lingual purist but both words remind me far too much of "rolfing" or worse feltching. I can deal without thinking about either deep tissue massage or, uh, the other.
A long time ago I posted some screenshots for folks who were genuinely curious about what a GNU/Linux desktop might look like. Those files are long gone but two people (at separate times even) asked me where I got the all green theme. I actually made it, hated it, and then forgot all about it. After a couple of de-uglifying changes here and there (plus some add-ins for the fluxbox folks) and here it is. Please don't go blind because I'd feel just awful. I'll post a few more when I get motivated to add flux friendly stuff to them since I'm a fan of both although I can't run both at the same time currently.
Also noticed a nice article on the ins and outs of localization that might interest those who aren't tied to the mast of the sinking ship of the English language like I am. Looks like pretty solid advice or at least a fine place to start if you're having difficulty with such things. It uses Apache::MP3 as an example.
Geek.com has a very graphic breakdown of a recent /.ing they lived through. I do like the idea of caching smaller sites who can't take the stomping in terms of performance or bandwidth that a couple zillion casual gawkers bring on.
If you think of Slashdot.org not as a mass of users all with separate thought processes, but as an Internet monolith traveling around from site to site laying waste to everything in its wake, it would potentially be one of the worst Distributed Denial of Service (DDoS) attacks/worms/viruses out there today.
They're lucky enough to have a lot of burstable bandwidth so they managed to make it through that particular torture session.
Oh yeah - Kevin Mitnick interview short and mainly as a book promotion thing but what the hell...
Galeon2 for those who are brave and don't have seductive package management systems that make them very patient. I'll wait for the .deb but not everyone else will. The thought of fux0ring this up and rendering two of my most used applications... well, that's more work than I want to fix in twenty minutes...
See how lame you are at least in relation to your weblog. Pretty funny stuff and I'm alarmed by the description below. I would like to publically state that I have never built a kernel from CVS. Really. I haven't. That and the Slashdot thing. If you were really geeky in the more generalized sense you'd hang out at Everything2 where unnecessary knowledge of obscure and esoteric topics is rewarded with praise and preserved forever. The best part is that I get to include the sample post in my post. I heart efficiency.
Techie Blogger (Togger)
Percentage of blogger population: 20%
Hours spent blogging: 56/week
Habitat: Usually a messy desk type area with lots of caffeine nearby. Techie Bloggers have been known to be nomads, though, with the advent of wireless internet technology. You may see them anywhere as a result, although most tend towards urban areas.
Average Age: 20 something
Favorite hangout: Slashdot
Last Book Read: Understanding the LINUX Kernel: From I/O Ports to Process Management
Favorite Offline Activities: Microsoft jokes, computer swap meets, hacker conventions.
Mode of Dress: Varies wildly, but you will usually notice at least one obscure reference to linux ruling and microsoft sucking.
Psychological profile: INTP
Typical post: select extract('epoch' from now()) as unixtime; Recompiled the kernel from CVS today. Blech. While waiting for it to compile, I worked some on my project to turn GIMP into an auto-dynamic IP range modifier for my Sega Dreamcast box. The boxen are doing ok, but the 486 piece of crap is pulling too much juice and overheating so I'm thinking of rerouting the fan and mounting it inside my refrigerator. Yeah, yeah, I saw the /. article, but mine is going to be way cooler. More later, my Mac is beeping...
My advice for what is turning out a very wintery day (at least here it is) is to go read this discussion thread and laugh yourself silly. I think we should ask the guy who posted the question to mail us all $6000 - $8000. That would give me a headstart in matching functionality. At least the editors acknowledged this in categorizing the story within don-your-asbestos -suits-folks,-we're-going-in. If nothing else it's an interesting look at how Apple users misunderstand Linux instead of the same old boring Windows user misunderstanding Linux.
Speaking of which, where are my Visual Basic Programmer Trolls these days? The place is getting absolutely conflict-free these days. The best I've got lately is a heartfelt defense of Corel Linux which is pretty pathetic even on the best day.
