Received my copy of 8.2 today. Installation via CD-ROM had several read failures off the CD. Installation via DVD on second machine went fine, but YaST failed to correctly configure my Radeon cards. Wish I had my $60 back.
Hi Joel, On Tue, 2003-04-22 at 07:25, Joel Vande Berg wrote:
Received my copy of 8.2 today. Installation via CD-ROM had several read failures off the CD. Installation via DVD on second machine went fine, but YaST failed to correctly configure my Radeon cards. Wish I had my $60 back.
Are those two machines networked? Can copy DVD to a partition and setup an NFS share. As for the Radeon cards, you'll need to provide more information as there are a few Radeon nuts here and knowing which cards these exactly are (9700 etc...) they won't help much. Can almost feel your disappointment through that e-mail! Matt
On Tuesday 22 April 2003 10:25, Joel Vande Berg wrote:
Received my copy of 8.2 today. Installation via CD-ROM had several read failures off the CD. Installation via DVD on second machine went fine, but YaST failed to correctly configure my Radeon cards. Wish I had my $60 back. ====================
Just curious Joel, are you disappointed in the cds being bad, SuSE 8.2 or your Radeon cards config? I can't say enough about SuSE 8.2 on my machine! The most polished version ever. When I started with 7.2, I couldn't believe how well a Linux distro could be, but I believe that SuSE caused a bigger WOW factor this time. :o) My Radeon plays nicely here. If you are using the newest boards, 9500, 9600, 9700 or 9800, then quite likely you may be disappointed. Get the ATI binary drivers for those, but that's not SuSE's fault nor the XFree86 guys as they are toiling as hard as they can to get everything working good. Guess there will always be a few that are disappointed, but it's not always the OS that is causing the problem either. Patrick -- --- KMail v1.5.1 --- SuSE Linux Pro v8.2 --- Registered Linux User #225206 On any other day, that might seem strange...
* O'Smith
On Tuesday 22 April 2003 10:25, Joel Vande Berg wrote:
Received my copy of 8.2 today. Installation via CD-ROM had several read failures off the CD. Installation via DVD on second machine went fine, but YaST failed to correctly configure my Radeon cards. Wish I had my $60 back. ====================
Just curious Joel, are you disappointed in the cds being bad, SuSE 8.2 or your Radeon cards config? I can't say enough about SuSE 8.2 on my machine! The most polished version ever. When I started with 7.2, I couldn't believe how well a Linux distro could be, but I believe that SuSE caused a bigger WOW factor this time. :o)
My Radeon plays nicely here. If you are using the newest boards, 9500, 9600, 9700 or 9800, then quite likely you may be disappointed. Get the ATI binary drivers for those, but that's not SuSE's fault nor the XFree86 guys as they are toiling as hard as they can to get everything working good.
Guess there will always be a few that are disappointed, but it's not always the OS that is causing the problem either.
Well, my main gripe with 8.2 is that the install takes so long[1] , and there are a few annoying ``press OK to continue'' buttons, that just sit there doing nothing untill I hit OK [though the only one that bothered me was the one during the online patch install, that informed me that the install of a single patch (suse -en admin guide I think) failed, which happenend about 10 seconds after I went to get some coffee, and set there for 45 minutes before I got back .] That and the fact that it still doesn't make coffee for me . KDE has had a teacooker for ages, why oh why cannot suse have a coffee maker included. [1] -> Gateway laptop w/ 700 Mhz CPU and CD drive, took about 2.5 hours including post-config steps Transtec Celeron 600 Mhz w/ DVD player took about 3 hours (not counting the 45 minutes waiting for me to hit OK ;) ) 8.1 on the gateway took a tad less then 2 hours 7.3 on the celeron was over and done with in under 2 as well. However, in case this was not completely clear, I am (so far) perfectly happy with suse8.2. I haven;t done too much real work and haven;t had much time to test the new g++ so I may have to adjust my judgement .. but the fact that this is the first install that perfectly recognised and configured my NVidia card make up for a lot ;)
On any other day, that might seem strange...
True
Currently listening to: tsp1998-07-29d1
Gerhard,
On Wednesday 23 April 2003 08:12, Gerhard den Hollander wrote:
* O'Smith
(Tue, Apr 22, 2003 at 10:54:28PM -0400) On Tuesday 22 April 2003 10:25, Joel Vande Berg wrote:
Received my copy of 8.2 today. Installation via CD-ROM had several read failures off the CD. Installation via DVD on second machine went fine, but YaST failed to correctly configure my Radeon cards. Wish I had my $60 back.
====================
Just curious Joel, are you disappointed in the cds being bad, SuSE 8.2 or your Radeon cards config? I can't say enough about SuSE 8.2 on my machine! The most polished version ever. When I started with 7.2, I couldn't believe how well a Linux distro could be, but I believe that SuSE caused a bigger WOW factor this time. :o)
My Radeon plays nicely here. If you are using the newest boards, 9500, 9600, 9700 or 9800, then quite likely you may be disappointed. Get the ATI binary drivers for those, but that's not SuSE's fault nor the XFree86 guys as they are toiling as hard as they can to get everything working good.
Guess there will always be a few that are disappointed, but it's not always the OS that is causing the problem either.
Well, my main gripe with 8.2 is that the install takes so long[1] , and there are a few annoying ``press OK to continue'' buttons, that just sit there doing nothing untill I hit OK
Took about 45 minutes here, including a full development environment and all the games (for the first time). Never seen a more trouble free install. I know this is a matter of hardware luck to a degree, but I for one am perhaps even more impressed than usual. I don't seem to have had annoying buttons to press ...
[though the only one that bothered me was the one during the online patch install, that informed me that the install of a single patch (suse -en admin guide I think) failed, which happenend about 10 seconds after I went to get some coffee, and set there for 45 minutes before I got back .]
That and the fact that it still doesn't make coffee for me . KDE has had a teacooker for ages, why oh why cannot suse have a coffee maker included.
