2009 June

It’s been a helluva weekend, it started out on Friday night when I went to see fokofpolisiekar live at Mercury with Anita. It was an awesome show as it was a kind of remembrance concert for them in the venue where they had their first ever gig. They did a lot of their old stuff – the stuff that made them legendary in the first place, and some of the stuff from their new album Antibiotika.
I’ve seen them live several times, and this was by far the best show of all. To the band I must say, and I can only say this in Afrikaans: Julle is die stem van jong Suid Afrika, nou fok julle..
Pictures from the concert:
click here to view it in a new window instead)
Sorry. If you’re seeing this, your browser doesn’t support IFRAMEs. You should upgrade to a more current browser. : <a href="http://silentcoder.co.za/gallery2/main.php?g2_view=slideshow.Slideshow&g2_itemId=4233" target=_blank>Click here to view the pictures instead</a>

Saturday afternoon I went to a Urban Ink tattoo parlor to do something I have been planning for months, a new tattoo. This is my second piece of ink, much larger than the first, far more prominently placed (on my bicep) and here’s the clencher, what I got tattood on my arm is the kongoni logo. This logo, an iconic GNU (wildebeest) is a symbol of freedom, long after computing has moved on and the kongoni OS is just a memory and I’m an old man, that freedom will still be important to me- it’s a logo I am proud to wear for the rest of my life, and right now, it’s the logo of the GNU/Linux distribution I started… and that is just awesome
Here is a full set of pictures of the process. Of course it’s not exactly like the computer version, a few minor adaptations was needed to make it work on skin, and it won’t show exactly right for a few days yet until the bruising has gone down (the lighter colors are masked by the red skin) but even now in the evening it’s already looking great. Thanks to Anita for taking the pictures.
click here to view it in a new window instead)
Sorry. If you’re seeing this, your browser doesn’t support IFRAMEs. You should upgrade to a more current browser. : <a href="http://silentcoder.co.za/gallery2/main.php?g2_view=slideshow.Slideshow&g2_itemId=4269" target=_blank>Click here to view the pictures instead</a>

This evening was Natalie’s birthday party, we went to Primi Piatti in Cavendish for dinner, some of them went on to go clubbing, we skipped that… we were just too tired after the weekend so far. My neck is so stiff from Friday’s headbanging, guess we’re getting old. Tomorrow is Arno and Christel’s aniversary party, at least it promises to be a quiet and peaceful ending to a long busy weekend.

A post in Free Software magazine today makes the claim that software installation in GNU/Linux is broken. The author lists a number of problems with package management as a way to install software then posits that system and application software should be treated as entirely separate entities – thus we can use the success of package managers (and in the end even a ports tree like Kongoni has is still a type of package manager) for system software, while gaining greater ease with the application software users install all the time.

His proposal is to look at the MacOSX approach but the fundamental point is same-old, lets make GNU/Linux more windows-like.
What he claims to want from software installation for applications is in fact, already there – very few programs will have difficulty being installed by a user, in his home directory. The catch is that binaries are almost never built that way, because it’s inefficient – so that’s usually limited to manual source compiles – and indeed, it’s a (tiny bit) more difficult.

Frankly though – what he sees as the features of a good desktop application installation system… would be an absolute disaster.
It’s ironic, just yesterday I was reading a blogpost about GNU/Linux’s continues resilience against malware which mostly rehashed the known facts of a better design with better separation of user and admin privileges – but in the comments somebody made a point that immediately struck a massive chord with me. I had never thought about it before, but as I read it, the logic hit me: this made perfect sense. It fitted all the observed data perfectly.

GNU/Linux users almost never download and run programs from the internet. We almost never trade programs on disks with people. We install from the repo’s, it’s just easier and faster on our system – and this means, before we install the program it’s been checked – it’s coming from a source we actually can and do trust.

