So your beef is that Linux kernel developers develop for the Linux kernel only?

Why stop there? Personally I think they should work on making peace between the Israelis and Arabs.

I think both the Israelis and the Arabs would prefer a slightly more professional approach, Adam.

One that does not cause a regression into genocidal war every six months.

Well, there’s “design” and then ther’s “process.”

I suspect that the kernel folks are more interested in “process,” ie a constant stream of releases.

“Design” would suggest that they occasionally take a step back and reconsider what they’ve done. I see no evidence of this in the Linux kernel; just more gotos, of which Mr Torvalds evidently approves.

@adam.
you can’t say that linux is just a kernel that the developers are working on out of the goodness of their hearts and then evangelize ubuntu to grandmas. either it’s a hobby OS or it’s professionally maintained, can’t have it both ways.

My beef is that when it’s boasting time, “Linux” is a whole OS. But when it’s bug count time, “Linux” is just a kernel. Truth is, Linux IS just a kernel. Everything else is “linux-based OS”. I hate when people tell me to install “Linux”. What would i do with just a kernel in my computer? Of course what they really mean is to download a linux-based OS, but they don’t say it because it exposes the fact “linux” is not a solid thing, but a bunch of semi-compatible OSes made with little communication with upstream.

Even the tech press and the companies who make the statistics have fallen for it and talk about “linux” as if it was a specific OS.

@garegin

Fact of the matter Linux as a desktop is the tinest market of Linux. Not everyone involved has a business interest in making Ubuntu better, lol.

Also the people paid to work on the Linux kernel firstly are experts at Linux kernel development which doesn’t translate into things like making UIs better. It is different skill sets.

Yes, Garegin, stop bothering our good friend Adam with this noisome bleating.

Thank you, Adam, for confirming once and for all that the Linux desktop is a minority pursuit at best, and has always lacked expertise in the UI department. Bravo, mon jeune!

It takes real guts to admit that you were wrong to spend the last few years telling everybody who would listen, and many who would not, that the Linux desktop is the future. Once upon a time it was, but the Pixies have now fled with their Magic Dust.

Not everybody would be prepared to admit their mistaken beliefs in this way; particularly at a time of intense family troubles like yours.

You really are the best!

even mr. helsinki said that linux is not a good desktop OS. so it’s not a taboo anymore. i actually believe that linux would be a usable surfing/email/basic home stuff platform in 7-10 years. i mean not everyone does 3d rendering while playng BF3 while watching flash pr0n.

@Garegin
Yes, many people don’t care about that “3d rendering” and “playing BF3” parts. So, what you’re basically saying is that Linux will get tolerable flash support in 7-10 years?

linux has “tolerable” flash support now. what i’m saying is that it will be a stable enough platform where updates don’t break stuff. some people just do minimal stuff and don’t necessarily need all the power and features that windows, os x, solaris, or whatever give you. at this point you can’t recommend linux because they are literally no stable linux distros (no little kids, debian stable is not stable enough), even command line ones are alpha stage compared to the competition. i don’t care if I get a kernel with gnu core tools, just make it reliable.
you are thinking, just use freebsd, right? they make the whole OS, so there is responsibility? WRONG. I just loaded it on my mac mini. it doesn’t recognize the GENERIC ahci controller! use system76, nope, updates break stuff. netbsd, openbsd, dragonflybsd? no no and no.

Power and features? You mean “user experience” and “ease of use”?

If people don’t want to have to deal with the OS, they’ll get an iPad. Need a repo? Apple has an App store. etc.

There’s virtually no feature benefit that desktop linux provides unless you consider the initial cost a feature. I say “initial cost” since the cost of ownership is way higher when updates break everything.

@LINSUXOID
“So, what you’re basically saying is that Linux will get tolerable flash support in 7-10 years?”

It used to be, but it isn’t that bad nowadays actually and sometimes even excellent. It probably depends on hardware. On the main system at home, my wife and I at times watch streamed films in 720p (that´s the highest quality the provider offers). I´m surprised but it runs very smoothly despite the screen being a 30” (2560×1440). No lag, tearing or flickering. This is through the 64bit version.

Anecdotal evidence of no value to someone experiencing the opposite. Even more so when flash is slowly disappearing.

actually the loons were right on one trend. dumb users prefer repo based systems over googling and downloading. many are too dumb and click on the wrong link and get a virus or a fake version. others click on the wrong executable. plus you get all the updates and news in one place. steam comes to mind.
there were literally dozens of people who came to our store and asked us to find itunes for them. with the app store, they can just type in the name or even better “shop” for apps like in amazon.

@Kim:

I think you’re confusing antithesis with polarity. Obviously anecdotal evidence in this case is of no use to you: you have a working system, and you’re perfectly happy with it. Why would you care?

Out in the consumer world, however, people rely on anecdotal evidence all the time. If Kurkos, for example, was to tell me that the Samsung Galaxy is either terrible or wonderful, then I would trust his judgement (because he cares about these things), and I might well buy (or not) the product on the back of it.

But it’s not a symmetrical market. If even one person has a bad experience with (say) Flash on Linux, then that probably multiplies to a hundred lost sales. (You can swap for BSODs on Windows, if you like; the point stands.)

This leads to the supposition that there is a commercial necessity to get things right, 99.99% right, every time. This commercial necessity is entirely missing on Linux.

“. i actually believe that linux would be a usable surfing/email/basic home stuff platform in 7-10 years.”

How? “Linux Desktop” is actually going backwards. Just about when something is about to become usable, it gets scrapped and gets replaced by something “newer” in alpha stage. It’s the general culture of Linux, that it’s better to have something new and shiny in alpha stage with a truckload of bugs than to have something that’s older but works. This culture has penetrated even userland software. Just look how Mplayer adopted ffmpeg-mt before it was actually ready, and h.264 playback broke.

