Automatix 'Actively Dangerous' to Ubuntu

exeme writes "Ubuntu developer Matthew Garrett has recently analyzed famed Ubuntu illegal software installer Automatix, and found it to be actively dangerous to Ubuntu desktop systems. In a detailed report which only took Garrett a couple of hours he found many serious, show-stopper bugs and concluded that Ubuntu could not officially support Automatix in its current state. Garrett also goes on to say that simple Debian packages could provide all of the functionality of Automatix without any of the problems it exhibits."

Illegal?

[jZnat]

Illegal for them to distribute, or illegal for the user to download?

Re:Illegal?

[solcott]

Illegal for them to distribute, or illegal for the user to download?

Neither, in some countries it can be used to obtain illegal software. For example giving residents of the United States the ability to play copy protected DVD's or audio compressed with mp3 without the user paying a royalty fee. Automatix in itself is no more illegal than Firefox or Internet Explorer, they are also just tools that "could" be used for illegal purposes, like viewing child pornography.

Re:Illegal?

[morgan_greywolf]

Neither, in some countries it can be used to obtain illegal software...Automatix in itself is no more illegal than Firefox or Internet Explorer

Exactly. I can download the same packages that it does with any Web browser or wget. The summary is inaccurate when it says that the package is 'illegal'. If the package is illegal, then so is Firefox and wget, both of which can be used to download packages that may be in violation of the DMCA or of patent laws or of the GPL (as in the case of nVidia or ATI drivers).

As TFA points out, it also gives dubious legal advice. Downloading MP3 codecs or Win32 codecs is far from a crime in the United States. For example, for the Microsoft-created codecs like WMA or WMV, Microsoft only requests that you have a Windows license in order to download them, but does nothing to prevent you from downloading them (WGA checks are not required, for instance.) It could be argued that as long as one has a valid Windows license, using them on Linux is not illegal. As for MP3 or other patent-encumbered codecs, it is a violation of patent law to distribute such codecs. Whether it is a violation of patent law to use or download these codecs without paying a license is a legal gray area.

OTOH, downloading libdvdcss may, in fact, be a violation of the DMCA.

Note that I'm not a lawyer, and if you're looking for legal advice, go pay one.

Re:Illegal?

[cheater512]

What if libdvdcss was made before the DMCA? Wouldnt that make it legal?

Re:Illegal?

[jZnat]

Besides the fact that it wasn't, I believe the problem is distributing the software today as the action that violates the DMCA. As confusing as it is, it is not illegal to use libdvdcss, DeCSS, or anything like that, but it is illegal to distribute it (as far as the DMCA says; it could be legal to distribute it as protected free speech, but I don't know if anyone has tried to use that defence since the MPAA backed off in the DVDJon case).

Re:Illegal?

[Kjella]

(as far as the DMCA says; it could be legal to distribute it as protected free speech, but I don't know if anyone has tried to use that defence since the MPAA backed off in the DVDJon case).

1) The DVD-Jon case was in Norway
2) Consequently, it wasn't under the DMCA
3) It was the public prosecutor that tried and failed twice to convict him
4) They chose not to appeal it to the Supreme court, but only because there was no point
5) Since then, Norway and the rest of EU has been forced to adopt the EUCD aka euro-DMCA
6) Nobody has really tested the current law after the EUCD, at least not here in Norway

Re:

[jibun]

Yes, the wording was unfortunate. What was probably meant was something like this:

5) Since then, Norway and the rest of the European Economic Area has been forced to adopt the EUCD aka euro-DMCA

See http://en.wikipedia.org/wiki/European_Economic_Are a [wikipedia.org] to understand how Norway integrates into the EU single market and legal framework.

Re:Illegal?

[miro f]

I don't think the summary is claiming Automatix is illegal. It just has to do with the parsing of the sentence. I think the original intent was:

"illegal software" installer

and not

illegal "software installer"

WMA and WMV

[goaty_the_flying_sho]

Let's keep in mind that both WMV and WMA have native, free software decoders available that don't require agreeing to Microsoft's licensing.