A major aspect of malware spreading – social engineering is entirely removed because we use repositories to install software. Do we really want to turn GNU/Linux applications into the unreliable, untrustworthy mess that is Windows software ?
Even if you remove their unclean deinstalls and registry muck-ups – the reality is that the basic premise of “download from some site and install some little app all the time” is fundamentally broken, it creates a massive and easily exploitable gap for getting users to install malware.
One of the worst I’ve seen is a site that does a very good job of emulating a respectable looking provider of anti-malware software, out to get credit cards when you buy, and install their own spyware on your box…

GNU/Linux is entirely immune to that because all our software comes from a repository, where it gets added to by developers who are technically proficient and know the system really well, who know the software they add well – they have to because they build those packages from source and that means studying the build systems at least to an extent.

Sure junk could creep into a repo – but the odds are very small. Systems like klick has tried to create ease of single-place package installs and failed because it has no real way of resolving dependencies and it’s highly desktop dependent. Even if you ignore those problems… well you’re still dealing with a single repository source of click recipes, so it’s still safe and secure – but I don’t see most third-party vendors using click to ship anytime soon, they aren’t even playing nice with repository maintainers for big distros !

Rox-desktop has an app-folder approach that only works with rox, but does offer pretty much what the author seems to want… but nobody uses it. The reality is there are many different package managers out there and despite many claims this is a good thing, they all have strengths and weaknesses. They allow distributions to be good at some things they would otherwise not be good at, and other distributions to fill in those gaps.

It wouldn’t be too hard to combine a rox-style appfolder with a .desktop file to make a desktop-neutral app-folder tech… but it’s usefulness would in fact be very limited. Users don’t want their data-space (home folders) cluttered with applications – even Windows users know that. It’s hard enough to find your files now, what would adding all your application files among them add as a hundred or more extra directories do ?

Well besides obviously turning GNU/Linux into a quagmire of virii and other malware as ugly as windows and twice as rotten (because we don’t use antivirus software) ? Nothing. Nothing that’s actually good for us as a community anyway.

The only reason people seem to think that being able to quickly download and install software from anywhere is a good thing (as opposed to a disaster we have been wonderfully lucky enough to avoid) – is because they are used to this idea from the Windows world. They think it’s good as an easy way to get third-party software, but what they don’t say is… well that thirdparty software would already be in the repo’s- unless they license doesn’t allow it.

Let me spell it out: the only people who have difficulty or problems with GNU/Linux’s package management idea, or the proliferation of package managers out there: are the developers of non-free software.
They want to join our party, but refuse to play by our rules. Well – whose fault is it then if they keep losing the games ? More often than not, this is not even a reality, they are making excuses not to support free platforms, and taking a convenient one, forgetting that if they made free software – it wouldn’t exist.
They wouldn’t need to care how to package for distro’s X, Y, Z – why not ? Because that’s windows-thinking, where vendors package the software. Just put the software out there, it’s my job to package it for kongoni, and the MOTU’s jobs to package it for Ubuntu etc. etc. hey guess what, this means the people packaging the software are actually experts on the OS platform they are packaging it for – as opposed to merely knowing their own program.

You can get software installs that integrate cleanly, don’t break things, don’t get infected with malware by accident…

Basically, I think the advantages of a package manager approach to software greatly outweighs the advantages of any other approach I know off, and more crucially than that: most of those so called advantages are in fact disasters.
Ease-of-use is a good thing, but I don’t think quickly-download-and-install software is easier to use.

Expecting every user to be able to spot a real software company from a fraud, a good program from a bad one… and judge it entirely by themselves… that’s not a good way to make it easy to keep your system fast, secure and stable. Package managers have their downsides, (but the only practical point he raises that could be improved is difficulty with running multiple versions of an app, which is a pure power-user feature anyway) – but they are relatively small in fact… the alternatives take the responsibility of ensuring the integrity of software away from people who are trained to do it, and puts that burden on ordinary users.
This was Microsoft’s biggest single mistake – the main reason for the continued plague of spam, botnets and spyware on the internet. Please, let us not make the same mistake.