Sometime ago, there was somehope that wayland and pulseaudio will leave beta and clean the mess, but the loons will replace them with something shinier and buggier before that happens.

@ KURKOSDR
i think in the next 10 years these issues will be resolved. essentially what I’m saying is that linux will be goodenough)tm) but never good.
i mean people have problems when they get a used beat up car but it does the job so they live with it.

@Garegin:

In five years’ time, Linux will not exist outside the server room (IBM and Red Hat, I would assume) and mobile phones (guess…). IPredict™!

Actually, it’s a fairly sane prediction. As Kurkos says (I will disagree with him about the plausibility of PulseAudio, but only on a friendly basis), Desktop Linux has spent the last decade or so going backwards. The Mint/Gnome fiasco isn’t even a surprise” it’s typical.

Ten years ago, people were prepared to give this stuff head-room. Hell, I was. Ten years is early XP to Windows 7 and beyond. Ten years is Mac OS9 to Snow Leopard and beyond. Ten years is, it’s even technically-inclined people like me and Kurkos and presumably you thinking “You know, if I just wanted to dick around with an OS, maybe I’ll try a *BSD.”

It’s the massive gap between the Loons’ reach and their grasp that actually makes this very funny.

But, no. In ten years time nobody at all will be talking about Linux. If anything, it will be a background utility.

To put that into context, btw, consider IBM System 370. All over the place for ten years (even twenty years).

Consider VAX, an OS that beat the crap out of the competition for at least ten years.

Now consider Linux. OK, you can download it for free. How exciting. Now, what do I do with it?

The anecdotal evidence I referred to, was actually my experience. My bad, I should have written it more clearly. It was just a reflection, you can say surprise, seeing Adobe getting it fairly right.

@Kim:

“Anecdotal evidence of no value to someone experiencing the opposite.”

Sorry,but I’m not going to let you get away with that.

I clearly pointed out that it doesn’t matter what your anecdotes are (in this case, success): a proper commercial organisation will have something like 100 times the number of “anecdotal” evidence to back them up.

You’re free to use whatever you want, but please stop selling this swill to the rest of us.

@Kim:

And if your personal anecdotal experience includes “hundreds” of computers, then this is anecdotal evidence worth sharing.

I’ve booted around five off grub (one including BeOS, for whatever reason. I think it also included the x86 version of Solaris 7), and anecdotally, ie in real life, ie in mine, it was a dismal failure. I fell back to lilo.

Did you try running two Linux distros side-by-side via Grub? I understand that is the whole point of the thing.

It just isn’t at all reliable. And, y’know, I might have different goals to you. I might even want to do something with my computer once it’s booted up.

But it would be nice if it at least booted up.

And when I say “isn’t,” in all fairness, I mean “wasn’t”: five years ago.

I’m open to any anecdotal evidence that it has got better since. It would help if there was an honest back-story, like “it didn’t use to work, but now it does!”

Pah.

“i think in the next 10 years these issues will be resolved. essentially what I’m saying is that linux will be goodenough”

No they won’t. Just about PulseAudio and Wayland would be on the path of becoming usable (aka when they would have reached beta stage) the loons will abandon them for the next cool (alpha stage) thing (with a truckload of bugs) and here we go again. Or change them in such way that everything breaks badly, including API stability. It’s not in the Linux culture to fix bugs in beta software to make it usable, fiddling with the next alpha stage thing is. I too had some hope that in 7 years Linux would be good enough, but the mess with the UIs showed the linux crowd doesn’t give to sh!ts about stability.

If you want to use “Linux” buy a transformer prime. It’s as close as you can get without losing usability.

to sh!ts = two sh!ts

I didn’t take issue with what Linsuxoid wrote, I just shared my experience. Anyway since you ask.

Of course there’s been no reason to run several OSs on most. Probably not what users of Windows or Mac do either. Some are servers and hence of no real interest in this matter.

However several machines have been multi distro ones, including Windows. Linux distros haven’t been chain loaded, but Windows always. If a machine was to run Windows I’ve always let it be installed in the beginning at the beginning of a drive. Usually it hasn’t been for personal use, and for sure not the last five years, since I haven’t used Windows on my own machines about that time. I’ve just done what others have asked me to do.

The issues I had back then usually had to do with odd CRT monitors. For sure that was a more common issue with Linux than Windows, even though I’ve had some odd experiences with server main boards running Windows as well.

When I started to use Slackware in whatever year that was, I screwed up some boat loader, but that was as you understand LILO.

@Kim:

Tell you what, mate, there’s a simple (yet strangely anecdotal) way of testing this.

I’m due for a new desktop in three months or so. I promise you I will try it out with a nice basic boot configuration: Windows, Mint, and FreeBSD.

I’ll try it out on Grub2 first (Mint will do as the first OS) and see how it goes. If it lasts more than a dozen reboots between systems, I will anecdotally be astonished.

After that, I’m back to the crappy old Windows boot-loader. It would be nice if it boots into Mint and/or FreeBSD, but, you know what?

As long as it boots, nothing much else is important to me.

While I’m saving up to buy a new computer, btw, you might want to check my link above that describes the awful non-anecdotal agonies of making Grub2 work … sort of … maybe … eventually.

I say “above,” but it’s actually in http://www.tmrepository.com/trademarks/linuxisreliable/#comment_9087.

Bloody unreliable FUD posters.

@Kim:

And I assume by “hundreds” you mean “less than a baker’s dozen.”

Still, you can always scale that up.

Guys, I’ve just tried to make a joke :-)

Out of 3d calculus, gaemz and pron first two are not necessary for everyone. For everyone. Got it? Means that last one is actually a must have. Ha-ha. Everybody does pron. Now got it? Got it now? Linux doesn’t have a chance on desktop without decent porn. Ha-ha. Still didn’t get? Ah, whatever.

