In putting together a Linux system for Small Office / Home Office users, a number of thing need to be covered slightly differently from the way that Linux has evolved. The choices aren't always made for technical reasons...
Desktop Linux. Two simple words that, like the phrase "Military Intelligence", are considered to be a tired, tired joke: completely incompatible. What is it that gives that impression, and how can the perception be changed?
Firstly, I will describe what I believe the SoHo user needs:
Secondly, these are the things that might get in the way of their ability to "do work":
Out of all of these things, I think my favourites are 2000+ files in the same directory, and interfaces that make it deliberately difficult to do anything.
Having this framework as a guide, it then becomes really quite straightforward to make decisions: provide the above functionality whilst at the same time minimising the potential damage of the problem areas.
I'll outline the decisions that were made, and then offer explanations and justifications (some of which are technical; some are spurious; some are just plain weird).
I realise some of those things need a bit of explanation: please bear with me.
Debian
Redhat is great, I am sure that people who use it love it. From an administrative perspective, however, upgrading software is a royal pain, so you have to stick to "official" releases.
SymphonyOS deal with this issue by simply putting all dependencies for a program into a subdirectory. I chose Debian because apt is a reasonable half-way house between one stupid extreme of RPM not bothering to get its act together, and SymphonyOS taking up stacks more hard drive space than is strictly necessary on the other.
Aside from anything else, I do not wish to be beholden to Redhat for production and generation of RPMs, whereas Debian is community-driven, independent... simple choice, really.
SE/Linux
The choice to use SE/Linux - especially when a number of high profile Debian people have declared that they like SE/Linux "less and less", and that Sarge is presently in freeze is... well... tough. It's got to happen, end of story. It's complete madness to put a SoHo system out there these days which isn't locked down - ESPECIALLY in light of other choices such as not giving users a login or even a password.
I had to add the single "auto-login" user to the printers admin group, for example, and the audio group, and the disks group etc. and if this wasn't an SE/Linux system I'd be very concerned about letting it loose.
SE/Linux is therefore a must.
KDE or Gnome... so... mmmm... KDE!
This is bordering on one of those arbitrary things. I couldn't stand the thought of having two session management daemons and services kicking about, so it was one or the other.
Gnome seemed to be less complete and, its development mostly being done in America, intuitively I dislike it. KDE, being more decentralised and European-based, seems to have better international language support, better underlying design (KParts for program reuse) and consistency (all KDE programs integrate together).
This is one decision where I may have shot myself in the foot: Gnome is known for its "user-friendliness". For example foomatic-gui, the CUPS printing thing, has BIG BUTTONS like "ADD prin'urrr", whereas KDE's Print manager took me TWENTY MINUTES to spot the different design of top menu with the word "Add". That freaked me out, that did.
Gnome also has "HAL" - the hardware abstraction layer - which is designed to fire things up like the camera program when you plug in your USB camera, that sort of thing.
But, at least, with KDE, the level of integration offers consistent user-interfaces with the same functionality behind it... because it IS the same program. Take Kontact as an example: via K-Parts, Kontact fires up KMail, KAddressBook, KNotes etc. and plugs them into one seamless application.
The fact that it looks like Outlook is purely coincidental.
Looking puurdy
This is one area which is of paramount importance, and surprisingly, Superkaramba has come to the rescue. Superkaramba is "eye candy". Staggeringly, it runs python code to manage the front-end, with QT/KDE c++ code at the back-end to actually do things like draw the icon. Even more unbelievabe is that it's FAST. This was something I initially thought, "a scripting language to run a desktop?? not a chance." but not am so impressed with it.
When i first saw the "Kroller" theme (kde-apps.org) operating I began to realise that there might be something to superkaramba.
I've added a number of enhancements to Superkaramba to make the whole system easier to administer, whilst also making the desktop consistent and easy to use.
For example, i tracked down a program "kickermenu" off of kde-apps.org, which is a program to place the KDE Menu "top level" menu options on the Panel bar. I cut off its K Icon (and the "Bookmarks" due to bugs). Then I figured, hey, if "kickermenu" can present the KDE menu options, then dammit so can Superkaramba. Two days later, I had the same menu options on both systems.
The reason for providing "kickermenu" is because 1) you can see the top-level options on a menu bar on the desktop 2) you get a single level of drop-down under them to get to programs. The reason for using the "Kroller" theme is because those same menu options are presented as BIIIG icons.
Why are these two things important?
Well, to answer that question I'd like you to take a few minutes in an experiment. If you are not ambidextrous, and actually use a graphical desktop, please unhook your mouse from whatever tangle it's presently in that you are comfortable with, and place it on the other side of your keyboard. Do not take the mouse mat with you - leave it where it is.
Now, try and operate your computer for the next half hour... with ONLY YOUR INDEX FINGER AND THUMB. sit on your normal-mouse-moving-hand. curl your other three fingers.
I asked my uncle, who is dyslexic and who also at some point had a tendon removed from his arm, to try out my computer. It was fascinating to watch him use a mouse: he would grab, between finger and thumb, the BOTTOM of the mouse, move it over icons, let go of it, and then press buttons.
Now, I don't know about you, but I feel ashamed that there are such tiny icons at the top of scrollbars. This is a machine with a mouse-wheel, and in the end I have to show him what it did, to make his life easier. I WON'T HAVE THAT LUXURY OF BEING ABLE TO TELL SoHo PEOPLE HOW TO USE A MOUSE-WHEEL.
