OSNews

A well argued and sane article on the subject. I really had lost all hope to see something like this here on osnews. So, to make it short, I agree with the author.

This article makes much more sense. One point I would add is that not everyone uses a computer (or all computers) for the same thing.

This is in a large part the problem with Windows. Windows ships with all the services enabled and available. Each one has its own security problems and without documentation and expertise it can be difficult for a novice (or even a cluey geek) to work out what to disable (DNS Client service in Windows is an example of this).

However Windows is trying to cover all the bases and make it work out of the box without the user having to enable something that they probably don't know that they need.

One of the reasons I like Linux and FreeBSD is that I can get base system and add stuff. I often don't want a common set of tools and utilities that includes a lot of things I don't use. I don't use kerberos, nis, ldap etc for authentication. (In fact I suspect the uses of any of those protocols is not common except in enterprises)

Each purpose for which I setup a computer can have different requirements. Some require a bare minimum of features and others require the kitchen sink.

I agree that standards are the way to go. Industry Standards are generally all about formalising cooperation and compromise. Freedesktop.org is an example of this, taking two (or ten) branches of the same thing and providing a forum to share ideas and cooperate. It doesn't solve all the problems or ensure world peace, but then nothing does.

The author is (like almost everyone else) missing the point of the previous articles. It is NOT ABOUT CHOICE ITSELF! It's about the ability or will to make choices. Come on. I know IT-professionals who don't even care about the whole IE-Firefox thing that's going on right now, let alone grandpa and grandma.
This is not about the quality of Linux versus Windows, or the quality of KDE versus GNOME, or Apache versus IIS, or Eclipse versus JBuilder, or whatever. This is about the psychology of end-users. All the points this author makes are moot.

Again, this is not an anti-linux post. I like linux a lot and have been using it since the early days of red hat. But someone who believes that the current desktop form of linux (in its various distributions) is better as a commodity "product" than Windows XP, needs to wake up. Fast.

Nowadays, it is downright impossible to keep a Windows XP-machine running online without a firewall and antivirus software.

Mmmm, then I must have been doing something weird here: I have been running several Windows computers here since 1995, without firewealls, without AV, and I never had a single problem. But then again, it's in fashion to say stuff like the line from the author above. I never had a single virus infection on my computers running Windows, my parents', my friends', my relatives' and so on.

While this article wasn't too bad, the pro-Linux attitude was sickening. Please, when writing articles, please, try to be objective!

Mmmm, then I must have been doing something weird here: I have been running several Windows computers here since 1995, without firewealls, without AV, and I never had a single problem. But then again, it's in fashion to say stuff like the line from the author above. I never had a single virus infection on my computers running Windows, my parents', my friends', my relatives' and so on.

Now that's weird, because you should at least have suffered the "push" kind of worms like Blaster and Sasser. I know that _all_ of my friends running XP were infected in a matter of days and were struggling to get their MS update asap, or setting up a firewall for the very first time. Anyway, this is really off-topic: the fact that nowadays Windows XP needs an AV and firewall is not the author's opinion. It's a fact: proof is the effort and economical investment that MS chose to put in SP2 instead of concentrating on newer and long promised products like Longhorn.

While this article wasn't too bad, the pro-Linux attitude was sickening. Please, when writing articles, please, try to be objective!

Another kind of comment I don't really understand... what is an "objective" article? You can only really be "objective" in reporting facts. Opinions and interpretations are always subjective. You can dissent with the point of view here expressed, but not with the fact that there is one.

It is very easy if your computer is not connected to the internet. But in other case your compoter will be infected in about 15-20 minute without firewall and virus killer. It is sad but true (I tired it ).

Now, let's be fair here. There was an update that blocked the hole that Blaster used a month ago before the attacks began.

It's a different story with Sasser, though, as far as I know.

here's the link to back up my argument. i wrote that article late at night yesterday and i forogt to include the link...

http://news.com.com/Study:+Unpatched+PCs+compromised+in+20+minutes/...

basically, it was a big story on the net a few weeks ago. and don't tell me that you can run an xp-machine without a firewall nowadays. it is just not true. i have gone trhrough this several timea already. buy a computer for one of my friends, connect it to the net, boot it up: *blam* - sasser. no chance to install a firewall first...

best regards,
christian

@others: thx for the positive reactions to my article!

This was the best article in the series so far. Thank you. One additional remark: four wheels on a car is a standard because it proved better than three. And that is one of the ways the ecosystem keeps itself healthy. If something better comes along, it will get it's following.

Fair enough, but it's still unlikely that "your parents, your friends, your relatives", basically every XP user you know will not install an AV software but still keep Windows thoroughly updated, and that every exploit ever patched would be fixed _before_ it can damage you. I'm not blaming MS when it's really expected that the users keep care of their software, we just have to _accept_ the fact that to keep an OS running and connected to the net you have to take care of it.
The article even states that in the opinion of the author Linux, were it in a monopolistic state of diffusion and were it available in a single distrivbution/batch would be more or less as vulnerable as Windows. I am not so sure of this fact, but I see the point.
I am a Windows XP user (AV, Firewall, no IE or Outlook) and a Linux user and I am willing to work to keep them up and running. Atm it's really easier and smoother with Linux, but denying that there's a problem is not really the way to go.

Why Fedora should drop KDE or Mandrake dropping GNOME. Its all about diversity and redundancy. Isn't it ? They may concentrate on one desktop and push them but also keep the others. Nice article and good logic. Keep it up.

