Paul Starzetz has found a serious bug in Linux kernels. By exploiting the vulnerability local attackers could gain root privilege. All recent Linux kernels affected. The bug has already been corrected in recent released 2.4.29-rc1 Linux kernel.
Local Root Exploit on 2.4/2.6 Linux Kernels
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
So why is a package manager a requirement for getting anything even approaching a usable system ?
The package manager is the solution to the dependancies problem. It is also a solution to the Windows-bundle-everything-bloatware problem. Why don’t you have dependancies in Windows? Because everything is already installed. If you install Debian and all eight CDs worth of packages, you probably won’t have any dependancy problems either.
The vast majority of Linux users at this point in time probably don’t consider having the trundle off to a half dozen different websites to cobble together a bunch of RPMs a “dependency problem”, either.
Well, I’m not going to make vague assumptions about the “vast majority of Linux users” but personally I’d see that as a huge problem. Thats why I use Debian. No problems.
In fact, all I’m trying to “insinuate” is that if the program you want – and often the *exact version* you want – is *not* in one of the distro’s repositories, chances are very high that acquiring a working copy of the program is going to be a long, painful and frustrating process.
Explain this to me some more. If I get a Windows program, I get whatever the distributor felt necessary to give me. The “exact version” that you are so worried about? Forget it! Most of the time only the latest release is available, and you have to pay for it. If these companies were releasing software updates every few days and didn’t package them properly for you, you’d have a MUCH harder time installing them on Windows than you would on GNU/Linux. On GNU/Linux compiling from source is easy. Windows? Not so much.
Basically what it comes down to is you are stuck with whatever the distributor gives you – that is true of Windows, GNU/Linux, the BSDs, SkyOS, etc etc down the line. It just so happens that most of the Windows packages you get include all the dependancies with the package because there is no way to resolve the dependancies otherwise. On GNU/Linux the dependancies don’t have to come with the program because:
1) You may already have them installed and it’d be a waste
2) You may want to install them yourself, your way
3) You may want to get a later version than is already packaged with the program
4) With package managers such as apt installing dependancies is dead easy (and automatic, for that matter)
Package management is, hands down, better than binaries that come bundled with everything the program could ever think it needs (can you say bloatware?).
Months you say ? I haven’t had a dependency problem in Windows for four or five *years*.
So Windows is older. Your point? GNU/Linux hadn’t yet evolved a good way to take care of it four or five years ago. Now, however, they have. Your point is moot. What was true four or five years ago makes not a penny of difference now that such good package managers are in place.
The important issue is not whether there are thousands of applications available, the important issue is whether or not the application – along with the obligatory half dozen plugins (and their dependencies) – the end user wants (because that’s the one all the k3wl d00ds on #linux told him to use) is available.
By your logic, Windows is absolutely useless. Fully half the programs I use don’t have Windows versions. I’d be screwed if I moved back to Windows.
Of coures, that isn’t the truth. The truth is that its important to have an application that does the job – even if its not the exact application you want. Unless, of course, you are starting to get religious about it in which case you can take that bollocks away from here because noone wants it and it makes you as bad as the so-called “zealots” you proclaim are running amok. Me, I use the program that does the job.
Then comes the issue of whether or not it’s the latest version. Which is inevitably what you need to do what you want to do.
Because we all know you can get the very latest version on Windows… oh, wait… no, you can’t. The “very latest” version is usually released source only. Windows won’t build that without a LOT of effort. GNU/Linux will. Whenever the company (or person) that released the program gets around to packaging it they’ll likely do it for GNU/Linux before Windows (unless, of course, the app is meant for Windows and just happens to run on GNU/Linux too). Once that happens, you can install it fine with your package manager.
I wasn’t planning on replying to your entire post. I was just going to reply to the last line about a package manager and let it be. Then I saw how thin your arguments actually were and I changed my mind. I’m sorry, but none of your arguments actually have any merit. If you have a problem with GNU/Linux then don’t use it, but don’t go around telling people (like me) who haven’t had any problems that GNU/Linux is full of problems. After all, we know from experience that you are wrong so no matter how intelligently you argue your point (which, in this case, wasn’t all that intelligently) we’ll still know you are wrong.
I think what you mean here is that Linux has a greater availability of alternative modules.
No, I mean it is more modular. Pay attention.
Months you say ? I haven’t had a dependency problem in Windows for four or five *years*.