Since the cranks are already rolling in about my earlier comments about Xandros albeit in their hamfisted, I-don't-know-how-to-use-any-search-function-but-Google way I guess here is where I say I was probably wrong. The positive reviews are rolling in and it looks like interoperability within heterogeneous environments (read: interacting with Windows machines and applications) is looking pretty good. When I first wrote about Xandros I was unaware (as was everyone outside of the beta testing program - which I applied for a little late - because they were under a non disclosure agreement) that they were going so far with Codeweavers stuff. Here's a review from a beta tester which might be helpful since he's used the OS for awhile and doesn't go around telling people they're wet behind the ears for criticizing a product that was released a week ago.
I'm still hoping they'll release a GPL'd version so people can give Xandros a whirl (even if it's a live cd or whatever) before they drop $99 on a 1.0 release. Good enough?
Go check out the amazing array of pumpkin carving virtuousity over at The Adventures of AccordionGuy in the 21st Century and wish that you had that kind of Halloween party instead of the usual drunken couch slouch fest that leaves long streaks of grease paint on your furniture and smells of questionable origin in the bathroom. I'm a little obsessed with the obscenely detailed and amazingly crafted Gilligan pumpkin but I'm a sick man. Scroll down and you will see. I'll most likely be playing guitar on Halloween at my drummer's party. Sure I can drink beer and deal with abrupt switches between 3/4 and 7/8. No problem.
but if you want a very explicit guide to installing Debian you can find it here. I haven't read it all the way through quite yet. I've got a very bored yet energetic kitten on my hands who thinks the sound of my keyboard is endlessly fascinating. This leads to 8k strings of single characters leaking into my posts. Little bastard.
This guide looks very adequate, though. I'm sure many will criticize it for being too detailed when all the poor oppressed (l)user should have to do is click twice or whatever. If you're still hip to the idea of being a participant during major happenings on your computer then this guide should at least get you up and running. Pay no attention to the sneering Mandrake users. If you want some chuckles at someone else's expense go take a look at one of the many Mandrake user forums and wonder how they got that far along without ever learning about manualing mounting partitions and whatnot. Scary.
Did I mention I'm really tired? Gnome2 is sliding (alternately crashing and burning) into sid on Sunday. I don't really care but there are some folks who might. If this makes absolutely no sense to you then you absolutely don't need to be concerned. Read the snide comments about the antiquity of Debian and not having the latest bleeding edge and crashing every couple of minutes here, here, and a billion other places I don't care enough to link. Go team.
Also ----> the Gilgamesh of Debian history which I'm too fuzzy brained to read right now. Actually it's called the Past, Present, and Future of Debian but that sounds too much like a forgotten Moody Blues record to me which seems innocuous enough on the surface but I have "Knights In White Satin" stuck in my head right now than you very much. This will be incredibly interesting to like two people who visit here but it's my dime so fuck it.
I have this head-up-my-ass problem when it comes to events happening in the world outside of technology. On 09/11/01 I was completely unaware of anything except campus being pretty deserted and the fact that no site I regularly read was accessible that day. I figured it was some kind of attack on the root servers (which happened recently) and that I'd read all about it on TechDirt later. Little did I know... Anyhow, I had the same thing happen with the arrest of the sniper this morning. I was reading Debian Planet or something when I realized that the normal background burble of people talking about the sniper had subtlely changed. I don't listen to most of the actual words people say directly to me but I am very perceptive when it comes to changes in tones. Eventually I found out what happened and then went fishing for some news. I visited the usual big news sites and found the stories quickly built up from news feeds. Then of course the natural thing to do is cruise on over to Fox News to see what insane speculation they've posted as news. As I suspected there was something about "a possible Al-Queda link" posted in the sidebar because even before any evidence was in the guy wasn't white and also Muslim. I've checked back since then and the story has disappeared but parts of it are incorporated into this article:
Muhammad, a veteran of the Gulf War, converted to Islam, according to The Seattle Times. Malvo is a citizen of Jamaica. The Times quoted federal sources as saying the two had been known to speak sympathetically about the hijackers who attacked the World Trade Center and the Pentagon.
But there was no indication, authorities said, that they were linked to Al Qaeda or any terrorist group.
I'm wondering how they rationalized creating a sensational headline out of that block of text. Lately I haven't felt much like asking. I'm avoiding the warblogs per usual given my allergy to Muslim-baiting and xenophobia. I'm sure I'll eventually break down and load up weblogs.com. You can read the response at Slashdot if you have a strong stomach. Funny thing if it wasn't smack in the middle of a ridiculous flamefest with Debian as the target I wouldn't have caught it. Jeez.