Well, it doesn’t have a chance anyway – with or without porn.

As for grub, last time I’ve used Linux heavily, I’ve used LILO, so my anecdote is that grub doesn’t fail miserably when installed on a “dedicated” virtual machine and never upgraded.

And back to LinuxDevelopment™, I’ve just looked into linux-image postinst script again. Why? WHY have I done this?

Someone, please tell this idiots about how to deal with dependencies (“Depend upon abstractions” someone?).

my $loader = “grub”; # lilo, silo, quik, palo, vmelilo, nettrom, arcboot or delo

#...

my $Loader = “NoLOADER”; #
$Loader = “LILO” if $loader =~ /^lilo/io;
$Loader = “SILO” if $loader =~ /^silo/io;
$Loader = “QUIK” if $loader =~ /^quik/io;
$Loader = “yaboot” if $loader =~ /^yaboot/io;
$Loader = “PALO” if $loader =~ /^palo/io;
$Loader = “NETTROM” if $loader =~ /^nettrom/io;
$Loader = “VMELILO” if $loader =~ /^vmelilo/io;
$Loader = “ZIPL” if $loader =~ /^zipl/io;
$Loader = “ELILO” if $loader =~ /^elilo/io;
$Loader = “ARCBOOT” if $loader =~ /^arcboot/io;
$Loader = “DELO” if $loader =~ /^delo/io;

#... And the fun goes on

Which basically means that if there is an unknown bootloader and it’s not a grub (run_lilo has special treatment for grub), it will be overwritten by LILO. Way to go, loons

Oh, I’ve been impatient. You can can actually have “unknown” bootloader, but it has to be compatible (as in CLIIsAPI™) with one of the LILO versions. And Stallman forbid you to start (or contain anywhere in case of vmelilo) your loader name as one of the existing ones:

1. ...

1. ...

You’re just too dum to understand how to set up a dual boot system properly.

“Guys, I’ve just tried to make a joke :-)
Out of 3d calculus, gaemz and pron first two are not necessary for everyone. For everyone. Got it? Means that last one is actually a must have. Ha-ha. Everybody does pron. Now got it? Got it now? Linux doesn’t have a chance on desktop without decent porn. Ha-ha. Still didn’t get? Ah, whatever.”
no that’s not what I had in mind. as a matter of fact flash is not necessarily for many systems like offices and businesses. still linux is so unreliable that no idiot is gonna deploy it in a business desktop environment.

“Ten years ago, people were prepared to give this stuff head-room. Hell, I was. Ten years is early XP to Windows 7 and beyond. Ten years is Mac OS9 to Snow Leopard and beyond.

this reminds of this quote.
The bourgeoisie, during its rule of scarce one hundred years, has created more massive and more colossal productive forces than have all preceding generations together. Subjection of Nature’s forces to man, machinery, application of chemistry to industry and agriculture, steam-navigation, railways, electric telegraphs, clearing of whole continents for cultivation, canalisation of rivers, whole populations conjured out of the ground.

@linsuxoid:

I assume a symlink was out of the question …

That thing is horrible in so many ways, I can’t find the words to express my disgust. Presumably the bash shell is just not quite Turing-complete enough for the job? And I’m at a loss to explain the weird inconsistencies in the regexps. Still, at least it’s not LongPHPCodez™...

Possibly Want2BSmart is correct here, and the idea is to allow for chain-loading boot-loaders. I certainly can’t see any other glimmer of an explanation.

Oh, you haven’t seen their code to support 3 different and incompatible ways to regenerate initrd/initramfs.

Back boot loader dependencies. Well, boot loader cannot provide “choice of thousands of semi-broken filesystems”. So one of obvious workarounds is to hardcode sector numbers table when you actually can i.e. in a (semi)working (semi)OS with (semi)working drivers. But who would predict that it would make 1337 haxx0rz who recompile their kernels to easily break their boot (you overwrite vmlinuz and all mappings are now pointing to some garbage). So, you HAVE TO rerun /sbin/lilo (or whatever place your distro have it in) each time vmlinuz/lilo.conf/initrd is overwritten and using an observer pattern to resolve dependencies involved too much software design – thing any loon can’t sustain (I have an impression that roots of Microsoft hate are somehow related to this).

So decision was made to add support for filesystem drivers into boot loader. Not a bad decision I must say. Actually, assuming that LinuxIsChoice™ mantra it’s THE ONLY sane decision (let’s not discuss sanity of the assumption itself for now). And that’s how GRUB was born. We only hardcode that “FS driver” (stage 1.5 because stages 1, 2, 3 are not 1337 enough for something Grand and Unified) section which doesn’t change that often and should only be regenerated when grub itself is updated.

I admire Linux’s commitment to backward compatibility with LILO and with even older tech (40+ years or so) – it’s only things from last decade (or maybe that would be those magical FiveYears™) that are not important, but couldn’t it be done in a more reliable and elegant way? Well, think not, because “reliable and elegant” are in direct conflict with UnixWay™.

unix can be reliable and elegant, at least to the end user. I know that most linux hater’s are frothing at the mouth os x haters too. bla bla bla it’s a bsd mach frankestein. so what, it’s a much cleaner user experince than constant patch updates (why don’t they just release cumulative updates) and broken installer headaches.
http://piestar.net/2009/08/15/windows-sucks-an-old-rant/

@garegin

Your complaint about updates is pretty silly. Microsoft DOES “cumulative updates” (ever heard about http://en.wikipedia.org/wiki/Patch_tuesday ?). MacOSX NEEDS more frequent updates (especially security ones) – it just doesn’t get them (just compare versions of open source tools included in your fully updated Mac with versions of those tools on the offsites). MacOSX NEEDS updates on a reliable schedule (so others can plan ahead). And so on.

