There have been a lot of questions today about just what the recent Debian OpenSSL flaw means for Tor clients. Here's an attempt to explain it in a bit more detail.
¶ Addressing How Debian's OpenSSL Surity Issue Impacts Tor
¶ Why The Average Person Will Never Understand A Social OS
The reason a Firefox package wasn't included in Debian? The icons. That's right, the Debian guys didn't like the licensing for the icons included with Firefox, so they didn't include it. Instead, they created their own icons for Firefox, called it Iceweasel, and included that. Other than that, Iceweasel differed from Firefox in no way whatsoever.
The moral of this story? Debian developers are petty and stupid. They also enjoy shooting themselves in the foot.
People will never understand Debian because of the Debian Social Contract, that there's a whole lot more involved outside of a simple programming point of view.
Virtualization Software
It's articles like this that make me look into buying virtualization software. I'm very not used to having a MAMP stack because managing a LAMP stack, as I have been for years, is worlds easier. Sure Apple has Software Update for the OS and various other software offerings of theres, but how much longer until an all encompassing solution like Debian's (and Ubuntu's) apt software and deb file format?
¶ How Open Source Can You Get?
But what's the point of Gobuntu's existence if it still contains non-free components? Apparently, Canonical even went to the trouble of removing everything except the copyrighted-all-rights-reserved image files. i'm left scratching my head, wondering why they bothered with this farce if they weren't prepared to go all the way?
...
I spoke with Mike Connor about this issue, in person, at the Firefox 2 release party last year. (Mike is the Mozilla Corporation employee who filed this bug that eventually led to Firefox’s removal from Debian.) Mike admitted to me that these files are not released under an open-source-compatible copyright license, and that this means that any build or package that includes those files is not open source. Furthermore, he does not have a problem with this (I believe his exact words were "I'm OK with that"), and it appears that his employer shares his apathy. The Mozilla Corporation’s solution to the "Linux problem" has been to pressure each major distributor to ensure that Mozilla’s non-free applications, complete with their non-free image files, make it into the default install. Debian refused to cave to this pressure (Mike literally told them to "bend the DFSG a little" — you can imagine how well that went over), so their only choice was to remove the Firefox package from Debian.
Started Running A Tor Router
I've started to run a Tor server thanks to the Tor on Debian page, which includes Ubuntu. Tor is an implementation of second-generation onion routing - an anonymity system enabling its users to communicate anonymously on the Internet. I've been watching the server stats like a hawk to see if there were any adverse effects. I've already defined the exit policy to not be an exit node because keeping my IPs from being blacklisted is important to the continued operation of this server. I've also set the bandwidth limit as to avoid an ugly bill at the end of the month. However, I do believe what's holding things back is the number of file descriptors. I'll look into changing that as soon as possible. Right now the default is 1024, however, it seems that 8192 is the amount they would like so I will be changing that this afternoon.
Looking at these stats, keep in mind the server was started around 19:00:
Fuck Big Brother.
Ubuntu Linux Instead Of Debian?
I think I might have found the answer to the problem faced by most Debian GNU/Linux users. Debian stable is old. Over two years old. Woody was released in the summer of 2002. As such, it is mainly used in production enviroments where the latest and greatest is given up for stability. While this may be great for a server, it is horrible for a desktop user. I've been using Debian for several months now and I jumped straight into Debian unstable. While I've found it to be quite stable, there have been glitches. But even unstable is not bleeding edge, that is what Debian experimental is for. But I don't think every package that I use has ever been stable all at one time in experimental. So I wait a bit, but otherwise have a more than pleasent and productive computing experience. However, with each apt-get update and apt-get dist-upgrade, I was worried something would break.
So I had a trade off, not update for a while and wait, than do a mass update and wonder what broke when a quarter of all my packages got updated all at once. Or update frequently, and hope I can just manually roll back a package if something gets broke until it gets fixed. Neither solution is optimal.
But today I read at the Ars OpenForum a post by whiprush (Jorge Castro) about Ubuntu Linux, a Debian based distribution. In whiprush's words, it seems to bring a lot to the table:
- Easy installer (based on the debian sarge installer) - toughest part is partitioning. They're working on a GUI installer for the next release.
- X config is brainless (just pick a resolution). It's X4.3 with lots of patches, some stuff from Xorg. Full Xorg next release.
- Project Utopia out of the box. Just plug stuff in and it mounts.
- Kickass laptop support. Laptop mode enabled, ACPI, CPU freq thing on by default. Tons of wifi drivers out of the box. ipw2200 (centrino), madwifi, atmel, atheros.
- GNOME 2.8, Evolution 2.0, Firefox as the default browser
- Kernel 2.6.8.1, w/ALSA sound
- no root account, you use sudo instead.
- Cleaned up default desktop (ie. no icons on it), most has been moved to a new Computer menu entry
- LiveCD so you can try it out. (Not available yet I don't think)
- Time based release schedule. Stable release every 6 months. Support for a version for 18 months. Basically snapshots of sid with polish.
- Support base of software, most everything else are rebuilds of lots of Debian packages (but unsupported), around 13,000 packages.
- Free and open. The developers are literally an all star team from the debian, freedesktop, and gnome communities. Improvements and fixes go back into debian. This is probably why this distro is going to seriously own, these guys know what's up.
So I get the latest stuff, it all works, and I don't have to update, I can wait 6 months and then I know I can update everything and it will work. And all of the things I had to learn how to configure (mostly hardware stuff, X working out of the box is awesome, as is the ipw2200, which is what will be coming on my laptop) work out of the box. And it's based around GNOME. And it includes Evolution 2.0, something that isn't even in Debian unstable. This is cool.
I can't wait to take it for a spin on my laptop. The final release doesn't come out until the end of October, but I figure there should be no problem giving it a spin and updating once it comes out.
Bye Bye Windows!
I've been using Microsoft operating systems for years, most recently, the Windows series, starting at 3.1 and now, Windows XP. I've been using linux on my server now for quite some time now, but have tried it before in a desktop role and found myself reinstalling Windows after a few days. I've been running the Debian GNU/Linux distribution for a few months now on my desktop, known as alpha, and I think it's here to stay.
I've been meaning to keep my blog updated with the software I install, but, like all other things, I didn't get around to it. Since Debian packages are managed with apt, installing and uninstalling software is pretty simple.