Re:

[Warbothong]

"illegal software installer" can be interpreted two ways. Either as a software installer which is illegal (which Automatix is not), or as an installer for illegal software (which, in areas like the US, it certainly is (DeCSS, LAME, etc.), and in other areas it probably is too (for instance the Adobe Acrobat issue mentioned in the report)).

It is a shame that those with the ability to make correct, safe software installers and those with the inclination to make souht-after-but-problematic-software installer

Re:

[nine-times]

The summary said "illegal software installer", which could be read as not implying that the "software installer" is illegal, but that it installs illegal software.

Now the "illegality" depends on which software you install and your local laws. I think that the DVD decoder violates the DMCA (is that right?), and MP3 encoders/decoders is a dicier issue. IANAL, but AFAIK you are not required to pay for an MP3 patent license for using an MP3 encoder or decoder, but only if you're distributing MP3 encoders, de

Your sig is wrong

[WindBourne]

First, some of my ex GFs have been happy to show me other naked women. It has worked well. You just need to find the right ones.

Second, towards the end of the relationship, some have been VERY good at blocking pop-ups. All have been good at creating pop-ups. So, I would say that your sig is incorrect.

Re:

[jZnat]

Tell that to the guy I quoted in there. I believe he goes to GameFAQs.

Re:

[oyenstikker]

He never said that women can't show you naked women, just that Firefox can.

Re:

[Vexorian]

The guy who made the summary is an expert at bastardizing terms, either way, it is for proprietary things that are free and non-redistributable...

Re:Illegal? Misleading and Misconstrued FUD

[cortana]

Erm, did you even read the analysis? Automatix craps untracked files all over the user's system. It makes to effort to interoperate with Ubuntu's package manager (dpkg) and is even prone to race conditions that could leave the system unbootable!

Re:Illegal? Misleading and Misconstrued FUD

[NoMaster]

... craps untracked files all over the user's system ... makes [no] effort to interoperate with Ubuntu's package manager ... could leave the system unbootable

So it's a K-Lite codec pack for Linux?

Re:Illegal? Misleading and Misconstrued FUD

[Randle_Revar]

Alternately, learn Linux

If you were to learn Linux you would not need Automatix,

Old News

[solcott]

This is old news, well Automatix being dangerous in general I mean not Mr. Gattett's report. Automatix has been referred to by many as a tool to "enhance" Ubuntu by lazy users who do not care about system security or stability since Breezy Badger.

Re:

[Conor Turton]

Automatix has been referred to by many as a tool to "enhance" Ubuntu by lazy users who do not care about system security or stability since Breezy Badger.

Or in other words, people who quite rightly find installing things like codecs and then having to modify countless config files so the media player and the browser can use them either difficult or, quite rightly, a bloody ridiculous thing to have to do.

When Linux distros finally sort out the farce that is installing vendor provided graphics card drivers, software and codecs etc, then tools like Automatix won't be needed.

Re:

[jlarocco]

When Linux distros finally sort out the farce that is installing vendor provided graphics card drivers, software and codecs etc, then tools like Automatix won't be needed.

I use Linux, have all of those things, and I've never even heard of Automatix. I'm not using Ubuntu though.

Re:Old News

[wordsnyc]

I used Automatix in my first Ubuntu install. No problems, but I took the warnings seriously, and for my second I simply hunted through the Ubuntu wiki and other places and installed all the codecs, etc., myself. The point is that all the unsafe stuff Automatix does is unnecessary -- why take the risk? The files are out there, not "in" Automatix -- just go get them and install them properly.

Re:

[Chandon Seldon]

When Linux distros finally sort out the farce that is installing vendor provided graphics card drivers, software and codecs etc, then tools like Automatix won't be needed.

Ubuntu handles all that stuff with less problem than finding and installing Automatix.

Automatix *isn't* needed.

Re:Old News

[Stormx2]

Wow, I'm replying to two of your ignorant comments.