Update: It occurred to me after publishing that I should add this. If repository based installation is so bad, why is it being copied and emulated as an idea ? The iphone’s app-store is a prime example, although proprietory and pay-for-play, it’s a repository of safe software, for users to install from. In every other aspect, it’s identical to how GNU/Linux installs software on your computer.

Busy, busy, busy. Such is the life of a distro developer when releases are being made. Kongoni-current has been quite lively of late with a lot of things happening last week – especially as it was a short work week.

My girlfriend luckily is very supportive of my endeavors because she hasn’t been seeing much of me lately – but the good news is that the progress has been amazing.

My week began with a minor setback when quite a lot of files on the 64-bit build got badly corrupted, don’t tell the girlfriend but it was her fault… hairdryer in the clean power. Luckily – I keep very good backups of the build systems so restoring it wasn’t too hard. The problem was compounded though because I initially mistook an unrelated issue for part of it – so long after it was fixed, I was still hunting file corruptions in what turned out to be a wild goose chase.

The real issue turned out to be an incompatibility between squashfs 4.0 and linux-live. Choice to be made there: patch linux-live, or roll-back the kernel to 2.6.29.4, ultimately I opted for the rollback, I hate patching upstream and I avoid it as far as possible (in this regard, I’m with Pat – the less patching I do – the more stable your systems will be).

So Nietszche will ship with kernel 2.6.29. More importantly was another major gain in the freedom-support of Kongoni. It won’t be shipping with source code from kernel.org but rather with the linux-libre project’s cleaned up code. No more non-free blobs, nor the ability to directly add them. I tested it roundly and the impact is fairly small, but for those who have a piece of crucial hardware that absolutely has-to-have a non-free blob and who cannot afford to replace it, Bret Murch has offered to host and build a set of identical packages based on the non-free kernel.org Linux, which users can install if they wish.

This was the last major hurdle we had to cross to be acceptable for being listed on gnu.org, and I am now comfortable to request that listing once Nietszche is released. It is interesting to note that the existence of distro’s like kongoni and gnewsense is rapidly reducing the level of non-free driver requirements all around anyway. The recent GPL’d release of drivers for the Atheros 9x wireless cards by Atheros themselves is a direct result of the work that the madwifi developers did in creating a completely free blob for the Atheros 5.x cards. The result is that now, all GNU/Linux users can run any Atheros card with only free software drivers and firmware.

On a completely different note, I think we are close enough to the end of the month for me to let you in on a big secret I’ve been holding for well over a month now since I was first informed of it.
The July issue of Linux User Magazine will have Kongoni Sophocles on it’s cover-DVD, as well as an article on the system, with a mention that Nietszche is on it’s way.

The editors of the magazine spoke to me while preparing for the article to clear up some small details and mentioned the following choice tidbit: “Usually we only include stable releases, no alpha’s or beta’s – we made an exception in Kongoni’s case because your alpha was a truly solid release.” (Slightly paraphrased for clarity – but the meaning was not altered in any way).

So those of you who can read German should look out for the magazine in the next couple of weeks – this is the first mainstream publication to ship Kongoni disks – and it’s a major piece of recognition for our work.

Another nice bit of news is that the Kongoni IRC channel is starting to become quite lively. This is an idea that came from, and were implemented by, our users themselves. Myself and Bret Murch are regulars in the channel, so please do drop by and come have a chat with us, the more the merrier. The channel is hosted on freenode’s IRC server (on kongoni, if you install xchat from PIG it’s on the list already) and it’s called (you guessed) it #kongoni.

I made a small change to our git helper scripts, specifically to gitmaster.sh and gitcurrent.sh so the commit messages they use get automatically sent to twitter and to floss.pro – so for a constant stream of messages about what the devs are currently doing considder following @kongonidev on floss.pro or on twitter.