Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
GNOME GUI

Helix Code's Red Carpet Simplifies Package Updates 119

Posted by CmdrTaco from the criminey-that-looks-bitchin dept.
Ur@eus writes "There are some nice screenshoots of Red Carpet available from the Helix site. Red Carpet is Helix Code's upcomming package manager and it looks really great. Look here for the screenshots." This is a quite amazing looking little application... even looks to support Debian, so I'm happy as a clam. Very pretty and well designed. It'll be cool to test it out for real.
This discussion has been archived. No new comments can be posted.

Helix Code's Red Carpet Simplifies Package Updates More

Helix Code's Red Carpet Simplifies Package Updates

Comments Filter:

  • But this isn't Helix GNOME! (Score:1)

    by Anonymous Coward
    This article is about Helix Code's Red Carpet software, which is an interface to manage RPM (Red Hat Package Manager) files and system updates. It is intended to replace things like GnoRPM.

    Your praise of Helix GNOME, though pleasing to the Helix Gnome zealots, is offtopic here (and moderated to +5! WTF!).

    BTW (I'm going to go off-topic now), I prefer a default GNOME installation (as provided by Red Hat 6.0) to Helix GNOME. I'll admit Helix GNOME was easy to install (after a bit of messing about to get it to install through a corporate firewall), but I found it to be inefficient. It added a (really nasty) extra layer of nesting to the GNOME menu, and added a horizontally-sliding sub-panel to the main panel (which I found reduced the amount of panel space available, even though it was probably intended to increase the amount of panel). I couldn't stand these "features", and went back to RH6 GNOME - do all versions of Helix GNOME do this, or was it due to a legacy of already having RH6 GNOME installed on my machine?

  • Re:Congrats to the Helix-Gnome Team (Score:1)

    by Anonymous Coward
    In fact I did a recent comparison in a group of 15 people, asking them to give their initial impressions on 1) kde (2.0 beta) 2) Gnome, 3) Helix-Gnome and 4)Windows 2000.

    no you didn't. you're just making that up. admit it, karma whore!

  • Both the Kaleidoscope scheme and the Gnome theme ripped the interface from the QNX Photon GUI. What's your point?

    :wq!

  • but at least those require the used to actively search, download, and install. It looks like GNOME will be "updated" behind your back

    You're a bit out of touch aren't you. Debian has been doing this with dselect and now apt-get for some time. The last time I did any searching downloading and installing was the last RH system I switched to Debian.

  • but why does it refuse to support Slackware? There is nothing in a Slackware system that won't support Helix Gnome, yet the installer crashes with the message "Unable to detect your operating system."

    What do they want? KDE explicitly includes Slackware in the "supported" list AND doesn't come with an "installer" that does more to prevent installation than anything else.

    I *was* a Gnome fan before this... and don't say it's just Helix, because if you go to gnome.org, they tell you to grab the Helix packages if you don't want to compile it yourself.

  • It just occurred to me I might be more specific. :-)

    Slackware 7.1. Glibc 2.1.3. RPM is installed. strace didn't reveal anything obvious (to me) that the installer was looking for.
  • Heya...

    I've used the Solaris Gnome Installer from HelixCode and it works fine... In fact the updater works as well (as I used it to update itself to their new updater that use /var/cache/helix-install vs /tmp/helix-install) without any problems.

    One thing I have notice is that by default filedescriptor limits is set to 64 which is the updater wants more so just limit descriptors 256 and your all set.
  • Helixcode is now starting to take security seriously. I'm sure at first it was overlooked simply to get things "up and running" and they do say that Helix Gnome is beta. They have fixed a number of problems reported on BUGTRAQ. I'm sure, now that they seem to staff and money, they will start a very secure system. Signing packages with GPG wouldn't hurt for starters. Please remember though that, "security is a process, not a product."

    Pat

  • I don't understand something. HelixCode is a company. Company's typically try to make money. How do they plan on money by making free GPLed software? I for one wouldn't want to see HelixCode make a better Gnome and then all the sudden we all have to start shelling out money to Helix. And this new Eazel file manager. Is this going to become the standard Gnome file manager? If so, again, isn't this made by a company? How are they seeking to make money. I just don't see where all these startups working on gpl software fit into the picture.
  • Hadn't been thinking about what you describe, as I find debian's APT handles this quite well. What I want is the ability to have a database of where I put downloaded stuff (this goes in /usr/local, this in /usr/share, etc), what my system is (smp, i386/686/alpha, etc), and so on. So, system goes out, grabs the source (along with source to the various requirements), compiles to binary, and installs.
  • I'll e-mail this as well, but two features I'd like in a package manager:
    1. The ability to build a "configuration" for me, so I download the source, recompile to put everything where I want, compiled to support my specific HW/SW
    2. The ability to tie back a "user" database. I like to download stuff as myself, run it from my home directory to check it out. I'd like to have an RPM / debian db in my home directory, which knows how to find the main one, to check dependencies. Thus, I could download an RPM, install it in my home directory so it runs as me, and everything works.

  • It only eluded the slashdot effect for 10 mn or so...
    Next time , try to put the " in the hostname, you'll gain the 404 errors hit !!
  • it discourrages mouse click-addict.
  • seems you whine too fast for the slashdot poster...
    This story is the next in raw !!
  • This will be great for me at home. But at work - where I'd LIKE to have it - we don't run X on anything. Something like this for the console would be so nice...
  • Use alien (from Debian, RedHat might incorperate it at this time too) to convert the RPMs or the DEBs to TGZs easily :)
  • QNX is an operating system, the windowing interface if you chose to use it is called Photon (Xwindows is also available), and the now-older photon gui is what the Mac theme and Sawfish themes stole.