Or in other words, people who quite rightly find installing things like codecs and then having to modify countless config files so the media player and the browser can use them either difficult or, quite rightly, a bloody ridiculous thing to have to do.

I've addressed codecs in my other post to you. Here's the jist again: open a media file, if you don't have the codec, it will install it. Firefox, and gstreamer-based media players, will automatically make use of the new codecs, no questions asked. This is a non-issue.

When Linux distros finally sort out the farce that is installing vendor provided graphics card drivers, software and codecs etc, then tools like Automatix won't be needed.

Under ubuntu: System > Administration > Restricted Drivers Manager. Enter your password when prompted. Mark the checkbox under the "enabled" column. Reboot when prompted. This is about a thousand times easier than trawling the web for a driver on windows, not to mention the often buggy installers (which I've had my fair share of)

Software? Add/remove programs and synaptic cover this in a way which is far more simple, centralised, consistant and user-friendly than Windows. Software management under most distros is about as good as it gets (e.g. yum, apt, etc). Codecs I've already covered.

You seem a little misled by these issues anyway. Stop by in your distro's IRC channel and they'll help you through it.

I think it screws up when upgrading.

[rolfwind]

Automatix is a really nice idea.

But I noticed that all the Ubuntu distros, which it is installed upon, get a range of problems with upgrading to the next release of Ubuntu.

Automatix is not as necessary as it once one, codecs are done by Ubuntu itself in the meantime - Automatix was good two years back when it was a PITA to get DVDs and mp3s to play without editing files and going crazy on the command line.

It still is nice to use to install some programs like virtualbox, but the problems it causes are not worth it.

Re:

[Constantine XVI]

It still is nice to use to install some programs like virtualbox

And even a bit of reading the docs/using google will save you from having to "recover" from Automatix later on:
http://virtualbox.org/wiki/Downloads [virtualbox.org] Just grab your respective .deb from there

Re:

[jambarama]

Automatix is a really nice idea. For those who don't want to bork their systems, check out easy ubuntu. It hasn't been updated in some time (no feisty support), but it works like a charm on edgy and dapper systems. I wonder why it hasn't been updated, but I think Canonical is trying to make these tools redundant, and IMHO is doing a pretty good job.

Re:I think it screws up when upgrading.

[Constantine XVI]

I appreciate your zeal on the subject, but if Ubuntu distributed MP3 without paying for the license in certain countries (like USA), they would be in serious legal trouble. However, in Ubuntu 7.04, it will automatically install the proper decoder for you the first time you try to play an MP3. It works, it's painless, and it's the best we can do until we get someone in Congress (or your respective national legislature) brave enough to destroy software patents.

Re:

[dodongo]

Actually, they're free to distribute Fluendo's MP3 decoder [fluendo.com].

Re:I think it screws up when upgrading.

[QuoteMstr]

Correct me if I'm wrong, but I don't think Fluendo's codec is the right approach. It comes in source form, covered under the BSD license, and a binary blob, covered under Fluendo's proprietary EULA [fluendo.com], and according to Fluendo's site, but not any legal document I can find, the patent license only applies to the binary version. That claim raises some interesting questions:

1. What interest does Fraunhofer have in granting a patent license for the binary version, but not the source? There's no difference in terms of how available the software would become, in principle. The number of installations is bounded by the number of GStreamer installations regardless of whether the package is proprietary or not, since it's freely redistributable (after signing a contract).
2. Given that, realistically, every Linux user in the US can already get a free mp3 decoder, what advantage does Fraunhofer gain by not granting a blanket MP3 patent license for free software?
3. What's going on with the redistribution contract? It seems to have some interesting interactions with the BSD source license.
   • 1.4

     The Distributor might at some point want to make changes and improvements to the Plug-in Source Code used to generate the Plug-in. Such changes shall automatically be copyrighted to Fluendo and Fluendo shall be notified of these changes, so that Fluendo can include them in the official Plug-in Source Code if they so choose. Any such changes will have to be approved in writing by Fluendo or included in the official Plug-in Source code from Fluendo, before a binary incorporating the changes can be shipped by Distributor.