You said that dependencies are frequent, therefore signifying that this is a *current* problem. I’m saying it isn’t. Who cares if Windows solved its dependency problems earlier? It got a GUI before Linux did, too! That’s entirely besides the point.
You made a false statement and I called you on it. Linux dependency problems are gone with modern distros, deal with it and don’t try to change the subject.
Quantity != quality, as the Mac advocates were so fond of saying.
I agree. However the repositories have both, and since the packagers listen to what programs users want (usually from forums and mailing lists), popular apps are always in there.
The important issue is not whether there are thousands of applications available, the important issue is whether or not the application – along with the obligatory half dozen plugins (and their dependencies) – the end user wants (because that’s the one all the k3wl d00ds on #linux told him to use) is available.
Indeed – which is why the repositories not only have lots of apps, all the best apps are in there pretty much as soon as the buzz about them spreads through the Internet. Don’t worry: if the app is vaunted by cool Linux dudes, then chances are it’s already there to be downloaded.
You make a good point, unfortunately it does your argument no good because it is based on the assumption that the repositories have quantity but no quality, while they have both.
Then comes the issue of whether or not it’s the latest version. Which is inevitably what you need to do what you want to do.
Get out of the Windows mindset a second, and consider this: the latest version is not always the best one. It may be buggy, not optimized, unstable. You don’t need the most recent version all that much – Joe Sixpack sure doesn’t (since we are nominally talking about ease of use, here).
Distro usually have “stable” and “testing” releases (i.e. Mandrake has cooker, Debian has unstable, etc.). If you want all the latest versions, that’s where you go. But if you have an addiction to the “latest’n’greatest”, that’s your own problem – it doesn’t in any way invalidate a very efficient, modular and straightforward method of managing installed software.
Not to mention the complete and utter chaos you can inadvertently cause by installing stuff outside the control of the package manager.
…like what happens in Windows when you install all kinds of shareware?
Thing you still haven’t understood, though, is that there are very few instances where you’ll need to install stuff outside of the package manager. With commercial packages (for example, installing Codeweaver’s Crossover Office), you get uninstallers. With tarballs, you can use little programs such as checkinstall to easily make rpms or debs with the compiled binaries.
I’m not even going to touch autopackage, which is like an InstallShield on steroids, and which can easily be used within a package-using distro such as Mandrake, SuSE or Debian.
In fact, all I’m trying to “insinuate” is that if the program you want – and often the *exact version* you want – is *not* in one of the distro’s repositories, chances are very high that acquiring a working copy of the program is going to be a long, painful and frustrating process.
And I’m saying that this is an unlikely scenario, because usually if it’s not available for your distro, it’s either unmaintained (i.e. dead) or not very good.
Of course, when making such hypothetical scenarios, one can argue all sorts of thing. I myself prefer Final Cut Pro to Adobe Premiere. Should I then say that Windows is crap because it doesn’t allow me to install that very program I want, even though there are workable alternatives?
But even then, when you there’s an app you really want but all you have is the tarball, you can still easily integrate it with a package management system with such aforementioned tool as checkinstall. So, really, I fail to see any weight in your argument.
The vast majority of Linux users at this point in time probably don’t consider having the trundle off to a half dozen different websites to cobble together a bunch of RPMs a “dependency problem”, either.
I guess you have no idea how modern distros deal with package management, do you? You don’t trundle half a dozen different websites (that’s what you do with Windows, silly). You fire up a single app, check the programs you want to install/update, and press Install. There’s even less manual operations per program installed than with Windows.
Again, normal Linux users don’t need to go outside repositories, because all the apps they might want but for commercial ones are available there – and commercial apps come with their own installers.
So why is a package manager a requirement for getting anything even approaching a usable system ?
Simply because it is the optimal way to control the software installed on your system.
[i]This is, to a degree, a result of the unix mentality of a system comprising a patchwork quilt of a million and one independently developed and maintained tools. That’s tolerable when you’re dealing with a bunch of text streams and users who are programmers, or the platform is largely single-source (eg: BSDs, Solaris). It doesn’t cut it when you’re trying to present a coherent, consistent interface to ignorant end users. [i/]
For the target group you described a coherent,consistent interface to ignorant end-users is a pre.However i think it isn’t right to talk about Linux as if there aren’t distributions.I would rather see MS to be more cautious and aware of their target group with their so called professional versions.The only difference between XP home edition and Professional are the admin tools,and more specific ways of tuning the system acl structure.For the rest it’s just a home edition with all the “hand holding”
of the home edition.