The ironing. It needs to do the ironing. Work on irond needs stepping up.
[1] -> Gateway laptop w/ 700 Mhz CPU and CD drive, took about 2.5 hours including post-config steps Transtec Celeron 600 Mhz w/ DVD player took about 3 hours (not counting the 45 minutes waiting for me to hit OK ;) )
8.1 on the gateway took a tad less then 2 hours 7.3 on the celeron was over and done with in under 2 as well.
However, in case this was not completely clear, I am (so far) perfectly happy with suse8.2. I haven;t done too much real work and haven;t had much time to test the new g++ so I may have to adjust my judgement .. but the fact that this is the first install that perfectly recognised and configured my NVidia card make up for a lot ;)
On any other day, that might seem strange...
True
Currently listening to: tsp1998-07-29d1
Gerhard,
== The Acoustic Motorbiker == -- __O Screwing a cow while she goes moo-moo =`\<, Will be entertaining to both her and you (=)/(=) Or you might try a tiger, if you have enough gall But the hedgepod can never be buggered at all.
-- Fergus Wilde Chetham's Library Long Millgate Manchester M3 1SB Tel: +44 161 834 7961 Fax: +44 161 839 5797 http://www.chethams.org.uk
On Wednesday 23 April 2003 09:12, Gerhard den Hollander wrote:
Well, my main gripe with 8.2 is that the install takes so long[1] , and there are a few annoying ``press OK to continue'' buttons, that just sit there doing nothing untill I hit OK
It took about 20 minutes for me, everything included, on a dual Athlon MP 1400+ with a network install.
[though the only one that bothered me was the one during the online patch install, that informed me that the install of a single patch (suse -en admin guide I think) failed, which happenend about 10 seconds after I went to get some coffee, and set there for 45 minutes before I got back .]
That and the fact that it still doesn't make coffee for me . KDE has had a teacooker for ages, why oh why cannot suse have a coffee maker included.
I agree, that and a dish washer are essential features of any OS. BUT: the killer feature for me in 8.2 is that you can burn CDs without ide-scsi. Jump for joy :)
On Wednesday 23 April 2003 14:03, Michael Galloway wrote:
could you please elaborate on this? i'm interested! :-)
Sure, thanks to the new cdrecord in 8.2, we can now use IDE devices as ATAPI (scsi over IDE) devices without the kernel kludge called ide-scsi. If you run cdrecord dev=ATAPI: -scanbus you should see all your IDE CD devices, both readers and writers. The only GUI capable of handling this (that I know of) is xcdroast, but that's not a bad GUI, so it's not the end of the world :) The other GUIs should be updated in a short while, I'm willing to bet.
Dan Am wrote:
Hi, Am Mittwoch, 23. April 2003 13:52 schrieb Anders Johansson:
BUT: the killer feature for me in 8.2 is that you can burn CDs without ide-scsi. Jump for joy :)
errr, I can't. How did you do it ?
Regards Dan
Using the gui Xcdroast I was able to burn CD's with no hassles. I was pleasantly surprised. My DVD and CDRW drives were recognized without having to do any system adjustments to make it work. Excellent!! :-D Darrell
Hi All, Question for SuSE, what is the period that a release will be supported with updates and security patches, is it one year as with Redhat or is it a bit longer? Eric
Eric Smith wrote:
Hi All,
Question for SuSE, what is the period that a release will be supported with updates and security patches, is it one year as with Redhat or is it a bit longer?
Eric
longer........ I still run 7.1 at some sites and patches still come out for that.....
On Wed, 23 Apr 2003, Oskar Teran wrote:
Eric Smith wrote:
Hi All,
Question for SuSE, what is the period that a release will be supported with updates and security patches, is it one year as with Redhat or is it a bit longer?
Eric
longer........ I still run 7.1 at some sites and patches still come out for that.....
suse-security mail list said that 7.1 support will drop with the release of 8.2. I'm not sure if that has proven true yet. 7.2 expected to be dropped in the next month or so I think. Hen
On Thu, 24 Apr 2003 04:59, Henri Yandell wrote:
On Wed, 23 Apr 2003, Oskar Teran wrote:
Eric Smith wrote:
Hi All,
Question for SuSE, what is the period that a release will be supported with updates and security patches, is it one year as with Redhat or is it a bit longer?
Eric
longer........ I still run 7.1 at some sites and patches still come out for that.....
suse-security mail list said that 7.1 support will drop with the release of 8.2. I'm not sure if that has proven true yet. 7.2 expected to be dropped in the next month or so I think.
Hen
As far as I'm aware SuSE supports a release for 2 years. -- Regards, Graham Smith ---------------------------------------------------------
If you are willing to pay five years. http://www.suse.com/us/company/press/press_releases/archive03/maintenance.ht... On Wednesday 23 April 2003 11:10 am, Eric Smith wrote:
Hi All,
Question for SuSE, what is the period that a release will be supported with updates and security patches, is it one year as with Redhat or is it a bit longer?
Eric
* Eric Smith (easmith@lbl.gov) [030423 09:08]:
Question for SuSE, what is the period that a release will be supported with updates and security patches, is it one year as with Redhat or is it a bit longer?