Anil gets the harsh warblogger treatment and writes about in a really compelling way. It's funny because even the most skilled writers among the right wing contingent cannot seem to gracefully or reasonably present any idea and Anil's reply to their shenanigans is both tactful and insighful.
Speaking of things not necessarily related to technology, I found The Assayer after reading a little bit about it on Kenneth Hunt's site. I'm pretty excited about the potential of this project. My enthusiasm isn't so much for the having a bunch of book reviews under a free license although it's a very cool foundation. I'm excited about having a place to talk about books that isn't a classroom and with an emphasis on freely available books. The selection is very biased towards technical types right now but with any degree of luck and the careful nudging of some people more knowledgable on more conventionally esoteric topics there is great promise for expanding out onto things unrelated to computers and science. Go take a look, skim some free texts, and grab an account while you're there. There are also links from some of the reviews to Andamooka which is worth a gander if the name doesn't ring any bells.
Every addition to the free distribution model makes me insanely happy. While I'm not advocating some paving over of the world with the GPL as some are annoyingly persistent in suggesting but it's very encouraging to see people fomenting communities based on common interests that are more advanced than gaming or allegiance to a certain GNU/Linux distribution. The awareness that people have about keeping this sort of shared knowledge freely available is what really nails it for me. Yeah, I know, hippy dippy doo but I'm smiling and you're not Mr. Frowny Pants.
Given the slew of snotty install based reviews of Debian Woody (3.0 for the neophytes) I'd fully expect most developers to flip the bird at end user types and I'd be right there with them. I'm tired as a Debian user of all the continual whining about how installation isn't easy enough. Some of the Debian folks are a lot more patient and have launched Debian On The Desktop project only days after the aforementioned shell-phobic weenies got all in a bunch over the Debian installer.
# We recognize that there are only two classes of users: the novice, and the expert. We will do everything we can to make things very easy for the novice, while allowing the expert to tweak things if they like.
Yet again I'm amazed at the dedication folks involved with Debian exhibit even in response to flamebaiting idiots.
Speaking of, you can go read the usual blah blah blah about how linux isn't ready for the desktop and won't run my proprietary firewire device blah blah blah.
If you go to a competitorís download warehouse, they have hundreds of applications for you to download. By the time you install our CD, you have about three-quarters of whatever youíll find in their warehouse. So you wonít have to spend days or weeks in trying to finish downloading everything you need, including such essential items like a calculator.
Speaking of Xandros the word is out that you buy the boxed set or nothing. No download or anything like that so no opinion from me. I like the fact that you can get Windows environment lovin' but I'd rather fight than switch if you know what I mean.
Hey. Looks like Xandros has finally shipped something! If you don't know Xandros promised to be the slick desktop friendlier version of Debian and if screenshots are any litmus for that (and they really aren't) it does indeed look pretty slick and promises a lot of compatibility (through the Codeweavers doo dads) with heterogeneous environments. That and you can run your feeble and beloved Office too. Don't know how they're handling the downloadable version because I see nothing but Buy Now buttons all over their site and I don't think I'm parting with $99 for a test drive.
There is however a pretty glowing review over at Newsforge if you're interested. Again this review is heavily focused on the installation routine. Despite the valid argument that an installation you never finish means an OS you'll never use I think all but the most green newbies are pretty well assured that they will not unleash demons from hell during an installation. I'm sure there will fifteen more reviews over the course of the afternoon so get thee to Google after the mid-morning index.
That ridiculous Debian review over at Debian Planet has been hot news everywhere with fans of shiny happy distros all but calling for all of the other click and droolers to chase us proponents of grim and unloveable inanimate objects out of our caves with torches. Like Jesus Christ I really like the idea behind Mandrake but the fans are for the most point shrill and annoying. In any case it's a bad sign when the most insightful commentary on the review happens on Slashdot. Then again when there are a gazillion comments tacked onto a story the "monkeys with typewriters" theory starts to kick in. This theory holds especially true when one considers the lack of spelling and grammar checking utilites available on the typewriter. I must be tired because this is making all too much sense all of a sudden.
