Aronzak’s Rantings

I’ll confess, i used to like installing new versions of Linux. I used to find it exciting, starting up into a new system, with a new look. Unfortunately, the excitement tends to wear off when you realise that there is no perfect system. In reality, The biggest difference between many versions of Linux is the desktop background. Oh, except and sometimes you strike a jackpot with an OS that has things that don’t work.

SJVN says that the best 5 features of Fedora 11 are :

- Fast boot

- Ext4

- New Xorg

- Synaptics drivers

- DNSSEC

Interestingly, he misses out the new virtualisation feature, which is also interesting. It is nice that the boot time has been worked on, and there are some pretty features like smooth wallpaper switching. But then there are heaps of annoyances. The graphics are mostly nice, but the default gnome layout with two whopping great white bars that trap your desktop in some kind of cage is terrible.

It’s nice that Ext4 is used, which can give some performance speedups, but this means that there must be a boot partition with an ext3 filesystem. This is where the pain really sets in. Fedora insists on marking the partition as bootable and placing it as a primary partition. It’s annoying when the partitioner in the installer, already very hard to use, disregards what you tell it to do and does something else. This really doesn’t make me feel confident about potentially destructive changes.

Next, the installer wants to install a bootloader, but only recognises Wondows 7 and itself. This is unacceptable for a 2009 Linux release. It’s easy for me to go and guess the grub setup needed, but having to do it is a pain for me. And yes, these days it is possible that someone might want to multiboot more than just Fedora. If anyone is stuck, here’s the part from the grub loader:

title        Fedora 11 Guess
root        (hd0,3)
kernel        /vmlinuz-2.6.29.4-167.fc11.i686.PAE ro root=/dev/sda11
initrd        /initrd-2.6.29.4-167.fc11.i686.PAE.img

This is a support disaster waiting to happen.

After that major issue, there’s a string of minor problems to contend with. Firstly, opening the file manager shows nautilus’s basic display. Great. This is really ugly and should never be used. The browser view is much better, letting you use bookmarks and tabs.

I’m amazed that nobody thought of this. In a distribution shipping the latest version of gnome, very basic usability considerations have been left out.

The next annoying thing is that a root password is needed to mount other hard drive partitions. Really, this should be done automatically. SO fstab will need to be edited. What next, needing to manually mount your own CDs?

Next annoyance is that unlike in Ubuntu, there isn’t an easy way to set up samba sharing.

The next annoyance is that for some reason firefox runs slowly. It’s scrolling is terrible until you turn off smooth scrolling. Another poorly chosen setting.

There’s a range of others, like something called ‘makewhatis’ and ‘updatedb’ running in the background and chewing up resources.

Fedora 11 has some nice ideas, but a major issue in installation and other major annoyances keep me from using it. Hopefully the good ideas will feed into Ubuntu 9.10’s development.

There’s an article from IBM about Android development. It has the following graph:

There’s a small piece of Linus in every phone. ” Hi, I’m Linux. I mean Linus. Damn, I always get that mixed up.”

Having a VM install of Windows 7, I thought it would be a good idea to install “Windows Live Essentials” mail, which is essentially a new name for Outlook. Dumb idea, as setting this up to use “Windows Live Mail” (which, in fact is different to”Windows Live Essentials Mail”) is more difficult in thunderbird (and I’d need to use a VM all the time, because the installer fails miserable in wine).

The naming issue is only slightly confusing. Searching for “Windows Live imap setup” and whatnot will give you a list of irrelevant results talking about how to set up what is actually outlook to use a boring email server. The link you probably want is this one. 50MiB download wasted, I came across this:http://help.outlook.com/en-us/140/cc188672.aspx

Update: This was written for version 1.7, but the same process works with version 2.

Version 2 of Bibletime has been changed to run on Qt4, giving it a KDE 4 feel.it has a variety of nice features. Some of the new features are:

• Bookshelf Manager installer has been redesigned. It’s much easier to use and it doesn’t block the rest of the user interface.
• The main Bookshelf panel has been rewritten. It’s possible to group the works by Category and/or Language. Rarely used works can be hidden.
• Bookmarks have been moved to another tab. It’s possible to move and copy folders.
• Bible and Commentary windows have dropdown lists for book, chapter and verse.
• Search dialog has an option for AND and OR searches.