The current plus four previous versions get security updates (although installation support only supports the current and previous). The SLES-based products are supported for about five years, more info here: http://www.suse.com/us/business/services/support/maintenance/runtime.html -- -ckm
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
BUT: the killer feature for me in 8.2 is that you can burn CDs without ide-scsi. Jump for joy :)
Hey Anders! Did they include the packet writing stuff in 2.5.x with 8.2. I didn't have a burner on my test machine. OR, is it due to new cdr/rw programs being able to utilize the ide interfaces now? Cheers, Curtis. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+ptVj7WVLiDrqeksRAtdCAJ4movFMYSw+vRPYDbTUlDU5dxyp0QCdFv2m 5JP96wWD53DyfIWHysuCUY8= =T9cc -----END PGP SIGNATURE-----
[Gerhard den Hollander]
Well, my main gripe with 8.2 is that the install takes so long[1] , and there are a few annoying ``press OK to continue'' buttons, that just sit there doing nothing untill I hit OK
Things are so relative! :-) I remember this ISC Unix I bought, many years ago, and which costed me in the order of the thousand bucks, and many long frustrations for almost intractable system problems. It took me about six months to configure and install it so it was almost comfortable, with vastly superior GNU tools and some reasonable ability to work in French. Linux distributions bring me immensely more software, often of very high quality, at a dramatically low price, all considered. The initial startup is usually a few hours, or even less, often absolutely painless, and the overall configuration time is only a few days for most cases. So, when an occasional difficult pops up, it would not even come to my mind to complain, for other reasons than contributing a report about improve a bit, for the benefit of others and our community, over something which already is excellent. I'm surely staying happy in any case! :-) -- François Pinard http://www.iro.umontreal.ca/~pinard
* Francois Pinard
[Gerhard den Hollander]
Well, my main gripe with 8.2 is that the install takes so long[1] , and there are a few annoying ``press OK to continue'' buttons, that just sit there doing nothing untill I hit OK
Things are so relative! :-)
I remember this ISC Unix I bought, many years ago, and which costed me in the order of the thousand bucks, and many long frustrations for almost intractable system problems. It took me about six months to configure and install it so it was almost comfortable, with vastly superior GNU tools and some reasonable ability to work in French.
In case it got lost in the email, I was joking ... I've been installing Unices since the early 90s (and windows since Win95) and suse has always been one of the easiest installs [try installing Sol 2.6 or 7 on an Ultra 10 with a 440Mhz CPU ;) ] Currently listening to: The Smashing Pumpkins - 920126 - 05 - Tristessa Gerhard, (faliquid@xs4all.nl) == The Acoustic Motorbiker == -- __0 My life's on time, But again my sense is late. =`\<, Feel a might unsteady, But still I have to play. (=)/(=) Six to one's the odds, And, we have the highest stakes. And, once again I gamble with my very life today.
[Gerhard den Hollander]
* Francois Pinard
(Wed, Apr 23, 2003 at 08:02:25AM -0400) [Gerhard den Hollander]
Well, my main gripe with 8.2 is that the install takes so long[1], and there are a few annoying ``press OK to continue'' buttons, that just sit there doing nothing untill I hit OK
In case it got lost in the email, I was joking ...
Sorry to have missed it, you got me. :-) To my defence, you know, what you wrote was pretty credible. We are used, somewhat, to hear people crying with the mouth full... -- François Pinard http://www.iro.umontreal.ca/~pinard
pinard@iro.umontreal.ca wrote:
[Gerhard den Hollander]
Well, my main gripe with 8.2 is that the install takes so long[1] , and there are a few annoying ``press OK to continue'' buttons, that just sit there doing nothing untill I hit OK
I can relate. I always hated that the "automatic" online update requires you to click next after the download. The only difference between that and manual is that it chooses the updates for you. You still have to click through it. Perhaps "automatic" means something else in german? Oh that's right, I speak german...no, it means the same thing so I think someone at suse simply likes making people click buttons. There should at least be an option for totally unattended updates, maybe a check box that pops up a warning before continuing. Or how about an unattended update that runs on a schedule say, 0330 on Sunday nights. Alas, I guess we can only dream. You would probably have to set an alarm to wake up and click next to finish it. :) John
On Thu, Apr 24, 2003 at 12:04:36PM +0200, fyrbrds@netscape.net wrote:
There should at least be an option for totally unattended updates, maybe a check box that pops up a warning before continuing. Or how about an unattended update that runs on a schedule say, 0330 on Sunday nights. Alas, I guess we can only dream. You would probably have to set an alarm to wake up and click next to finish it. :)
There are other issues with this - apart from the extra bandwidth that SuSE's site would experience (since making it easier will cause more people to use it), it would also make the automatic update site a prime target for cracking - all a cracker would have to do would be to get in to SuSE's site, and within hours, they would own hundreds, thousands, or even hundreds of thousands of boxes worldwide. A single point of failure on a system with so much automation is a significant security hazard, and just screams "crack me". Not that I am claiming that SuSE's site is full of holes (I am sure that this is far from the truth), just that nothing is ever 100% secure. -- David Smith | Tel: +44 (0)1454 462380 Home: +44 (0)1454 616963 STMicroelectronics | Fax: +44 (0)1454 617910 Mobile: +44 (0)7932 642724 1000 Aztec West | TINA: 065 2380 GPG Key: 0xF13192F2 Almondsbury | Work Email: Dave.Smith@st.com BRISTOL, BS32 4SQ | Home Email: David.Smith@ds-electronics.co.uk
Dave.Smith@st.com wrote:
On Thu, Apr 24, 2003 at 12:04:36PM +0200, fyrbrds@netscape.net wrote:
There should at least be an option for totally unattended updates, maybe a check box that pops up a warning before continuing. Or how about an unattended update that runs on a schedule say, 0330 on Sunday nights. Alas, I guess we can only dream. You would probably have to set an alarm to wake up and click next to finish it. :)
There are other issues with this - apart from the extra bandwidth that SuSE's site would experience (since making it easier will cause more people to use it),
Oh my gosh! Ease of use may cause more people to update their system more often thus ensuring that there are less vulnerable systems out there to crack? Heaven knows we don't want that!
it would also make the automatic update site a prime target for cracking - all a cracker would have to do would be to get in to SuSE's site, and within hours, they would own hundreds, thousands, or even hundreds of thousands of boxes worldwide. A single point of failure on a system with so much automation is a significant security hazard, and just screams "crack me".