Mmmm, then I must have been doing something weird here: I have been running several Windows computers here since 1995, without firewealls, without AV, and I never had a single problem. But then again, it's in fashion to say stuff like the line from the author above. I never had a single virus infection on my computers running Windows, my parents', my friends', my relatives' and so on.

You didn't say whether those machines are connected to the internet. It certainly sounds like they are not. If they are, then I would love to have your amazing luck!

After running linux exclusively for almost two years, I recently (back in July) decided to try Windows XP Pro. I finally had to go back to linux because of three things:

1. I prefer Gnomad2/libnjb to Dell's Windows-only jukebox program for my Dell DJ music player.

2. I prefer jpilot to Palm Desktop for my palm pilot.

I could live without the above two programs, if not for the third reason:

3. Even after installing AV, firewall, anti-spyware, and all windows updates including SP2 from a CDRW (downloaded and burned in linux), AND clearing up any security holes that remained before going online, I still eventually got infected. My firewall was permanently disabled by whatever I was infected with, and both antivirus programs I installed were unable to detect and clean any viruses/worms from my system.

Now I'm back in Slackware and am loving every minute of it. I'm running the programs I really like, and I don't have to worry about infections or security holes. I update regularly with swaret, and I keep an eye out for any new security risks that are found in the kernel and various user programs. Yes, that's right, linux also has security vulnerabilities from time to time. I just find it a more secure system overall than Windows.

To go back on topic, if it weren't for the choice of GNU/linux and other operating systems, I would have been stuck using Windows, which isn't such a bad thing (not counting viruses etc), except that it also would limit my choice of which programs I can use for various tasks (see above). Because of the freedom of choice that I enjoy, I may one day move to OS X, since it allows me the freedom to use most POSIX-compliant software in addition to Mac-only software. That is an expensive choice, as I will have to buy new hardware, but the important thing is that I am free to make that decision.

Bahh, most routers have port forwarding disabled by default. With that and using FireFox and turning off that idiotic windows messenging service I've been safe without a firewall.

I guess the kiddies are warezing too much and that's why they're all infected.

well, not everyone i know has a router. actually, i have one because i have 3 computers in my home. most of my friends are connected to the internet via cable or adsl here in austria. that's a cable modem, an rj45-cable and a network card. same goes for dsl. no firewall. and i am not talking about a minority, i am talking about 80-90% of austrian broadband users.

really, i can accept critique, in fact i like to hear opposing statements. but calling me a linux zealot and dismissing a well-proven argument about windows security is just retarded. you don't have the slightest clue what i am talking about and just want to flame around. very weak...

christian

Don't know about these days, but redhat used to turn on so many services by default that a machine connected directly to the internet without a router would be owned within days without even being on the machine.

Article is much more logical than the two previous. Good work.

As for the running of Win2k/XP without firewall - I have the same experience. It is not possible to install any of them without security updates pre-downloaded (at least not at my location). I got infected by Sasser and/or Blaster before I managed to download updates.

That's right, he didn't mention it, even that being one of the greatest mistakes in Linuxland.

And it's just not about making all programs look the same, but about usability, and I'll give a few examples:

1. Adding a side bookmark on a KDE Open/Save dialog box doesn't put that same bookmark in GTK dialog box and vice-versa

2. Gnome programs have their confirmation dialogs with switched buttons (the No/Yes question in Gnome dialogs)

3. Changing UI settings in KDE doesn't change them in GTK and vice-versa

4. It really looks bad

And these are just a few I remember now because there is probably much more.

That's right, he didn't mention it, even that being one of the greatest mistakes in Linuxland.
He didn't even mention that vim uses different keybindings than emacs or how Konqueror renders some webpages differently from Firefox! Well shit, this article is worthless!

1. Adding a side bookmark on a KDE Open/Save dialog box doesn't put that same bookmark in GTK dialog box and vice-versa
Valid point. I don't know if fd.o addresses that somewhere.

2. Gnome programs have their confirmation dialogs with switched buttons (the No/Yes question in Gnome dialogs)
Well, cry me a river, people actually have to READ before the hit a button? Not to mention that "yes" and "no" is not really wanted according to the HIG (or so I heard). If it really bothers you that much, go install one of the GoneME patches that "fix" this "issue". And don't you dare start with "but the average user does not want to install patches, he just wants his buttons in the right order". The average user is a braindead idiot who shouldn't be allowed to walk, else he could fall and break his neck.

3. Changing UI settings in KDE doesn't change them in GTK and vice-versa
True, but there are some people working on that. Look at Metatheme for example (I do not have a link handy, but it is somewhere on themes.freshmeat.net).

4. It really looks bad
Depends. It can, but does not have to.

Yup, this article makes the most sense.

I was getting worried there (for a second) with the previous two articles. It alsmost felt like the communists were creeping up. Thanks to Christian Paratschek for restoring the balance.

1. Adding a side bookmark on a KDE Open/Save dialog box doesn't put that same bookmark in GTK dialog box and vice-versa

that's exactly what i am talking about. a standard that does not hurt either application but if they follow it, exchanging apps gets easier. thanks for mentioning that one!

christian

But you have to agree that those and other problems could be solved if a single toolkit existed, and that no problems would arise from that, except having to convert old programs to use the new toolkit but a emulation layer could be created so those programs could still work while their developers convert them.

True, but what would happen if the only existing toolkit was a horrible mess, riddled with legacy crap that noone needs anymore? Or what if it would frequently and without reason break backwards compatibility?