RMS has an article up at Newsforge that I will link but not comment on. I just read and commented on 50 fucking sonnets, ok? When was the last time you sat down and read through 50 sonnets. There is nothing fun about it. Did I mention that my history professor ran out of lecture notes and treated us to twenty or so minutes of Riverdance today? It's hard to believe that today is the first day of the week.
If Grausigkeit, of this moldering, this one he Netscape 4,77, ordered decree not to follow it, that is good periods of the IE, also, of that he counts the production, if preseleziona in articles if to divide (he: the stupid extensions, of which it follows agradavelmente of the game with other procedures of the search of the surface not underneath possible of the data, they periods. bacila therefore. They are not retirement of the connection. Opiat of the search of the possible surface underneath of the data this plus has waaay with the distant procedures comes to the contact in the effect for and of the external tree of the activator of the exit, that one the IE is examined seriously with here different the free retirement from the piece.
Oh how I love Lost In The Translation for making me even more cryptic and unreadable than I could ever dream of. It also reassures me that my entries are in contrast somewhat coherent.
There is another game similar to this one that you can play with Microsoft Word's autosummarize feature. Take a twenty page research paper and squash it into a 10% summary. You'll be amazed at the surrealist poetry that flows so easily from your headached inducing labors. I'd give some examples but all of my papers are in Open Office format and I don't have Word installed on either of the machines here even though one of them does indeed have a 98 SE partition that may or not even boot any more. It's a nice place to store big files though. Thanks Microsoft.
I really appreciate efforts like this short but informative guide to some of the lesser known/understood command line utilities available to us. I especially like the attention given to nl which is a very simple filter to add line numbers to output and seems like the silliest thing in the world until you find yourself using it daily for a couple of years.
I also like the author's take on the old 80/20 rule:
One incarnation of the so called 80/20 rule has been associated with software systems. It has been observed that 80% of a user population regularly uses only 20% of a system's features. Without backing this up with hard statistics, my 20+ years of building and using software systems tells me that this hypothesis is probably true. The collection of Linux command-line programs is no exception to this generalization. Of the dozens of shell-level commands offered by Linux, perhaps only ten commands are commonly understood and utilized, and the remaining majority are virtually ignored.
and of course you've got to love tac (which is cat (concatenate) backwards and does exactly that) because outwardly it seems so stupid until you find yourself using it all the time.
I hope this sort of overview continues because I know most people aren't particularly fond of reading man pages and it seems like few even know that apropos even exists. Like all things *nix they're extremely modularized (which should be a good thing) but sometimes it's difficult to find the utility that you need or divine how to use once you've figured that much out. I've often thought that I should write some kind of primer for the usage of find because it's so indispensable once you figure out how to use it and it also provides a practical introduction to regular expressions which are often labelled as way more cryptic than they are in reality.
The annoying tool from the Alexis de Tocqueville Institution is at it again. Ken Brown (the president of the AdTI) an apparently infinite appetite for humiliation and a truly remarkable capacity for misunderstanding the question at hand. From the news story at Computer World:
Brown said government buyers should demand to know why open source advocates promote GPL, citing a published discussion and speech in which open source advocates sing the praises of GPL.
"Don't let these guys tell you, 'You need us to make choices for you,'" Brown said. "Government has participated in a lot of innovative (technology) discussions in this country and around the world, you should be able to make your own choices."
Bruce Perens is also there making his own arguments.
"The saddest thing about CompTIA's efforts is that an 8,000-company organization allows itself to, in effect, become a mouthpiece for the vision of a single vendor," Perens said. "The other side doesn't find a real choice acceptable because on a sincerely level-playing field, open source would win most decisions."
Because I'm a big old hothead about all things Debian related I of course heard about this unbiased review of Debian 3.0 from a couple of people. I guess I'm supposed to blow up at this and call the author some names or whatever if I'm to preserve my reputation as a command line bigot. Sort of.
The new Debian needs to blow people away. It needs to be Granny-proof. It needs an installer that people can bluff their way through, with an attractive, well configured desktop on the other side. Debian maintainers should check out the competition now and again, to see where they can improve. Because if they don't, Debian will lose developers, and become less and less of a force in the Linux world.
Here is the problem with the whole review. Again, it's the installation as always. Again I'm about to argue that if you don't like it the way it is then change it. Instead, this time, I suggest that people who want a watered down desktop simply use Libranet or Xandros or Lindows since they address the problems this fella seems to have. It's pretty simple. If you want to Granny the opportunity has been provided for you.