While cvs and subversion aren’t perfect i find it hard to believe that the developers of MS all work in the same building,they could use a form of versioning system quite similar to the mentioned above as well.
[i]That doesn’t happen on Linux because each and every distro has a different idea of what should be standard, where it should go and who should use it. More importantly, it’s difficult for application developers to include simple ways (either automated or with instructions) for end users to update and/or install any missing components, due to the practically guaranteed disaster of cascading dependencies.[i/]
One thing the serious distros agree on is good package management.Let’s have a quick view on several of them.Mandrake has a large repository when you have added the additional plf and contrib repository.Without them you wouldn’t be able to rip and edit encrypted music and dvd’s for example,libdvdcss for instance isn’t included.
Enter this as root gives you the whole deal.However i agree this might be to much (work) for the average client,that’s why there are sites like easy urpmi.Few clicks and you have something like:
urpmi.addmedia –update updates ftp://ftp.gwdg.de/pub/linux/mandrakelinux/official/updates/10.1/ma… with media_info/hdlist.cz
urpmi.addmedia plf ftp://ftp.free.fr/pub/Distributions_Linux/plf/mandrake/10.1 with hdlist.cz
urpmi.addmedia main ftp://ftp.gwdg.de/pub/linux/mandrakelinux/official/10.1/i586/media… with media_info/hdlist.cz
urpmi.addmedia contrib ftp://ftp.gwdg.de/pub/linux/mandrakelinux/official/10.1/i586/media… with media_info/hdlist.cz
urpmi.addmedia jpackage ftp://ftp.gwdg.de/pub/linux/mandrakelinux/official/10.1/i586/media… with media_info/hdlist.cz
(when entered as root on the cmd it adds as said the whole deal)
Debian has a extremely large package repository.Wheras i had to add some additional repositories on mandrake for the less common tools on Mandrake it nearly all (legal ) come with it all on Debian.Debian hasn’t had a reputation for being holding your hand,but lately they improved a lot with their new installer with which it is a breeze to install their Distro on your PC, even for the mentally challenged among us.Debian has a dpkg front-end called synaptic.Whereas you normally install Debian packages with “dpkg –install X.deb” or “wajig rpm2deb X.rpm” and than “dpkg –install X.deb”, you have synaptic as a GUI interface to it quite similar to the Windows controlpanel/software interface,only significant more advanced.That is necesary because the serious distributions come with sometimes with over 8000 applications with intertwined dependencies.I can assure you if you stick to what’s officially in either the Mandrake or Debian repository your system will at least run as long as on any platform.Some are adventurous or simply want that specific package which was declared unstable in the first place and spread the bleh bleh around because the package screwed something up.
On FreeBSD it’s even easier to upgrade your sytem.While FreeBSD doesn’t have a GUI interface yet such as synaptic you can (should ) do the following:
————————
Update with portupgrade:
————————
1)cvsup -L 2 -g /etc/cvsup.ports
in cvsup.ports you could have:
————————————–
*default host=cvsup5.de.FreeBSD.org
*default base=/usr
*default prefix=/usr
*default release=cvs tag=.
*default compress #compress data,slow lines etc.
ports-all
—————————————
2) with portsdb -ufU the ports database gets updated
3) portversion -l shows all upgradable ports
4) last but not least portupgrade -arR upgrades all upgradable packages or portupgrade -rR for selected packages/programs
another scenario:installing new programs
1)see above
2)see above
3)You can have a look at the Makefiles for some additional options in /usr/ports/serie/programm
4)portupgrade -NRr serie/programm installs the program
http://www.newscientist.com/article.ns?id=dn6862
The package manager is the solution to the dependancies problem.
No, it’s a band-aid over the dependencies problem. The real dependencies problem is that there’s a dependencies problem at all.
It is also a solution to the Windows-bundle-everything-bloatware problem.
Storage costs are down around, what, US$0.40 per *gigabyte* ? Personally I’m more than happy to sacrifice a few cents worth of disk space to make it a non-problem.
Why don’t you have dependancies in Windows?
Because the default system includes well known, featureful libraries, modules and functionality and there’s strong ethos of backwards and forwards compatibility and not reinventing the wheel amongst Windows developers.
Because everything is already installed. If you install Debian and all eight CDs worth of packages, you probably won’t have any dependancy problems either.
Heh, and you complain about “bloat” in Windows.