Also, of course, by clicking the button with the mouse loose, the mouse would move. My uncle also would not - at the time - be looking at the screen, he'd be watching where his finger was going. Same with keyboard usage.
Also, the "data entry" cursor (Mozilla, OpenOffice), for his eyes, is pathetically small - and practically invisible. A single pixel wide straight line???
So, big icons on the Kroller theme are absolutely essential. Apple go to extremes on this one: Icons on the OSX desktop are getting to 256x256 which means you can only fit 20 icons at full size on most desktops! Equally, the practice of three-level menus is just... murderously difficult to navigate. Teaching people to navigate a mouse in one direction is just about okay: forcing them to do both X and Y navigation is just ... just.... so not okay.
Disk management
Whoever invented disk mounting and unmounting for removable media should be shot. Whoever decided to propagate that up to user's expectations should be locked in a loony bin and the key given to the other inmates for them to eat.
no, no, no and no.
AutoFS with sync and --timeout of 1 or 2 seconds is an absolute must. Automatic creation of a desktop icon or other visible integration with the desktop is a must. So i managed to track down a script "usbmount" and heavily modified it to write AutoFS config files instead.
Unfortunately, this had quite an impact further up the technical tree. usbmount relies on hotplug. hotplug relies on udev. udev relies on tmpfs in the kernel. tmpfs didn't have support for extended attributes, and SE/Linux relies on having extended attributes. Result: patch to kernel for tmpfs-xattrs, patches to udev, patches to /etc/init.d startup scripts *gibber*, patches to SE/Linux code, patches to SE/Linux policy.
All because of some simple but daft user-driven decision... but that's the way it should BE - not some "oh wouldn't it be cool if i could do this". As technically aware and competent individuals, we have a collective responsibility to take care of people who _don't_ have such knowledge or ability. Otherwise, all this code is just ... so much self-gratification. Serving other people's needs is just... so much more rewarding.
No usernames, no passwords
I mean, no _visible_ usernames, and no passwords given to users. Switch it on, use it. It's an appliance, not an attempt to force unix security down people's throats. SoHo computing needs to be EASY. find document. print it. I wish I could get rid of KWallet, I really do.
This requirement - not burdening the user with passwords and logins - simply reinforces the need for SE/Linux.
Pre-configuration
A lot of KDE comes unconfigured, and yet more of it has to: you can't second-guess the users's Dial-up settings or their POP3 password.
I'm not entirely happy about this, but things like KMail 1.7's "Spam and Anti-Virus" wizards are a GREAT step in the right direction.
Pre-running programs to make sure that the firewall settings are correct.
Filesystem corruption
Closely related to automatic updates, I'm solving this one by setting up an rsync server against which machines can have everything but the home directories restored. Running this from a small boot CD or an "Initial RamDisk" in memory means that the hard drive can be fsck'd, the rsync update run, followed by the SE/Linux file permissions restored - without depending on the hard drive.
Your machine stuffed up cos of a power failure? No problem - boot up in recovery mode.
Well, that's the theory, anyway.
Firewalls and NATs
This one's my favourite, because it's so contentious. No firewall program but Fireflier gives the ability to design firewall rules easily: Fireflier presents popups asking you to create a rule (it'd be better if Fireflier had simpler questions like "allow this connection yes / no"). Most firewall design programs are divorced from the actual packets, making it an absolute "No" for ordinary users.
NATs - network address translation. another joke for ordinary users. It means you can't receive incoming VoIP phone calls, so all SIP-based VoIP programs are out the window. That leaves Skype as the only viable option - a commercial but free program.
Skype was written by the same people who brought you KaZaA. unfortunately, they sold KaZaA to a bunch of dickheads who promptly put spyware in it, giving the original developers a really bad name. If the same thing happens to Skype, well... with the automatic update thing, let's just say we got another good reason for having an SE/Linux policy for the skype binary.
Aside from that, Skype have the right idea: a firewall buster, which routes INCOMING calls down an outgoing connection, not to a server but to a distributed network.
So, all those stupid windows users who don't have a NAT or a firewall, right? YOU get to make use of their stupidity because your encrypted phone call is routed via their computer. ha ha!
... but get this: it's only routed for a while, until a better connection is found. So it can't be tracked by ISPs and Telco's out to wreck Skype's business. Result? Best quality reliable AND simple to use VoIP software in existence.
And it's not open source. So get over it.
Hostile internet attacks
A decision was made not to put any server software on the machine. None. zip. nada. No apache, no samba, no FTP server. The only exceptions to that rule are for practical reasons or arm-twisting choices. For example, it was necessary to obey Debian's rules about having an SMTP server. Postfix had to be the only choice there, configured for local mail delivery only.
Also, I had to place a CUPS server on, and then ensure its configuration left it with localhost access only.
The choice of no server software means that the SE/Linux policy can lock down the machine, so even if people worked out the root password (which they won't get), and installed for example Apache (which they can't do) then it wouldn't work, because SE/Linux would ban access to port 80 amongst other things.
Installation - and preconfiguration - of Spamassassin and Clam/AV is essential. Fortunately, this is Linux, this is OpenOffice, so Windows viruses are just... pointless, and a waste of user's time. But that won't last long.
