App stores and security
|
| Author | Content |
|---|---|
| penguinist Dec 18, 2012 1:52 AM EDT |
Hmmm, so Raspberry Pi now has an app store, and in it one will find a mixture of FOSS and closed source packages. Android started it, Ubuntu is carrying it forward, and now RPi/Raspbian is picking it up. I think it is a dangerous slippery slope to encourage the mixing of closed and open software together in the same repo. If your favorite distribution provides a repo that insists on sources being provided corresponding to each binary package, then there will be many eyes on that software. Downloading a package from such a repo means that you are installing a package that has been subjected to an open peer review process. On the other hand, a closed source binary package offers no opportunity for an open peer review, and the package can contain whatever the originator wishes it to contain. Do you see the security issue yet? |
| BernardSwiss Dec 18, 2012 2:02 AM EDT |
"Security". Pffft! Gimme a Break!!!!11111 {grumble} Next he'll start wingeing on about "privacy"... and "stability" and "reliability"... and stuff... |
| djohnston Dec 18, 2012 3:33 AM EDT |
Quoting:Next he'll start winging on about "privacy"... and "stability" and "reliability"... and stuff... Yeah! Who needs reliability and stability and privacy ... and open source? That's just so ... Stallmanistic! |
| DiBosco Dec 18, 2012 8:41 AM EDT |
Playing Devil's advocate, is it any difference to having Mageia's tainted repositories, or things like the PLF repositories with Mandriva? I'm sure other disties have similar things. I appreciate things the like nvidia blobs or various codecs aren't in the same repositories as the open ones, but once it's set up it's all in the one search area (MCC in the case of Mageia/Mandriva). |
| notbob Dec 18, 2012 11:11 AM EDT |
penguinist wrote: I think it is a dangerous slippery slope to encourage the mixing of closed and open software together in the same repo. I dare you to name two distros that do NOT contain some closed source software or binary blobs. I bet the OS you are running right now has some BBs in it. |
| penguinist Dec 18, 2012 11:41 AM EDT |
I like the way Fedora and RHEL segregate FOSS from closed. The policies governing these repositories require source and prohibit closed binaries. In both cases, there are compatible third party repositories where the closed binary apps can go, and where the user is left with a clear distinction between open and closed, and is free to make an intelligent choice. As a second example, notbob, how about Gentoo. @DiBosco: I like your term "tainted repository". I think that is descriptive. I'd like to see someone expand out a list of tainted vs non-tainted repositories in the Linux distro space. |
| Jeff91 Dec 18, 2012 12:39 PM EDT |
I believe in open source software a lot - I share the source code upon request of all the things I work on. That being said - expecting closed source software to not exist is very foolish and unrealistic. The end user just wants their things to work - they don't generally care if it is open or closed. ~Jeff |
| caitlyn Dec 18, 2012 1:06 PM EDT |
Actually, Android didn't start it, penguinist. Lindows did years ago. Linspire had it. So did Xandros. App stores are nothing new and they haven't even changed much in look and feel.Quoting:That being said - expecting closed source software to not exist is very foolish and unrealistic. The end user just wants their things to work - they don't generally care if it is open or closed.Well said. Regarding RHEL, corporate systems administrators are far more technically savvy that typical users. Gentoo has binary blobs in the kernel and is not considered Free by the FSF so that answer won't fly. Fedora isn't as popular as Ubuntu or Mint because it is more difficult to use for "Joe Sixpack" type users, meaning the masses. Separating software into distinctions that are meaningless to typical users does hurt ease of use. As much as I prefer FOSS software I personally believe the app store approach is what people are used to nowadays and it's the best way to go for those of us who want to see more Linux adoption. @notbob: You asked for two. Here are three: Ututo, gNewSense, Kongoni. Do you want three more? |
| CFWhitman Dec 18, 2012 2:28 PM EDT |
Incidentally, FOSS and closed source programs are segregated in Debian as well. |
| caitlyn Dec 18, 2012 2:32 PM EDT |