<snip>
Not really. You can use cron now to rsync/ftp your updates then rpm-install them in mass right now. This isn't considered a major security hole so why would an easy graphical tool be a hole? Also, do we want to admit that MS can offer this service for XP using WINDOZE servers, but linux is too insecure to do it? I don't think so. In theory it wouldn't cause a bandwidth problem either because suse could use mirrors like they do now with online update. If connections are max'ed out, the software would just keep trying until it connects. Since it would be unattended, why would you care? As long as it's done when you wake up or come to work in the morning. Besides, what's to say that everyone would set their updates at the same time? I mean 0300 Sunday night for me is Monday afternoon for Tokyo. And not everyone would choose the same time. Just my 2 cents. John
On Thu, Apr 24, 2003 at 01:50:11PM +0200, fyrbrds@netscape.net wrote:
Dave.Smith@st.com wrote:
On Thu, Apr 24, 2003 at 12:04:36PM +0200, fyrbrds@netscape.net wrote:
There should at least be an option for totally unattended updates, maybe a check box that pops up a warning before continuing. Or how about an unattended update that runs on a schedule say, 0330 on Sunday nights. Alas, I guess we can only dream. You would probably have to set an alarm to wake up and click next to finish it. :)
There are other issues with this - apart from the extra bandwidth that SuSE's site would experience (since making it easier will cause more people to use it),
Oh my gosh! Ease of use may cause more people to update their system more often thus ensuring that there are less vulnerable systems out there to crack? Heaven knows we don't want that!
That's not what I said. Yes, there is a benefit from having up-to-date machines around the world. However, the fact that it is completely automated concerns me - see comment below.
it would also make the automatic update site a prime target for cracking - all a cracker would have to do would be to get in to SuSE's site, and within hours, they would own hundreds, thousands, or even hundreds of thousands of boxes worldwide. A single point of failure on a system with so much automation is a significant security hazard, and just screams "crack me". <snip>
Not really. You can use cron now to rsync/ftp your updates then rpm-install them in mass right now. This isn't considered a major security hole so why would an easy graphical tool be a hole? Also, do we want to admit that MS can offer this service for XP using WINDOZE servers, but linux is too insecure to do it?
Because, of course, M$ has such a good reputation for only putting in features which are secure? Perhaps Linux doesn't want a feature because the concept is bad. I don't see anyone rushing to add automatically-executing script facilities to the plethora of email clients out there. Yes, you can do an rsync/ftp-install now. However, this is done on a case-by-case basis, and isn't done that often. What worries me is the fact that: a. It is completely automated, with no user involvement. As a result, I suspect that a large proportion of the people who use it will be of the "configure-and-forget" type - they'll just set it up, and not bother to check it again. b. The frequency of checking and updating of machines will increase. Therefore, if any crack is found, it will spread fast. c. The service becomes a more public and obvious target for crackers. The reason for concern is simple. If you have a "install-and-forget" automatic update system, and it gets cracked, the modified packages will spread much quicker than they would under a manually-invoked update system. Also, they would spread quickly to systems which might not be checked manually for a long time. The crack would probably be discovered quite quickly, but by this time it would be too late.
I don't think so. In theory it wouldn't cause a bandwidth problem either because suse could use mirrors like they do now with online update. If connections are max'ed out, the software would just keep trying until it connects. Since it would be unattended, why would you care? As long as it's done when you wake up or come to work in the morning.
I'm not sure whether this is a problem with 8.1, but I've never successfully managed an online update. The connection has always timed out. -- David Smith Work Email: Dave.Smith@st.com STMicroelectronics Home Email: David.Smith@ds-electronics.co.uk Bristol, England GPG Key: 0xF13192F2
Dave.Smith@st.com wrote:
On Thu, Apr 24, 2003 at 01:50:11PM +0200, fyrbrds@netscape.net wrote:
Dave.Smith@st.com wrote:
On Thu, Apr 24, 2003 at 12:04:36PM +0200, fyrbrds@netscape.net wrote:
<snip>
There are other issues with this - apart from the extra bandwidth that SuSE's site would experience (since making it easier will cause more people to use it),
Oh my gosh! Ease of use may cause more people to update their system more often thus ensuring that there are less vulnerable systems out there to crack? Heaven knows we don't want that!
That's not what I said. Yes, there is a benefit from having up-to-date machines around the world. However, the fact that it is completely automated concerns me - see comment below.
Dave you do make some good points, but if my grandma can have her computer automatically update itself, that can only be a good thing. Giving extra options for those who want to use them is never a bad thing. If you don't feel secure with it, fine, sit there and click the buttons.
it would also make the automatic update site a prime target for cracking - <snip>
Not really. You can use cron now to rsync/ftp your updates <snip> Also, do we want to admit that MS can offer this service for XP using WINDOZE servers, but linux is too insecure to do it?
Because, of course, M$ has such a good reputation for only putting in features which are secure?
irrelevant.
Perhaps Linux doesn't want a feature because the concept is bad.
linux isn't a person. again, if this will cause less holes for script kiddies to take advantage of, then maybe DoS attacks won't be as effective.
I don't see anyone rushing to add automatically-executing script facilities to the plethora of email clients out there.
That's because everyone except m$ knows this is a bad idea.
Yes, you can do an rsync/ftp-install now. However, this is done on a case-by-case basis, and isn't done that often.
That's because most people (99%) don't know how to set that up.
What worries me is the fact that:
a. It is completely automated, with no user involvement. As a result, I suspect that a large proportion of the people who use it will be of the "configure-and-forget" type - they'll just set it up, and not bother to check it again.
That's still better than letting them NOT configure and STILL forgetting which is what's happening now.
b. The frequency of checking and updating of machines will increase. Therefore, if any crack is found, it will spread fast.
That's why suse signs there packages. It's up to you to use known good servers. What's to say you aren't downloading a tainted package now as you sit there and click through your updates?
c. The service becomes a more public and obvious target for crackers.
It's only as public as the number of people who use SuSE linux.