Here, again, SE/Linux will be able to assist. By placing vulnerable programs into a sandbox where the execution of all but trusted programs is allowed, downloading things off the In'ur'Ne' results in files that the user cannot even _access_ let alone execute, if the download program is even allowed to save them to disk.
There are many options with SE/Linux that make the operation of a computer a complete pain - if you let them. It's a tough call, and the components to help make those choices aren't entirely in place yet. Ultimately, there needs to be a trusted path via the kernel (for things like bluetooth PIN numbers) right through the X-Server (is that popup that asks you for a password REALLY trusted?) to the user applications.
... but that's for the future. Right now, I can't even switch off Mozilla 0.9.3-2.2 from doing read/write access to the user's home directory (mozilla profile excluded obviously) because otherwise it crashes: Mozilla 0.9.3-2.2 assumes too much access rights.
Finding Files
Oh, joy. WinFS (2007) and Cairo (1996) gotta love it, especially when Kimdaba has been under development for over a year, and someone's been working on their PhD for four years doing a Relational database indexing system for file systems _and_ released source code for KDE 3.2.3 to use it (DBFS).
I've SEEN what happens when companies put all files for the past four years into a single directory. Nobody can find JACK and that was on a windows network. It's a joke that it's easier to find stuff on the Internet, using Google, than it is to find files on your own computer.
Hey, maybe I should upload all my personal and confidential business data onto the Internet, and have google FIND it all for me.
yeah.
If dbfs was easily available for KDE 3.3 I'd install it like a shot.
The next step
For Linux? The next step for Linux? to get off the technical high horse and start doing more for ordinary people. Userlinux.com is a step in the right direction. So is Lindows.
Ordinary people don't care about your aspirations and personal moral choices to only use "Free" software, but if it makes you feel any better, some of the stances taken make a big difference - where it matters.
Debian and Apache not supporting the recent patent-encumbered anti-spam measures, forcing the patent holders to consider Royalty-Free Open Source Licensing Shock Horror. Imagine _that_ on the front cover of "The Sun". with bit boobs, too. people in the UK would actually read it because they'd think that the UK's royal family was going to step down en-mass, or something.
For the desktop? The next step for the desktop? MAKE LIFE EASY! LET PEOPLE DO WORK! don't get in their way.
If that means not _having_ a desktop, so be it.
If that means "make it look like a mac", so be it.
If that means "make it look like windows", so be it.
Make people feel comfortable with computers, not afraid of them.
for convenience:
desktop linux
lindows/linspire
kickermenu-1.0
kroller 0.94
DBFS
SE/Linux
Skype
"Redhat is great, I am sure that people who use it love it. From an administrative perspective, however, upgrading software is a royal pain, so you have to stick to "official" releases. [...] Aside from anything else, I do not wish to be beholden to Redhat for production and generation of RPMs, whereas Debian is community-driven, independent... simple choice, reall"
I'm a sorry but, here, I doubt you speak for a "SoHo" user. Most "SoHo" users are happy with MS Windows + MS Office upgraded every 4 years (new computer...). Why would they suddenly want to get the latest trend among geeks? Why would they need the 100000 packages of Debian. Let's face it, most Debian packages are useful to scientist, not to "SoHo" users. And for them, RedHat looks fine. It's even fine for small business, since they offer a real support -- for big business, I do not know exactly how interesting is RedHat support when you already have full time system administrators and home-made software.
"SE/Linux"
Weren't you talking about Desktop System and "SoHo" users? What SE/Linux is doing in this discussion?
"KDE or Gnome... so... mmmm... KDE!"
Mmmm, that's on-topic. Nothing to say about it, though.
"This is one area which is of paramount importance, and surprisingly, Superkaramba"
I have no clue about what Superkaramba may be. Shame on me. That said, apart from very very lazy office employee, from my experience, most "SoHo" users does not even change the default wallpaper of their workstation. So I'm not sure it matters so much too many users.
"Whoever invented disk mounting and unmounting for removable media should be shot. "
When mount appeared, I guess four though guys were required to remove any "removable media" from a computer room. Whatever.
"This requirement - not burdening the user with passwords and logins - simply reinforces the need for SE/Linux."
So you're saying "drop a security model that works for years for a new thing still in experimentation stage" just to avoid some people to get a username?
Whatever, I never found people refusing to use an username/password. Most "office" people (maybe not on very small companies still using Win 95, though) are anyway used to that policy. How fun would it be if it was possible to get access to anybody personal files just by starting up his computer in his office! And nowadays, people have so many password to remember to use websites (you cannot fight that) so they dont hesitate to let their browser remembering passwords. So no username/password at login means... accès to anything (or never letting the browser remember passwords... and having 300 password to remember).
Anyway, it is possible with gdm, probably with kdm too, to get automatically logged-in, like with Windows XP. So... it already exists, but seems only useful for home users.
"as the only viable option - a commercial but free program."
Damn, it's so hard to understand what people are referring too when they do not pay a little attention to words they use
->> http://www.gnu.org/philosophy/words-to-avoid.html
I guess you mean a proprietary but free as beer program...