    Sawfish is a windowmanager for Xwindows. A window manager controls your windows (duh), how they look.. what happens when you click what button, etc. It IS the borders on your windows, but also can control other things.

    Xwindows is the graphical windowing system for unix machines.. otherwise you will be stuck with a text console sort of like dos (but more powerful).

    Unix machines are more powerful than dos, more secure, and have more customizability. and there are many free varients and clones.

  • It's funny. On the bottom of the "slashdot user" comment posting page, it says "Use the Preview Button! Check those URLs!". I guess the admin's story posting page doesn't have that feature.

    Or it could just be that the admins are too busy digging up news to bother with checking it's validity. Oops, I mean the validity of the URLs.

  • Grammar used to not concern me, but now you've convinced me of it's importance!
  • The non-link doesn't work. Perhaps Miguel meant http://www.helixcode.com/tech/ helix-setup-tools.php3 [helixcode.com]. Maybe not, though; it doesn't have a lot to do with what he was talking about.
  • Well, you can buy it on CD from helixcode.com, or even better, you can download it for free. Try typing the following as root:

    lynx -source http://go-gnome.com/ | sh
  • (While reading this, keep in mind that YMMV. FWIW I did this on a Slack 7.0 laptop.)

    I was bored one night, so I looked through the code and found out that all it looks for is 'redhat-release'[1].

    Put a copy of that in /etc, and the installer will happily proceed, provided you have RPM installed.

    There seems to be a problem with Helix and PAM on Slack 7.0, and I haven't had time to try to fix it. Aside from that it mostly works, but you may have to install some libraries on your own. Why the people getting paid to write Helix won't support Slack is beyond me...

    [1] `echo "Red Hat Linux release 6.2 (Zoot)" > /etc/redhat-release`

    --K

    ---
  • It really highlights the lack of features of the Slash code. The editors must have to enter the "a href" link manually because the problem is not an extra quote - it's a missing one from the start!

    Shoddy...

  • Red Carpet looks great if you're a single user using one (or even a few) machines. But when you're in charge of administering more than say 5 workstations, a cool little app. like this just doesn't cut it. Many users won't think to run it occasionally.

    Caldera created Cosmos [calderasystems.com] to solve this very problem. Automatically push updates to all your linux boxes with the click of a mouse. Less web candy (but themeable!) than RC it seems, but infinitely more manageable. 'Cept it won't do debs quite yet. It looks interesting to me.


  • 1st. this tool will not update your computer behind your back, you start and choose what packages to update yourself.

    2nd every RPM package (I assume that debs have this also) can have a digital signature that can ensure that this package was indeed packaged by helix and not by a malicious cracker.

    3rd helix or any other gnome developer gains anything but bad reputation in diasbling KDE or any other software from your computer. All of those softwares are open-source and GPL, if any one tryes to disable KDE or anything else, I don't give a day to this "feature" be forever disabled.

    4th if you realy like the way linux is now, please keep using it this way. Linux is all about choice, and I belive that making tool that would make people, that are now using windows, confortable with linux is a +.

    --
    "take the red pill and you stay in wonderland and I'll show you how deep the rabitt hole goes"
  • And the single click desktop will be available with Nautilus
  • How is this better different than Corel Update? Could Helixcode not have used this and made it better? I already supports .deb and had preliminary support for .rpm I understand. Why all the duplication in the Linux world lately?
  • *Sigh*

    I never claimed to have done an intensive study of any of them. I never claimed to be a researcher in this area. For a project I was assigned I decided to see which OS really was easier to use / look at etc. Was it an intense study? No. Was it all inclusive? No. Is it informative? Yes. As the saying goes, first impressions count, and all I wanted to see is what people thought *initially* when exposed to these four OS/Window Managers. Go away anonymous coward.
  • Only obvious to some, apparently.
  • I think it's because I provided the link making my post "informative" (karma whoring more likely :) which would make your "redundant"... useless is more accurate (not intended as an insult).

    I guess we should come up with an accepted protocol. "RFC: What to do when someone posts a bad link."
  • Helixcode and Eazel are basically competitors, both are trying to provide a very pretty interface, and then sell services/support based on that interface. Honestly I'm a little shocked that Eazel currently recommends [eazel.com] downloading Helixcode Gnome in order to use the Nautilus preview release.

    It would be interesting if Helixcode and Eazel decided to merge, they could really be an interface powerhouse.
  • The reason that it looks so much like Outlook is because (I would assume) Helixcode is using bonobo components from their Outlook clone, Evolution [helixcode.com]. Helixcode has been taking some pretty large strides with their component architecture, it'll be nice when more Gnome apps begin to follow their example.
  • Hopefully it will improve on the current helix upgrade program.

    The major problem I have with it is that it gives no option to keep copies of the downloaded packages locally, so when I want to upgrade my other boxen with the same packages I have to download them again. (unless I copy them from /tmp while its installing them which I do actually, but I want a proper option, not a kludgey workaround)
  • Ok, I know I should check out the actual features rather than jump on things based on just screenshots, but why the hell is there such an emphasis on making things "pretty"?

    I look at the screen shot for listing installed packages, and my first thought is how terribly inefficient and information-light the screen is. By putting in large icons and lots of whitespace, it might look pretty but you've only got 6 packages listed on a full screen!! You could easily use a tabular form, with small icons if you really must, and get at least 20 packages on a screen. Surely I'm not the only one that thinks having to scroll all around a bunch of useless crap and whitespace is a major usability problem...