Pick your poison, there's no water here.

http://en.wikipedia.org/wiki/Trabant

Are you talking about GTK?

That's not a problem and even if such thing existed just replace it with another, it would be simpler to replace only one messed toolkit than 5 messed toolkits.

Anyway how can having 2 or more different toolkits prevent that problem?

No, I am generally speaking.
You can either have several toolkits, with all the benefits and let-downs of this. Or you can have one toolkit, with all the benefits and let-downs of that.
My point is: a single toolkit is no silver bullet. It may look unified, but the problems might very well breed under the hood, worse than if the toolkit had competition.

>That's not a problem and even if such thing existed just
>replace it with another, it would be simpler to replace only
>one messed toolkit than 5 messed toolkits.
If you only have one toolkit and want to replace it with another (which you have to code first, I doubt it is easy and fast), then you have two. Whoops, the same problem applies. Legacy applications will not be ported over, will you be able to make sure that it runs ok on low-power computers, handhelds, if desired? (I think GTK can this, but I remember several others that can, Fox Toolkit can do that too, IIRC.) Of course, you can bend over for backwards compatibility, but one time you WILL have to make a cut or it will end up like Windows XP, which still has the entire 16 bit subsystem, with all the problems that come from it.

While there is no perfect solution that's not an impediment to do better than what we have now, is it?

Those bugs and situations may occur but they also may not occur, so why not give it a try?

Because you would have to get rid of all existing toolkits. None of those are without problems, so which one to pick?

KDE/Qt

Why?

1. Qt itself is good but with KDE extension is even better
2. Why not?
3. I like it

...

By the way the title of the posts are based on the movie The Good, the Bad and the Ugly

"You can stick your head in the sand if you want to"
Who is putting his head in the sand? You have still not replied to what you'd think of comparing windows 2003 to windows 95, wich is essentially what you are doing.

"but the fact of the matter is that your average linux box left open on the internet, with the default installation services turned on"

Which is this mysterious "average linux box"? Last time I checked Fedora sets up a firewall for you, along the lines "if you don't know what this is it's safe to say NO", SuSe did the same and the distro I personally use, wich granted is not for newbies, doesn't turn on squat. So what are you yapping about?

"I guess it really doesn't matter though since nobody is really using Linux on the desktop"

Well. I do, and have done for several years. It works excellent. The problem you and your ilk have is that linux is not windows. You have to accept that. If not then fine. Don't use it. Linux was around before you chapskates who want nothing but a "free as free beer" windows drop-in-replacement. I'm confident it will still prospher when you have perished.

"Oh well, linux will be remembered as a mediocre server OS since the fanboys are clueless to the needs of the home consumer."

And some will be remembered with a great howl of laughter because of their stupidity, lack of insight in matters they speak loudly about and their total egocentricity.

QT has the problem that either your software is GPL or you have to pay $$$. If you code on Windows, you have to pay $$$ in any case.
Not everyone is willing to do that, so QT is out.

Listen up people: everyone who is responding to this discussion with "this or that is more secure, better, faster, more edible, more blablabla" is actually off-topic. Here's a clue: those things don't matter that much. This topic (at least initally) is about the negative impact of too much choice on Linux. Agreed, it also has a positive impact, but from a commercial point of view choice isn't always positive. And let's face it: if desktop linux wants to be big, they have to be more attentive to the commercial side of things. The market doesn't always respond to quality alone, you know. Who cares about the differences between KDE and Gnome? Who cares about the differences between MacOS, WinXP and Linux? People who think that the answer is: the majority of people, well... I'm afraid they're not living in the real world.

Let my explain with the popular "car analogy": cars adhere to certain standards, like having four wheels. While this is a removal of choice in itself, it is not bad at all. Four wheels are a standard, and every car maker who wants to produce a normal car has to follow this standard.

Your point is reasonable, but your analogy is atrocious. Cars don't have four wheels because it's a 'standard', they have four wheels because it's the best design tradeoff for their purpose. A better example would have been the wheel lug nut patterns (although there are several different 'standards' of them) that give third-party wheels 'compatibility' with different cars.

Internet Explorer is the black sheep because it does not render modern HTML well enough and has introduced proprietary extensions and other crap, using its monopolistic position to force contenders out of business.

IE renders every page I've ever seen fine. Also, you should blame Netscape for starting that whole 'proprietry extensions' thing as well - it was the cornerstone of their entire business model.

An example: I can switch between Evolution and Mozilla Mail/Thunderbird whenever I want. As they both use the mbox-format to store their mails, I can choose between them freely (O.K., it takes about 15 minutes to move the mails, as there are some differences in the naming scheme, but that's not the story of this article...).

You should not confuse standards for things like file formats with UI standards. The only reason you can switch "freely" between Evolution and Mozilla is because a) you have invested time learning both UIs and b) you don't use any features that are unique to either product. In other words, the "choice" only extends so far as the level of functionality and the user's knowledge.

What has the Windows-monopoly and the Internet Explorer-monopoly done to the web? Right, it made the net a contaminated area.

It would be quicker if you just said "IE sucks" - it's clear that's all you mean.

Nowadays, it is downright impossible to keep a Windows XP-machine running online without a firewall and antivirus software.

Bollocks.

After an average of 17 minutes, it is infected.

Chuck a Linux machine running binaries dating from 2001 on the net and see how long it lasts.

Yes, we had this debate already, and I know that Linux has a better security model and all this.