Explain this to me some more. If I get a Windows program, I get whatever the distributor felt necessary to give me. The “exact version” that you are so worried about? Forget it!
The “exact version” problem exists in Linux because every developer uses different versions of various libraries and relatively minor version changes have a habit of breaking things. So you get the dependency cascade of having to upgrade library “foo” from version 1.2.3 to 1.2.5 so that the latest version of program “bar” runs. Unfortunately upgrading “foo” also requires upgrading a half dozen other programs that rely on it since they break with version 1.2.5 instead of version 1.2.3.
If these companies were releasing software updates every few days and didn’t package them properly for you, you’d have a MUCH harder time installing them on Windows than you would on GNU/Linux.
Well, y’see, that’s half the fucking problem.
On GNU/Linux compiling from source is easy. Windows? Not so much.
s/Not so much/Completely unnecessary/
It just so happens that most of the Windows packages you get include all the dependancies with the package because there is no way to resolve the dependancies otherwise.
Yes, I know. The sooner the Linux community figures this out, the better.
Package management is, hands down, better than binaries that come bundled with everything the program could ever think it needs (can you say bloatware?).
I’m more than willing to sacrifice a few hundred MB of dirt-cheap disk space so I don’t have to even *think* about the words “package management”.
So Windows is older. Your point?
Depdendency issues are still a problem on Linux. They aren’t on Windows. My point was in the first post I made.
GNU/Linux hadn’t yet evolved a good way to take care of it four or five years ago. Now, however, they have. Your point is moot.
No, they’ve evolved a bandaid to slap over the problem.
What was true four or five years ago makes not a penny of difference now that such good package managers are in place.
The Linux community has been talking about “good package managers” for years now.
No, I mean it is more modular. Pay attention.
And your evidence for this is…?
You said that dependencies are frequent, therefore signifying that this is a *current* problem. I’m saying it isn’t. Who cares if Windows solved its dependency problems earlier? It got a GUI before Linux did, too! That’s entirely besides the point.
It’s still a current problem. If *you*, a knowledgable and experienced user, have had dependency problems in the last six months, it’s a current problem.
You made a false statement and I called you on it. Linux dependency problems are gone with modern distros, deal with it and don’t try to change the subject.
What’s a “modern distro” ? Release in the last six months ? Released in the last 3 months ? Released yesterday ?
The Linux community has been saying dependency problems have been fixed “as long as you have a modern distro” for years now.
Get out of the Windows mindset a second, and consider this: the latest version is not always the best one.
You’ve got your reasoning completely arse-about-face there. The “must have the latest version” syndrome is a Linux affliction, not a Windows one. There’s a hell of a lot more people out there using Windows 98 than there are RedHat 5.x.
It may be buggy, not optimized, unstable. You don’t need the most recent version all that much – Joe Sixpack sure doesn’t (since we are nominally talking about ease of use, here).
Well, actually, you usually do need the latest version because of the “release early, release often” ethos of OSS developers. So you end up with boatloads of minor point release chock full of annoying bugs that are constantly getting fixed and updated. Inevitably, every couple of minor revisions of program A some bright spark builds it with a dependency on the latest version of lib B, which then requires upgrading lib B on the end user’s machine so they can use the latest version of program A. Upgrading lib B on the user’s machine triggers the typical dependency cascade, requiring similar upgrades of all the programs that depend on lib B.
…like what happens in Windows when you install all kinds of shareware?
Maybe 8 – 10 years ago.
Thing you still haven’t understood, though, is that there are very few instances where you’ll need to install stuff outside of the package manager. With commercial packages (for example, installing Codeweaver’s Crossover Office), you get uninstallers. With tarballs, you can use little programs such as checkinstall to easily make rpms or debs with the compiled binaries.
Right. So the end user to stuff around making an installable package to install some program in such a way as to not hose their system.
This would be funny if you weren’t actually serious.
So, really, I fail to see any weight in your argument.
Hey, when you’re so used to doing things the hard way it’s become second nature, you probably wouldn’t.
Simply because it is the optimal way to control the software installed on your system.
No, it’s a crutch to hold up the deeper problems of an unstable, inconsistent, fragmented platform. OS X is a hell of a lot closer to the “optimum way” of dealing with application [de]installation than any package manager is.
For the rest it’s just a home edition with all the “hand holding” of the home edition.
Which particular bits of “hand holding” are bothering you that you can’t turn off ?