I guess what I'm having difficulty understanding (besides why people think this person's evaluation is so damaging) is why exactly this sort of complaint is taken seriously. One of his persistent criticisms throughout is that dselect (the primary interface to dpkg which is the command line drive package management tool) is some kind of monstrosity because it asks you questions. This builds into an argument (of sorts) that options need to be reduced during installation and things need to be auto-configured which sounds fine until you're working on a machine that didn't come straight off the big vendor assembly line. He argues that X needs to configure itself even if the configuration is non-functioning.
Firstly the developers should check out Eugenia's comments on osnews.com about the new Yast2 package manager, as many of the same things apply. In the end it all boils down to the old KISS clich??, keep it simple! Instead of giving a load of choices for dependency resolution with half a million optional packages thrown in, just give n + 1 choices, one for each of the n package/package-combinations that fixes the dependency, and one to install without resolving it. Similarly with conflict resolution it should be remove selected, remove conflicting or ignore
. All of this of course ignores the fact that XFree86 is more than happy to blow up your fucking monitor if you feed it settings your hardware is not capable of handling. All of this of course ignores the fact that most people push their hardware a little bit and don't generally settle for default settings. I think one point that this fella is missing is that one tricky configure once is generally done once. X is inherently a complicated piece of code because it was designed to do a hell of a lot more than simply draw graphics on a couple of different base configurations of hardware. The problem isn't simple because the sortware you're trying to install isn't easy. Hiding this fact from the person installing it really doesn't matter one way or another. Since all of the documentation is available online in nine languages and three formats I'm going to drop this right here. If you're really that adverse to reading documentation I'm afraid you're not really Linux material. I'm sorry and I know that sound elitist as all hell but it's the truth and the double-edged sword of using free software. It works as well (if not better if desktop considerations are not your sole criteria) as anything else but you will come out of the experience knowing a little something about your hardware. If evading this is of utmost necessity then there are alternatives that use the same basic body of code.
All of these symptoms are those of people who want to be end users. I don't think Debian is ever going to be an end user system at least in the derogatory sense where decisions are made for you and control is relinquished or hidden behind "advanced" buttons. There is little effort dividing a long rant about how much something sucks and a bug report. If you can't hang out about the party without someone to take your coat and show you where the bathroom is (and probably how to use the toilet and sink within) you might want to attend a different party. As I've said several times over the course of this rant, there are several parties going on with a very similar theme with all of the beer bongs and trappings of a "good time" that you could ever want. This particular party might seem more like an Amish barn raising but it's that way for a good reason. I eagerly await the attack on Slackware for being too flexible and offering too many configuration options.
A fine example of why I should not run X. I was all annoyed at first when the tabs became illegible. Then I realized that I'm an idiot. During this same period of time I actually had twenty other active applications spread over seven desktops. Messy messy messy.
Yeah. Yeah. I know. This here place is broken as shit when viewed with Internet Explorer. I added that Debian banner at the bottom of the page and IE started freaking out. It breaks the right hand column even more than usual. I'm not sure that I'm going to try to fix it.
Along with the moldering horror that is Netscape 4.77, IE just isn't keeping up with the times unless you count the manufacture of exclusive (read: stupid) extensions that don't play nice with other browsers as keeping up with the times. So fuck it. I'm not fixing shit. There are waaay too many amazing browsers out there that are available for free and far superior to IE. Tough shit.
Speaking of moldering horribleness - send those twenty AOL promo CDs you get a week to a happier place. No More AOL CDs is a project dedicated to collecting all of those unwanted promos and trucking them (via convoy or dumptruck if necessary) away to dump on AOL's doorstep. Pure fucking genius. They've already collected 64,000 towards their totally insane goal of 1,000,000. Go check out some of the photo documentation of creatives reuse of these little horrors as well. The haiku page is pretty funny too:
I liked their floppies
Not the best storage device
One million CD's!
A giant silvery hand
Circular junk discs
In piles in office mail rooms
These suck really bad
Tech related haiku is reaching a fever pitch and I for one am really enjoying it.
God. Someone linked to this interview with Gene Spafford about the general state of security and I cannot remember where I first saw it. In any case I'm all too happy to play Ronald Reagan and Christopher Columbus and claim that I discovered it all by myself because I forgot who told me about it. That didn't really work so I'm just going to move along now...