    Like I said, I may be jumping the gun since I just saw the screenshots. Hopefully there's an option somewhere that lets you adjust the view... right? please?

  • Bue many open-source packages don't have simple names. That okay, most Windows apps don't have them either. But in the case of Windows, the official administrative apps all have label like names. `User Manager'. `Server Manager' `Windows Update' etc.

    This allows someone with no knowledge of the operating system to perform basic functions just by browsing thqa pplication menus.

    Despite the fact that a well-designed packaging architecture [which both RPM and DEB are] should make it incredibly eay for someone to install software, and there are currently a number of reasonable quality GUI applications for installing packages.

    But someone browsing the machine with no Linux knowledge wouldn't know. Because they're called GNORPM [!?!?!??!?!] and KPackage [computer newbies and Linux newbies won't have any idea what packages are packages]. And installing software on Linux is still seen as a difficult task.

    For this reason, could Red Carpet [which seems to be a code name of sorts] be eventually called `Installer' or `Software Installer' and be installed on every users desktop? [or root and those capable of su-ing (withg a GUI `Please enter root password' prompt)]?
  • > Exisiting package formats (RPM, deb, etc) are already insecure.

    Really? Can I borrow the hardware you seem to be using to break those digital signatures on my all my RPMs?
  • #1 sounds a lot like NetBSD's (and maybe other BSD's) pkgsrc system. The is the one thing that I really wish linux had: cd to say, the kde directory and type "make". Wait a minute, this requires foo, bar, and baz. Let me down load them for you.
    Much nicer then rpm -Uhv netscape. This requires foo and bar. Stop.

  • This prob'ly seems rather much an insignificant detail, but I'm curious - what rendering engine/component/thingamabob/whatchamacallit/thing i is being used in Red Carpet for webpages like the Debian home page?

    -Jo Hunter

  • I love Helix-Gnome; but I absolutely despise having to trick the installer into thinking that my box is a Redhat box, and ending up with *.rpm's in the process (I do not like *.rpm's).

    Helixcode claims to support all major distributions; but, Slackware support is not there - and the last time I checked, Slack was most definitely a major distributions.

    If I had the bandwidth, I'd go ahead and make the *.tgz's for Slackware support myself; but I'm only on a dial-up connection (*sob*), so I can't.

  • Why not have it look for /etc/slackware-version and then grab the *.rpm's until you're able to put *.tgz's up?

  • From the installer to the login screen, everything is well designed, looks very pretty, is well organized and just makes sense.
    The installer is "well designed" and "makes sense"? The recommended install [helixcode.com] for Helix Code Gnome involves piping a web fetch to a root shell; a really, really dangerous hack. (See http://www.securityfocus.com/archive/1 /79524 [securityfocus.com] for information on exploiting any systems that use NAT or Web proxies: replace "echo" in ERR_GOGNOME with the commands of your choice. Helix Code doesn't sign packages. They don't respond to queries about improving their distribution and installation mechanisms unless publicly humiliated.

    The apps and desktop are a nice step forward visually, but Helix Code takes a drag-and-drool approach to security and deserves some heat for that. They're deliberately making the distribution and installation less secure than what's offered by the major RPM-based Linux distributions.

    I used to be an advocate of Gnome. But the Helix Code faster-dumber-riskier approach has me reassessing my aversion to KDE. If Miguel, Nat, & co. want to start taking seriously something besides eye candy and PR, that would be great.

    Steamroller, cathedral, ivory tower, flytrap, loaded gun: pick your analogy. There are serious problems with Helix Code.

    -Peter

  • i finally found a decent mpeg video player, mtv - but its nagware, not gpl'd.... and if i try and change the window size the framerate drops to crap. real works pretty well for... real streams. and that's about it (maybe mp3, i donn't know cuz), i use xmms for mp3 and like it better than winamp. i can live without windows media, but i need my quicktime. i have yet to find something that will play sorensen compressed video (unless there is a new xanim nobody told me about). If apple would get off their ass and make quicktime for linux, i'd like them even more than i do now.

    ---

  • Eazel and Helixcode arent really competitors for the most part. Eazel is working on the file-manager that will be part of Gnome 2(it will be avalible for Gnomme 1.4 too i think). Helix is working on other parts of the Gnome desktop. Although they do compete some in the services area, they are more like sister companys. Helix will ship nautilus with Helix-Gnome when nautilus is released as stable.
  • Ive heard rumors of such a thing existing, or probally will be existing at some point, so iv heard, but dont take i could be wrong ;)
  • Now, I answer this at least twice a day as webmaster@helixcode.com. We may support Slack in the future, but we don't right now. There are lots of distros, and we can't support them all at once. The reason Slack isn't supported yet is that its package system isn't as easy to deal with automatically. If you want to try and use it you have two options: get everything from ftp.helixcode.com and use rpm2tgz, or alter /etc/redhat-release and trick the installer. I would guess that both work, although I'd love to have confirmation. Send email to chetohevia@yahoo.com if you can confirm that working. Sincerely hevia.
  • How does this will perform on Debian system ? I used to use apt but I like helix-code. Will Red Carpet use apt as a backend ? Should I make a choice ?

    That's exactly what it looks like it is, to me. From the screenshots, it appears to be like ANY apt derivative, like console-apt, or the Storm Package Manager. APT can be modified to use something other than dpkg, and i'd guess this is what they've done for the redhat version. My bet on this is that that little debian icon you see in the shots is for the debian archive...