"A decision was made not to put any server software on the machine. None. zip. nada. No apache"
I wonder what kind of cracker is able to get access into a computer just because of an apache listening only on 127.0.0.1, with a firewall anything dropping request on port 80 not iniated locally. Maybe this cracker exists. But I'm not sure he's interested in cracking "SoHo" users...
"It's got to be Debian. RPMs are a pain". Well RPMs are becoming less and less a pain with the advent of apt4rpm, urpmi, yum and their friends and the rise of RPM repositories for the common distributions. It's hard for me to compare how this is to Debian, but I install most of my software on Mandrake with a simple urpmi command, or a simple rpm command, and usually don't encounter too many problems. The chance of Aunt Tillie needing to install anything outside the standard Mandrake repositories is close to nil, and even more sophisticated users can usually be content with what the distribution offers. Debian has some problems of its own which make it less suitable as a distribution for "SoHo users".
"Either KDE or GNOME... KDE". Well, I like KDE better than GNOME, I admit as well. However, I still use some GNOME apps that I find superior to their KDE equivalents. GIMP is light years ahead of Krita. KIllustrator was pretty decent, but since it was dropped, and we now have the much lamer and bug-prone Karbon, I'm using Dia and Inkscape, and like them. I'm also using Gaim, albeit Kopete shows a lot of promise. I admit that I do use some KDE apps, (kmail, akregator, etc.) but can't imagine my life without the Gtk+/GNOME ones either.
Note that some distributions have tried to minimize the differences between KDE and GNOME by providing a unified Window Manager theme, a unified widgets look, etc. It still doesn't provide a solution for GNOME's Macisms (like the button order) and general user-interface brain-dead-ness, but it's a start.
I'll comment about the other things later.
Whatever, I never found people refusing to use an username/password.
i have. on more than one occasion.
once in an office of 7 people (who used to have windows95 machines with an illegal windows 2000 server with no password on the documents share).
once for my dad's linux system, because a) i wanted to use the machine b) i wanted his wife to have her own documents / email settings.
my aunt and uncle are over 65: both my dad and my uncle are dyslexic. things like logins and passwords are totally alien to them.
if you think "most people" will "accept" passwords and "logins" for a simple home office system, you really are dreaming.
only recently has XP even presented people with the concept of "users", but "most people" don't _have_ XP.
redhat or debian: i think these comments, taken from bruce peren's userlinux white paper say it best:
Build on Debian Base I propose to work with the Debian distribution, integrating our changes directly into Debian, rather than creating a separate distribution.Debian could be the world's largest Free Software project by many metrics. It boasts over 1000 developers all over the world, and 12884 Free Software packages in the official version of their system. The project has responded to over 200,000 bug reports, and keeps its bug database accessible to the public. Debian's dependency system works properly for all of these packages. Dependencies are resolved, and their packages installed, automatically, avoiding the most oft-voiced complaint of Red Hat users. Debian had an automatic, network package feed years before "Red Hat Network", and they have maintained it as a free service to this day. Debian has thought through the entire distribution process over its 10-year existence, resulting in hundreds of pages of developer policy documentation. The recent Debian security compromise was reported and solved in an open and timely manner that has never been duplicated by a commercial Linux distribution. And most important: Debian has a fair and democratic structure, an equal partnership between all participants, and a legal non-profit organization.
and later:
A number of people have suggested that we base the system upon Red Hat 9 so that we can ride upon Red Hat's branding success. Those people underestimate the cost of maintaining a Linux distribution. Debian has already mobilized 1000 people to carry out this task, and has worked out the problems of such a project over a 10-year period. Debian's participation in this project is critical. With them, we are faced with the formidable tasks of mobilizing a global service organization and helping Debian make the relatively small changes necessary to make their distribution more acceptable to enterprise users. Without them, we need to do all of that as well as build an entire (paid) staff to maintain a Linux distribution, and take care of all of the mundane details of the distribution instead of working on the things that directly interest our customers. A top-flight distribution is not maintained by less than two hundred people. Only the Debian organization has succeeded in coming close to the quality and the huge volunteer corps we need.
The chance of Aunt Tillie needing to install anything outside the standard Mandrake repositories is close to nil, and even more sophisticated users can usually be content with what the distribution offers. Debian has some problems of its own which make it less suitable as a distribution for "SoHo users".
i'm _counting_ on the aunt tillies not needing to install anything, going to the extreme of not offering an upgrade or install path (except via rsync updates) _at all_, and locking the machine down with SE/Linux so that even if they _did_ manage to get some executable code onto the computer, it wouldn't run.
the principle is to make an office "appliance" - giving the user, and hostile attackers, the least opportunities to screw up the machine.
a very very different approach from the "technical" one presently enjoyed by unix users.
don't like not having multi-user? buy another machine.
GIMP is light years ahead of Krita.
yes it is: i chose GIMP and mozilla because they do gtk and gconf, but don't have what i would call "full" gnome dependence.
with the recent akademy integration of gecko into kde, i'm looking forward to either removing mozilla or getting proper mozilla<->kde integration.
Anyway, it is possible with gdm, probably with kdm too, to get automatically logged-in, like with Windows XP. So... it already exists, but seems only useful for home users.
yes. jumps straight past the login dialog, right into running kde desktop. love it.
"as the only viable option - a commercial but free program."