Spafford is generally critical of operating system security and has criticized Linux especially. I can't argue with the majority of his criticisms but many of them are nearly impossible to address when you're talking about a non-traditional system of development. He is the first to admit that he doesn't have problems with the actual Linux kernel since it's development is tightly controlled. It's too crucial not to be. His main issue with Linux is that defining the it of Linux is next to impossible. There is no canonical definition of what a GNU/Linux operating system is. The kernel is the only consistent part that transcends distributions and architectures.
While it's important to clarify these distinctions it also makes giving a GNU/Linux a definitive thumbs up or down for security purposes. While Windows is a very cohesive chunk of code that is rigidly controlled to say the least that doesn't include a great number of applications within it's default install. When you buy a boxed version of Windows off the shelf you're getting a set of instructions for handling IRQ requests, sets of protocols for drawing things to the screen, and a bunch of drivers. Arguably there isn't a whole lot there to begin with. Linux, on the other hand, can also be evaluated as a kernel without any real core user level interaction but this would be silly. It's silly because you're never going to find this situation. While I know a fair number of people who've rolled up their sleeves and undertaken the gargantuan effort required to build a Linux From Scratch system from the ground up I know very few that build systems by just grabbing things from around the internet and installing them. It's way too much work. So we have distributions ,god bless 'em, to make things easier. Unfortunately the same flexibility that makes GNU/Linux on your machine so appealing also gives potential for many security problems to crop up.
All of that admitted and out of the way, making comparisons between the two is problematic at the very least. Windows historically has not been the slightest bit concerned with security and even after the last round of announcements and furrowed brows I'm reluctant to take any of those promises very seriously. They will make every effort to assure you that security is guaranteed, though. Linux doesn't have a central mouthpiece. We have a bunch of loud mouths, though, some more credible than others who despite their widely varying temperaments. I've never heard a single one of them claim that a GNU/Linux system is inherently secure "out of the box." While patches are fast and furious and for the most part all the cards are out on the table when it comes to shortcomings and flaws no one is going to say that anything but the kernel is secure.
Another response is: "Because it's open source; it's easier to fix." Maybe. It depends on where the code's used. If it's used in a certified environment or an embedded application, and from my standpoint, whether or not I can do all the maintenance on my own car... if I have to go back and install a fix to the breaks every time it crashes and kills somebody, I don't view that as more secure. Secure means it doesn't need the patches. It's done right the same time. So the people who are saying that their code is more secure and it still needs patches every other week--whether it's proprietary or open source--are playing fast and loose with the semantics of what security means.
This is the part that I don't buy. I don't believe in inherent security cause god knows I've personally flattened some things that were supposed to be bullet-proof. Even if every piece of software intended to run on a GNU/Linux platform was rigorously reviewed by a "team of experts" I don't think it is humanly possible to predict every possible circumstance nor is it reasonable to try. Security is kind of a best effort endeavor. While ideally everything would be tightly integrated and hermetically sealed in the real world with inter-operation and simply being able to use powerful tools is a necessity there is going to be compromise. The old and creaky "the only secure computer is one disconnected from any network and sealed in a lead vault" example immediately comes to mind.
The point that I'm desperately trying to make in less than a thousand words is that trying to evaluate the security of some kind of monolithic Linux entity is probably a bad idea. This is a different case when you're coding for embedded Linux which needs very rigorous review and auditing for each piece of software you're using. However I don't think that a majority of the software used in the embedded sphere comes from a beta Source Forge project. One of the key ideas that people need to come away with is that you need to be aware of the environment you're intended to use an operating system for. Obviously it's going to be difficult (for the end user) to patch an embedded device but at the same time you can't code everything for the lazy end user. If you're an admin who gets all huffy about patching things you might want to consider a career change. Unfortunately there isn't a system out there ready for enterprise level deployment that will take care of itself. The necessity for someone to run patches, hit cntl-alt-delete, or just make sure the machine is still physically there is not going anywhere. Then there's this attitude:
For me one of the most telling things, is here you have this huge community of open source, but where are all the open source testing tools? Where are all the robust coding tools? There aren't any.
which may indicate that the source of information and insight in the interview is, um, insane.