  • I use tarballs for more complex installs or for code that is in a development cycle and reqires constant upgrades, eg., pache/php/postgres/mod_ssl and samba. I use rpm's for most of the standard stuff. Sometimes I have to remove an rpm to fix a known exploit for a given package, but that's trivial,

    rpm -e package-name

    Upgrading packages is painless (compare patching Microsoft Office 97, two huge self-installing executables, one of which requires a goddamn 20 digit serial number, don't get me fucking started !#%@^ing Bill Gates ...) just,

    rpm -Uvh netscape-common netscape-communicator

    for example. This takes about 30 seconds to one minute. I can patch a fresh RedHat system in less than 30 minutes. Compare that to 3 hours for Windoze fucking 2000 with it's endless series of patches that can only be installed one at a time and require a reboot after each !$%@$^ patch.

    Windows is a health hazard.

  • I can't imagine that Corel Update doesn't use QT and does use GTK+ + GNOME. Seems like enough reason to me.

    And umm, I don't mean to start GNOME & KDE flames with this. You should agree with me that a consistent environment is important, be it KDE or GNOME. So there's some sense in "sticking to your own toolkit" :-)

    It's... It's...
  • I believe the Free Software community should seriously look into the way OS X behaves.

    From what (not so much indeed) I was able to figure out, it has the most advanced library/package management system to date (I see much was borrowed from NeXT).

    Seems to me this is the way to go, full stop.

  • This is what I mean, it already passed on Slashdot when Mac OS X DR4 was released and ArsTechnica made a nice article on that.

    http://developer.apple.com/techpubs/corefoundation /BundleServices/CFBundleServices/index.h tml [apple.com]

  • Can I make my own channels?
  • What I'm wondering is if this is a service they are planning to charge for or if it will be free like helix-update. Either way, there are becoming more ways to automatically update packages in linux, and I wonder if this will lead to rivalries.

    This sounds very similar to what Eazel plans to charge a subscription fee for.

    And I noticed that Helix Red Carpet has channels for updating your distribution. Redhat already has an automatic updater for their bug fix releases, which they charge (excessive) support fees for. Nothing's stopping Helix code from mirroring Redhat (or any other distro) updates.

    So Helix code has two choices: 1. charge for the service and compete with Redhat, Eazel, and others or 2. give it away free and eliminate a revenue stream for other Linux companies (as well as themselves), making themselves the only (free) game in town.
    Should be interesting...
  • If you have E installed, Helix-Gnome will let you switch to it from the control center.
  • Can't remove things? Did you know you can do a make uninstall for practically everything you install via a make install??? And as for dependencies, if the configure script doesn't alert you to a dependency problem, the compile error will... Long like the Compiler!
  • I don't think that "reformat your root partition" should be the main concern, but clearly without some security mechanism in place, your linux install becomes only as secure as the Helix servers. This more likely means the possibility of trojan horses for common apps.
    This is the heart of the issue. I think the truth of the matter is, the Helix servers will be hella more secure than most people's home boxen. (I speak from personal experience: as a Linux newbie, I've been hacked once and had my computer rebooted remotely once.) People worry about remote security but I can see the day when all your really secure data will be kept off site in some company's vault; just like you wouldn't keep your life savings under the bed.
  • So are these folks implementing eazel's Nautilus [eazel.com] file manager? (From this [helixcode.com] picture, it looks not, but I can't be sure)

    If not, it might be worth considering, as it looks pretty spiffy.

  • Actually that's the sawfish window manger's *modified* default window manager. And they DO give credit to Kaleidoscope if you read the description when selecting a theme in GnomeConf.
  • I used to be a die hard slackware fan. I started with slack 2.0 as my first distro (actually the first one I bought on CD, my very first was a .99 kernel via SLS (I think) ) and stayed there until about three years ago, when I went to debian. Don't get me wrong, I *LOVE* playing around with linux, but when I entered a linux job I found I didn't have the time to "play" anymore and needed to get stuff done. For me, Debian (or redhat or distro X to disuade any holy wars) gave me what I wanted from slackware... a text centric system, files you have to configure yourself, no fancy gui system management tools, and package management.

    While I enjoy knowing exactly what's in a system, I also sometimes need to "just install it". Ie: I need to unzip a program. I could go to freshmeat, search, go to the homepage, download, untar, ./configure, make, make install, or I could type "apt-get install unzip", wait 30 seconds and then unzip the file.

    Yes, package management does loose some control (not optimized for your processer, missing some options, that sort of thing) but IMHO the productivity I gain from not having to do the extra hacking to get things going is worth it.

    That's on my work system of course, my home system (where I do have time to play) is another matter all togeather....
  • Actually, this looks to be a new version of the "helix-update" package that already comes with helix-gnome. It's nice to have LESS information on one screen- It's very uncluttered, and while you may have to scroll a bit it doesn't take much time. It would be nice to be able to turn off the blurbs about each package, but I find the interface fairly easy to use.
  • I came across these shots yesterday afternoon, and was shocked. HelixCode is integrating more and more and making things soo much easier to use it's great.

    People are complaining about trying to be like Windows and that's bad, but they aren't trying to be like Windows. The software is simply being worked on to make it easier to use for the average joe. Linux will gain users with a nice GUI interface, not with a black and white console screen.

    But the most important part of Red Carpet has to be Debian support! I don't know how long I've waited for debian support in the helix-updater. Sure, I use apt and love it, but I felt left out while all of the RedHat users were having a nice little interface to enjoy.