Piestar’s rant is partially true, but for most part it’s not.

Windows had its (mostly declarative with the exception of custom actions – which is easily verifiable) installation system since forever. It’s msiexec decides what to do and what not to do. It’s msiexec uninstalls everything it installed before. For most software you CAN use “drag-to-install” installation (some of my programs survived more than a dozen of migrations to a different hardware through simple copying). Windows world even has a term for it (http://en.wikipedia.org/wiki/XCOPY_deployment). What’s more, dedicated installation wizards are EASIER and MORE INTUITIVE for new users than “drag-to-install” (http://limi.net/articles/improving-the-mac-installer-for-firefox/ and followup http://limi.net/articles/firefox-mac-installation-experience-revisited)

QuickLaunch and SystemTray issues have been solved in Win7, rest of issues are solved in Win8.

MacOSX on the other hand? Always catching up technologically. Always “better marketing” over “better software”. Always pretending that issues don’t exist until they are REVOLUTIONARY fixed (if ever).

And just to clarify. I don’t mean “reliable and elegant” UI. I can give you that MacOSX interface is pretty much reliable and elegant even though I don’t like it. I’m talking about “reliable and elegant” SOFTWARE DESIGN. And MacOSX is a huge improvement over System9 (or in comparison to Linux or rest/most of other Unix world), but quite interestingly it shines ONLY where no traces of Unix could be found.

and yet every time i have to install vista on a computer at work I vomit in my mouth. it’s ok though, use what you want.

i had an ms technician waste an entire afternoon on fixing a broken installer because an ms webcam wouldn’t install live essentials. i can’t imagine a peripheral do that kind of damage in a mac. not mentioning the entire 64 vs 32 bit app version fiasco. the end users often are unaware of the distinction.

@garegin
Can you please explain why exactly you “can’t imagine a peripheral do that kind of damage in a mac”? Do you think mpkg-s can’t do anything they want? Or maybe MacOSX drivers cannot do anything they want? Or maybe Apple provides inbox drivers for every freaking webcam in the world? No, no and no. Well, I suspect you should broaden your imagination.

Remember that bug when Windows deleted all user’s data just because he tried to login as guest? Oh, wait!!! It was MacOSX http://www.neowin.net/news/main/09/10/11/major-bug-in-snow-leopard-deletes-all-user-data

Remember that update that bricked Bill Gates’s Windows high end laptop? http://twitter.com/#!/stevewoz/status/114803323940503553

Remember that gaping publicly disclosed remote code execution vulnerability, that has patched everywhere except Windows for more that half a year? Oh wait, it was MacOSX again. And Apple only admitted the issue after working PoC was publicly released. http://landonf.bikemonkey.org/code/macosx/CVE-2008-5353.20090519.html

It wasn’t a standalone case – it’s as I said “a culture”: CVE-2009-0689 for instance was disclosed on Aug 1, 2009 and fixed everywhere. Apple didn’t tell its users anything. PoC exploit was released in early 2010 – it took Apple only only few more months till it finally released a patch in Security Update 2010-002 (March 29, 2010 – 8 freaking months).

These two vulnerabilities alone have given attacker more than a year of continuous remote code execution on any Mac machine.

Know who Brian Krebs is? http://twitter.com/#!/briankrebs/status/133963307882258432

So, I’m happy if you’re happy with your shiny little Mac – just be aware that it will explode the moment when big bad guys put their eyes on it. And Apple’s response will be all same old “Don’t admit, don’t help, blame user” – they just have no idea how to deal with major accidents (Mac faithful have given them free pass for any issues they’ve had)

ok you win. ill use openbsd because that has the best reliability and security. oh wait, i won’t because it sucks balls

“OpenBSD equals security” is just another myth. It is used even less than Linux – of course it’s “secure” – nobody gives a sh1t.

And I think I didn’t make my point clear enough. I don’t want you (or anyone else for that matter) to migrate anywhere – use whatever works for you. Just try to not spread unsubstantiated myths. Even more, try even harder to avoid believing in such myths yourself.

i never said that os x has better security. I said that os x can be elegant and user-friendly. i also said that the updates are done much snappier. 200 mb worth of patches takes 20 minutes on windows 7. also it is faster to uninstall apps. you have to go the the installer and then it that takes time to fetch all the apps. on os x i can just drag multiple apps into the trash and delete. done.
i am saying this because most of the bloatware that comes on new PCs is outdated or useless, and you have to go one by one uninstalling it.

And I’ve said, that updates are “snappier” just because they generally don’t care if everything works (at least they don’t have that non-updating updates as Linux does). Also Apple just recently revolutionary invented delta updates, but XCode point release updates still take several gigabytes).

As for drag-to-install, do you deny existence of mpkg installers on OSX or do you deny existence of xcopy installation on Windows?

And I TOTALLY on your side regarding crapware. Well, it have never been much of a problem for me personally, but I can easily imagine how all that crap damages Windows’s reputation in average Joe’s mind. Signature experience is WAY better but it’s not available for majority of Windows users yet.

What is a “non-updating update”?

@Kim:

I believe Linsuxoid is referring either to the BiannualForcedDeathMarch™, or to updates that completely ignore security holes … which things are the main reason for Patch Tuesday, if not the only one.

The problem with Linux updates, in general, is that they are a priori monolithic. Linux is still stuck in the equivalent of DLL Hell, whereby one small change to one corner of the system can involve tens of megabytes of changes to other bits, even if you didn’t use the stuff that was changed.