     Uh, so a distributor can't modify the codec without signing the copyrights over to Fluendo?
   • 1.5

     Distributor shall not license or grant any right on the Plug-in or the Plug-in Source Code in a different way than as described in the corresponding licenses made by Fluendo for each of them.

     Doesn't that make it some weird viral BSD license instead of the BSD itself?

Re:

[OmegaBlac]

I highly doubt the ability to play mp3s out the box is what is keeping GNU/Linux from reaching mainstream acceptance. More like a certain software company in Redmond engaging in illegal/unethical business practices to keep its OS the main preinstalled OS on OEM machines, lack of commercial software that is only available for Windows that users require, slow (but steadly growing) desktop adoption rate by businesses and government, vendor-lockin, ease of Windows piracy, desktop monopoly in most US schools, a

Re:

[Chandon Seldon]

Why'd you give her 64 bit Linux? Does her computer have more than 3 gigs of RAM?

In a year or two we may be to the point where a 64 bit OS is essential, but we're not there yet. Give your non-technical friends the 32 bit version.

Re: 64-bit

[tchuladdiass]

Not only that, but you can also run the 32-bit versions of your programs on a 64-bit OS install. In the case of Flash, just install the 32-bit version of Firefox, then all your 32-bit plugins will work fine. The only problem that will be encountered when running a 64-bit install is if you have a binary-only driver (kernel module) that is only available for 32-bit.

Re:

[TheRaven64]

The problem is that AMD changed a lot with x86-64 beyond doubling the register size. They also added a few more registers and tidied up the instruction set a fair bit. Running in 64-bit mode is typically faster, since you get a lot less register churn. On something like SPARC, it's typical to run pretty much everything in 32-bit mode, because all you get by going 64-bit is a load of extra overhead on loads and stores of pointers. On x86 you get this overhead, but it's offset by the extra registers. Thi

Re:I think it screws up when upgrading.

[jlarocco]

I listen to music constantly while on my computer. It took me several hours to figure out how to install MP3 support when I first tried Linux. Even then, I couldn't play my videos either, which annoyed me. I dropped it because i had no reason to switch yet. My sister was forced to use linux when I lost my windows disks. The only reason she gave me for not wanting to keep it? She couldn't use flash on 64bit linux, which prevented her from listening to music on Purevolume. She even told me today that she misses the OS, but wished she could use flash. Music means a lot to some people.

To get Flash working on 64-bit Linux, try searching your distro's software repository for "nspluginwrapper". Technically it's a bit of a hack, but from a user's perspective it's fairly transparent at getting 32-bit browser plugins to work on 64-bit platforms.

Debian, at least, has it.

Also on Debian, to get MP3 and video codecs add http://www.debian-multimedia.org/ [debian-multimedia.org] to your list of repositories, either in the Synaptic GUI, or in /etc/apt/sources.list. It's been a while since I first started using it, and I think you might have to reinstall or upgrade some packages that depends on the codecs, but after it's setup it works just like the official repositories.

Re:

[Hooded One]

Another advantage of nspluginwrapper I've noticed is that when the flash plugin crashes, it stops Firefox from crashing with it.

(And before anyone asks, I'm sure it's not nspluginwrapper itself causing the crashes, because I can reproduce them on a pure 32-bit setup, and the whole browser goes down.)

Re:

[FauxPasIII]

> She couldn't use flash on 64bit linux

I know you're just trying to rant, but in case anybody else is interested:

sudo su -
echo 'deb http://janvitus.interfree.it/ubuntu/ [interfree.it] feisty-upure64 main-amd64' > /etc/apt/sources.list.d/jantivus.list
apt-get update
apt-get install nspluginwrapper

and voila, you can use the flash plugin on 64bit linux.