The features that I like the most are things like being able to drag bible references from one panel into another.

If you want to compile from source, you need a lot of dependencies. I was joking to myself, perhaps the devil is trying to keep you in dep hell? Here’s most of what you need (Ubuntu 9.04):

sudo apt-get install libboost-dev qmake libclucene0ldbllibclucene-dev qt4-qmake cmake kdelibs5-dev libsword-dev

That will save you a lot of grief and googling bizarre error messages.

And I think you need to change build/CMakeCache.txt if you get an error saying that the compiler is not found.

//CXX compiler.
CMAKE_CXX_COMPILER:FILEPATH=/usr/bin/g++-4.3

There seems to be an issue with panels in the latest version locking up sometimes. I’ll look into this some more.

A story on slashdot today links to the orbituary of Richard J. Petnel. One of the major ways in which he was known is for his involvement in maintaining an Ad Block Plus filter. I’m writing this because I’m extremely disapointed. The obituary states

In lieu of flowers, memorial contributions may be sent to Community Hospice of Albany, 445 New Karner Rd., Albany, NY 12205.

And in the right hand side of the page is an ad.

This is shameful. I didn’t know Richard Petnel, but I feel still feel this is wrong.

A recent article, How to write a Linux virus in 5 easy steps outlines a vulnerability in KDE and gnome desktops. The article is well written and makes some good points about how no operating system is “inherently secure”. Essentially, the .desktop format bypasses the binary execution bit, which would otherwise stop a script that someone downloads from executing malicious code without explicitly allowing it to. Unfortunately, the article suffers from a few simple problems:

1. .desktop

Let’s try this out for size. First, I’m going to create a blank file called hotpictures.jpg.desktop, and email it to myself. The first thing any user would notice is the unusually poor grammar, and unusual request. (Most people these days are fairly good at managing to use Google to look up things for themselves, though some Linux help forums beg to differ.) Here’s how opening the attachment appears in Gmail and Thunderbird.

To download this file, I would have to ignore the .desktop filename 3 times. Same with Thunderbird:

Even if there is a long name, there is plenty of space to display the filename in the dialog boxes. The end of the filename will still show in the bottom of Thunderbird. Also, while the article states that a user would often download files to the desktop, Google’s online office software and PDF-HTML conversion system means that users are increasingly viewing documents as in the browser first, rather than downloading files straight away. If this fails, most users would be extremely cautious.

Next, if a user downloads the file to their home directory, and not the desktop, they will see the .desktop file for what it is again.

Finally, even if there is a bogus “document” icon or some such, people will expect a preview of the image, as with the portrait of Obama. Users would have to be very stupid to download a file with a format that they have never heard of, which doesn’t have a preview of the image that it is pretending to be.

2. root permissions

The article says that root permissions don’t matter as much as people may think. This is true. Superuser privileges are’nt needed to change some software like adding a keylogger to a single browser. this could be dangerous, but it is fairly trivial to pick up and remove. I’m not aware of a porgram like this being able to hide itself with only user level access, so a root shell can easily monitor the running process, and, if a user is on the ball, note that it is a rogue process. The possibility that graphical password managers, like kdesu and gksu can be subverted is unlikely, with a smart user picking this up very quickly. Observe:

Again, a smart user will not fall for this one. Also, having only user level access makes it much easier to recover by booting to level 2 and then sorting out the results. Simply creating a new user and copying the old data will ‘disable’ the code.

While an interesting theory, this couldn’t really be used to spread malware. The article does point out that groups like governments are adopting Linux, which could mean that there are a lot of users that are unfamiliar with Linux that are on each other’s email contacts lists. Other than that, this couldn’t work in real life as emailing Windows and Mac users with a Linux virus is just stupid. There’s no way for a virus to be able to know which platform email contacts are running (and not just which OS, but if Linux users are running a particular distribution, desktop etc…). In this way, multiple platforms, as well as the myriad of possible choices in Linux are a help. Just as it makes it hard to write an application that will work on all Linux distributions, it is hard to write malware that will.

What does scare me, and should you, is the alarming ease with which someone with physical access to almost any machine caget full access to it. Using grub, someone can press ‘c’ and add “init=/bin/bash” to the kernel parameters, and immediately get full root access, and the ability to change all of the passwords (or worse). Grub passwords can prevent this, but booting off other media (eg USB) will also give full root access straight away. The only real solution to this seems to be full system encryption, which is a pain.