I have some sympathy with Downstream on this, because I can’t see how they would do it any other way. On the other hand, and with no evidence whatsoever, I suspect the Shiny New Thing also comes into play, albeit unintentionally. Basically, Downstream don’t have a clue what they’re dealing with in most cases, and I’m pretty sure that it’s easier to give in than to think about it. Gnome-U-Like Terracotta Version! Yay! Moar Choice! Let’s make sure it’s available to our users!

I’m referring to the situations when your system is still vulnerable even though you’ve already applied all necessary patches. It’s covered in LinuxDoesntRequireRestarts™ (I even have a demo there http://i.imgur.com/epWVw.png).

Basically none of Linux package managers detect what files are in use and automatically restart either that program (through some sort of Application Restart and Recovery/Restart Manager mechanism) or by restarting the whole system if nothing else helps (and another Linux poster child – ksplice – doesn’t help at all here). So they require package author to detect if package needs to restart the system and explicitly call update-notifier (or equivalent), but it’s never really done: some (but not all) demons include this, library almost never include this. So if you’ve just applied patch to, say, libc6 and it didn’t restart anything, it doesn’t mean that magic just happened – it’s just Linux continues to run unpatched code.

There are two possible explanations to this:
1. Linux developers are incredibly stupid to NOT SEE a problem here
2. Linux developers are incredibly stupid to value “no restarts” over “security”

Or (3) Downstream doesn’t have a clue.

Which is what I said.

> whereby one small change to one corner of the system can involve tens of megabytes of changes to other bits

OSX is still working like this. Let’s take XCode update 4.0.1 for instance. 4.5 Gb worth of downloads (and sometimes it fails to complete https://discussions.apple.com/thread/2778469) and here is what you get:

Improved Assistant editor logic when switching among different file types.
Fixed a bug in “Install Xcode.app” that hangs at 99% complete, never finishing.
Fixed a bug that prevented indexing of some projects.
Fixed a bug related to nil settings in the Core Data model editor.
Fixed a bug that prevented automatic download of iOS documentation.
Fixed a bug in LLVM GCC 4.2 and LLVM compiler 2.0 for iOS projects.
Additional bug fixes and stability improvements.

And again, that’s not standalone case – they’ve continued to deliver multigig point-releases even after they’ve Revolutionary Invented delta updates (and Microsoft stole all the awesomeness using their famous time machine http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=1562)

Isn’t that partially a theoretical difference? Whether a systems asks you to restart or not still puts the final decision to the user/administrator.

I’ve no problem agreeing with your general argument, Linsuxoid, but I don’t think the Windows way magically change the table. It probably has more importance for basic users, who anyway don’t have computers up running 24/7. They will in 99,9% of the cases shutdown the system long before patch Tuesday or whatever other update schedule we’re talking about.

If security updates aren’t pushed out every other hour the user decision to immediately “initiate” the update or not doesn’t put him/her in any statistically possible to prove danger. If a system administrator doesn’t understand that an OS magically doesn’t reload everything, then he’s disqualified and will probably cause more harm himself than any delayed restart of services or system will do.

There’s many important things to criticise Linux based systems for, but I doubt this is one of them.

Well, I referred to downstream as developers (they are developing TuringComplete™ postinstall scripts after all). In fact it’s not some packager/maintainer who gets all the blame – it’s actual developers of package managers (dpkg in case of Debian-based distros). So downstream or not – developers are stupid. And million eyeballs not seeing this are as stupid as those who “invented” this.

> Isn’t that partially a theoretical difference?
You mean difference between informed decision and no decision (or information for that matter) at all? No, it’s not theoretical.

> I don’t think the Windows way magically change the table
At any given time you either have fully updates system or you KNOW that your system is not updated. And speaking of Patch Tuesdays – it allows those who CARE to plan ahead, which is a good thing (not as good as having updates to actually, you know, update, but good nevertheless).

> If a system administrator doesn’t understand that an OS magically doesn’t reload everything
It’s not magic. It’s RELIABLE SOFTWARE. You know, Windows has A LOT of mechanisms to prevent system restart, so if it doesn’t ask to restart – you can be CONFIDENT that everything is updated. Linux? Just restart after each and every update. Just in case.

Windows Update is strictly for home users. In a business setting, any decent administrator will choose to do manual updates and push them out via Active Directory, the same way they install software and manage permissions.

That’s why every update on Windows Update is also available for download off Microsoft’s site. So that admins can download them, manually install and test them, and when they’re sure they work, push them to all the workstations they manage.

Well, in Linux you can also setup private repo and update all your users from there.

Still either your users update from WU (many SOHO/medium businesses rely on WU) or from WSUS, when they’re done you know for sure that everything is updated. Not the case with Linux updates – no matter how you deliver them.

@Kim:

“It probably has more importance for basic users, who anyway don’t have computers up running 24/7.”

Actually, most Win7 users probably do exactly that. What with hibernate and sleep and so on, I doubt they bother to switch the damn machine off at all.

Now, I come from a background (Stratus VOS) where downtime is actual downtime. Stratus used to boast about five nines, and unusually for this sort of marketing crap they basically hit the bar.

Linux doesn’t.

How could it? It isn’t designed to do so. It doesn’t even have hardware backup to do so, and even if it did, the guys in charge of the kernel would kvetch about the details.

But for better or worse (my personal conclusion is “worse”) we are in a different ball-game here.

This thing about allowing users a choice on updates? Well, once Microsoft cared to bother about security holes (they were astonishingly ignorant pre 2001 or so), there are only two ways to go:

(1) Ask the user to confirm. This was the original Microsoft choice. Sounds nice and all, but you are dealing with pirating filth at the one end and understandably ignorant users at the other.

(2) Enforce it, on a well-advertised schedule.

I think Microsoft made the right choice between the two.