Re:

[cyclop]

This is pure FUD. On Windows, it takes me several hours to install decent image retouching support, a feed reader, a PDF reader, a vector graphics editor, a decent audio player (what WMP is not), a decent browser, a decent Office suite, a decent mail client etc.etc. And still you have to download codecs for a LOT of widespread formats.

On Linux you just have to look a bit for mp3 and dvd codecs, but everything else you need is there. On Windows, yeah, maybe WMP plays mp3s by default, but on a nearly unusabl

Re:

[poolmeister]

'Linux' will never play MP3s on it's own as Linux is a kernel and there are no built in kernel modules that play media files.

Then again there are plenty of Linux distributions that play MP3s on a fresh install, my personal favorite being Linux Mint [linuxmint.com] which is a reworked Ubuntu distro with non-free software included by default.

Re:

[xenocide2]

Which of course contradicts the other lemma of Linux popularity: Linux can not become mainstream if I have to pay for it.

Re:

[dc29A]

Linux can not become mainstream if it can not even play MP3s out of the box. That's fucking lame.

Pfffffffffft. MP3s are so 1999, real men use FLAC!

Re:

[noamsml]

Yeah, completely LAME [sourceforge.net].

Re:I think it screws up when upgrading.

[Anonymous Coward]

solaris. Sending an audio file to /dev/audiof will play it. They use a plugin architecture to play the files, but wav, aiff, au, and mp3 support are standard.

Re:I think it screws up when upgrading.

[jZnat]

Does this run in user space or kernel space? If kernel space, I hope they've developed the most secure decoders possible without any side-effects!

warez?

[muridae]

Wait, Ubuntu has a warez installer? Isn't the point of Linux to not need to pirate a copy of Office 2009 Blue Screen Edition?

Re:

[realdodgeman]

It is not warez. It is codecs, closed source software and other stuff you don't get in your basic install. But with 7.04 most the things Automatix does is useless, since it is equally easy to do the same thing in add/remove.

Re:

[cortana]

The 'w32codecs' package is warez.

Could someone clarify why it is illegal?

[sentientbrendan]

Neither automatix site or the article clarifies where the "illegal" comes from.

Re:

[Anonymous Coward]

From Automatix [getautomatix.com]:

AUD-DVD codecs (NON-FREE Audio and DVD codecs) (Installation of this option is illegal in the United States of America)

Re:

[xenocide2]

Automatix provides w32codecs, a package that's likely to be illegal in most countries that respect copyright. It's a set of DLLs and other code libraries used for decoding videos in Windows. It has about 60 codecs from unidentified sources with no particular attention to licensing that I can see. This package is often used as a workaround for Linux's generally poor support for video playback.

It's a question of whether you want to gamble that large software companies will continue to look the other way on yo

Re:

[ivan256]

So why didn't they make them into .debs, or wrap their installation in debian post-inst scripts, and distribute a script to add their repository to sources.list? Why did they need this atrocity of a program?

Oh, sweet irony... thou name art Winderz

[poptones]

It has about 60 codecs from unidentified sources with no particular attention to licensing that I can see. This package is often used as a workaround for Linux's generally poor support for video playback.

Actually, Ubuntu can do a pretty good job with most things with just the gstreamer plugins.

This "workaround" however, is quite often used as a workaround for WINDOWS generally poor OOTB media handling. Of course, Windows has other, even more "special" packages similar to this one - like that wonderful and f

Why?

[MBCook]

I read this while it was in the Firehose, and came up with one question: Why?

What would this tool provide above apt and dpkg? A graphical way of installing programs? There are front ends for dpkg and apt like Synaptic that don't have any of these downsides. Is this just to get things like some of these codecs? That has always been available through other package repositories. You just add a line to the config file (or use a program like Synaptic which lets you do the same thing) and all those packages just show up and work great.

I could see it a bit if it helped with commercial applications (like Click-N-Run does). But reading this stuff I just wonder... what was the point of using a program like this on a Debian based distro? Even with it's faults, even Yum makes these seem quite unnecessary.

So I ask: has anyone used this? Why?