Then you "know" wrong. Linux does not have a better security model than Windows.

Ideally, it should make no difference for the user. Both mail-clients should use the same format to store their mails.

It's a long way from "using the same format to store their mails" to making "no difference for the user".

85% Linux-users worldwide and a heap of Linux-viruses will not be a problem for a KDE user. He will use BSD as the core and KDE as the desktop and happily go on computing.

Except that a large chunk of those "Linux-viruses" will probably affect both platforms equally. After all, Windows 9x and NT are completely different OSes under the hood, and it's not uncommon at all for a trojan, worm or virus to affect both of them due to their similarities.

And when KDE gets too big in in the process, Gnome (or any other desktop) will help out, take KDE market share, thus making KDE less interesting for malware writers.

The DE is not likely to be a big issue. Indeed, it's not likely to be relevant at all.

This is in a large part the problem with Windows. Windows ships with all the services enabled and available. Each one has its own security problems and without documentation and expertise it can be difficult for a novice (or even a cluey geek) to work out what to disable (DNS Client service in Windows is an example of this).

Precisely what security hole do you think disabling the DNS Client service closes up ?

It is very easy if your computer is not connected to the internet. But in other case your compoter will be infected in about 15-20 minute without firewall and virus killer. It is sad but true (I tired it ).

Have you compared it with a freshly installed Linux box dating from 2001 ?

basically, it was a big story on the net a few weeks ago. and don't tell me that you can run an xp-machine without a firewall nowadays. it is just not true. i have gone trhrough this several timea already. buy a computer for one of my friends, connect it to the net, boot it up: *blam* - sasser. no chance to install a firewall first...

Here's the 31337 h4x0r trick to avoiding this.

1. unpack your shiny new computer and boot it up. Do not connect it to the network.
2. enable XP's built-in firewall.
3. connect the network cable.

Wow, yet an other impressive windows fanboy.

Author:
You can't run WinXp on the net without getting infected within a few minutes if you don't turn on the firewall.
drsmithy:
Call author names, call him an idiot, tell him that he is wrong, because all you have to do to avoid the problem is turn on the firewall.

Does that in anyway contradict what the author said? No?
So was there a point in saying it? No.

And your comment about the precise security hole is equally impressive.
I know this will come as a surprise to you, so hold on to your seat, but every service that doesn't run is a service that can't be exploited if a vulnerability is found. That's why all the world but drsmithy and MS agrees that it is good security policy to run only the necessary services.

Finally, you are right, you would probably find lots and lots of security holes in a linux distribution from 2001, however this doesn't matter, as you can download or buy new versions of it. If you buy WinXP on the other hand, you'll get the stuff from 2001 with all it's problems.

1. Windows is a product line, so there is going to be a full package feel to it. You would get close to that feeling if you used Enterprise Linux, but not Fedora because Fedora is a community project, it's not a product.

2. Standards are the bases for sofware commoditization (and all that is derived from that).

3. Your choice in Linux is choice of vendor.

4. There are several players in the open source paradigm, there are the vendors, there is the community, and there is an arbiter.

5. Point of view, strategic planning, directional planning, all make a difference about how you feel about something specific, and feelings change as more knowledge is uncovered. The process is called generalizing, or knowing the big picture. The bigger the better.

They compare a free and _evolving_ development model, that, like the evolution of life, does actually not veer towards anything. Products evolve by chance, or by personal necessity. Whats not good for the general public gets selected out by time, by some kind of natural selection.

The only way to influence somebodys development efforts is to pay him, to develop what _you_ want. There wouldnt be hundreds of window managers and text editors if the people had any need to "unite" and take it on Microsoft, a non free, streamlined, commercial product developer.

The authors of such articles just reveal that they are some kind of little dictators, who would like to govern Free Software development worldwide.

I really cannot understand that those "no choice" fanatics really want to regulate what other people do in their free time, so that some company like Novell or RedHat could have a more integrated and polished product to compete against Microsoft. To want something like that is nothing less but just ridiculous!

There _already_ are distros that limit choice and offer only a few common packages, so this discussion shouldnt be needed any more. Goal completed. No wait, they dont want to have one distro to offer that, they want to limit free choice of _all_ distributions and to yoke _all_ free software developers to spend their free time working for the biggest distributors without getting paid.

They obviously watched too many LOTR (unite against the evil or we are all lost) movies.

I dont like to repeat myself, but this is ridiculous, just ridiculous. Limiting software choices in a free software community, bah.

These Choice article series are superfluous. All three of them.

The enormous response to all three stories proved my original point 10 times over. Even the hint of removal of choice can start a near-civil war.

To anyone who thinks there was any "anti-choice," whatever that now watered-down crappy term means these days, read them again. There's no removal of "choice" from anything except individual distributions.

The best comment so far was the one about a guy who went to buy toothpaste and found over 60 brands. It was confusing - which is better? which tastes better? which fights tartar best? - and in the end, his 2 year old made up her mind and that was that.

Linux is, despite what a bunch of people on a technology site think, VERY INTIMIDATING for new users because there is so much choice and very little guidance. No one has to remove choice "from Linux" to fix this. But someone should start pushing an enterprise Linux distribution that doesn't require a user to choose a DE and an app for every purpose. Know why? Because it's not about philosophy in the workplace, it's about being productive. And that's a mystery to those who haven't truly experienced it. I might not have time to properly research whether AbiWord, KWord, StarOffice, OpenOffice.org, gedit, Kate, KWrite, Nedit, Jedit, etc is the right product for me for a single project. I just need to write my damned weekly report.