There is a fair point that is made by the article that the security of Linux isn’t absolute. This doesn’t negate, however, any of the real security benefits the OS has. Many open source naysayers will say that this is evidence that the model of development doesn’t work when it comes to security, but it is evidence that it does. An article like this can be released, people can make note, and if there are any serious issues, the code can be changed, whereas in the proprietary development world the issues are suppressed with gags and NDAs, and outstanding issues can go unresolved.

By the way, Linux computers can still spread Windows viruses, through network sharing and other means. If you run antivirus software on Windows, it is a good idea to run antivirus software in Linux also.

After the first major mess up with Beacon, Faceborg has gone and done it again with a new Terms of Service (ToS) policy, that basically means “we own everything you put on Facebook. Forever.” It’s already bad enough that when someone dies their Facebook pictures get pilfered to publish in news media, but this now means that Facebook itself will sell all of your private data to the highest bidder for any purpose. Slashdot is reporting that a Facebook group has a huge lot of people showing token support for a ‘protest’. The question is, why would Facebook do that? First, they need cash. Dan Lyons explains:

…There will be a lot of bailing out taking place at Facebook but it will be the old-fashioned kind — kids bailing out when they realize there’s no pot of gold at the end of the rainbow, and bigshot Google defectors bailing, preferably early and with good excuses, so they don’t end up with flop stink all over them… [they] really, really, really meant all that stuff about changing the world by creating software that lets recent college graduates hook up more efficiently and force-feeds them targeted advertising…

And we can find a second reason in his earlier coverage on the Beacon cock up as fake Steve Jobs:

Faceberg has posted an apology on the company blog for the Beacon fiasco. Money quote: “I’m not proud of the way we’ve handled this situation and I know we can do better.”

Thing is, nobody ever doubted that Facebook can do better. What’s scary is the fact that they won’t do better until people start to scream at them. It’s the fact that it doesn’t really seem to be in their nature to do the right thing. Their instinct, in fact, seems to be to do the wrong thing, and to keep doing it until they get caught. Even after they get caught, their instinct is to spin and fudge and brazen it out. No wonder the Borg has partnered with them. It’s a match made in heaven. These guys are like Google, only their slogan isn’t “Don’t be evil” — it’s “Don’t get caught.”

And he goes on:

Facebook’s business model … pits Facebook against its customers. The amount of money that Facebook can make is defined (and constrained) by the degree to which its users will allow themselves to be exploited.

This punk scares me. And I miss the days when the Valley was about making chips and routers and computers, not sending people zombie bites and tracking their online purchases. I miss the days when we were the good guys…

I have to echo that sentiment. It scares me that tech experts could potentially put their skills to use making the world a tangibly worse place.

An indie development team of 2 guys has created an incredibly good game called “World of goo” that has received wide critical acclaim. The great news is that this game has been ported to Linux. After playing only a few levels of it, I can tell it’s awesome. It’s a little bit like some old bridge builder games, in which you get a train over a river, but much more fun. Simply put, I’m blown away by the quality of this game.

Some people view PC gaming as dying. Or to put it another way, it is changing. Less and less titles are being released only on PC, with most PC games being ports of console games. One reason that is slowing down Linux adoption is the lack of support for PC games. I’ve heard it said that the shift away from PC gaming will be good for Linux, as it will mean that people won’t expect to be able to play games on their computers. It’s true that this can help Linux, but does anyone want to see PC gaming die? Do you really want only to be able to play console ports and MMO’s? That’s what will happen if piracy isn’t controlled.

I want to present two futures of PC gaming. One is that PC only games will cease to exist. Games that do get released on the PC will  come with DRM that makes the game fail to run whenever you change your hardware. Many games also have online only play, some of which you pay extra for. Of course, they’ll still be consoles, but the traditional feel of games will be gone.

Let me give you another solution. One where rather than having just large companies like EA churn out unoriginal blockbusters, teams as small as two people can defect and make a creative fun, and clever game. This can only happen if the community supports them.

This comment on Isohunt is not in good English, but it gets the point across.