    So I'm one happy guy, and I know this will make lots of other people happy as well. Good work HelixCode, and I can't wait to see what comes from you in the future!

    --
    Scott Miga
    suprax@linux.com
  • Has anyone been reading BugTraq lately? It's full of complaints about how insecure HelixCode is!

    The installer had several issues, that's all.

    Chris
  • Not only does KDE support Slackware, their latest beta rlease is available as Slackware packages. /sbin/installpkg *.tgz and you're done, no dependency headaches required.
  • Red Carpet will be an integral part of the Helix Setup Tools (see http://www.helixcode.com/setuptools.php3).

    The Helix Setup Tools are tools targeted to simplify management of a computer, and it is targeted to end users.

    We have been working towards making the Helix Setup Tools address a number of needs of our users:

    1. Location management (reconfiguring your system to different kind of configuration setups easily. Useful for laptop users that use a computer at home, at work, and while traveling).

    2. Cluster support: configure clusters of machines, updgrade packages in clusters of machines, backup configuraiton of clusters of machines.

    3. Rollback support: restore the system configuration to a date in the past.

    So yes, clustering is important for us (more from the point of view of "we have a lab with computers, and we do not want to manually run helix-update on each machine" than from "we are doing a high availability cluster that does this very specific task" though).

    Miguel.
  • GNOME is a project. The GNOME project produces source code and ships it in the form of compressed tar files.

    Helix GNOME is an easy-to-install, pre-compiled GNOME that ships things as packages that are easy to install and upgrade.

    Helix GNOME does not support Slackware, but anyone can contribute Slackware packages to the GNOME project and put them up on ftp.gnome.org.

    We do not have resources at Helix to maintain Slackware right now. We hope we will be able to in the future (and also add FreeBSD to the list).

    Nobody has stepped forward to produce Slackware packages, but I am sure that if you convert the rpms to Slackware packages, we can put them up on gnome.org

    Miguel.
  • Yes, it will show who is the "provider" for a given channel. As you can see from the screenshots, part of the information for the Debian channel that Vlad had a screenshot for, includes the debian web page.

    Making the retrieval of source code simpler is also something I know Joe and Vlad want to do as part of their "locate file" feature on Red Carpet.

    Miguel.
  • Floyd, I think that you're wise to think about these concerns, but I don't think it matters. (No offense intended.) If we all want Linux to take over the world, we need to make it possible for non-technically-inclined people to use it. HelixCode is the absolute best way, and I wouldn't change a thing if I could.

    But I've got to say: Do I trust Nat Friedman with my home computer's security? Hell yeah, I do.

    -Waldo

    -------------------
  • Doesn't anyone here use Helix-GNOME yet? This is just the existing Helix-update application shipped with Helix-GNOME swallowed into a window with a siebar.

    In any event, helix-update is very nice stuff, probably the nicest end-user or small-network admin interface yet for RPM and dpkg. It's very friendly, very non-technical in its presentation, and well-designed. It's every bit as good and pleasant as the similar interfaces in MacOS 9 and Win98 and Win2K.

    I find it endlessly fascinating that the core GNOME team, especially Miguel, made such an interface mess out of GNOME itself but have somehow managed to make the Helix stuff look and feel "right". Have they secretly hired a good human interface designer?

  • You better not install any more software off of the web - I mean, who knows what could be lurking in that tarball from ftp.gnu.org? Anyone could have hacked the server and put a backdoor into the GCC code! And those ISO images on the RedHat site

    Oh, you mean like when someone hacked a server and replaced the sources to TCP Wrappers [slashdot.org]?

    Or, speaking of GCC, how about when Ken Thompson, Granddaddy to things Unix, stashed a self-reproducing hack of the 'login' program in the operating system's own compiler [umsl.edu]?

    Granted the TCP wrappers thing was quickly caught, but IIRC, Mr. Thompson's hack wasn't caught so quickly. Either way, the point is, if someone weren't raising the flags, worrying about the unlikely, working to secure the system, you'd be just another node in the DoS machine.

    Maybe you are already.

    *shrug*

  • How about getting the RPM source packages and making the binary RPM packages yourself, if you really like compiling X (of all things!) yourself? I used to do that do compile inf the "offensive" cookies that Redhat insisted on chopping off fortune-mod. You have to read up a little on RPM package building, but this is no rocket science...
    --
  • All I saw were broken image links. That is really nice to look at. I know I know.. troll, moderate -1, blah blah. But you'd think that slashdto would check to make sure these images would show up.
    ~~~~~~~~~~~~~~~~~~~~
    I don't want a lot, I just want it all ;-)
    Flame away, I have a hose!
  • No, not the source code to the installer, but to the packages being downloaded.
    Does the Helix Gnome Installer make it clear where various packages are being downloaded from (assuming different packages can come from different places) so that end users know where they have the right to get source from (for GPL'd packages)?
    Or will the Helix Gnome make the retrieval of source for installed packages even easier?
  • Well, yes, there is. Check freshmeat for installwatch, which includes inst2rpm, a script I wrote. These tools together will allow you to do a configure; ./make; make install and have the information in the RPM data base. Best of all, deinstallation is then just a matter of rpm -e.