Damn, it's so hard to understand what people are referring too when they do not pay a little attention to words they use
->> http://www.gnu.org/philosophy/words-to-avoid.html
apologies. context. you worked it out. hoping others do too :)
I guess you mean a proprietary but free as beer program...
yes: it's proprietary, it's freely available for download, binary only, no source, and you have to agree that your CPU and bandwidth might get utilised as part of the distributed network.
"A decision was made not to put any server software on the machine. None. zip. nada. No apache"
I wonder what kind of cracker is able to get access into a computer just because of an apache listening only on 127.0.0.1, with a firewall anything dropping request on port 80 not iniated locally. Maybe this cracker exists. But I'm not sure he's interested in cracking "SoHo" users...
apache running localhost only serves one purpose: to provide access to documents on a local machine, or maybe to run some cgi scripts.
if documents are accessible locally (http://localhost), then they can be accessed locally, therefore there's no need for apache.
and there's nothing that a SoHo user can gain by running cgi scripts: if they're into that sort of thing, they can get redhat or suse.
i'm after a completely different target market.
Debian has some problems of its own which make it less suitable as a distribution for "SoHo users".
one of the reasons why i write these articles is to solicit feedback from people as to the "gotchas". if you could elaborate on your point here, i would be most grateful: many people may benefit from it (e.g. UserLinux users).
Most "SoHo" users are happy with MS Windows + MS Office upgraded every 4 years (new computer...).[...]
And for them, RedHat looks fine. It's even fine for small business, since they offer a real support -- for big business, I do not know exactly how interesting is RedHat support when you already have full time system administrators and home-made software.
again, i believe that bruce peren's userlinux white paper says it best:
We, the Free Software developers, created this software to empower everyone, and for everyone to share. But today's Enterprise Linux is a lock-in play, designed to draw the customer into expensive subscriptions and single-vendor service. Customers are made to agree not to pass service bulletins on to others. While this is within the letter of the licenses that we crafted for our software, it's outside of their spirit. We have no problem with payment for service, when service is rendered. But the $1000 per year or greater that many customers now pay for their Linux systems goes not for service, but for a brand and the endorsement of a few application providers like Oracle.
The economics of Open Source work worst for commercial Linux distributions. They are attempting to generate profit from a product that they don't own, and to which they can't add much value without departing from the factors that make Linux desirable. This has forced even the best of them to depart from the ethos of Open Source with lock-in plays or pay-per-seat proprietary content. And the worst of them used to be called Caldera.
it's likely that the lock-in plays were recommended to them by their investors, on the basis that "intellectual property makes a company valuable".
being FIRST TO MARKET is more important: being at the right place at the right time is more important.
it's great! i love it! i have taken it into my heart in a special place reserved for really exciting and cool computing technology. i say that in a way that implies i might be joking or that i might not - you'll never know :)
superkaramba is based on karamba, and its API is listed .... mmmm... here: superkaramba 0.31 API. as you can see, you can place, move and resize icons, tooltips, text, clickareas and stuff. there's a means to execute commands, there's a timer-update event, a mouse input and mouse click event, giving you the location of the mouse at the time. also, code from kicker's "systray" manager has been cut/paste into superkaramba.
what i've added to superkaramba is:
- a means to read the standard KDE menu groups and therefore set up icons with tooltips and run commands when you click those icons, but you can run "KMenuEdit", change the menu options and voila it automagically gets pulled into the superkaramba theme.
- intercommunication between "themes" [aka window areas] such that clicking on one "theme" results in a response in another "theme" - e.g. moving the mouse over the clock in the corner [a theme] triggers the main roller bar [another theme] to turn into a task manager, that sort of thing.
the bit that surprises me is how _easy_ it is to develop a useable and cool-looking user interface. it's just... incomprehensible :) linux shouldn't be this good, i must be doing something wrong!
so you're saying "drop a security model that works for years for a new thing still in experimentation stage"
okay. i'm going to be blunt, because it's very very clear to me that you don't know very much about user stupidity i mean security no i don't i really do mean user stupidity.
a friend of mine went to do some work for a police-run child pornographic "honeypot" site. there were ten people there, and he was asked to set up a network for them.
he managed to gain access to several of the staff computers by simply examining the items on their desk.
one of those passwords was "frog" - an item sitting on the keyboard.
passwords are to most people a total dipshit waste of time: they get in the way.
so, i simply took this to the next logical step: okay, so passwords are genuinely to most people a total waste of time: so why not add something that stands a chance of protecting the computer _for_ them: SE/Linux.
SE/Linux is a retrofit job, which is why it appears to be "experimental". imagine that we'd been running with FAT filesystems for the past 30 years, and someone said "i know, i got a great idea: let's put usernames and groups on all the files!" everybody'd think you were NUTS.
SE/Linux has the backing of the NSA. as a result, i don't _think_ it's going to go away in a hurry, so it's probably a good idea to get used to it being around - the sooner the better.
hell, they even like the GPL license, even though the people they commissioned to do some of the work went and patented bits of what they worked on, there's enough comments around to infer that the NSA was not entirely happy with this because it could interfere with the NSA's original remit [to ensure that linux, as is beginning to be used by US companies and US governmental bodies (civic and otherwise), has a MODERN security model that can be audited and locked down].
in other words: NSA wiv big stick give people lotsa grief if interfere with US security.
... let's ride the waaavve, wheeee!