Few clicks and you have something like: […]
I think this pretty much speaks for itself, really.
Maybe I’m being too subtle in trying to get my point across. The whole concept of “package management” is broken. It simply shouldn’t exist. It’s a needless hack to work around the way the platform can’t standardise and developers don’t care about making things trivially easy and unintrusive to the user. Applications should be distributed – and be easily *re*distributable – in self-contained packages that include any and all non-standard depdendencies.
4) last but not least portupgrade -arR […]
FYI the -rR is redundant. If you have -a you’re going to update all updateable ports anyway, so there’s no need to specify upwards and downwards recursion.
“No, it’s a band-aid over the dependencies problem. The real dependencies problem is that there’s a dependencies problem at all.”
Oh, I see, your way to “resolve” this is to do it the windows way… Every bloody application installs the same god damned dll’s over and over and over and over again. And when said librarys cause problems how the hell do you make *really* sure you’ve got all those copys patched and fixed? hmm? Remember slammer? What caused the wide spread of it? -The static integration of a specific sql engine in various applications whose users had no fricking idea that they were vulnerable.
“Storage costs are down around, what, US$0.40 per *gigabyte* ? Personally I’m more than happy to sacrifice a few cents worth of disk space to make it a non-problem.”
As I said above you moronic approach creates a *lot* more problems than it solves.
“Beause the default system includes well known, featureful libraries, modules and functionality and there’s strong ethos of backwards and forwards compatibility and not reinventing the wheel amongst Windows developers.”
Or perhaps that they have all given upp on dynamic librarys because on windows it’s broken like everything else.
“The “exact version” problem exists in Linux because every developer uses different versions of various libraries and relatively minor version changes have a habit of breaking things. So you get the dependency cascade of having to upgrade library “foo” from version 1.2.3 to 1.2.5 so that the latest version of program “bar” runs. Unfortunately upgrading “foo” also requires upgrading a half dozen other programs that rely on it since they break with version 1.2.5 instead of version 1.2.3.”
This only means that somone made a mistake and has nothing with the concept as such to do. If it ever happens that an application complains about a missing library like libblabla.so.1.2.3 when you have a libblabla.so.1.2.4 it means that the programmer screwed up and linked against the specific library file, instead of the symlink libblabla.so. Usually this can be fixed by somethis as mundane as a simple symlink called libblabla.so.1.2.3 that points to the correct file. It has *nothing* to do with the system, and it very seldom in my experience has anything to do with any real incompabilities to do, as such minor releases should be binary compatible. Of course there are examples where this isn’t true, but of course every frickin POS windows shareware works perfectly all the time, right?
“No, they’ve evolved a bandaid to slap over the problem.”
You speak of band-aid.. what a joke, lmfao.. As redistributing the same files over and over and over again because the system is too fucked up to be able to keep track of what’s really installed wasn’t the definition of a half-assed baind-aid. If I were to describe it in medical terms I’d diagnose it like trying to heal broken bones with asprin.
Just face it. Everything that comes out of Redmond isn’t good, just because you’ve been brainwashed to belive it..
And your evidence for this is…?
Come on, show some good faith, here. The fact that I can replace parts of all of the OS by updating/changing packages is a good indication of its modular nature.
It’s still a current problem. If *you*, a knowledgable and experienced user, have had dependency problems in the last six months, it’s a current problem.
I had a small problems months ago because I wanted to revert to a previous versions of a large number of system packages, something which users don’t usually. This is definitely outside the realm of “normal” computing, and something that you can’t even do in Windows btw. I was able to pull it off without too much trouble, but I did have to hunt for a few dependencies.
For the regular user, however, this situation would have never happened. So I’m quite confident to say that the dependency problem in Linux has been dealt with, despite your awkward logical leaps.
What’s a “modern distro” ? Release in the last six months ? Released in the last 3 months ? Released yesterday ?
I would say the last year, definitely. Note that, prior to my self-made dependency problem I had a few months ago, it had been a while since I’d had one.
I’m sorry, but you’ll have to find another issue to troll about.
The Linux community has been saying dependency problems have been fixed “as long as you have a modern distro” for years now.
And your evidence for this is…?
You’ve got your reasoning completely arse-about-face there. The “must have the latest version” syndrome is a Linux affliction, not a Windows one.
Well, it’s obviously your affliction, because you’re the one talking about needing to install the “absolute latest version”.