“There’s many important things to criticise Linux based systems for, but I doubt this is one of them.”

No? OK, let’s throw the question back at you.

Pick an important thing to criticise Linux “based” systems for.

We do this all the time, because we are snarky and worthless, natch.

It would be extremely interesting to hear a defender of Linux come up with …

TADA!

... a reason to criticise it.

@Linsuxoid:

“Downstream Developers,” well, there’s an interesting concept.

Those who cannot test, wank.

For a RedHat system, and others as well, services will be automatically reloaded when updated. That possible could exclude some bits of system, I don’t know, but it isn’t that messy as you seem to suggest.

If your an administrator the errata RedHat provides as RSS feeds links to far more comprehensive information about each update. It will also explain what measures to take for securing the system beyond the install.

I cannot judge how clever the mechanisms in Windows are. Maybe they today are 99% reliable, making the RedHat way for example clumsier. Or maybe cons and pros take out each other?

...

@DrLoser

I won’t go into length about things I don’t like about Linux at this time. I’ve said it before though, that Linux sucks, but so do many other systems. The only reason I mainly use Linux is because it sucks less for what I do. I don’t preach or try to persuade other to use Linux. I’ve one guy at work trying to convince every soul about Windows excellence and a friend who obviously things MacOS will save the world. They’re nice fellows both of them, but I don’t see any need for yet another preacher.

Structurally what I would like see, that Linux lacks, is a core system maintained as the BSD one. Hence this is more of an organisational matter, than coding. As it’s now some parts of what builds a Linux distribution tend to move all over the map simultaneously. If it wasn’t for Linus “dictatorship”, in this sense positive, I wonder how the kernel would be developed.

Secondly it would be nice if some developers could settle for a good enough tech, to quote your words. What we see in Windows isn’t perfection, but in some areas Microsoft have kept some kind of good enough status, instead of hurrying out something brand new and unreliable. In just a few weeks I’ve seen announcements of several new tiling window managers for Linux/BSD. I doubt we need them, while I also understand that some of them are personal “study” projects.

Since Linux isn’t a coherent corporate product I’m quite certain that anyone using Linux will have to live with a level of fragmentation. For some the pros will outweigh the cons, for most not.

@Kim:

The thing about those “many other systems,” though, is that they just work.

You know? They don’t break on demand.

The Linux desktop is primitive and badly designed and what it does is break.

I’m not quite sure how I can explain this to you. I am equipped with the tools to fix it, and you know what?

I’d rather spend money on something that doesn’t break.

Frankly, tell me why I should care if you say it breaks, and it doesn’t for me? Sure if it would break as you say I probably would evaluate my choices.

This is, as I’ve said before, just anecdotal evidence, but I simply don’t experience the problems you refer to. My current install is several years old, Arch Linux, fully updated, and has migrated through three computers, so it has had every reason to break without criticism.

Why shouldn’t we mutually respect each other’s choice? I don’t think Microsoft is evil, or that you’re using a second rated OS. We just use different tools to get our work done. And while we do why not have some fun discussing it?

> For a RedHat system, and others as well, services will be automatically reloaded when updated.

As for “others as well”, I can attest, that dpkg doesn’t do it (you should run update-notifier in your postinst script in order to do so). As for RPM – I doubt it does that:

1. First Linux to the best of my knowledge doesn’t support oplocks (and definitely didn’t at the time of RPM creation)
2. There was no dnotify/inotify at the time of RPM creation, so it couldn’t have been designed with this feature in mind.

——
Didn’t take much time to verify. Got a daemon from top of my mind: http://fedora.inode.at/fedora/linux/releases/16/Everything/source/SRPMS/syslog-ng-3.2.4-8.fc16.src.rpm and checked .spec file

Quite unexpectedly (not really, haha), packagers/maintainers should restart everything manually:

%post
/sbin/ldconfig
if [ $1 -eq 1 ] ; then # Initial installation /bin/systemctl daemon-reload >/dev/null 2>&1 || :
fi

or another example http://fedora.inode.at/fedora/linux/releases/16/Everything/source/SRPMS/udev-173-3.fc16.src.rpm

%post
/bin/systemctl daemon-reload >/dev/null 2>&1 || :

if ! /bin/systemctl start udev.service >/dev/null 2>&1; then # start daemon if we are not in a chroot if test -f /proc/1/exe -a -d /proc/1/root; then if test “$(/usr/bin/stat Lc '%%D%%i’ /)” = “$(/usr/bin/stat Lc '%%D%%i’ /proc/1/root)”; then /sbin/udevd -d >/dev/null 2>&1 || : fi fi
fi
exit 0

Teh Kernel has its own “update-notifier” namely /sbin/new-kernel-pkg

Wait, daemon-reload doesn’t even restart the daemon. Or does it?

From systemctl man page:

“daemon-reload

Reload systemd manager configuration. This will reload all unit files and recreate the entire dependency tree. While the daemon is reloaded, all sockets systemd listens on on behalf of user configuration will stay accessible.”

Do you mean that it doesn’t work as expected?

@DrLoser, I never turn my computers off. I leave my desktop and let it fall asleep or I close the lid on my laptop.

The last thing I want to do is wait any longer than I have to for my computer to come online when inspiration strikes.

@Kim
I can’t believe that it would take you a lot of time to check this yourself before getting here with your assertions and spare me from all that mess. But OK, at least Debian maintainers ask you to restart firefox after you install updated version http://i.imgur.com/Gzbir.png (how about applying firefox security update and remain vulnerable for RCE?)

How about security updates (no squeak about restart again) http://i.imgur.com/aUqva.png

It doesn’t detect anything – packager should manually take care about every single case. And as with dpkg, rpm packagers don’t care about library updates – they only restart services (manually). Insanely reliable.