Don't believe me? Which is the best LiveCD? There are now about a million Knoppix spin-offs (hyperbole intended). In the end, if I need a LiveCD, I'll just choose one quickly. I'm not doing the research, because there's way too much involved in it and frankly, they all do pretty much the same thing.

With these articles, as long as everyone squabbles about the quality of the writing, the apparent rise of communism, the author(s) being "against choice," etc, there's no progress at all.

Frankly -- rather, sadly -- all these articles have actually done is start flamewars that really are quite embarassing, as they appear to be based solely on the instant reactions of people who skimmed the articles and probably had their mind made up before they finished reading it.

"But someone should start pushing an enterprise Linux distribution that doesn't require a user to choose a DE and an app for every purpose."

Suse, Mandrake, RedHat, the new Novel Desktop Distribution, Sun Java Desktop, User Linux, Linspire, Xandros, Ubuntu, ...?

They may not do it perfectly yet, but I get the impression you are fighting against windmills here.

Linux desktops do not need to look the same everywhere. Sell some KDE here, some Gnome there, some OpenOffice.org here, some KOffice there, Mozilla here, Konqueror there. Users will be happy as long as their systems play their music-files, open their curriculum vitae correctly, display websites fine and have a nice email/pim-application. Highly integrated. Modular.

But that's exactly the problem!

When you "sell some KDE here, some Gnome there", the desktops don't get INTEGRATED and don't advance nearly as fast. Programming effort is divided, third parties wanting to port commercial apps are discouraged, etc. Things are also not integrated.

Let's see an example from server space: Apple, for instance, has a tightly integrated server version of its OS. In it, Apache has an INTEGRATED MANAGEMENT GUI. Now, turn to Linux. After of so many years, with server space being the greatest success of Linux so far, and Apache the no1 unix server, there's nothing integrated providing Apache management on Linux. RedHat may has this half-assed management tool, SuSE some other, but there's nothing integrated with Gnome or KDE as it is (i.e not distro specific). Result? Crappy quality, limited exposure, etc.

Well, in desktop space the situation is even worse.

A great military and diplomatic technique is DIVIDE AND CONQUER. Well, that is exactly what is happening, and guess who does the conquering! The sad fact is they don't even did the dividing, we inflicted it upon ourselves.

Wow. If I could give you a "+5 redundant" I'd do that in the blink of an eye. I'd give you a "+5 bigot" too.

"These Choice article series are superfluous. All three of them."

Yes, especially the flamebait you posted as an article.

"The enormous response to all three stories proved my original point 10 times over. Even the hint of removal of choice can start a near-civil war."

And rigthfully so. We have all seen what lack of choice leads to. A trabant.

"To anyone who thinks there was any "anti-choice," whatever that now watered-down crappy term means these days, read them again. There's no removal of "choice" from anything except individual distributions."

And this is redundant beyond words. Distributions already do that. Last time I tried Fedora, just for instance - no preferences involved - it pretty much set up a singel choice of every thing. It also made it very clear that they think you should use gnome and not kde. In fact it's so gnome-centric it makes you jump through hoops if you want kde.

"Linux is, despite what a bunch of people on a technology site think, VERY INTIMIDATING for new users"

Guess what? So is windows. I know, I have worked with training such people.

"because there is so much choice and very little guidance."

As I said before this is bull.

"But someone should start pushing an enterprise Linux distribution that doesn't require a user to choose a DE and an app for every purpose."

This is already beeing done by novell, redhat userlinux and more. However, this is a far cry form your initial statement "Let me state that I'm all for removal of choice from linux", Let's see. Keywords. "Removal" "choice" "linux", nope, not a word about distributions.

"Frankly -- rather, sadly -- all these articles have actually done is start flamewars that really are quite embarassing, as they appear to be based solely on the instant reactions of people who skimmed the articles and probably had their mind made up before they finished reading it."

Yeah, you could have saved us all your sorry attempt at writing an article.

Reading the articles and many of the comments shows me that there are two types of Linux users:
The first group are the Linux "power users". They build their own linux, compile everything on their own, they like to play with their system and they know how to do it. They are the "It works for me, so it's all fine." types.
The other group are the Linux "promoters". They are in a way like the power users but they also want more people to use Linux, people who aren't power users, who don't even know how to compile source code.
The first group is for choice and everything that reduces it is pushed closer to the "windows world" (it's not rare to read comments like "If you don't understand it, use windows" on the internet). But that's the way the second group want's to push Linux. They want Linux to become an OS even for the inexperienced user. That doesn't mean Linux has to become Windows but it should become similarly easy to use.
I don't know if this is a problem, it might as well be a very good thing. Linux is on it's way to become an OS for everyone - at first glance. But under the hood it keeps as flexible as ever, so the geeks can still play around. The trick is to keep the balance and in the best case the two mentioned groups unknowingly keep up this balance.

One last word: I'm quite fed up with this, I dare say, "Windows flaming". The study about Windows getting infected after 17 minutes states that it's about an unpatched Windows. So what? Did you notice the word "unpatched"? If I know there's a secutriy hole, and I know there's a patch for it, it's my own fault when I get infected because of not using the patch. Would you install e.g. an Apache version that includes a known exploit and then whine about being hacked? And who would bother to read an article that claims "Old Linux distros, full of known securtiy leaks and exploits, get hacked minutes after being connected to the net."

Don't get bogged down in something that you don't have any control over.