"Debian could be the world's largest Free Software project by many metrics." Debian is a distribution, not a software project in the classical sense. There's a lot of difference between a distribution and a software project. "It boasts over 1000 developers" - that's just because the Debianists insist on calling their packagers, "developers". I actually talked with a Mandrake packager, asking him "are you a Mandrake developer?" and he said no. I don't understand why the Debian folks can't follow suit.
As for "12884" free software packages, "200,000" bug reports, etc. - well these figures are surely impressive. However, Mandrake is also a community-driven distribution which has a lot of packages, two open-to-the-public bug-tracking systems, a mailing list, etc. Maybe Debian is ahead in some figures, but Mandrake is also advancing.
"Debian's dependency system works properly for all of these packages". Possibly so, possibly not. Is there a mathematical proof for that? I recall that someone told me that a network upgrade of Debian he did once caused the system to have an inconsistent, unusable state. That may be an indication that this is not always the case for Debian.
Don't get me wrong - I'm not saying that Debian is all bad. But I find that there are other distributions which try to emulate these things as well, and some of them are suprisingly RPM-based. In the meantime, the Debian people are busy being loud, obnoxious and hubris-ful, (the kind of people who automatically denounce any other distribution), instead of looking in their own back-yard and seeing what they can improve.
"if you think "most people" will "accept" passwords and "logins" for a simple home office system, you really are dreaming."
Whatever. I'm not sure people more than 70 years old (since you example is based on that) frequently use computer currently. And it makes no sense to consider that people that will have 70 years in 20 years will understand computers like nowaday 70 years old persons. I'm not sure a company still using Win95 with no username/password, where you cannot force employee to do so, is in a good shape. Whatever. This issue is a non-issue, as I wrote: Anyway, it is possible with gdm, probably with kdm too, to get automatically logged-in, like with Windows XP. So... it already exists
"redhat or debian: i think these comments, taken from bruce peren's userlinux white paper say it best"
So Bruce Perens is a "SoHo" user now? What Bruce Perens explanation have to do with what "SoHo" users expect? They clearly have different expectation, "SoHo" users does not give a toss about the number of persons required to build a distribution. They're customers and do not care much about to *micromanaging distros bloody agenda*.
"apologies. context. you worked it out. hoping others do too :) "
Because it was posted on advogato. Otherwise, it's not sure (at all) :)
"and there's nothing that a SoHo user can gain by running cgi scripts: if they're into that sort of thing, they can get redhat or suse."
Nowadays, you can find some programs useful that are cgi-based. My mother got apache running on his workstation, listening on 127.0.0.1. She use a few cgi I wrote for (not only) her needs. In a small company, I guess apache could listen only on 192.168. and provide some typical business tools cgi-based.
"one of the reasons why i write these articles is to solicit feedback from people as to the "gotchas". if you could elaborate on your point here, i would be most grateful: many people may benefit from it (e.g. UserLinux users)."
The first time I used Debian, it was for me the same experience that using RedHat 5.2. Makes you feel you need to read a 500 pages book to master it. When you're used to GNU/Linux, for instance because you used redhat, you can find your way to get a usable system. But you frequently encounters issues you can know how to find only when you definitely now well GNU/Linux. Specifically, configuring printers and XFree under Debian has always been a pain to me, even nowadays. RedHat's Xconfiguration and printconf was unmatched for years. But now, I have installed to many Debian systems, so I usually install one in a few minutes without any problem. I don't know if it's due to self-improvement or Debian improvements -- probably both. The best test you can do is to ask someone that never used Debian to get a Debian system working -- working nicely, as a fresh RedHat system would work.
"But today's Enterprise Linux is a lock-in play, designed to draw the customer into expensive subscriptions and single-vendor service. But the $1000 per year or greater that many customers now pay for their Linux systems goes not for service, but for a brand and the endorsement of a few application providers like Oracle. "
It's not a lock-in play: it's still libre software. You can ask elsewhere to support your system. I have no problem with the fact that someone make money on free software. And many enterprises usually spend way more than $1000 / year for their software licenses. But sure, for "SoHo", that does not need Oracle certification, this is probably not cheap enough.
"Debian's dependency system works properly for all of these packages". Possibly so, possibly not. Is there a mathematical proof for that? I recall that someone told me that a network upgrade of Debian he did once caused the system to have an inconsistent, unusable state. That may be an indication that this is not always the case for Debian.
that's _my_ job - to ensure that before i do a push-update, everything works!
i installed kde 3.2.2 and it worked.... except for the systray which caused kicker (and worse, superkaramba, which doesn't have crash recovery-restart / signal trapping) to crash when you did enough program starting and stopping.
so i had to upgrade to 3.3.0 and i literally caught the release by accident the day before it was announced (18aug?) and then had to wait a few more days whilst the rest of the packages were built.
scary!
This issue is a non-issue, as I wrote: Anyway, it is possible with gdm, probably with kdm too, to get automatically logged-in, like with Windows XP. So... it already exists
yes, sorry, i must have not made it clear: yes, i am already using that feature of kdm [automatic login]. so i don't have to tell users the password *whew*.