Yep, and Debian is another distro that doesn't have mass appeal and does have a reputation of being hard to use. I think that reputation is a bit outdated and overblown, but nonetheless, it is more difficult for someone who isn't Linux savvy than, say.... Ubuntu or Mint or Mageia. |
| CFWhitman Dec 18, 2012 2:42 PM EDT |
I agree. Separating out FOSS apps from closed ones is not generally a user-friendly feature when it comes to the average user. Of course, it's friendly if you're Richard Stallman, but most people aren't and never will be. |
| notbob Dec 18, 2012 4:18 PM EDT |
caitlyn wrote:@notbob: You asked for two. Here are three: Ututo, gNewSense, Kongoni. Do you want three more? No. I already know how to use Google. BTW, good to see you once again responding to inconsequential drivel. Not that there's any shortage of it on this forum. ;) |
| caitlyn Dec 18, 2012 4:21 PM EDT |
You posted inconsequential drivel as if it was important to you. If you don't want answers don't ask questions. BTW, I knew those off the top of my head. |
| notbob Dec 18, 2012 4:47 PM EDT |
caitlyn wrote:If you don't want answers don't ask questions. I asked a question and received an answer. YOU asked the question to which I responded "No". I realize it's difficult for you to make this distinction, what with you always putting words in my mouth. In fact, you speak for me so often, I don't see how you can be sure it was actually me, and not yourself who previously posted inconsequential drivel. Heck, I'm not even sure, myself. Perhaps you should jes respond for me and save me a lot of wasted time. ;) |
| gus3 Dec 18, 2012 4:54 PM EDT |
Debian is not "hard to use." It merely has a learning curve, just like everything else. And I'll dare anyone to tell me the learning curve is steeper than most. I know better. |
| caitlyn Dec 18, 2012 5:00 PM EDT |
Um... no, notbob, you responded to penguinist and I responded to you. Are you always such a nasty individual or do you practice just for LXer.com? |
| CFWhitman Dec 18, 2012 5:34 PM EDT |
Well, I don't think of Debian's learning curve as steep. However, you do have to enable non-free repositories to get certain hardware to work, and sometimes you have to load a firmware package with removable media to get the network card working before you can benefit from any repositories. You don't usually have to do those things with *buntu distributions or Mint or Mageia. So regardless of how easy it is to use, it can take more steps to set up. Newbies that would get a working machine with one of the other distros may sometimes find these initial roadblocks daunting. Whether the learning curve is steep or shallow, these initial roadblocks can elevate the barrier to entry, and stop a newbie before they really get started. |
| r_a_trip Dec 18, 2012 6:48 PM EDT |
CFWhitman, what is the point of using a distro "with roadblocks" if one just climbs over them and goes and taint the system anyways? Seems more efficient to use a distro that comes without the hoops. The end result is a tainted mess in both cases. |
| jdixon Dec 18, 2012 7:45 PM EDT |
> Fedora isn't as popular as Ubuntu or Mint... At which point all the Red Hat people break out in guffaws. |
| notbob Dec 18, 2012 8:55 PM EDT |
caitlyn wrote:@notbob: ... Do you want three more? notbob wrote: No Um, caitlyn... are you on drugs? |
| BernardSwiss Dec 18, 2012 9:31 PM EDT |
r_a_trip wrote: CFWhitman, what is the point of using a distro "with roadblocks" if one just climbs over them and goes and taint the system anyways? Seems more efficient to use a distro that comes without the hoops. The end result is a tainted mess in both cases. It's still a valuable exercise. It keeps the distinction clear, and reduces complacency. - One thing I believe Canonical got right in Ubuntu (credit given where credit due) is how Ubuntu handles "Restricted Drivers" and separating "non-Free" software into separate repositories, while still arranging for them to be easily accessible even to very non-techie newcomers. Newbies get a quick and easy lesson about "Free" vs "non-Free" but can still get their nVidia proprietary drivers up and working very easily. Meanwhile, more experienced users get a little reminder, whenever they install a new system. |
| CFWhitman Dec 19, 2012 10:00 AM EDT |