Like I said a gazillion words ago, I don't have as many problems with his arguments as I do with the methodology that he uses to form them. Go read. I've said too much already.
Aaron linked to this incredibly bad ass evaluation of the warblogger clusterfuck so perfectly composed that I almost feel sorry for the poor stupid bastards. Wait. No. I definitely do not but I feel less like dispatching an assassination squad of ninjas or supercows to eliminate anything remotely related to blogspot. It's worth your five (or so) minutes and if the first few paragraphs don't make you hurt yourself with laughter you should consider growing a sense of humor.
This is sort of a note to myself to go back and fully read/follow all the links out of a couple of news items I don't have enough time to dig into before work. Given my recent work climate I won't have time there either so it'll have to wait until I'm home again twelve or so hours from now with no retrievable memory of what I did in the morning. In this sense my great big vanity perl script is a nice substitute for the kind of short term memory allowed by more leisure time and/or sufficient quantities of sleep. Neither are going to happen any time before xmas (I'm guessing) so FORWARD...
Is circumventing circumvention laws a violation of the DMCA? Are kernel hackers turning into freemasons with secretive rites and strange "affix sticker here to claim your prize" click throughs? Here's an explanation of sorts at the Register of the weird methods that have become necessary due to the recent rash of DMCA enforcements. The Free World is a demonstration of how one might do this and also a right here and now source of intellectual contraband. Like I said I need to actually read all this stuff and look into the files they offer...wait, I didn't say that. I will remain where I am and make an oath of fealty to Walt Disney and his Magic Kingdom.
Of course the really fun part is that everyone gets to play spy:
So what's all this got to do with Red Hat? Well, non-qualifying people, we can't exactly tell you that. But when we asked Red Hat about it we got an official comment which at least partially explains it: "RHSA-2002-158 is an errata kernel which addresses certain security vulnerabilities. Quite simply, these vulnerabilities were discovered and documented by ppl outside of the US, and due to the Digital Millenium Copyright Act legislation in the US, it is potentially dangerous to disclose any information on security vulnerabilities, which may also be used in order to circumvent digital security - i.e. computer security. For this reason, RH cannot publish this security information, as it is not available from the community in the first instance. The www.thefreeworld.net site allows for accessing this information, but requires you agree to terms which protect the author and documenter of the patches from being accusations that they themselves have breached DMCA."
I seldom read reviews of any Linux distribution that use terms like "rectal itch" but you can see that one and many more in Dennis E. Powell's review of SuSE 8.1. It's largely a commentary on how lousy the "upgrade from a prior installation" option is. Generally this shiny candy-like that promises to make life easy again doesn't work very well. As a former user of that very green and blobular distribution I can totally sympathize with this lament. Rectal itch and GRUB? Really? Still, the installer/upgrader is a pushy bastard that will do whatever it thinks is best for you (sort of how Yoon gives haircuts - she asks but in the end gives you what she thinks you need) and never ever pauses for a confirmation. Those German bastards...
I'm only a little late for my descent back into the pit of broken dreams and unbootable machines. I need a long vacation that involves punching anyone who tries to speak to me.
So, only a day or so after I whined about the Taiwanese flag being excluded via the now inaccesible bug report that said the flag was a bug RedHat decided to take all of the flags out of kdebase. Great. Fine. Go read the news story over at Newsforge. I need sleep and a big steaming mug of shut the hell up.
If you ever want to really wear yourself out try rebuilding three different boxes that all exhibit the symptoms of faulty components (two motherboards and a stick of RAM), somehow corrupting the user's pst files, troubleshooting all sorts of network problems including a dhcp lease that returns from the netherworld with the stubborn persistence of Jason Voorhees, and in the end solving none of the reported problems. One help call, one office, and nearly four hours. Fuck that. The combination of cheap boxes and Windows 2000 is like ammonia and bleach except that it doesn't kill the users which in this case would benefit us all. I'm a little cranky.
If you're a Gentoo disciple either current or aspiring go check out Gentoo User. It looks like few of the hordes of folks claiming to be l33t Gentoo fans are visiting. It's nice to see some community forming around Gentoo since it's the coolest new project in the past couple of years.
Open Source Streaming Alliance is a cool new project although I seriously had to convert the html to text in order to read any of the content. The ice cream parlor color scheme is just too painful to endure.