@Kim:

So, according to the man page, system-reload doesn’t restart the daemon. It could hardly do so and keep listening on all those sockets, could it? (And what is a man page doing, telling you this inconsequential internal gibberish? What possible good does it do you?)

A simple “No, it doesn’t” would suffice.

You surprise me with your reaction Linsuxoid. You stated that services aren’t restarted, but they are. It’s not a big deal though.

C libraries don’t require a restart of the system. If no active shell is running it’s enough that services are restarted. In case of an active shell session it’s wise to logout and login, but no restart is necessary.

Sure, I could see your point if Linux, in this case RedHat, had focused on desktop use.

Let’s say you’re right DrLoser, that it’s gibberish, fine, I will in time find out who to trust.

@Kim:

Is there an obvious practical difference between restarting each and every daemon on a server, and restarting the server?

If so, it isn’t clear to me.

And I believe Linsuxoid’s central point was that Windows updates have the knowledge and the ability to determine what needs to be restarted (possibly even including the system), whereas the likes of rpm (and, I suspect, apt-get) clearly do not.

No, it isn’t that big a deal for servers: you either live with the initial install forever (including all the security holes) or you run around rebooting everything manually.

It isn’t a big deal (until you forget to reboot that one system in the corner), but it does suggest an inherent culture of primitive design choices.

@Kim:

I didn’t say it was incorrect, or untrustworthy, Kim: I said it was unnecessary gibberish. Who and when and why needs to know that all the listening sockets stay open?

(Which is interesting in any case. One would assume that, for certain configuration changes, one or more of them would be closed and re-opened. It may therefore only be true in a “stay open until they no longer stay open” sort of way.)

It’s also extraordinarily badly-written, even for a man page. I know this shouldn’t matter, but it does to me. The crappy writing appears to have encouraged you to sidestep the original question:

Does this thing restart the service? Answer: No, it doesn’t.

Look, I’m taking the man page (quoted by you, not by somebody else) at face value. It clearly states that the service is not automatically restarted.

I mean, you could be right about this issue of trust: it could be lying on this point. I could even help you out here by applying my pitiful two eyes to the code.

But I’m not going to.

As Doctor correctly told, I’ve stated that services are not restarted by update system itself and they are not (I’ve just replaced systemctl and checked that). So it looks like we have both bad design and bad documentation here.

> C libraries don’t require a restart of the system.
Really? REALLY?!! It’s marked as a security update and every freaking binary links against it. All your network facing demons are possibly vulnerable (depending on what was wrong with libc). Do YOU restart after each small update? Just in case.

Also it adds to reliability A LOT. Imagine daemon+library pair. Library provides (unstable :-) ) interface for 3rd party apps, daemon does the work. They communicate through some means of IPC. You update both and daemon is restarted. You know what? NONE or your library clients are. They are possibly talking different languages from now on.

Seriously, you really don’t see any problem with non-updating updates or what?

Depending on how the system is set up I see a problem. I’m at least curious to investigate the matter further; I’ve a server candidate that I could when not needed to be accessible I could try to test something on. I have your word against other’s, and I don’t put any bet on either of you at this moment.

Just a question: if a .NET 2-4 security update is done on Windows and you know that software using the .NET framework is cached, should I trust the outcome that Windows doesn’t ask for a reboot? This isn’t hypothetical, but happened while testing updates on a server this Sunday.

@Kim:

An interesting question. My gut feeling is that you don’t need to worry, and that any breakage of dependencies (which will at some point surface through a GUID, I suspect) will cause the service to be restarted.

But I’m not sure, and there are far more expert people out there to answer the question for you.

Just in order to refine the question first, what do you mean by “you know that software using the .NET framework is cached?”

Specifically, what do you mean by cached? Unless, of course, you mean “active” (ie the service is in the Started state).

Just asking in case there’s a difference.

@Kim:

I’m sorry, but I have to pursue your muddle-headedness here. I don’t think either Linsuxoid or I care tuppence whether or not you trust us (although Mr L has actually gone to the lengths of performing the relevant experiment, which is more than I can be bothered to do.

May I remind you of your original statements?

“From systemctl man page:

'daemon-reload:

'Reload systemd manager configuration. This will reload all unit files and recreate the entire dependency tree. While the daemon is reloaded, all sockets systemd listens on on behalf of user configuration will stay accessible.’

I simply pointed out that there is a vast difference between reloading all unit files (jolly helpful for the user that: what the heck is a unit file?), and restarting the server/daemon automatically.

As you will no doubt fail to recall, Mr L’s original point was that Linux servers do not automatically start on updates. He then went into technical details about dependency chains and the obvious fact that something like an RPM is too primitive to give you the required information, but you don’t have to trust him on that. And you certainly don’t have to trust me.

Except where I am pointing out that your own source insists that no automatic restart occurs.

But what the heck, it’s your own personal set of security holes. Feel free to tell us you don’t trust us. I, for one, am strangely unmoved.

“Do you mean that it doesn’t work as expected?”

No, we mean that it works precisely as expected.

Which is to say that, like everything else in the Linux ecosystem (desktop or server, to be frank) it is a hideous botch-job that requires either constant nannying or a wilful inability to recognise glaring security defects.

@Kim:

Speaking of glaring security defects, would you care to reconsider your stance on glibc updates in the light of Mr L’s somewhat restrained incredulity?

It’s interesting that you worry about .Net caches, but don’t seem to be able to fathom that an update to glibc is at least an equivalent problem, if not more so.

@Kim:

Now, to be absolutely fair to you, and having parsed that man page gibberish a bit closer, I will concede that it might mean that systemd rebuilds its dependency tree on the fly, keeping all listening sockets open, updating whatever configurations need to be updated (presumably via the hilarious *nix method of a SIGCHLD), and then painstakingly works its way through the dependency tree, figuring out a sequence of required service/deamon restarts, ordering them through some sort of priority queue, and so on. There is no immediate evidence, from the man page, that it does this. But it’s how I would do it, in terms of the basic design.