The reason for concern is simple. If you have a "install-and-forget" automatic update system, and it gets cracked, the modified packages will spread much quicker than they would under a manually-invoked update system. Also, they would spread quickly to systems which might not be checked manually for a long time. The crack would probably be discovered quite quickly, but by this time it would be too late.
Nah. It wouldn't be the end of the world. Besides, I have a little more faith in SuSE security than that.
I'm not sure whether this is a problem with 8.1, but I've never successfully managed an online update. The connection has always timed out.
Yea, but it SHOULD work. If not, your config is wrong. You are probably blocking "ftp-data" on your firewall (high ports). Again Dave, you DO make some good points but I really think your concerns are manageable. If I didn't think SuSE had a good enough grasp of all this to make it work I'd be using Red Hat. (and probably having the same discussion there hmm?) John
On Thu, Apr 24, 2003 at 03:33:46PM +0200, fyrbrds@netscape.net wrote:
Dave.Smith@st.com wrote:
On Thu, Apr 24, 2003 at 01:50:11PM +0200, fyrbrds@netscape.net wrote:
Not really. You can use cron now to rsync/ftp your updates <snip> Also, do we want to admit that MS can offer this service for XP using WINDOZE servers, but linux is too insecure to do it?
Because, of course, M$ has such a good reputation for only putting in features which are secure?
irrelevant.
I don't think so. You seemed to be implying that since the feature is on Windows, it's obviously secure, and that by choosing not to put it on Linux, we think that Linux isn't; MS doesn't exactly have a spotless record on security...
Perhaps Linux doesn't want a feature because the concept is bad.
linux isn't a person.
Fine. s!Linux!people who develop GNU/Linux! if you want to be pedantic.
again, if this will cause less holes for script kiddies to take advantage of, then maybe DoS attacks won't be as effective.
However, it puts even more "eggs" in the SuSE server "basket".
Yes, you can do an rsync/ftp-install now. However, this is done on a case-by-case basis, and isn't done that often.
That's because most people (99%) don't know how to set that up.
Correct, which is why it is not such a tempting target for cracking. (no eggs pun intended... :-) A system which has the potential to infect tens, even hundreds of thousands of machines in a short period of time is a much bigger prize than one which might infect a few hundred over the next week...
What worries me is the fact that:
a. It is completely automated, with no user involvement. As a result, I suspect that a large proportion of the people who use it will be of the "configure-and-forget" type - they'll just set it up, and not bother to check it again.
That's still better than letting them NOT configure and STILL forgetting which is what's happening now.
Maybe. But it introduces the extra possibility of having a trojaned binary installed on a system which didn't actually have any known exploits. I'd rather install updates myself when I know they are required, rather than have the system install it itself. Of course, you also have the potential for breaking a working system. SuSE are pretty good at producing working stuff, but nobody's perfect, and occasionally packages will come out which break something. Having things stop working for no apparent reason would be particularly frustrating...
b. The frequency of checking and updating of machines will increase. Therefore, if any crack is found, it will spread fast.
That's why suse signs there packages. It's up to you to use known good servers. What's to say you aren't downloading a tainted package now as you sit there and click through your updates?
Maybe I am. However, since the manual update rate will be slower, the spread will be slower, and less machines would be infected before the crack is discovered.
The reason for concern is simple. If you have a "install-and-forget" automatic update system, and it gets cracked, the modified packages will spread much quicker than they would under a manually-invoked update system. Also, they would spread quickly to systems which might not be checked manually for a long time. The crack would probably be discovered quite quickly, but by this time it would be too late.
Nah. It wouldn't be the end of the world. Besides, I have a little more faith in SuSE security than that. [rearranged quote] Again Dave, you DO make some good points but I really think your concerns are manageable. If I didn't think SuSE had a good enough grasp of all this to make it work I'd be using Red Hat. (and probably having the same discussion there hmm?)
I'm not saying that I don't trust SuSE. I'm just saying that having a system like automatic update which increases the "prize" of cracking that single point of failure introduces security issues. A number of Linux firewall distribution dev teams have decided not to implement an auto-installing update system on these grounds, so it's not just me that is concerned about it.
I'm not sure whether this is a problem with 8.1, but I've never successfully managed an online update. The connection has always timed out.
Yea, but it SHOULD work. If not, your config is wrong. You are probably blocking "ftp-data" on your firewall (high ports).
Possibly, or it might be due to the fact that I'm trying to connect over a 28.8k modem. Occasionally (1 time out of 10), I manage to get to the list of mirrors, but never get any further. If bandwidth and latency really are the issue (as I suspect), it's not exactly going to be helped by thousands of extra machines attempting to auto-update, and I doubt that SuSE want to spend lots more money on extra bandwidth. I guess we'll have to agree to disagree. -- David Smith Work Email: Dave.Smith@st.com STMicroelectronics Home Email: David.Smith@ds-electronics.co.uk Bristol, England GPG Key: 0xF13192F2
On Thursday 24 April 2003 10:51 am, Dave Smith wrote: <big snip about automatic system updating>
I guess we'll have to agree to disagree.
I agree with all of your points... Personally, the thought of someone blindly doing an automatic update every night gives me the shudders. A perfect way to screw up a working system (automatically!) -- +----------------------------------------------------------------------------+ + Bruce S. Marshall bmarsh@bmarsh.com Bellaire, MI 04/24/03 11:04 + +----------------------------------------------------------------------------+ "Experience is the hardest kind of teacher. It gives you the test first, and the lesson afterward." - Anonymous
bmarsh@bmarsh.com wrote:
On Thursday 24 April 2003 10:51 am, Dave Smith wrote:
<big snip about automatic system updating>
I guess we'll have to agree to disagree.
I agree with all of your points... Personally, the thought of someone blindly doing an automatic update every night gives me the shudders. A perfect way to screw up a working system (automatically!)