Fedora, the community project, is theoretically supposed to contain all kinds of software, it's not a product, it's not streamlined or polished, although it is a little bit :+)

A vendor distribution is a different story. It's a product line and certainly some of these characteristics described in the articles relate more to products.

These are very different things.

The nice thing about Fedora though is that you can experiment on it and learn about the system and the software.

Look for business opportunities in building software that integrates into a Linux vendors product line. Look to the vendors for leadership.

We are not going to talk about the arbiter but just know that there is a third character in the open source paradigm. This third person does some interfacing with the community, and with the vendors, from time to time.

I just want to post a quick reply to my comment on my windows machines not having firewall/AV: they are connected to the internet, had numerous re-install etc. and in my 13 years of computing I never ever had a single virus or worm or whatever. The most important thing to remeber is not to open attachments, and that's it.

You can say that you cannot use windows without a firewall/AV, but it's just not true!

Let me count: I had (it's BeOS only for a while now) one machine running windows, my parents have three, my brother has one, and if I add up my friends' computers which I use and know they aren't firewalled/AVd... I get like 20 Windows machines who never ever had any security problems, are connected to the net, and experienced re-installs, and don't use AV/Firewall. Now, y'all can go on and say I'm lying and all, but I don't care. I know I'm right here.

Of course this extremely small sample doesn't prove Windows is secure, I know that. But the statement "one cannot run Windows without AV/Firewall, you'll be infected within 15 minutes" is just pure nonsense.

When you "sell some KDE here, some Gnome there", the desktops don't get INTEGRATED and don't advance nearly as fast.

A Linspire, Lycoris or Xandros Desktop _IS_ integrated very well. So whats your point? Individual distributions do exactly what you "against choice" people want: Make choice for those who dont want to chose, integrate.

So it may be that products under the brand "Linux" are not well integrated, but mast things branded "Xandros" definitely are. So again? Whats your point? To regulate free evolving community driven distros so that they dont poison the Linux brand? This is it, isnt it? That the kernel name managed to get more popularity than the single distributors? That a Debian Linux affects the sales of a Xandos Linux because theyre both linux? What would you like? To stomp free non commercial distributions so far in the underground, where Joe User wouldnt see them? So they couldnt affect the sales of the comemrcial distributors?


Programming effort is divided, third parties wanting to port commercial apps are discouraged, etc. Things are also not integrated.

Thats the benefit/curse of Free Software. Everyone may chose the direction he develops for, and there is no central committee which defines the direction. Commercial developers just dont have the possibility to develop in a direction other than the management oder design department decide. There is no freedom in their development model, because they dont develop free software. This may result in a integrated and polished product, because all pull together as a team, but thats what they get paid for!

You just cant mandate free software developers what to do in their free time. When they dont like the direction of a project, they can just fork it, or start a new one, and get things done the way they like, and _not_ because they think all they do shoul be in competition with a hated comercial software developer and desktop king.

This is, what all these dumb anti choice articles are: little wannabe dictators wet dreams of how they could yoke free software developers against their will and overthrow the hated king. Poor, if you as me.

There are people who, for better or worse, have visions to solve problems, and there are people who just complain. Constructive criticism is still constructive. I didn't see anything in your response except a willingness to argue. Go back and read my article. Anyone can pick a few words out of a sentence and create whatever they want, which is exactly what you've done.

People wonder how IT people get the impression of not being user friendly or responsive to user's concerns? Hmmm... perhaps it's because everything is pefectly peachy AS IS with no room whatsoever for improvement, and disagreement is tantamount to a spit in the face.

If you didn't see anything in the post but a willingness to argue, look again:

"And this is redundant beyond words. Distributions already do that. Last time I tried Fedora, just for instance - no preferences involved - it pretty much set up a singel choice of every thing. It also made it very clear that they think you should use gnome and not kde. In fact it's so gnome-centric it makes you jump through hoops if you want kde."

"This is already beeing done by novell, redhat userlinux and more. However, this is a far cry form your initial statement "Let me state that I'm all for removal of choice from linux", Let's see. Keywords. "Removal" "choice" "linux", nope, not a word about distributions."

To spell it out yet again:
Distributions already do what you want them to do!
Maybe you could at least once address this issue, thanks.

Look at it from this point of view.

1. Linux represents software commoditization at the low layer of the platform, i.e. the low layer of the software stack.

2. At a higher layer in the software stack is the vendor product line. The vendor product line is just like a manufacturing plants assembly line. These vendors control the process for assembling a solution, based on Linux. In terms of software production, this is where the money is. If you want to make money producing software, you must integrate your product into this assembly line, so you have to talk to the vendor and ask them how to interface. Companies like Oracle and IBM market their software product at this level.

3. So the background, the low level of the software stack, is open and accessible, it's a testing ground, a ground for experimentation, until you have a concept for a product that you can push up the software stack.

4. Technically Linux vendors have developed a few Linux home desktop products (ex Linspire) however there has not been a real push by the arbiter towards this concept, not yet anyway.

...I guess I should also say, look for Novell and RH to lower the bar, and make integration into their product lines easier in the future so small business can enter the software market with products based on Linux. Right now it's still just the big iron.

Call author names, call him an idiot, tell him that he is wrong, because all you have to do to avoid the problem is turn on the firewall.

Does that in anyway contradict what the author said? No?
So was there a point in saying it? No.

