Automatix 'Actively Dangerous' to Ubuntu

exeme writes "Ubuntu developer Matthew Garrett has recently analyzed famed Ubuntu illegal software installer Automatix, and found it to be actively dangerous to Ubuntu desktop systems. In a detailed report which only took Garrett a couple of hours he found many serious, show-stopper bugs and concluded that Ubuntu could not officially support Automatix in its current state. Garrett also goes on to say that simple Debian packages could provide all of the functionality of Automatix without any of the problems it exhibits."

I think it screws up when upgrading.

[rolfwind]

Automatix is a really nice idea.

But I noticed that all the Ubuntu distros, which it is installed upon, get a range of problems with upgrading to the next release of Ubuntu.

Automatix is not as necessary as it once one, codecs are done by Ubuntu itself in the meantime - Automatix was good two years back when it was a PITA to get DVDs and mp3s to play without editing files and going crazy on the command line.

It still is nice to use to install some programs like virtualbox, but the problems it causes are not worth it.

Re:I think it screws up when upgrading.

[OmegaBlac]

I highly doubt the ability to play mp3s out the box is what is keeping GNU/Linux from reaching mainstream acceptance. More like a certain software company in Redmond engaging in illegal/unethical business practices to keep its OS the main preinstalled OS on OEM machines, lack of commercial software that is only available for Windows that users require, slow (but steadly growing) desktop adoption rate by businesses and government, vendor-lockin, ease of Windows piracy, desktop monopoly in most US schools, and hardware compatibility. The ability to play mp3s is very low on the list of things keeping GNU/Linux from mainstream success. It will get their one day, just takes time and everyday that list gets shorter.

Re:I think it screws up when upgrading.

[Anonymous Coward]

solaris. Sending an audio file to /dev/audiof will play it. They use a plugin architecture to play the files, but wav, aiff, au, and mp3 support are standard.

Re:I think it screws up when upgrading.

[poolmeister]

'Linux' will never play MP3s on it's own as Linux is a kernel and there are no built in kernel modules that play media files.

Then again there are plenty of Linux distributions that play MP3s on a fresh install, my personal favorite being Linux Mint [linuxmint.com] which is a reworked Ubuntu distro with non-free software included by default.

Re:Illegal?

[morgan_greywolf]

Neither, in some countries it can be used to obtain illegal software...Automatix in itself is no more illegal than Firefox or Internet Explorer

Exactly. I can download the same packages that it does with any Web browser or wget. The summary is inaccurate when it says that the package is 'illegal'. If the package is illegal, then so is Firefox and wget, both of which can be used to download packages that may be in violation of the DMCA or of patent laws or of the GPL (as in the case of nVidia or ATI drivers).

As TFA points out, it also gives dubious legal advice. Downloading MP3 codecs or Win32 codecs is far from a crime in the United States. For example, for the Microsoft-created codecs like WMA or WMV, Microsoft only requests that you have a Windows license in order to download them, but does nothing to prevent you from downloading them (WGA checks are not required, for instance.) It could be argued that as long as one has a valid Windows license, using them on Linux is not illegal. As for MP3 or other patent-encumbered codecs, it is a violation of patent law to distribute such codecs. Whether it is a violation of patent law to use or download these codecs without paying a license is a legal gray area.

OTOH, downloading libdvdcss may, in fact, be a violation of the DMCA.

Note that I'm not a lawyer, and if you're looking for legal advice, go pay one.

Re:Illegal?

[cheater512]

What if libdvdcss was made before the DMCA? Wouldnt that make it legal?

Re:Illegal?

[jZnat]

Besides the fact that it wasn't, I believe the problem is distributing the software today as the action that violates the DMCA. As confusing as it is, it is not illegal to use libdvdcss, DeCSS, or anything like that, but it is illegal to distribute it (as far as the DMCA says; it could be legal to distribute it as protected free speech, but I don't know if anyone has tried to use that defence since the MPAA backed off in the DVDJon case).

Re:What about EasyUbuntu?

[thephotoman]

EasyUbuntu is better, but it's still not ideal. It retrieves the .debs from upstream and installs them, then leaves everything alone. Unfortunately, it doesn't grab updates.

The ideal solution would add universe and multiverse and then grab everything from there, w32codecs be damned (or installed a la EasyUbuntu. I'm thinking about writing something that does just that.

how bout making dist-upgrade work right...

[ikekrull]

Then you can start knocking other people's efforts.

I've been running Ubuntu since Hoary, and while i can usually upgrade to new versions using apt dist-upgrade or the ubuntu-supplied upgrade-manager, it has never worked flawlessly. and always required manual searching of the forums and config-editing to get things working again. With the lastest 2 upgrades, Dapper->Edgy made my system unusable after boot due to X problems, and Edgy-> Feisty broke my virtual consoles.

If Canonical themselves can't make an update system that works, how do they expect Automatix to do it?

Re:Could someone clarify why it is illegal?

[ivan256]

So why didn't they make them into .debs, or wrap their installation in debian post-inst scripts, and distribute a script to add their repository to sources.list? Why did they need this atrocity of a program?

Re:I think it screws up when upgrading.

[dodongo]

Actually, they're free to distribute Fluendo's MP3 decoder [fluendo.com].

Re:Illegal?

[Warbothong]

"illegal software installer" can be interpreted two ways. Either as a software installer which is illegal (which Automatix is not), or as an installer for illegal software (which, in areas like the US, it certainly is (DeCSS, LAME, etc.), and in other areas it probably is too (for instance the Adobe Acrobat issue mentioned in the report)).

It is a shame that those with the ability to make correct, safe software installers and those with the inclination to make souht-after-but-problematic-software installers are two seperate camps.

Personally I do not like Automatix anyway, from experience trying to help those in IRC for whom these problems have surfaced, but for the most part its functionality seems to be that of an extremely limited package installer, ie. a vast amount of the stuff it installs (Java, Flash, MP3/etc. codecs, media player browser plugins, etc.) can be found in Synaptic or the Add/Remove tool along with thousands of other packages, Automatix just limits the selection to the most popular ones, along with some third-party unpackaged software (the installation and removal of which seems to be the main cause of its problems). I can't help feeling, however, that if people actually want to install a Java VM or multimedia codecs then looking for them in Applications>Add/Remove is very straightforward, whereas Automatix gives such a small selection that users of it would end up installing stuff they might not need or want simply because it is there for free so they might as well. If they spent their time in the Add/Remove tool doing this then they might end up finding better quality, better integrated, better supported software for a much broader range of things, but of course that might end up *shock horror* introducing people to new software which doesn't pay whatever company dominates that particular field.

Re:Why?

[vrmlguy]

Unfortunately, past experience has shown that the devs will not "fix the bugs and provide the software again", instead they are more likely to flame anyone who mentions the article and then run into a corner and pout.

Some things not so benign.

[Cerebus]

In debug mode, automatix will write files to your home directory as root. Again, more of an irritation than anything dangerous.

What, he's never heard of a symlink attack [google.com]?