Hmm, could be. I thought after years of trial and error I had discovered every possible way to hose my system. I guess I'll add that to the list. :)
On Thursday 24 April 2003 16:51, Dave Smith wrote:
Maybe. But it introduces the extra possibility of having a trojaned binary installed on a system which didn't actually have any known exploits.
I'd rather install updates myself when I know they are required, rather than have the system install it itself.
And you think this protects you against trojans? Assuming someone does break the SuSE gpg key, or there's a rogue employee at SuSE who puts in trojans in the packages, I can guarantee you that people will install the packages blindly, whether the update is automatic or not. Remember that the person who discovered the trojan in ssh only did so because the package wasn't signed correctly.
Of course, you also have the potential for breaking a working system. SuSE are pretty good at producing working stuff, but nobody's perfect, and occasionally packages will come out which break something. Having things stop working for no apparent reason would be particularly frustrating...
This is very true, but that's not the real idea behind an automatic update. If you're the admin of a server farm you have hopefully a test machine with the same configuration as the real servers. You would test the update on the test machine, and then set the servers to update automatically *from your own local update server*.
Possibly, or it might be due to the fact that I'm trying to connect over a 28.8k modem. Occasionally (1 time out of 10), I manage to get to the list of mirrors, but never get any further.
You are aware that you don't have to download the mirror list every time? Once you find a fast mirror, you can hardcode the address in YOU
On Thu, Apr 24, 2003 at 05:10:26PM +0200, andjoh@rydsbo.net wrote:
On Thursday 24 April 2003 16:51, Dave Smith wrote:
Maybe. But it introduces the extra possibility of having a trojaned binary installed on a system which didn't actually have any known exploits.
I'd rather install updates myself when I know they are required, rather than have the system install it itself.
And you think this protects you against trojans?
No, but the chances of me picking up a trojan on the one or two days that a crack go unnoticed are significantly reduced if I'm running the online update myself only when I know it's necessary. If the system is cracked, and a trojaned binary is successfully planted on the update server, would it be better if a few hundred machines happened to download and install it while it was still active, or a few hundred thousand?
Of course, you also have the potential for breaking a working system. SuSE are pretty good at producing working stuff, but nobody's perfect, and occasionally packages will come out which break something. Having things stop working for no apparent reason would be particularly frustrating...
This is very true, but that's not the real idea behind an automatic update. If you're the admin of a server farm you have hopefully a test machine with the same configuration as the real servers. You would test the update on the test machine, and then set the servers to update automatically *from your own local update server*.
Yes, but this isn't just restricted to server farms where test machines are practical. E.g. SuSE release a new sendmail binary (for a non-security reason), which gets automatically installed on my system. For some reason, it doesn't detect that I've manually edited one of the config files, and overwrites it, so things stop working properly (SuSE is rather good at doing this...). For some reason, I'm not using sendmail on that machine for a while, and I don't notice it's broken until a week later. I then have to trawl back through the updates to see what could have broken it. Personally, I'd rather not have installed the update in the first place...
Possibly, or it might be due to the fact that I'm trying to connect over a 28.8k modem. Occasionally (1 time out of 10), I manage to get to the list of mirrors, but never get any further.
You are aware that you don't have to download the mirror list every time? Once you find a fast mirror, you can hardcode the address in YOU
No, I didn't, but then the term "fast mirror" is a bit of an oxymoron when you talk to everything at 28.8k... :-/ Like I said, I guess we'll have to agree to disagree, since people are probably getting bored now... :-) -- David Smith | Tel: +44 (0)1454 462380 Home: +44 (0)1454 616963 STMicroelectronics | Fax: +44 (0)1454 617910 Mobile: +44 (0)7932 642724 1000 Aztec West | TINA: 065 2380 GPG Key: 0xF13192F2 Almondsbury | Work Email: Dave.Smith@st.com BRISTOL, BS32 4SQ | Home Email: David.Smith@ds-electronics.co.uk
Dave.Smith@st.com wrote:
<snip>
Possibly, or it might be due to the fact that I'm trying to connect over a 28.8k modem. Occasionally (1 time out of 10), I manage to get to the list of mirrors, but never get any further. If bandwidth and latency really are the issue (as I suspect), it's not exactly going to be helped by thousands of extra machines attempting to auto-update, and I doubt that SuSE want to spend lots more money on extra bandwidth.
I guess we'll have to agree to disagree.
ditto on that last point. The only other comment I'll make is that I don't think bandwidth or latency are a problem. I get my downloads with my cable modem not too much slower than I can pull them off the CD (well okay a bit slower). I've been very happy with the download rates for the packages, although for some reason getting the list of packages takes an eternity...Curious. John
John Scott wrote:
Dave.Smith@st.com wrote:
<snip>
Possibly, or it might be due to the fact that I'm trying to connect over a 28.8k modem. Occasionally (1 time out of 10), I manage to get to the list of mirrors, but never get any further. If bandwidth and latency really are the issue (as I suspect), it's not exactly going to be helped by thousands of extra machines attempting to auto-update, and I doubt that SuSE want to spend lots more money on extra bandwidth.
I guess we'll have to agree to disagree.
ditto on that last point. The only other comment I'll make is that I don't think bandwidth or latency are a problem. I get my downloads with my cable modem not too much slower than I can pull them off the CD (well okay a bit slower). I've been very happy with the download rates for the packages, although for some reason getting the list of packages takes an eternity...Curious.