    -Jon
  • I put HelixGnome on our Ultra 5 the other day running Solaris 2.7 and the install went just fine. It loads up with no problems and I get the comfort of my Gnome environment. :)
  • A major gribe I have about RPM (and one of the reasons I moved to Slackware) is that it assumes that you'll do everything through RPM. It doesn't mesh well with non-RPM data. What I'd really like to see added is the ability to merge additional non-RPM-installed files into the RPM database. For example, I prefer to compile X myself, so forever afterwards, RPM keeps complaining about missing X libraries. And no, --nodeps isn't a viable option.

    BTW> Maybe it already allows you to do this. However, there is nothing in the RPM docs, nor on the net that shows how.
  • The Debian package system can behave close enough to the latter of those conditions, but it depends on the package maintainers being savvy about those dependencies. As to the dependency-checking thought you have there, tho, I think .deb uses a database kind of like RPM. (Tho I could easily be mistaken as I'm not a Debian packager)

    The "Official" Debian-packaged debs are very well done, AFAIK, but they don't cover everything (they're only human) and not all of them may address small issues like this for any variety of reasons.

    Ultimately, however you do this - even with RPMs - you'll be at the mercy of the package maintainer.

    -Jo Hunter

  • btw ... people should really proofread so they give the right url [helixcode.com], but anyway...

    This looks like another good step towards making linux usable as an average joe desktop os. The average non geek who has enough trouble using a mac doesn't even want to think about something like rpm -Uvh package.rpm from the command line. And while there are gui package managers out there, i've found that it's even more confusing to install something i just downloaded using the gui as opposed to the command line.

    A package manager/installer system that is highly customizable, from easy as hell for the non geeks, to complicated as your feelings about cheeze for ubergeeks. There are some distros that take a decent step in making the newbie comfortable (like mandrake)... but some things are still missing. being able to find the package easily on the desktop, double click it, and have it install, with icons in the gnome/kde menus and the who kabong would go a long way in helping linux get over the "it's too hard to use" barrier that stops it from being a widely accepted desktop os.

    now if only there was a decent media player....

    ---

  • OK, technically, apt is not the package manager for Debian. The package manager is dpkg. However, everyone uses apt because it makes things so very nice. The main reason is auto-resolution of dependencies. If I say:

    apt-get install foo

    Apt will check to make sure that I have the right versions of all the libraries that I need for package foo to function. If it needs other packages, it will ask for my permission to get those packages, too. It will then automatically download and install/upgrade the packages from the list of FTP/HTTP sites I've specified in /etc/apt/sources.list. If I already have package foo, it will see if there is an upgrade available

    I prefer dpkg itself to RPM because (in my experience), dpkg has you configure the package at install time, instead of wondering "where did RPM put those config files?", going and finding them, etc. Of course, real control freaks like me will always do that anyway :) I also like the way it will mark certain files as "configuration files", and then ask you what to do when upgrading that package (replace with the new default file, keep yours, or see the differences). For ease of use, apt/dpkg can't be beat. The only similar thing is the much-revered BSD ports system. Of course, every package manager I've seen has an option to list the files installed by a package.

    Of course, you do lose some control when you don't compile packages yourself. However, a good percentage of the time I wouldn't have changed anything anyway...and apt just makes it so easy to keep things up to date that it's too tempting.

    Supposedly Mandrake now has something like apt for RPMs, but I haven't tried it.
  • Apt will do the 2nd thing for you; if you're installing/upgrading a package, then it will check for dependencies, and say "Do you want me to update this other stuff, or not do anything?".

    However, you have a most valid point about the deleted files bit. Since RPM makes packages depend on files (sometimes), it will probably catch some of that. However, .deb packages depend on other packages, so that would go unnoticed (except that things would be broken :) Perhaps apt could be refined down to the file level? An interesting idea...the overhead/indexing would SUCK, so maybe it shouldn't do that by default.
  • Given that the user (ie., you) must choose to use these "windowized" distributions, what's your point?

    Who cares if Helix-Gnome ends up dominating 80% of all Linux distros? So what? Nobody is *forcing* you to use it. That's what Linux is about. Choice -- not CLI elitism.

    Lemme guess -- you're an ex-Windows user that cannot make the jump to a free mindset, aren't you? One of those people for whom there must always be ONE "correct" answer to any computing problem?

    Don't like it? Don't use it. Simple as that.

  • What is QNX? What is sawfish?
  • There are pros and cons to using a package management system like RPM's. You covered the cons, so I'll tell you why I use them.

    Ease of removal: removing an application manually installed by a "make install" is difficult, and usually not thorough.

    Ease of upgrading: you don't have to remove/replace manually all your old files. If the application has moved/removed/added/changed files since the last version, the package manager handles everything for you.

    Auto-dependencies: The package can tell you what other packages it needs to function.

    "Evil beware: I'm armed to the teeth and packing a hampster!"

  • I'm sure that security will not be much of a concern with Evolution, and, as with windows, I'm sure you will be able to turn off VBS.

    As for putting bad packages in their upgrade system... Debian, RedHat and others seem to be surviving with no problem. BTW, you obviously don't know anything about APT (the package retrever for Debian), as it already does something VERY similar to this (without the eye-candy).

    BTW, do you read every line of code you download and compile? Doubt it. I'd be more worried about someone putting a trojan in code then someone hacking an ftp server and putting a bad package in.
  • Tell me - Is package distribution becoming the normal way to distribution software? Forgive my ignorance, but I always go for the .tgz - I feel I know better what's going where if I do that. That said, I haven't really used packages since the early RedHat and I certainly haven't seen the newer package managers. What are the pros and cons of both methods?