Specifically, configuring printers and XFree under Debian has always been a pain to me, even nowadays.
i do find this to be amusing - that eric raymond went off on one about cups printing, that even _he_ couldn't work out how to connect to a printer.
regarding xfree86, progeny have started componentised debian it includes things like a graphical installer with plugins and stuff.
they've also updated the "discover" database which is a bit like a passive version of kudzu.
kudzu is a blatant hack that is redhat-specific. discover "reports" info that other packages (on a per-program, per-distro basis) can then use.
for example, progeny now have an XFree86 configuration program that uses discover 2.0 to determine sufficient information to automatically set up the xserver.
... it can be done... it's just that nobody's bothered until recently!
So Bruce Perens is a "SoHo" user now? What Bruce Perens explanation have to do with what "SoHo" users expect? They clearly have different expectation, "SoHo" users does not give a toss about the number of persons required to build a distribution. They're customers and do not care much about to *micromanaging distros bloody agenda*.
the target audience for bruce's white paper i might as well link it here is developers not end-users.
so bruce is trying to drum up developer support for a distribution that will be targetted at "SoHo" users.
a bit like the debian-np project is targetted at non-profit organisations and debian-desktop is targetted at novice users
... btw, of course bruce is a small-office, home-office user, silleee!
However, Mandrake is also a community-driven distribution which has a lot of packages, two open-to-the-public bug-tracking systems, a mailing list, etc. Maybe Debian is ahead in some figures, but Mandrake is also advancing.
i'm very impressed by mandrake - especially that they are out of a bankruptcy which was caused, ultimately, by the investors saying "spend, spend!".
... have they stopped with the proprietary graphical bootloader thing yet?
anyway: thank you for mentioning mandrake, because other people considering doing a user/novice/soho distro might want to investigate other options.
i chose debian arbitrarily several years ago, and my confidence with it obviously influenced my decision to use it for a SoHo distribution. others with a similar goal may not have that prior knowledge.
In the meantime, the Debian people are busy being loud, obnoxious and hubris-ful,
yeah, innit _great_ the way that when you're not paid to keep your trap shut you can basically say what you like, when you like, as long as it doesn't interfere with your overall goals?
don't worry: most debian people become innured to the loud ones.
phil hands put it best when he described the debian mailing list process as a bunch of people who shout "let's do it this way!" who then get terribly upset when they're completely ignored by the people who actually make decisions and get on with it :)
lkcl: it's great that we agree about Mandrake. As for the graphical bootloader: I think you have an option to install such a thingy. I don't know if it's non-free or open-source (although knowing Mandrake I'd find it hard to believe that they would make the source for something essential as a boot-loader proprietary.) I can't tell from first hand experience because I'm using loadlin.exe (gasp!)
It's great that most Debian people become inured to the loud ones, but I and other non-Debianists find it much harder to put up with them. I think it's high time the prominent Debian figures started trying to prevent this behaviour and such overt hubris. The Debian people's criticism of anything else, reminds me very much of the Pythoneers attacks of Perl. The Python people have calmed down a bit, but I've yet to see the Debian people follow suit.
And, BTW, even Bruce Perens is heavily infected with this.
yes commercial linux vendors *are* a lock-in play. Look at RedHat for example. Our company needs to run commercial software that costs us on the order of a few million dollars. It runs on linux. But guess what? They will refuse to offer support for that software unless its running on their very short list of approved OS installs: redhat enterprise linux (rhel) version X. Why not just use one of the rhel clone distributions? some of the software puts checks in to make sure its running on a system compiled by redhat on the redhat build hosts. and any bug report made with the software includes enough info to show that its not.
The cost of licenses for rhel is nearly irrelevant compared to the licensing costs for said commercial software but would still cost us a few hundred thousand dollars. thats money that should not need to be spent. lock in.
if you don't need to run -any- commercial software on linux you can get away from this lock in. otherwise buyer beware.
Not all commercial software vendors do this. Some are savvy enough to just say you need a system with at least kernel version ABC, glibc version DEF and XFree86 4.3. Often its simpler than that because they ship their application with its own complete set of C/C++ and X client libraries, etc. Switching vendors is not an option; software that costs millions of dollars is obviously not a compatible interchangable commodity.
[this is somewhat off topic.. i'll stop now]
Not all commercial software vendors do this. Some are savvy enough to just say you need a system with at least kernel version ABC, glibc version DEF and XFree86 4.3. Often its simpler than that because they ship their application with its own complete set of C/C++ and X client libraries, etc. Switching vendors is not an option; software that costs millions of dollars is obviously not a compatible interchangable commodity.
SymphonyOS is smart enough to run each piece of software in its own subdirectory (chrooted i presume? or LDD-wrapped?) such that you must install all the dependencies in the subdirectory.
presumably it really doesn't _care_ about .so dependencies.
First, I'd say it is very hard to understand what you said. I'll translate commercial into proprietary, because most of the time it has no meaning otherwise (the hell, GCC is sold by RedHat, so GCC is a bloody commercial sofware, just like Emacs that RMS sold himself!).
"The cost of licenses for rhel is nearly irrelevant compared to the licensing costs for said commercial software but would still cost us a few hundred thousand dollars. thats money that should not need to be spent. lock in. "
Why? If you want an Oracle certification or this kind of thing, assume your choices: you want proprietary software, you have no freedom and that's not because of Redhat but because of you. It's only up to you or your company. Dont claim RedHat play a lockin game. Go on RedHat website, they explain why the write only Libre Software. One of the reason is to avoid lockins. If you need RedHat for whatever reason, pay the price. That's all. And don't claim RedHat is not entitled to earn money; why shouldn't it be the case?