John
I suspect that this thread (or at least the above messages) is about YOU in SuSE 8.2. Right, wrong? (I haven't read the earlier messages). If wrong, I am not trying to hi-jack the thread. If you are talking about YOU then I have to say that YOU in 8.2 is as useful as tits on a bull. Three times now in the last 17 hours I have tried to update my installation and every time YOU gets to download the 2nd or 3rd patch - after grinding away for some time - the whole sheebang just terminates and vanishes off my screen! No explanation of why it terminated, not a damn sausage. Considering the stuffed YOU which was in v8.1 one would think that after all the months between 8.1 and 8.2 the problems in YOU would have been fixed. But no. I am not going to waste any more (on-line) time with YOU but going to install fou4s which has worked flawlessly for me after I installed it on 8.1 months ago. Download and install one small RPM, get on-line, issue 2 simple instructions on the command line and the patch(es) are downloaded and installed. -- Computers are useless. They can only give you answers. Pablo Picasso
On Friday 25 April 2003 09:44, Basil Chupin wrote:
John Scott wrote:
Dave.Smith@st.com wrote:
<some snippage>
I suspect that this thread (or at least the above messages) is about YOU in SuSE 8.2. Right, wrong? (I haven't read the earlier messages). If wrong, I am not trying to hi-jack the thread.
If you are talking about YOU then I have to say that YOU in 8.2 is as useful as tits on a bull.
Three times now in the last 17 hours I have tried to update my installation and every time YOU gets to download the 2nd or 3rd patch - after grinding away for some time - the whole sheebang just terminates and vanishes off my screen! No explanation of why it terminated, not a damn sausage.
Don't want to add to your irritation, but I have to report it's working fine here. Hope you get it sorted, Best Fergus
Considering the stuffed YOU which was in v8.1 one would think that after all the months between 8.1 and 8.2 the problems in YOU would have been fixed. But no.
I am not going to waste any more (on-line) time with YOU but going to install fou4s which has worked flawlessly for me after I installed it on 8.1 months ago. Download and install one small RPM, get on-line, issue 2 simple instructions on the command line and the patch(es) are downloaded and installed.
-- Computers are useless. They can only give you answers.
Pablo Picasso
-- Fergus Wilde Chetham's Library Long Millgate Manchester M3 1SB Tel: +44 161 834 7961 Fax: +44 161 839 5797 http://www.chethams.org.uk
I must admit, I did also have problems getting 8.1 set up right. My 8.0 installs went flawlessly. After testing 8.1 on 1 machine, I didn't upgrade the rest. It took 4 attempts to get an install I could boot. Printing and several of the yast modules have never worked and it locks up from time to time. Fortunately that system was good to use as a test. I've used it like that for a couple of months now simply because the things that are wrong are not a priority, and I thought I could probably fix them. I'm gonna nuke it this weekend though. Rather than downgrade back to 8.0, I'm going to try Mandrake on it. I might try 8.2 at some point, maybe on a different machine. 8.0 never gave me any problems though, so when I'm talking about things that work great, I'm usually referring to that version. fwilde@chethams.org.uk wrote:
On Friday 25 April 2003 09:44, Basil Chupin wrote:
<some snippage> Don't want to add to your irritation, but I have to report it's working fine here. Hope you get it sorted, Best Fergus
Considering the stuffed YOU which was in v8.1 one would think that after all the months between 8.1 and 8.2 the problems in YOU would have been fixed. But no.
I am not going to waste any more (on-line) time with YOU but going to install fou4s which has worked flawlessly for me after I installed it on 8.1 months ago. Download and install one small RPM, get on-line, issue 2 simple instructions on the command line and the patch(es) are downloaded and installed.
On Friday 25 April 2003 12:47, John Scott wrote:
I must admit, I did also have problems getting 8.1 set up right. My 8.0 installs went flawlessly. After testing 8.1 on 1 machine, I didn't upgrade the rest. It took 4 attempts to get an install I could boot. Printing and several of the yast modules have never worked and it locks up from time to time. Fortunately that system was good to use as a test. I've used it like that for a couple of months now simply because the things that are wrong are not a priority, and I thought I could probably fix them. I'm gonna nuke it this weekend though. Rather than downgrade back to 8.0, I'm going to try Mandrake on it. I might try 8.2 at some point, maybe on a different machine. 8.0 never gave me any problems though, so when I'm talking about things that work great, I'm usually referring to that version.
That is disappointing - the only symptom you describe with 8.1 that I did suffer from was the occasional locking, which was completely solved by the updated kernel rpm issued a few weeks after 8.1 was released - did that not work for you at all? Other than that 8.1 has been great for me on 2 machines and 8.2 has been even better as an install experience, with relative exotica such as parallel zip drives passing through to printers, firewire cards and associated disks, and USB scanners sorting themselves out beautifully. I know that doesn't help you that much right now, but perhaps you'd find a fully updated 8.1 on some of your other machines would be a better deal than you seem to have had with your testbed machine. Until now, I've generally manually downloaded and installed patches though, and perhaps that's actually made for an easier ride than the automated updates that do seem to annoy people quite a bit, though the during-install autopatching for 8.2 went swimmingly for me. Best Fergus
fwilde@chethams.org.uk wrote:
On Friday 25 April 2003 09:44, Basil Chupin wrote:
<some snippage> Don't want to add to your irritation, but I have to report it's working fine here. Hope you get it sorted, Best Fergus
Considering the stuffed YOU which was in v8.1 one would think that after all the months between 8.1 and 8.2 the problems in YOU would have been fixed. But no.
I am not going to waste any more (on-line) time with YOU but going to install fou4s which has worked flawlessly for me after I installed it on 8.1 months ago. Download and install one small RPM, get on-line, issue 2 simple instructions on the command line and the patch(es) are downloaded and installed.
-- Fergus Wilde Chetham's Library Long Millgate Manchester M3 1SB Tel: +44 161 834 7961 Fax: +44 161 839 5797 http://www.chethams.org.uk
Fergus Wilde wrote:
On Friday 25 April 2003 09:44, Basil Chupin wrote:
John Scott wrote:
Dave.Smith@st.com wrote:
<some snippage>
I suspect that this thread (or at least the above messages) is about YOU in SuSE 8.2. Right, wrong? (I haven't read the earlier messages). If wrong, I am not trying to hi-jack the thread.