IF I WERE A FRIGGING MANIAC.

First of all (see Linsuxoid) the dependency information just isn’t there in RPMs. I’m not so sure about apt-get, but I doubt it’s there, either.

So, the dependency tree theory is blown out of the water.

Secondly, you DO NOT keep all those listening sockets open while you do this. Have you any idea at all how many race conditions can creep in while you do this? It’s insane. It’s clear evidence that Linux developers, even kernel developers, have no clue what a finite state machine is.

Thirdly, you need to remember the nature of an RPM-style “dependency graph.” Typically (isn’t Linux so cute and simple?) an RPM dependency is along the lines of:

[Daemon main proc] requires [client so] {version > 3.298}

or whatever.

Guess what? Your security patch to [client so] is now advertised as version 3.298.RADICAL_SECURITY_HOLE.

But that’s OK, because it doesn’t break the dependency chain.

———

Look, even on the evidence of this cretin man page you have dug up, this is the silliest and most dangerous way of doing things. It’s casually stupid (holding listening sockets open); it’s complicatedly stupid (building up a dependency chain); it’s fundamentally ignorant (total lack of a state machine); it’s pointlessly and dangerously bit-headed.

Pointlessly and dangerously bit-headed? Yup, I’ll stand by that.

IF YOU DON’t HAVE SUFFICIENT INFORMATION, THEN REBOOT THE LOT.

Automatically.

@Kim:

And an interesting meta-observation.

I had never even thought about this stuff until you and Linsuxoid started arguing about it. (And I wouldn’t even have come up with that analysis, flawed or untrustworthy though it might be, unless you had of your own free will offered up the man page.)

This is the way that Linux eats brain cells, isn’t it? I know it has severe design problems. I know where several of them are.

But I’m still sniffing the Kool-Aid at a distance. It can’t really be that bad, can it? I mean, surely in twenty years it would have cured all those obvious big problems, leaving only the small problems?

Nope. Every time somebody like you comes along with this stuff, and encourages me to look into it, all I see is More Big Problems.

I think I made a bold claim a while ago that Linux (outside of supercomputers and … er, that’s about it, depending on how you define the Android kernel at the point) will be dead in five years.

It sounded silly at the time, but I’m beginning to believe in it.

Maybe I’ll take some time to see whether I can figure out a way to test on a remote server that doesn’t need to be accessible all the time. Linsuxoid could be right, I haven’t said he’s wrong, but for now I don’t have hard evidence either way.

I obviously didn’t expect this ongoing discussion Sunday when I run the mentioned update of .NET. It just occurred to me now that it’s an interesting example, and I simply don’t know if Windows is that capable as by some implies. By cached I refer to the fact that I at the same time had the main application using the .NET framework running; it’s also the one most important application on that server.

Gibberish could be equal to “glibberishC” so to speak. No, I’m not indifferent to the possible security issues, but I’m faced by different claims, and I don’t want to resort to a “every one who claims the opposite is a loon” argument.

...

You probably mentioned it somewhere, but with your prediction what do you see as a supercomputer? Out of curiosity I searched the web for some figures and for the fourth quarter of 2010 and sold server units with Linux had 20% of the market. I’m not arguing with you, but both you and I know that sold units is a difficult measure for Linux. Nevertheless I was surprised because a few years ago the total amount of running Linux servers were estimated to 13%. Could it really be that the majority of these 20% is what would qualify as supercomputers. I rarely look into these figures and hence I don’t know.

@Kim,
.Net assemblies are just regular (well, no more “special” then any other type of) PE files. And when loader (LdrXxx) maps PE image it opens it without FILE_SHARE_WRITE or FILE_SHARE_DELETE, so anyone who wants to replace or modify binary that is mapped ANYWHERE will fail right away. If no tricks to prevent system reboot have worked, Windows delays rename using MoveFile w/MOVEFILE_DELAY_UNTIL_REBOOT and asks user to reboot.

Most tricks are based on OS and program/service cooperation to only restart small parts of the system (programs/services involved) updating necessary files in process (again, if program doesn’t cooperate, Windows falls back to the safest option – full system restart, so cooperation is not a requirement – it’s an optimization).

There is also that hotpatching thingie, but you should understand, that you cannot hotpatch state, so if a single function to be updated is not “pure” – you have to restart something (either system or program) and it just so happens, that even though about 60-70% of functions are “pure”, when you deliver 10-20 updates chances are high (calculate actual probability yourself) that at least one of them will rely on state (and hotpatching could patch everything – not just kernel, as ksplice does).

@DrLoser
Oh, I’ve actually first found this on dpkg (apt-get starts dpkg as a subprocess to do the work and then scrapes results from its output, CLIisAPI™, remember?). So all rpm and deb based package managers are covered.

I don’t bother to look at portage – but I don’t expect Gentoo guys to be any smarter.

And speaking of dependencies. Dependency resolution is so awesome. VirtualBox additions don’t install on default Fedora16 installation (interesting fail on its own).

yum install kernel-devel gcc

Ha-ha, not so fast. Kernel has an update since than so an updated version of kernel-devel is installed, but kernel itself is not updated. VirtualBox additions still couldn’t compile with the same message, that I don’t have kernel sources (while I have – just from wrong version). And NOTHING helps to troubleshoot this. Seriously? That’s an experience they want users to suffer?

Ah, and one more detail. When I did

yum install kernel-devel-$(uname -r)

it installed right version of kernel-devel, but resolved to updated versions of all dependencies (kernel-headers in particular). Excellent system.