    .iMMersE

  • Not to knock it, but... (Score:3)

    by ptomblin ( 1378 ) <ptomblin@xcski.com> on Friday September 01, 2000 @07:09AM (#811291) Homepage Journal
    The first screen (the rest timed out on my company's poxy proxy server) looks so much like Microsoft Outlook that it's scary.

    As for other complaints that an automatic updater is dangerous because people could insert dangerous programs that way: That's why RPMs are cryptographically signed. Sure, a cracker could put a dangerous RPM on updates.rpm.com, but since it wouldn't be signed with RedHat's key, autorpm (my automatic updater of choice) won't install it.

    --

  • Re:Slowly morphing into Windows... (Score:3)

    by LizardKing ( 5245 ) on Friday September 01, 2000 @07:11AM (#811292)
    What is there to stop a malicious hacker from penetrating Helix's servers and sending "updates" which reformat your root partition?
    Exisiting package formats (RPM, deb, etc) are already insecure

    \begin{sarcasm}

    Oh shit! You better not install any more software off of the web - I mean, who knows what could be lurking in that tarball from ftp.gnu.org? Anyone could have hacked the server and put a backdoor into the GCC code! And those ISO images on the RedHat site ... ohmygawd!

    \end{sarcasm}

    But seriously, while a little bit of paranoia is good for raising security conscousness, I think you're taking it to an extreme.

    Chris

  • On package management (Score:3)

    by Jeffrey Baker ( 6191 ) on Friday September 01, 2000 @06:59AM (#811293)
    I have some thoughts on the concept of package management, and the implementation of Linux package managers.

    Package management has a core problem, and it is that the management system maintains an information database that may or may not reflect reality. RPM, for example, has a database of installed packages. All you need to do is delete a few files, or install something from source, and the package management database is invalid.

    Instead, I propose that package management systems should always rely on authoritative information when checking for installed packages. A new package Foo which is to be installed contains a list of dependencies: functions a, b, and c in lib123, and function d in lib456. The package manager checks for these symbols and libraries. If they are not available, the package manager can recursively install these libraries and any packages upon which they depend.

    Further, an advanced package manager should keep track of these dependencies and offer to update any packages which might be affected by updating a library. For example, updating Evolution might also update Dia, Gnumeric, and GEdit because the gnome-print which Evolution requires breaks the old API.

    Thoughts? Is there a package manager which does these things already?

  • Re:I havent looked at the screenshots yet, but.. (Score:3)

    by miguel ( 7116 ) on Friday September 01, 2000 @07:33AM (#811294) Homepage
    We will keep your comment in mind for Red Carpet.

    Please, if you have more suggestions on how to improve Helix's updater, let us know by sending mail to beta@helixcode.com.

    Miguel

  • Re:It's the existing helix-update with a sidebar. (Score:3)

    by miguel ( 7116 ) on Friday September 01, 2000 @08:42AM (#811295) Homepage
    There were a lot of improvements in GNOME 1.2 (Bongo GNOME), that came from different people. Jacob Berkman lead the effort to 1.2 and was one of the key people that were polishing little bits everywhere: improving, fixing, making it more usable and giving love to the user interface.

    The GNOME UI team (you can find them at developer.gnome.org) provided an organized effort that helped developers improve the GNOME user interface. This team lead by Jim Cape produced mockups, screenshots, and glade files for developers to use. They provided concrete suggestions and did everything they could in their hands.

    There is still a lot left to do, but we realize that there are problems in the GNOME UI, and we will keep improving it.

    Tuomas kept improving the GNOME artwork for 1.2 and he is still doing this for 1.4.

    And we recently hired Anna to work on user interface design. Joakim has also been providing a lot of input with full rationales and mockups based on his previous experience to improve the GNOME.

  • Correct link: (Score:3)

    by drivers ( 45076 ) on Friday September 01, 2000 @06:41AM (#811296)
    Corrected link:
    here [helixcode.com]

  • Why all the complaints? (Score:3)

    by bozone ( 113268 ) on Friday September 01, 2000 @08:42AM (#811297)

    Helix has been working hard and fast on creating a solid and attractive Gnome distro. It has a tight feel to it that was lacking previously in Gnome (IMHO). With upcoming KDE2 and the Helix / Evolution releases, Linux as a desktop has made great strides. The developers should be congratulated for their efforts.

    *mini-rant on**
    Why all the complaints about package managers?! Automatic (requested) retreival and installation of already installed packages is a bad thing(TM)?! A better solution is to manually search the web for updates? Sure, if you are into computers and like tinkering with your OS, that can be fun, but for the someone using a computer for e-mail, surfing, development etc, the package managers take the pain out of managing their PC.

    I don't think a user should be required to know gzip, tar, make et al. to use Linux. For those that like that level of control, therein lies the beauty of Linux, you have a choice. I mostly go the .tgz route but there are times (usually late at night) where I need something installed and am in no mood play the missing dependancy game, rpm is great.

    The comments about the Helix design looking too 'Windowish' are funny. I agree that Miguel's admiration of Windows may influence the design a little too much. How would you have it? We can't look like Windows, so we must design a fugly interface to show that we are different?! That's an insecure stance. The design needs to be end user motivated not techno-political.
    **mini-rant off**

    If the goal is to move Linux to the desktops of 'users', familiarity will only help the cause...

  • Slowly morphing into Windows... (Score:3)

    by Floyd Tante ( 210193 ) on Friday September 01, 2000 @06:53AM (#811298)
    Brilliant. An automated update tool. An integrated browser and email client (with VB scripting, no less). A host of unresolved security issues. Is Miguel de Icaza really that excited about turning Linux into a complete Windoze clone?