If you are talking about YOU then I have to say that YOU in 8.2 is as useful as tits on a bull.
Three times now in the last 17 hours I have tried to update my installation and every time YOU gets to download the 2nd or 3rd patch - after grinding away for some time - the whole sheebang just terminates and vanishes off my screen! No explanation of why it terminated, not a damn sausage.
Don't want to add to your irritation, but I have to report it's working fine here. Hope you get it sorted, Best Fergus
Considering the stuffed YOU which was in v8.1 one would think that after all the months between 8.1 and 8.2 the problems in YOU would have been fixed. But no.
I am not going to waste any more (on-line) time with YOU but going to install fou4s which has worked flawlessly for me after I installed it on 8.1 months ago. Download and install one small RPM, get on-line, issue 2 simple instructions on the command line and the patch(es) are downloaded and installed.
-- Computers are useless. They can only give you answers.
Pablo Picasso
I just don't have the patience any more to fool around with things which don't work properly straight away. I installed fou4s as I said I would, "fired it up", it took about 1 minute to download the lists of all the patches, and then in about 20 minutes I had my V8.2 updated - and all this on a 56K dial-up modem. YOU - no thanks. I used YOU when I was running v8.0 and was happy with it. But why should I hit my head against the brick wall when there is a perfectly good and more efficient substitute for YOU? Installs in 5 seconds, and it doesn't take long to initially type 2 commands on the command line: (1) fou4s - u --checkfou4s, and after the lists of any new patches are downloaded, (2) fou4s -i to download and install the patches themselves. What else can a body want? :-) -- Computers are useless. They can only give you answers. Pablo Picasso
blchupin@tpg.com.au wrote:
<snip>
I just don't have the patience any more to fool around with things which don't work properly straight away.
I installed fou4s as I said I would, "fired it up", it took about 1 minute to download the lists of all the patches, and then in about 20 minutes I had my V8.2 updated - and all this on a 56K dial-up modem.
YOU - no thanks.
I used YOU when I was running v8.0 and was happy with it. But why should I hit my head against the brick wall when there is a perfectly good and more efficient substitute for YOU? Installs in 5 seconds, and it doesn't take long to initially type 2 commands on the command line: (1) fou4s - u --checkfou4s, and after the lists of any new patches are downloaded, (2) fou4s -i to download and install the patches themselves. What else can a body want? :-)
Sounds good. I"m more or less like you. I make it work and I don't mess with it unless I have to. I used to tinker a lot, but now I just don't have the patience any more. My only questions would be who wrote it and can I trust it? I guess I can do the research if I decide to try it. After all the discussion in this thread about possible trojans and downloading from a reliable source, you can imagine that this isn't something I would just jump into. But I'll check it out. Thanks for the info. J
John Scott wrote:
blchupin@tpg.com.au wrote:
<snip>
I just don't have the patience any more to fool around with things which don't work properly straight away.
I installed fou4s as I said I would, "fired it up", it took about 1 minute to download the lists of all the patches, and then in about 20 minutes I had my V8.2 updated - and all this on a 56K dial-up modem.
YOU - no thanks.
I used YOU when I was running v8.0 and was happy with it. But why should I hit my head against the brick wall when there is a perfectly good and more efficient substitute for YOU? Installs in 5 seconds, and it doesn't take long to initially type 2 commands on the command line: (1) fou4s - u --checkfou4s, and after the lists of any new patches are downloaded, (2) fou4s -i to download and install the patches themselves. What else can a body want? :-)
Sounds good. I"m more or less like you. I make it work and I don't mess with it unless I have to. I used to tinker a lot, but now I just don't have the patience any more. My only questions would be who wrote it and can I trust it? I guess I can do the research if I decide to try it. After all the discussion in this thread about possible trojans and downloading from a reliable source, you can imagine that this isn't something I would just jump into. But I'll check it out. Thanks for the info.
J
Go to the site http://fou4s.gaugusch.at and all will be revealed to you. In the download area there is the released version (v0.9.3.0) and the beta for the next update (0.9.90.0). Of course grab the release version (and when the next official release comes out fou4s will download it and install it on your system). Cheers. -- Computers are useless. They can only give you answers. Pablo Picasso
On Thursday 24 April 2003 12:18, Dave Smith wrote:
There are other issues with this - apart from the extra bandwidth that SuSE's site would experience (since making it easier will cause more people to use it)
I suspect that's why they're using mirrors. I hope you're not doing all your updating from ftp.suse.com
, it would also make the automatic update site a prime target for cracking - all a cracker would have to do would be to get in to SuSE's site, and within hours, they would own hundreds, thousands, or even hundreds of thousands of boxes worldwide.
I suspect that's why they're signing their packages. A cracker would not only have to get their hands on the SuSE official key, they'd also have to crack the pass phrase for it. Not incredible, but it's not exactly simple either.
On Thu, 24 Apr 2003, John Scott wrote:
thing so I think someone at suse simply likes making people click buttons. There should at least be an option for totally unattended updates, maybe a check box that pops up a warning before continuing. Or how about an unattended update that runs on a schedule say, 0330 on Sunday nights. Alas, I guess we can only dream. You would probably have to set an alarm to wake up and click next to finish it. :)
You can run updates as a cron job. That's what I do now with 8.1. /usr/bin/online_update -g /usr/bin/online_update -i That's all it takes. Preston
participants (22)
-
Anders Johansson
-
Basil Chupin
-
Bruce Marshall
-
Christopher Mahmood
-
Curtis Rey
-
Dan Am
-
Darrell Cormier
-
Dave Smith
-
Eric Smith
-
Fergus Wilde
-
Francois Pinard
-
Gerhard den Hollander
-
Graham Smith
-
Henri Yandell
-
Joel Vande Berg
-
John Scott
-
Matthew Johnson
-
me@prestoncrawford.com
-
Michael Galloway
-
O'Smith
-
Oskar Teran
-
Paul Benjamin