Re: Horrifying suggestion

To: Debian user list <debian-user@lists.debian.org>
Subject: Re: Horrifying suggestion
From: Peter Hugosson-Miller <pehu@im.se>
Date: Wed, 01 Nov 2000 18:04:52 +0100
Message-id: <[🔎] 3A004D34.95E0665@im.se>
Reply-to: pehu@im.se
References: <JKanDD.A.BTB.y8DA6@murphy>

Ethan Benson wrote:

> On Wed, Nov 01, 2000 at 01:33:45PM +0100, Peter Hugosson-Miller 
> wrote:
>
> > Ethan Benson wrote:
> >
> > > teaching newbies how to run arbitrary code as root on there
> > > machine without having the slightest idea what it is going 
> > > to do is a bad idea.  the fact that this is targeted at newbies 
> > > makes it WORSE.
> >
> > Well I'm certainly not advocating the above. All my suggestion did
> > was to provide a way _in_ to Debian, for someone who might be
> > interested in trying it out, but who isn't familiar with Linux.
> > There's almost nothing you've said in your mails that I don't agree
> > with - we're singing from the same hymn sheet, so to speak.
>
> well your advocating users run lynx --source | /bin/sh which is
> running arbitrary code from a web site as root.

That depends on whether you consider you can trust helixcode or not. 
"arbitrary" to me means "selected at random", but that might just be 
my bad English, I suppose.

> now going to the site looking at the shell script, downloading to a
> file running chmod +x and then running it is a bit less evil.

Sure, but where does that fit into the scenario? Newbie doesn't know
about chmod yet. Maybe this is something helixcode should consider?

> > 5) newbie@mycomputer$ panel &
> >
> > Now we're getting somewhere... maybe this can be automated? Newbie
> > goes back to the books, finds out which files to edit.
>
> since when has debian been this bad?  

Well the scenario was in fact my real life experience with the set of
6 CD's purchased from http://www.cheeplinux.com/debian/ with these 
labels:

"Debian GNU/Linux 2.2r0 Official i386 Binary-1"
"Debian GNU/Linux 2.2r0 Official i386 Binary-2"
"Debian GNU/Linux 2.2r0 Official i386 Binary-3"
"Debian GNU/Linux 2.2r0 Official i386 Source-1"
"Debian GNU/Linux 2.2r0 Official i386 Source-2"
"Debian GNU/Linux 2.2r0 Official i386 Source-3"

This I believe to be the latest stable release of Debian, known as
potato (but I'm prepared to be corrected on that).

> if you select the gnome stuff in tasksel or dselect you get a 
> working gnome desktop.

I did use tasksel, chose the gnome desktop, then followed the exact
steps outlined in my previous posting. It was installed OK, just not 
configured. When I ran go-gnome, I first backed out the few changes 
I had made to XSession, so it would be a fair comparison.

> > Hear, hear! Never run arbitrary code from a web server as root!! 
> > Now if the helix-gnome packages could just be incorporated into 
> > Debian, we wouldn't even be having this discussion.
>
> it was recently challenged on -devel to point out exactly what is so
> unusable and broken about debian gnome, and you know what?  nobody
> could answer that, other then a couple vague comments about a couple
> bugs being fixed and a purely subjective opinion that the lighter
> color tone selected by default in helix compared to debian was easier
> o the eyes.  what is so special about helix?

<sarcasm> Nothing, other than the fact that it works. </sarcasm>

> the truth is debian gnome is just fine and most certainly is good
> enough for said newbie to get along until they learn enough to 
> install helix properly if so still want to.  (maybe using debian 
> gnome text editors to add apt lists)

Sorry, we'll have to agree to disagree on that one. See scenario again
for the missing pieces.

> > To look at the script, just enter this url in your favourite web
> > browser: http://go-gnome.com/
>
> so tell newbies to go look at it, save it, make it executable and 
> then run it.  don't make things too easy.

OK, I can buy in to that. If you feel so strongly about it, maybe
you should mailto:distribution@helixcode.com and suggest that they 
modify the instructions on their download page. I, for one, don't
know how to download that file using the command line, so to be as 
useful as before they would have to describe that step too.

> > And if the newbie can't get it installed at all, then he/she is 
> > also kept from learning this new system. More money goes into B*ll 
> > G***s pockets as newbie gives up and buys 'doze2K.
>
> bzzzt, debian gnome is right there in the tasksel window and 
> despite popular belief its just fine.

I can't answer for popular belief, only my own experience. I'm sure
the debian gnome install can easily be fixed with some slight 
modifications. Just ask those guys at helix what they did that was 
so special.

--
Best regards,

Peter Hugosson-Miller
"In Windows 95, no one can hear you scream."

Reply to:

Follow-Ups:
- Re: Horrifying suggestion
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: Re: mutt's pager and 8 bit chars (solved)
Next by Date: Re: KDE2 installation
Previous by thread: Re: Horrifying suggestion
Next by thread: Re: Horrifying suggestion
Index(es):
- Date
- Thread