    What is there to stop a malicious hacker from penetrating Helix's servers and sending "updates" which reformat your root partition? Exisiting package formats (RPM, deb, etc) are already insecure (who knows what could be in those scripts they execute), but at least those require the used to actively search, download, and install. It looks like GNOME will be "updated" behind your back. Given the heated flamefests between KDE develpers and frothing GNOME advocates (including Miguel himself), it can't be discounted that the next Helix update will "disable" your pre-existing KDE install much the way Winblowz over-writes ext2 partitions.

    "Ease of use" is not worth sacrificing Linux over. Let Windoze be insecure and "easy". Linux should stay the way it is.

    -- Floyd

  • Re:But this isn't Helix GNOME! (Score:4)

    by miguel ( 7116 ) on Friday September 01, 2000 @07:31AM (#811299) Homepage
    Red Carpet supports multiple packaging formats unlike the previous version of the helix installer/updater. It works with both RPM and Debian packagescurrently and we plan on adding support for Solaris packages in the future as well (indeed the screenshots show the Debian version running).

    You can customize your panels in pretty much any way you want. Try hitting the right mouse button in the applets and in the panel to explore the options in the panel.

    Miguel.

  • Re:Helix Contrib (Score:4)

    by miguel ( 7116 ) on Friday September 01, 2000 @07:45AM (#811300) Homepage
    This is exactly the intention.

    As you notice there is a bar on the right that lists the channels you are subscribed to, and you can get a list of those you are not subscribed to.

    We will be providing other channels besides the regular Helix GNOME channel. For instance, you can see a channel for the distribution installed in your system and a channel for testing the Helix Evolution groupware client.

    Other channels will be available with other types of software as well.

    Miguel.

  • Re:Congrats to the Helix-Gnome Team (Score:4)

    by miguel ( 7116 ) on Friday September 01, 2000 @07:26AM (#811301) Homepage
    Helix GNOME is just a packaged version of the latest GNOME. We took special care into making things pretty and Tuomas, Joakim and Anna have been working very hard to provide nice, pleasant user interfaces.

    But all the contributions of Helix are contributed back to the main GNOME sources.

    We just happen to ship the latest GNOME in a real-time fashion: you can always update to the new improvements as developers produce the code.

    With Red Carpet (something that you do not see on the screenshots) we will roll three levels of updates: emergency updates, latest packages, and long-term tested packages. The intention is to catter to both people who always want the latest applications and fixes, and those who want a tested and reliable system.

    Miguel.

  • Helix code deserves serious thanks. (Score:4)

    by Matt2000 ( 29624 ) on Friday September 01, 2000 @06:51AM (#811302) Homepage

    Is it just me or is Helix code deserving of some serious respect for taking care of alot of the nasty details of the Linux desktop, and doing it while looking better than any group of applications I've ever seen on any *nix.

    I recommend all their stuff to anyone who's new to Unix and it always leads to a much better first impression for Linux in general.

    If they can finish their Outlook replacement apps then they will have brought Linux perhaps 40% closer to being a windows desktop replacement for many companies.

    Good work guys and keep it up.

  • Re:Slowly morphing into Windows... (Score:5)

    by miguel ( 7116 ) on Friday September 01, 2000 @08:03AM (#811303) Homepage
    Helix will not be updated behind your back. That is a security concern we have always had. Although we could have done an automatic updater, we are aware of privacy concerns people have and the different levels of security that people want.

    The new version will have an option to do automatic updates if you choose to, but it is not the default.

    We would love to hear your opinion on security matters and we would be glad to tell you how things are done internally, but lets do that without attacking each other and by making informed comments instead of worst-case-scenario-assumptions.

    Miguel.

  • Congrats to the Helix-Gnome Team (Score:5)

    by Foxman98 ( 37487 ) on Friday September 01, 2000 @06:48AM (#811304) Homepage
    I'm sure most people will agree with me, when I say that Helix-gnome has taken Gnome from being a collection of highly usable but unorganized applications, and shrink wrapped them together.

    From the installer to the login screen, everything is well designed, looks very pretty, is well organized and just makes sense.

    It it weren't for Helix-Gnome I would stick with KDE.

    It seems to me that Helix-Gnome should perhaps become the default install of Gnome. I feel that Gnome is very much misconceived when compared to the likes of KDE et al. Helix-Gnome would help bring together all the applications. And let's be honest, first impressions are the most valuable. Your average linux newbie loads up gnome and thinks, well this is pretty neat. Then when he/she noticis all the inconsistencies and lack of organization they run screaming to KDE. Not so with Helix.

    In fact I did a recent comparison in a group of 15 people, asking them to give their initial impressions on 1) kde (2.0 beta) 2) Gnome, 3) Helix-Gnome and 4)Windows 2000.

    The questions revolved around usability, eye candy and easy of use. The results put KDE on top, Helix-gnome next, Window2000 and then Gnome. However the Windows2000 is somewhat misleading for most users had experience in windows. But the default install of Windows2000 lost major points on the eye candy factor, it really isn't very pretty by default.

    The main comments were that people liked KDE's single click to open up icons. These were mostly adults who had used, but were not proficient with computers. I think especially for people who have not grown up using computers, the distinction between when to double click and when to single-click, or right-click, is very unclear. KDE did well in this area.

    Helix-gnome received lots of compliments on organization and overall look and feel.

Slashdot Top Deals

There are two ways to write error-free programs; only the third one works.

Close