Think before downloading the game…great post over at piratebay by flowcharter…

1- I was curious to see whether there were people so vacuous as to trade around a cheap indie game with absolutely no DRM on it and then try to justify it with stated oxymora such as “oh, I’m not interested in the game anyway, that’s why I’m taking the time to download it.”. Turns out I was right

2- Absolutely, I download stuff all the time. I’ve downloaded a tonne of games from GOG, Stardock, even direct from the makers of some other games. I’m also pretty partial to hitting up Gametrailers when there’s an upcoming release I’m interested in. Left 4 Dead is looking up to spec I’m glad to see.

3- You’re going to start blaming the economy now? Still, if you’re suffering that badly that you can’t afford $20, I imagine you must have a hard time eating these days. How on Earth DOES one manage to spend on a high speed internet connection? Well, priorities are priorities I suppose…

4- This one’s really a three parter

a) There’s a pretty good and descriptive demo out, so no real problem “trying out the game” anyway.

b) These are indie devs, not your usual corporate types, just two guys that decided to make a game.

c) It’s $20, not $60. Even from an absolute minimum wage in the US you’d get as much in a little over two hours of work, and probably a lot less. You’d pay more for a night out. Well, unless your idea of a night out happens to be McDonalds, which I’m willing to accede may be position in your particular case.

5- If you’re so tired of picking the fight, why feel the need to justify your actions in the first place? Do you spend your spare time responding to youtube comments as well? Actually scrap that last one, maybe you do. In any case, you state it’s your given right to share this information, and I must say I’m impressed with your candour! Tell me, what have you yourself uploaded and shared with the rest of this fine community?

Still, perhaps an explanation is in order as to why this particular incidence is garnering a fair number of negative responses in comparison to most other cases.

It’s really quite simple. The fact that is this is just two indie developers who spent two years of their own effort and money to create a truly amazing indie game has garnered a lot of attention, and a pretty hefty amount of sympathy for them as well.

Ultimately, indie devs survive or don’t based on whether people are willing to purchase their games, but more importantly, so too does their future output. So if a pretty special game like this just gets pirated through the floor, they pretty much go under, nothing ever gets released from them again, and more importantly, more devs learn that the PC is NOT a viable platform anymore for anything. And it pretty much is heading that way at the moment. Ironic isn’t it?

They also happen to get extra bonus points for the fact that they actually listened to their customers and didn’t put any DRM on there TO crack.

If you want your answer as to why this is happening, that’s pretty much why. It could be argued that there may be a fair amount of hypocrisy involved in people having more sympathy for an indie developer just starting out (regardless of how excellent their starting title is), but what can I say, life’s like that. Few people are interested in defending corporates that weigh down their games with so much DRM and install limits that you need to call a helpline every time your PC installs a new driver. But an indie dev starting out with an awesome game and no DRM? Yeah, I guess people just tend to have more sympathy for that.

Still, I can appreciate that you say the game is boring to you and that you didn’t really like it. Saying that means it doesn’t ultimately have to cost you anything in either money or personal justification, so I’m glad that a happy ending was the result. Hmm, perhaps I should try that actually, simply HATE everything I download and therefore there’s no reason for me to actually concern myself with spending anything because my moral scruples have been satisfied. I say, this may very well be an astonishing discovery for market economics, I wonder if it’s patentable? Well in any case, it’s obvious you’re quite a capable individual, and you know a quality product. I genuinely look forward to when you have the opportunity to fully express yourself against the wages of the industry by releasing your own game. I guarantee you, if it’s good enough to not only live up to my relatively low standards, but even YOUR enviable ideals, I will happily buy that from you as well. Looking forward to it.

Well, I’m not looking to convince anyone. Not as if it’s realistically possible, but people were curious why so many people appeared to be posting complaints, so why not take the time to explain eh? All I can suggest is that if you like the game, support the devs. It’s a genuinely good game, and the devs were pretty on the level when selling it.

Apologies for length, but I appreciate that people of your stamina will have no problem easily digesting this modest article, and as you took the time to elucidate your point so thoroughly, I thought it would be positively discourteous if I did not respond in kind. Your patience is most appreciated.

There’s better coverage on Ken Starks’s Helios Blog. I just wanted to say two things. One is that this game is awesome. Two: Don’t punish the creative developers that have the audacity to release a game without DRM, and the vision to port it to Linux.