Trouble is, his 'point' - that running an unpatched XP machine straight on the internet without any sort of protection - is asinine. It applies equally well to any OS, Windows is hardly specific. All he's doing is saying "Windows sucks", but trying to dress it up as a legitimate complaint by implying it's adive that only applies to Windows.

As an aside, you certainly can successfully run Windows without a firewall or AV - I've been doing it at home for years - all you really need is some sort of NAT device, regular patching and keeping IE use to a minimum (or just stay away from questionable websites). This is far from an *ideal* configuration for the typical end user, but it will - practically speaking - reduce exposure to pretty much the same level as a firewalled machine directly on the internet with an AV.

And your comment about the precise security hole is equally impressive.

Actually I'd be just as happy if he could even come up with a theory as to how disabling the DNS Client service is going to meaningfully improve security. I mean, it's like saying removing all the virtual consoles from /etc/inittab will meaningfully improve security.

I know this will come as a surprise to you, so hold on to your seat, but every service that doesn't run is a service that can't be exploited if a vulnerability is found. That's why all the world but drsmithy and MS agrees that it is good security policy to run only the necessary services.

No doubt. Trouble is taking that theory through to its logical conclusion leaves us flipping switches on the front of an Altair or sliding beads back and forth on an abacus. There are very, very few things that are truly "necessary".

See, the theory of minimising service us is fine, but the particular poster I was replying to doesn't *really* understand that, he's just parroting a line he heard somewhere - probably the same "expert" on the Register a week or two back who implie a DHCP client was a gaping security hole - who thinks having the DNS Service turned on by default has a meaningful negative impact on security. Had the poster picked some service that really does fall into the "shouldn't be on by default" basket I wouldn't have commented, but by picking something so insignificant and harmless, they demonstrate that they haven't actually *thought* about either the principle or the specific example.

The DNS Client doesn't really do much. It doesn't listen on any network ports, it just makes DNS queries and caches them to reduce network bandwidth usage, reduce name resolution latency and, in general, improve the end user experience.

By all means, services that really don't do anything to help the end user and/or perform actions that significantly increase system vulnerability - like listening on network ports - should be minimised. But harmless stuff like DNS caching, DHCP clients and, say, mousewheel daemons or USB daemons fall well and truly into the category of 'acceptable risk'.

(Sorry, forgot this bit)

Finally, you are right, you would probably find lots and lots of security holes in a linux distribution from 2001, however this doesn't matter, as you can download or buy new versions of it. If you buy WinXP on the other hand, you'll get the stuff from 2001 with all it's problems.

Copies of Windows distributed after service packs are released generally come with them slipstreamed in. So if you go and buy a copy of XP pressed after SP2 was released, it will already have SP2 slipstreamed in.

Certainly, it's true for OEM and Select/Enterprise versions (and that probably covers 80%+ of distributed copies). I rarely see new retail versions, though, so I can't comment on them.

1. While there are security issues with every OS I would take every bet that the chances of being infected running Windows without the precautions you talked about and the author said were necessary compared to the chance of being infected doing the same thing with OS X or Linux are indefinatly bigger. Part of this is of course due to market share, but that is only a part of the story.

2. And that brings us to point number two. Your claim that having 665 unnecessary services running in the background is necessary for having a modern computing experience is simply false. Look at OSX, compare it with windows and you will get a very good idea where one of the fundamental problems of windows lies. And I hope you don't want to compare the user experience of using OSX with flipping switches on the front of an Altair.

"basically, it was a big story on the net a few weeks ago. and don't tell me that you can run an xp-machine without a firewall nowadays. it is just not true. i have gone trhrough this several timea already. buy a computer for one of my friends, connect it to the net, boot it up: *blam* - sasser. no chance to install a firewall first... "

an absolute os expert.

several times huh?

windows xp shipped in 2001 with a firewall included.

os expert didnt bother to turn it on first huh?

and after several times you still hadnt learned enough to enable the built in firewall?

thats one of the reasons you lose power in arguement. you dont know what you write about.

sheesh.

and, the fella said windows pcs since 1995. so who said anything about it being xp to begin with? i regularly go to do work for folks still running windows 98 that have the original 90 day eval av software never updated and no firewall and they have never had any problems.

still a bad move though. its just like you saying mac os and linux are "immune". that is false. they are not immune. just because you get attacked less is no reason to not take reasonable and responsible precautions. and thats why linux and mac os x include firewalls today.

IE renders every page I've ever seen fine.

But i would dare say that this is only because people actually test their stuff on it and make it work. In my personal experience, the most annoying browser to develop for these days is IE, while (the subset that i use of the) standards compliant things seems to just work on gecko and khtml browsers.

So yes, IE renders all pages just fine, but that says absolutely nothing about the quality of IE. The users might not care about why things works, but i really find it silly that developers have to spend time working around bugs instead of doing more productive things.

"Finally, you are right, you would probably find lots and lots of security holes in a linux distribution from 2001, however this doesn't matter, as you can download or buy new versions of it. If you buy WinXP on the other hand, you'll get the stuff from 2001 with all it's problems."

it can happen ralph. but you can also:

buy a new pc with windows xp svc pk 2 pre-installed.
buy a copy of windows xp with svc pk 2 already integrated.

A Linspire, Lycoris or Xandros Desktop _IS_ integrated very well. So whats your point? Individual distributions do exactly what you "against choice" people want: Make choice for those who dont want to chose, integrate.

Linspire, Lycoris or Xandros are a joke regarding integration.

The mere fact that someone proposes them as "integrated" solutions, means that there is very little understanding of what integration is on the Linux camps.