Gee, way to shoot yourself in the foot here.
I have two linux PCs at home. One runs a cookerized Mandrake 10.1 (mostly for KDE packages). The other runs 9.1. I have one to play around on, the other for reliability.
I think the “absolute latest version” obsession is mostly a geek thing, whether its Windows geeks or Linux geeks. In any case it is quite irrelevant since one can get stable or unstable versions of most modern Linux distros. Whether you like stability or experimentation, Linux has it.
Well, actually, you usually do need the latest version because of the “release early, release often” ethos of OSS developers.
That’s the ethos of developers, not users. Users will usually stick with the version that’s on their stable Linux distro. Your argument is based on false premises.
Inevitably, every couple of minor revisions of program A some bright spark builds it with a dependency on the latest version of lib B, which then requires upgrading lib B on the end user’s machine so they can use the latest version of program A. Upgrading lib B on the user’s machine triggers the typical dependency cascade, requiring similar upgrades of all the programs that depend on lib B.
You obviously haven’t used a Linux packagement system in a while. This is all done automatically. New software A requires upgraded lib B, which forces an upgrade on software C? Selecting A in the package manager will automatically select B and C (after asking for confirmation, of course). Click (package A), click (to confirm installation of package + all dependencies), click (when you’re done selecting new software to install) and all packages are automagically installed. If one of them is unavailable for some reason, then the installation is aborted before you can fsck up your system.
As I said, you’d be find another horse to ride on – this one’s quite dead.
“…like what happens in Windows when you install all kinds of shareware?”
Maybe 8 – 10 years ago.
Uh, try “last week”? Not all software comes with its InstallShield wizard, you know. Some have their own less-than-perfect installers, and not all installed apps end up in the Add/Remove Software panel (Windows sorry excuse for software management).
Eight to ten years ago…sheesh! Talk about burying your head in the sand!
Right. So the end user to stuff around making an installable package to install some program in such a way as to not hose their system.
A grammatically correct sentence would be nice here. I’d respond to it but I have no idea what you’re trying to say.
By the way, you don’t “hose” your system when installing tarballs. You just don’t have a convenient, centralized way to manage it later on (i.e. remove it or replace it).
This would be funny if you weren’t actually serious.
What’s the matter are you already out of arguments?
As I’ve said before, normal end users will never have to compile from tarballs – everything they’ll need will be in the repositories. However, if you do need to install from a tarball, checkinstall will help you manage the compiled program as any other package, so you can update it or uninstall it easily.
Hey, when you’re so used to doing things the hard way it’s become second nature, you probably wouldn’t.
Software management is easier, faster and safer under Mandrake Linux than under Windows. Now stop trying to characterize me for something I’m not. Part of my job entails designing UIs for kid’s games – i.e. making things very, very simple to understand.
Let’s keep this discussion civil and we’ll all be better from it.
No, it’s a crutch to hold up the deeper problems of an unstable, inconsistent, fragmented platform. OS X is a hell of a lot closer to the “optimum way” of dealing with application [de]installation than any package manager is.
Except if a vulnerability crops up in a library that is included in a dozen different installed apps – then you need to update all apps instead of just updating the library. It’s also not optimal if you want to do a global upgrade of several dozen apps at once (i.e. like doing a complete upgrade from Mandrake 10.0 to 10.1 without ever downloading the CD isos…)
I do agree, however, that OS X’s software management is much better than Windows’. 🙂
[Preston St. Pierre]
> What are you trying to accomplish? Are you
> trying to tell us that all applications should
> write things from the ground up and not make use
> of any libraries?
No, not at all! Libraries are the basic means of “not reinventing the wheel”. But so they are in Windows. If Linux has its glibc lying around as a component for all applications to use, why shouldn’t Windows have Internet Explorer lying around as a component for all applications to use? (read: those apps that need a browser engine).
That’s what I’m trying to say. Both systems offer a reusable component to applications, for the same reasons, but for no obvious reason this is labeled technical superiority in Linux and bad-ass corporate politics in Windows.
… oh, and I don’t mean that you did, but there are people here who do label it that way.
The difference is that in linux you can pick and chose the way you want it, while in windows you are stuck with what microsoft thinks you should use. Case in point: I have seen IE beeing compaired to khtml.