r_a_trip wrote:CFWhitman, what is the point of using a distro "with roadblocks" if one just climbs over them and goes and taint the system anyways? Seems more efficient to use a distro that comes without the hoops. The end result is a tainted mess in both cases. Well, there are a couple of points to consider here. For one thing, there is the question of loadable closed firmware modules. Most of the initial roadblocks to getting a Debian system up are related to closed firmware. Loadable closed firmware modules shipped with a distribution don't actually "taint" the kernel. They don't even really "taint" the operating system generally, since they are not part of it. They are simply loaded into device memory from the hard drive instead of from a ROM chip on the device (like most peripherals that don't have this issue). If you have a problem with closed firmware, you really ought to have a problem with it either way. Separating out closed firmware is more a lesson on the evils of closed hardware than closed software. This is still a valuable distinction, because it teaches you to pay attention to what hardware you buy. However, when you are loading the operating system, you've already made that decision for the machine you're on. On the other hand, closed software is an install time decision. I think it's good for people to at least be aware of choices between closed and open software when they are installing it, since it allows them to make informed choices. I certainly use some closed software (e.g., video card drivers, Adobe Flash), and quite a bit of closed firmware, but I am aware of it and have made an informed choice. I do prefer open hardware, but there are relatively few systems that are completely based on open hardware (like an older Lemote Yeeloong and the miniature Ben Nanonote). I don't find it practical to limit myself to that hardware at this time. Take note that I don't push newbies to use systems that separate out open software from closed and make you jump through hoops to get closed software or firmware loaded. I do think that exploration of these systems is useful, and that they are often very useful systems in general once you do get them up and working. They often have superior performance and/or stability to the newbie friendly distributions. |
| caitlyn Dec 20, 2012 2:34 PM EDT |
@CFWhitman: Even the Leemote systems are not readily available in North America. It's possible Tekmote in Holland will ship to the U.S. but the cost is so much higher than comparable systems with Intel chipsets and higher specs that most people will never consider it. I actually thought long and hard about both the Yeelong and Fulong (nettop) systems and decided against, at least so far. Regarding newbies and non-technical users, I think you simply have to know your audience. A lot of people really don't care about licenses, don't get the whole software freedom concept, and generally don't care. Talking to people about something they don't care about until their eyes glaze over, which often happens very quickly, is counter-productive. If you broach the subject and someone is generally interested then, of course, you talk about the advantages of FOSS. I never, ever talk from or about the purist, FSF/RMS position about software freedom. For most people, myself included, that means not being able to do what I want to do or have to do (i.e.: for work) with my computers. |
| r_a_trip Dec 21, 2012 5:16 AM EDT |
I agree that being aware of the problem points is valuable, but I don't see the value in ideologically motivated hurdles, which have to be taken anyways before the machine works as designed. I don't need to precisely know which of my chips use what closed firmware. If it is only one of my chips or all of them, I know my machine won't function properly without closed source bits. Does that mean I will buy whatever piece of hardware as long as there is support on Linux, closed or not? No. I switched to ATI cards, as soon as I could, after AMD opened up its specifications. I'm not a gamer, so I don't need "Nvidia levels" of performance and support. Nonetheless, it has been a bumpy ride with ATI and it took a long time before I could ditch the Catalyst driver for the FOSS one. It paid off though. Since last week all my ATI based systems run on the FOSS driver. Don't worry though. My venerable Acer Aspire 9300 laptop still makes me jump through hoops, even with the naughty-out-of-the-box Linux Mint. Courtesy of the Broadcom 4311 wireless chipset. It's the reason why I like machines with Intel or RealTek NIC's. I'm confident though that FOSS will become the way of doing business in the future. 10 years ago you had to add all kinds of closed bits and bobs to your system to get graphics, wireless and webcams working. Most of these devices have open drivers today. Even closed-to-the-bone Nvidia has started to contribute upstream to the FOSS Tegra video driver. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!