While there are security issues with every OS I would take every bet that the chances of being infected running Windows without the precautions you talked about and the author said were necessary compared to the chance of being infected doing the same thing with OS X or Linux are indefinatly bigger. Part of this is of course due to market share, but that is only a part of the story.

You are welcome to your opinion. Personally, I'll just keep giving *all* my important machines the same levels of protection and maintenance.

And that brings us to point number two. Your claim that having 665 unnecessary services running in the background is necessary for having a modern computing experience is simply false.

I made no such claim.

Look at OSX, compare it with windows and you will get a very good idea where one of the fundamental problems of windows lies.

After looking, I was unsurprised to see that OS X has a DNS cacher and a DHCP client active by default as well. Undoubtedly there are other services running by default that are quite arguably "unnecessary" (like, say, the crash reporter or the automounter - heck, my iBook actually appears to be running nfsd by default).

How would you like if every movie released is released in 10 different versions with variations? Viewers will have a choice to watch the kind of version they like. Will they like it, NO.

Do i like 100s of distros each with different settings but almost same features? NO.

Does it cause confustion to a user which one to chose? YES.

And...i really feel Microsoft will come out as a winner, if Linux is not standardized and this too much non-sense choice is cut. See what happened to Unix due to fragmantation. Unix would have been much stronger if it was not forked that much.

Yeah now someone will say but hey Unix kernel was forked too...hell like as a user i care...incompatible is what scare me.

Microsoft is good because it makes things just work and it works for 99% of people. Damn even some of my DOS tools work like Turbo Assembler.

In linux i am even scared to upgrade my redhat 9 box in fear of something getting broken and then i wasting 1 day to get things up n running again.

What value does these distributions provide? I wish Linux kernel group release a standard distro which has a minimum base and everything should just build up from there...or i dun have much hope for Linux

FANTASTIC comment.

Unfortunately, that would defeat the purpose of everything the *nix community stands for. Distro's like Xandros, Suse, Fedora, and linspire are shooting for the corporate/home user and are extremely easy to install and use. I know that in Suse and Fedora they have some defaults already picked out for you, so you don't have thirty apps to choose from right from the start.

However, you do have the option to use something else if the provided default application doesn't satisfy your needs. I'm a longtime Slackware and more recently freeBSD user because thats what suits MY needs. For the average home user like yourself who is "scared to upgrade my redhat 9 box in fear of something getting broken and then i wasting 1 day to get things up n running again.", their are distro's for your uses.

The *nix community is about choice, different things for different people. Suse, Xandros, and Fedora's targeted audience may not be for me, but it may work for others. If you take away choice, you take away one of the better aspects of the *nix community.

My 42 year old computer illiterate mom can install software in suse fine, so can my 11 year old sister and my 7 year old brother. Installation of software is not hard in many mainstream oriented distros, people just need to get past the stereotypes and their own fears.

Let's show some professionalism in writing, please.

OK i am going to paraphrase and take this statement somewhat out of context, but Christian did say "this is a removal of choice in itself, it is not bad at all"

Can you please explain to me the Author of the Response to the paradox of choice how his statements differ from my statements. I said "it (meaning choice) is not necessarily a good thing" or this statement "if closing some options were to make Linux more unified is that not a step in the right direction. And last ""eliminate choice in a "positive" way"

I do believe that Christian and my self are on the same team with regards to Linux. I agree with his article for the most part.
Kevin .

Let me count: I had (it's BeOS only for a while now) one machine running windows, my parents have three, my brother has one, and if I add up my friends' computers which I use and know they aren't firewalled/AVd... I get like 20 Windows machines who never ever had any security problems, are connected to the net, and experienced re-installs, and don't use AV/Firewall.

So you're the reason I get so much spam!

Seriously though, without a virus scanner, how would you know you've never had any viruses? Being as how your machines have been on the internet for so long without any protection, I kinda wonder what will happen if you do scan them with a virus scanner. I'd imagine a few things would pop up. Heh, and man, I can just imagine all the spyware!

But even if your machines are still clean to this day, with all the free antivirus apps out there, why take the chance? When you're so careless and do get a virus you're just making the internet worse for everyone else in the world.

Seriously though, without a virus scanner, how would you know you've never had any viruses?

I said I don't use a virus scanner, as in, running it all day long. It eats resources and my experiences have tought me that I don't need one. I occasinally checked my Windows box for viruses, but never a thing popped up. Now, the only machines here that run windows are my parents', and they are just as clean.

Being as how your machines have been on the internet for so long without any protection, I kinda wonder what will happen if you do scan them with a virus scanner.

I cannot scan my computer for Windows viruses because I don't run Windows. My parents' computers are clean, and I never experienced a virus in someone else's computer; I can't be sure though, I don't like to install AV's on someone else's computer. It's not my responsibility.

Heh, and man, I can just imagine all the spyware!

I never mentioned anything about me not using anti-spyware software. I never said I wasn't infected with spyware. Please read and read carefully before making up stuff.

But even if your machines are still clean to this day, with all the free antivirus apps out there, why take the chance? When you're so careless and do get a virus you're just making the internet worse for everyone else in the world.

I rely on my own experiences, and i'm not easy influenceable by Linux-fans going bezerkon the net scremaing I need AV software. I never had a virus, so why would I use an AV? Why would you get medicine against disease X if you don't have disease X?

And I'm not careless. I have a BeOS box and an iMac, so I'm not spamming you. The other two computers I manage here aren't either.