Well, you can – belive it or not – choose whether you want to use khtml *or* gecko as your redering engine, even if you are a KDE user.. When are we going to see that happen in windows….? Heck, in windows you even have a hard time making the system respect your settings for default applications, unless it’s another microsoft application. In KDE I can set my mail program pretty easily to mutt, and it stays that way, while windows take every opportunity to shove its crappy default applications – which cannot be removed despite that they are just another rendering engine/media player/mail client – in your face.
Oh, I see, your way to “resolve” this is to do it the windows way…
No, the OS X way.
Every bloody application installs the same god damned dll’s over and over and over and over again.
No, it keeps a local copy of any *non-standard* shared libraries it needs with it.
And when said librarys cause problems how the hell do you make *really* sure you’ve got all those copys patched and fixed?
Because the only libraries that aren’t system-wide – ie: a single copy in one place – are the ones provided by the software developer. So patching that is their responsibility.
hmm? Remember slammer? What caused the wide spread of it? -The static integration of a specific sql engine in various applications whose users had no fricking idea that they were vulnerable.
That’s a rather different scenario.
As I said above you moronic approach creates a *lot* more problems than it solves.
Such as? You’ve listed nothing but non-problems thus far.
Certainly the current practices in Linux have caused at least as many problems as they have solved.
Or perhaps that they have all given upp on dynamic librarys because on windows it’s broken like everything else.
You don’t strike me as someone who would be an authority on Windows.
This only means that somone made a mistake and has nothing with the concept as such to do.
True enough, but the problem is there’s a hell of a lot of people out there making “mistakes”. It’s like the “needs Administrator access to run” problems in Windows.
If it ever happens that an application complains about a missing library like libblabla.so.1.2.3 when you have a libblabla.so.1.2.4 it means that the programmer screwed up and linked against the specific library file, instead of the symlink libblabla.so.
Or it means something has changed between library revisions.
It has *nothing* to do with the system, and it very seldom in my experience has anything to do with any real incompabilities to do, as such minor releases should be binary compatible.
A lot of things “should be binary compatible”, but binary compatibility isn’t exactly a high priority in the Linux world.
As redistributing the same files over and over and over again because the system is too fucked up to be able to keep track of what’s really installed wasn’t the definition of a half-assed baind-aid.
Except that’s not what I’m suggesting.
Just face it. Everything that comes out of Redmond isn’t good, just because you’ve been brainwashed to belive it..
I never said it was. If you bother to read what I’m saying before launching off on a zealous ad-hominem you’ll see I’m advocating the *OS X* way of doing things.
The difference is that in linux you can pick and chose the way you want it, while in windows you are stuck with what microsoft thinks you should use.
This is because Windows is targeted at users who *don’t want* to fuck around creating their system from scratch or customising every knob, lever, switch and skin.
Well, you can – belive it or not – choose whether you want to use khtml *or* gecko as your redering engine, even if you are a KDE user.. When are we going to see that happen in windows….?
As soon as someone writes an API compatible IE replacement. Or writes a similar module and convinces all the software developers out there to write to their module as well.
Heck, in windows you even have a hard time making the system respect your settings for default applications, unless it’s another microsoft application. In KDE I can set my mail program pretty easily to mutt, and it stays that way, while windows take every opportunity to shove its crappy default applications – which cannot be removed despite that they are just another rendering engine/media player/mail client – in your face.
It always surprises me how worked up people get because they can’t remove something. Just ignore it, for god’s sake. I never use the cigarette lighter in my car, by I don’t work myself up to bursting a blood vessel because I can’t remove it.
Come on, show some good faith, here. The fact that I can replace parts of all of the OS by updating/changing packages is a good indication of its modular nature.
So, as I noted previously, what you’re *really* saying Linux has a greater availability of alternative modules.
This is definitely outside the realm of “normal” computing, and something that you can’t even do in Windows btw.
Sure you can, as long as the developers have done the right thing and added the necessary information into the Registry and Add/Remove programs.
And your evidence for this is…?
OSNews, Slashdot, Usenet, $TYPICAL_LINUX_FORUM
Well, it’s obviously your affliction, because you’re the one talking about needing to install the “absolute latest version”.
The “absolute latest version” is generally the one needed to get decent, somewhat bug-free operation. It’s the typical response from the Linux community to to “X doesn’t work” – right up there with “RTFM”.
That’s the ethos of developers, not users. Users will usually stick with the version that’s on their stable Linux distro. Your argument is based on false premises.
No, you’re just missing the point. The “release early, release often” philosophy means you end up with lots of half-arsed program released and constant upgrade pressure to get things working properly.
