Linux: You're Doing it Wrong

Tux is displeased with your shenanigans.

It was a slow day at the track, but two contenders in the 5th race at Let's See What We Can Fuck with Next Park have made for at least an interesting sideshow.

Novell Stables, owner of SuSE Linux, a 15 year-old filly with a strong German lineage, has lately taken to introducing new training methods to its handlers without telling them about it. This naturally has made for some very interesting sessions in which SuSE's riders wonder why she suddenly starts running at breakneck speed for seemingly no reason even though no one has even put on the saddle, much less mounted and applied a starter's whip.

Not to be outdone, Red Hat, owner of the venerable Fedora mare, was feeling a little left out of all the newness and decided to shake things up a bit at their own headquarters. They announced for this race that rather than hire a trained jockey, they would instead find a little girl named Daisy who once said she wanted a pony for Christmas and hoist her up onto the back of the giant, hand her the reins, and slap the horse in the ass to see what would happen.

Novell is calling its innovative techniques "Automatic Updates," which is short for letting the horse train itself. The theory is that riders of SuSE don't really like having to be involved in any of the training, and actual trainers are just too gosh darn expensive. So, to compensate, SuSE now has a little device attached to her brain that occasionally forces the horse to go wandering around the wilderness looking for whatever the device tells it to find that day. This usually involves something edible, and the horse will gobble it down despite otherwise being on a strict, healthy diet. These finds tend to be fatty and are potentially poisonous. No one really knows for sure, though, unless the horse dies in the middle of the race.

Red Hat on the other hand just likes watching little kids ride horsies, and they're calling their proposal non-privileged jockey elevation. The plan is that after Daisy takes her turn -- which is expected to end at the first quarter mile when Daisy flies off the back of the horse and lands head first on a railing, breaking her little neck -- a little boy named Bobby who once saw a horse in a picture book his gampa gave him will try next after being dropped on the horse's back mid-race. Seasoned race veterans see a few problems with the plan but nonetheless stocked up on beer and Cheez-It snacks to watch the fun. All Red Hat would say when questioned what would come next after Bobby loses both legs and is permanently disfigured after being thrown at the second turn was that they'd trust in the SE/Linux gods.

At the starting gate, both Novell and Red Hat however got into an argument, pulled out shotguns and blasted each other. SuSE and Fedora ate grass. Meanwhile, the heretofore forgotten former arch-nemesis of both stables, Microsoft Windoze, though crippled and fat and ugly and covered in full plate armor provided by sister stables RIAA and MPAA, started on time and won the race by ... well, the entire length of the track.

Oh, and while I'm at it, I should mention these news items. The OpenSuSE Project has recently started installing and starting by default system processes with root permissions that check for updates to various software packages and install them without so much as informing the user it is taking place, much less asking permission.

Fedora 12, on the other hand, introduced the concept of allowing users working without administrative privileges to install software system-wide. Any software, any time, without a security check.

Script kiddies across the world are rejoicing at the news.

Meanwhile, FREAKIN' WINDOWS has better security than this.

These distros (and their open community counterparts?!) are heading into the hole Windows is clawing its way out of? I never thought I'd see the day. Somewhere, there have got to be PR releases touting the "benefits" of such a boneheaded move. I'd like to see them explain themselves.

They're doing this at a time when malware is making exponential leaps in sophistication, for purposes far more sinister than just boogering your system. I don't get this at all.

... which is only half in jest, is that this is what happens when you get in bed with Microsoft. The stupid works by osmosis.

So, while Vista and Windows 7 improve their security, Linux, led by Novell(!) and Red Hat(*) gets worse.

(!)Novell is just being stupid, but they're not the only distribution to have allowed these update scripts into their repos. The rpm packages don't, so far, flag them as a requirement, but they're installed anyway unless you uninstall them. I personally discovered them during a semi-random audit of my system processes ... what the hell is *that* thing? Well, it was a little app updating Adobe Flash every time a minor update was released and not telling me. After looking, I also found two more of them for other apps. I can't recall off the top of my head what they were now, and that system has been sent to /dev/nul

These little apps are the apparently the latest thing with the Ease of Use crowd.

(*) My incomplete understanding is they are changing this due to a rather loud uproar. The deal was to allow PackageKit to install signed packages and only require authentication for unsigned packages or those that couldn't be verified. Okay, in someone else's theory, but it goes entirely against the whole philosophy of the security structure. Users *can* install their own software, in their own user-space and kill their own user-space if something goes wrong, but not system-wide, and the system itself remains stable.

The discussion at the developers list when this was discovered was pretty, umm, in-depth.

https://www.redhat.com/archives/fedora-devel-list/2009-November/thread.html#00926

Oh, and I see there's a story on Slashdot this morning about it, but I haven't read it yet.

I read the first 20-some posts on the RH list. Maybe I'm missing something, but it seems they really can't explain themselves (or more likely, are a bit ashamed to explain honestly), can they? I don't know if that Rahul dude is official or not, but he isn't doing much more than being deliberately obtuse and using weak justifications when he's forced to.

"This assumes the user is different from a admin, which is not true for a personal desktop."

Whaaaat? Really? Gee, welcome to Windows 95-->XP, RedHat Edition. Back to the future!

Blinded by market share desperation, it sounds like to me. Way to pollute the *nix brand, guys.

This seems to be a case of some developers actually believing the hype that Linux is immune from the maliciousness that could be inflicted in the presence of such a security policy. I am truly agog at the inability of these fools to realize that it's the system security policy and architecture that has helped protect Linux systems so far. They sound like a bunch of disgruntled veterans from Redmond.

In the end, I think this, just like those automatic update apps, are some developer's shared nightmare. He doesn't understand (or even care about) system architecture and is simply paying homage to the Ease-of-Use gods. These types don't seem to understand that The Year of the Linux Desktop is now a humorous meme and never has been an actual goal except among the truly delusional fanboys.

Linux is still not Windows, but apparently Red Hat and Novell are trying to blur the lines.

One that I thought I'd never see. It's just so fundamentally weird, like Christians Against Jesus or something.

When it comes to security vs ease of use, I guess RedHat doesn't see that Windows is saddled with the heavy lifting at the moment. They're the ones having to accustom users to new inconveniences, which can make Linux look less onerous and troublesome than it used to. Plus, Linux isn't burdened with software that falls over dead if it doesn't get system privileges. If they're hot for more market share, it's an opportunity to turn a liability into an asset.

"This is your password. There are many like it, but this one is yours. BLAM-BLAM-BLAM-BLAM!"