The Open Source Streaming Alliance is extension of the networking paradigm with one crucial addition: it transcends the current only-for-profit context, allowing experimental, independent media and arts centers to catch up with the need to stream content creation and distribution. It thereby gives voice to diversity and facilitates global accessibility for all.
I just wish it was readable and I really want toffee ice cream right now.
Too tired to think. Must sleep. Help me.
I'm probably waaaay more of an idealist than most of the open source crowd and maybe even more than some of the free software crowd (which I most often identify myself with) but I fucking despise stuff like this Newsforge editorial that half assedly dismisses any sort of political motivations in free software although Roblimo seems to be pointing most explicitly at boycotts and things that are external to operating systems.
While I'm going to agree with him on this one that boycotts don't really work I'll do it on a different premise. I think boycotts are often ineffective because it's never really clear when they end. Can I eat table grapes yet? I dunno and I just avoid grapes altogether. The idea behind a boycott is to influence a body/business to change some aspect of their practice by exerting economic pressure on it. We usually hear about consumer boycotts but there are other more specific types that I don't have the patience to detail here. Regardless of unnecessary rambling, consumer boycotts may or may not work. I mean there needs to be some carrot on the end of the stick for entities that exist entirely for the sake of pleasing the stockholders. Economic tactics are great but at some point the carrot has to swing around when x unethical/inhuman/just plain annoying practices cease. Maybe there's some boycott loop that I (along with a goodly chunk of my fellow dwellers of this partition of North America) am completely out of.
Rather than assuming that table grapes or Nestle or whatever has stopped doing whatever particularly nefarious activity marked them in infamy I just maintain a mental anti-shopping list of things that are sketchy and that I should probably avoid. RedHat has been on that inverted shopping list for a long time. Every time I start to relax my distrust of RH they pull something really stupid and slide right down into the hosts.deny section of my brain. That generalized distrust will probably never go away. This matters fuck all to the folks involved with RH because hey they're the big boys and if I want to use their distribution I don't need to buy anything - I'll just download that shit and install it. But I don't even though that would be a thousand times easier than the creepy dance around the mainstream of the counter cultural that leaves me without a functional printer (the drivers work for RH) and a confused look when I answer "No" to the inevitable "So, Linux, you must use RedHat" question. At this point it's almost too confusing to try to explain to people who aren't acquainted with the sometimes obfuscated inner workings of free software. I long for the simple (read: lies) explanations of my vegan years: Oh, I'm allergic. I'm allergic to awkward explanations and making people feel like shit because they don't understand the small and claustrophobic world that my head lives in most of the time.
Boycotting Red Hat isn't a viable option really. They don't have the traditional consumer base. Most of the consumer types who use RH do exactly what I said I'd do - download and install without ever really rubbing elbows with the powers that be. If you're bothered by the exclusion of the Taiwanese flag in order to court the Chinese market then you need to let people at Red Hat know directly. The dollar as a vote metaphor is severely mangled when you're dealing with the trade of common property (meaning GPLed software). This doesn't mean ranting on lists about how R$H sux0rs either. Figure out exactly what it is that bothers you and approach RH directly. While they may be big guns in the (tiny) world of Linux they aren't large enough to ignore people who spend their money or enhance their mindshare. Even without the more traditional threat of "I will not buy your product unless i" there is a lot more than the shoulder shrugging that Roblimo suggests. That said I don't think that RedHat is an evil corporation that needs to be driven out of business by bearded hackers with torches and spears but they also need to be called on their shit. Just letting it go and letting freedom (from responsibility or the feeling that you're connected with something slightly larger than a pool of software free or not) ring, as Robin suggests:
Open Source software is essentially seditious in that it gives control to the individual user, not to the vendor or a government. I notice that all the anti-China, anti-Red Hat yowlers point to places in the code where the Taiwanese flag has been removed to make Red Hat acceptable to the People's Republic of China. Don't they realize that there are plenty of computer-hip Chinese who will see this code and realize that their government needs to change? Isn't it just barely possible that Red Hat's action will cause some of the new generation of Chinese officials to feel a little shame, to change their attitude if not in big ways today, then in subtle ways over the years?
sounds and is a pretty lazy way to deal with this issue whether it matters to you or not. Emphasis is mine like it always is.