You obviously haven’t used a Linux packagement system in a while.
And again we get the “must have latest version” pressure.
Uh, try “last week”? Not all software comes with its InstallShield wizard, you know. Some have their own less-than-perfect installers, and not all installed apps end up in the Add/Remove Software panel (Windows sorry excuse for software management).
Sounds pretty comparable to compile-it-yourself crap under Linux to me.
A grammatically correct sentence would be nice here. I’d respond to it but I have no idea what you’re trying to say.
So you;re saying the end user has to stuff around making an installable package [using checkinstall] so they can install said package using the package manager, since using the package manager is basically a prerequisite for not inadvertently breaking things.
By the way, you don’t “hose” your system when installing tarballs.
You do if they overwrite some existing binaries or libraries with different, incompatible versions.
What’s the matter are you already out of arguments?
Hey, I’m not the one posting grammar flames and insisting everything is just peachy because the latest version fixes it.
Software management is easier, faster and safer under Mandrake Linux than under Windows.
That’s highly debateable. I’ll agree that if everything works like its supposed to under Mandrake it’s equivalent. But both are inferior to OS X.
Let’s keep this discussion civil and we’ll all be better from it.
Well, I try, but sometimes it’s hard.
Speaking of which, aren’t you just about due for a “but you always have to have the last word” post ?
Except if a vulnerability crops up in a library that is included in a dozen different installed apps – then you need to update all apps instead of just updating the library.
No, because the app installs it centrally the first time it’s run and uses that copy thereafter. As I’ve said, OS X does it best.
OK, so you like the OSX way of managing packages, and others like the Linux/BSD way. Some even like the Windows way.
I don’t understand why you try so hard to tell us why our favorite OS manages packages in the wrong and broken way. If you had something interesting to say then maybe we would listen to you!
“No, it keeps a local copy of any *non-standard* shared libraries it needs with it.”
oh.. and what happens when you have several applications that all use the same “non-standard” libs..? You get muliple copys of the file, just as I said. Bad attempt.
“Because the only libraries that aren’t system-wide – ie: a single copy in one place – are the ones provided by the software developer. So patching that is their responsibility.”
Yep, and how do you get those patches? And in what way is it handier to patch 15 applications than patching 1 lib?
“That’s a rather different scenario.”
In what way? Out of arguments?
“Such as? You’ve listed nothing but non-problems thus far.”
I have listed several real problems, the only one who claims these are no problem are you, without anything to support your claims.. I decide to call this “A troll running out of arguments”.
“Certainly the current practices in Linux have caused at least as many problems as they have solved.”
Yet another bold claim without proof. Troll.
“You don’t strike me as someone who would be an authority on Windows.”
And you strike me as some paid of shill talking out of your ass.
“True enough, but the problem is there’s a hell of a lot of people out there making “mistakes”. It’s like the “needs Administrator access to run” problems in Windows.”
No, it’s not compareable at all. One thing is a simpel linking mistake, the second is a design-flaw.
“Or it means something has changed between library revisions.”
“A lot of things “should be binary compatible”, but binary compatibility isn’t exactly a high priority in the Linux world.”
As I said that *can* happen, even if it shouldn’t. However the instances where I have found this over the years to be the case is very rare indeed, and gives no basis for your implicit statement that this is the rule, or at least very frequent. That’s my experience, you on the other hand brings no proof for you assertion -> You show again what you are.
“Except that’s not what I’m suggesting.”
Of course you are, see above.
“This is because Windows is targeted at users who *don’t want* to fuck around creating their system from scratch or customising every knob, lever, switch and skin.”
What has that to do with anything? Did I ever say the enduser should do this? And besides how is that a problem if it’s possible to do? Just because you *can* doesn’t mean you have to.. Just another non-argument from you.
“As soon as someone writes an API compatible IE replacement. Or writes a similar module and convinces all the software developers out there to write to their module as well.”
Sure. When will we see all the apis?
“It always surprises me how worked up people get because they can’t remove something. Just ignore it, for god’s sake. I never use the cigarette lighter in my car, by I don’t work myself up to bursting a blood vessel because I can’t remove it.”
And what do we have here? Another non-argument that completly sidesteps the issue, and further more brings along another strawman attack.. The issue was that windows does *not* respect your settings unless it’s a ms application. The wish for at complete removal of the offending software stemmed from a wish to totally and forever terminate this obnoxious behaviour.