"Some are savvy enough to just say you need a system with at least kernel version ABC, glibc version DEF and XFree86 4.3. Often its simpler than that because they ship their application with its own complete set of C/C++ and X client libraries, etc. Switching vendors is not an option; software that costs millions of dollars is obviously not a compatible interchangable commodity."
You're using proprietary software. Are you saying you're just learning what it means? Indeed you cannot install it where you want, indeed you cannot adapt it to fit your needs.
It so convenient to put the blame on RedHat because of your choices and the choices of your proprietary software vendor. It's just plainly dishonnest.
yes, proprietary is a better word than commercial. no we're not just learning what that means. i was merely pointing it out as being leveraged by redhat (and presumably other open source companies).
its not dishonest to point out an example of linux vendor lock in.
redhat has huge of incentive to encourage proprietary software vendors to support running on their OS and hopefully only their OS. redhat provides deep discounts to customers in trade for all sorts of things, why wouldn't that be one of them? i have no proof that it happened but do i really need it? the incentive exists.
by positioning themselves as the only linux in town to major proprietary software vendors (using financial incentives when necessary) they are creating lock in. sure its lock in by proxy but its the same thing.
I don't begrudge anyone the ability to make money. just admit where it comes from rather than pretending to be a saint. Ideally the proprietary ISVs will get the hint from customers that they want to be supported on a cheaper platform (read: they'll realize they could charge N% more if they didn't force people to pay that money to the platform vendor)
by the way, i just managed to successfully compile dbfs with kde 3.3, and it's GREAT!
"by positioning themselves as the only linux in town to major proprietary software vendors..."
Indeed, they're interested in certification of some other major proprietary software like Oracle: because you cannot enter a big bunch of enterprises/research center without it. It would be truly unwise to do otherwise. Indeed, they need to show themselves as a major GNU/Linux distributor, if not the biggest.
Still, if you're "lockin", it cannot be the result of RedHat. It is because you, your company, use proprietary software. And if RedHat was not here, you would be locked just the same way, but with another system (probably a full proprietary unix).
"Ideally the proprietary ISVs will get the hint from customers that they want to be supported on a cheaper platform"
Ideally, proprietary software vendor will base their business on free software, on support, on certification. And then, nobody will be locked in any more. Your big issue is always to see things in a money-perspective. If they start to support a "cheaper" platform, won't you be locked in anymore? How could it be different?
i should be clearer: it's taken me a couple of weeks to work out what the objections to "no passwords shall be given" was, and the disparity between the intent behind that statement and the adverse reaction it caused was the only clue.
"no passwords" means "no passwords given out to users".
as in, i am seeking to arrange that, horror-of-horrors should a user be confronted with a login prompt, that no amount of efforts on their part will EVER successfully result in a login - period.
in other words, there will be NO PASSWORDS for THEM TO USE.
not, as i believe was believed, "all logins will have no passwords such that attempts to log in will result in success without even a password being requested".
under these circumstances, using kdm auto-login SHALL BE THE ONLY WAY for a user to access the machine.
result: simplicity of use.
Hi lkcl,
I enjoyed that very much.
I wrote something related a while back, but it's been four years since I've
deployed Linux on the desktop for an end user, so the fact that I omitted specifics
did little harm to the article as they are all irralvent now =)
I'm glad thought and work are going into this and I hope you send in patches to the
authors (even though the present size of the community makes this tradition less workable than
it once was).
I'm unclear of the agendas of the people replying to your article with nit picks,
but I for one found it pretty obvious your article represented one man's solution
to a problem with many possible solutions.
Your description of your own internal conflicts made this pretty evident.
I'm having something of a flash back to the "systems integrators" of yore.
By upgrading your RAM for you, installing some software, and putting together a LAN not
wired to any outside network, these clowns pulled in good money.
HP, Digital, IBM, and Microsoft (with Xenix for a long time) did this, but then
the trend was to farm this out to consultants and certified resellers (IBM bucked this trend
but they also charge a primium).
More complexity (network security, connections to the Internet, data interchange formats
between programs, more vendors, more legacy systems) would raise the demand for
systems integrators rather than banish them, and indeed, MSCE's doing this are thriving.
Rather than being dead, I think systems integration is being pushed further down the foodchain
where it has less access to actually build a system image that can be massively deployed but
is in a better position to actually serve the users.
One of my major tenants in my article was the systems administrators should have
time left over to automate with scripts tedious tasks users do by hand.
This applies to both small and large companies.
The goal of a good Unix admin is to get everything automated to the point where she
need not baby sit the computer and can go rock climbing (or, if not dissaffected, go help
the users automate their tasks) but all too often I see MSCE's using what little spare
time they have on the defensive against viruses, spyware, munged operating system installs,
etc by locking down desktops and policing users.
But I'm repeating myself now =)
The subject is *big* - I'd really like to see hard-hitting, specific, technical discussion
like your article as a series in Linux Journal or some equivilent.
Cheers!
-scott
New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.
Keep up with the latest Advogato features by reading the Advogato status blog.
If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!
del.icio.us
Digg
Google bookmark
reddit
Simpy
StumbleUpon
Furl
Newsvine
Technorati
Tailrank