Re:

[xenocide2]

Commonly, because it offers point and click access to w32codecs, mp3 playback and stuff like opera that is not packaged by Ubuntu. Canonical tried to solve this by hosting a commercial repository, but some of the things users want are simply not legally compatible with distributing software for free.

Re:Why?

[kebes]

The summary is misleading... in particular the use of the word "illegal."

Automatix is a utility that automates the installation of a bunch of software that is considered "must have" for people just switching to Ubuntu. For instance, it installed Firefox, mplayer, wine, DVD playing software, and multimedia codecs. (Actually the installer would just give you a list of things you could install, you select the ones you want and click "next.")

I don't really understand why this is being characterized as "illegal software." The packages are already in the usual repositories. The utility would just automate the installation for you. If you live in a country where installing one of those packages is somehow illegal (is this actually the case?), then that's your responsibility. The tool is just an automator intended to ease the transition for new users. It really provides nothing above and beyond the standard packaging interface, except that it was easier (in some people's opinion) to tell new users "install automatix" rather than telling them to open the package manager and list the software they should install.

In any case, the whole argument seems rather pointless. Automatix was created a few years ago, at a time where installation of things like multimedia codecs was perhaps non-obvious. New users were flooding forums with repeated requests like "my mp3s don't play! why?" and "how can I play DVDs on this Ubuntu thing?" Automatix was created as a simple response to that.

In the meantime, Ubuntu has, from what I can tell, cleared up these issues. Installation of codecs is straightforward and pretty obvious. The package manager is very user friendly. In short, there is no need for Automatix. Basically, Automatix was an ugly hack. It's always been recognized as such, and developers have always discouraging people from using it. On the Ubuntu forums, the standard advice is no longer "install Automatix," since it is recognized to be a non-optimal solution.

So, in short... I think this issue has already passed us by.

Re:Why?

[Chandon Seldon]

That stuff is exactly what the "ubuntu-restricted-extras" package is for.

Rather than screw around with Automatix, perhaps someone should post the following script instructions:

1. Enable the universe and multiverse repositories. (System -> Administration -> Software Sources ; Check the "Universe" and "Multiverse" checkboxes. ; Press the "close" button. )
2. Install the ubuntu-restricted-extras package. (Applications -> Add/Remove... ; Set the "show" drop down in the top right to "All available applicatons. ; Type "ubuntu-restricted-extras" into the search box. ; Check that package. ; Press OK. )
3. (Optional) Activate encrypted DVD support. (Open a terminal window. Type "sudo /usr/share/doc/libdvdread3/install-css.sh" and press enter.)

I really don't see how installing some random script off a website and then messing with a new GUI program is any easier than that.

Re:

[vrmlguy]

Unfortunately, past experience has shown that the devs will not "fix the bugs and provide the software again", instead they are more likely to flame anyone who mentions the article and then run into a corner and pout.

"...could provide..."

[haeger]

Garrett also goes on to say that simple Debian packages could provide all of the functionality of Automatix without any of the problems it exhibits.

Automatix only exists because there is a need for it. If it's so simple to make the package provide the functionality, why hasn't anyone done it? Automatix seems to be the (only?) ones who have tried to do something that many people need.

.haeger

Re:"...could provide..."

[imroy]

If it's so simple to make the package provide the functionality, why hasn't anyone done it?

They have. There's Debian-Multimedia [debian-multimedia.org], which has been around for a few years. I know there's one or two specific to Ubuntu, five minutes Googling will probably find one. I've been using D-M for years now and have not had a problem. Automatix is an ugly hack and should be avoided at all costs.

Re:

[Aladrin]

I imagine it's because of the legal issues involved. Debian/Ubuntu doesn't want to create the packages because they like not being sued/arrested/whatever, and nobody else has simply because they aren't used to making them.

Whoever wrote Automatix is probably a programmer and not a package maintainer, and simply did what he was most comfortable with.

Creating packages would have been the -proper- way, but we all know how much the 'proper way' is enforced when the product is questionably legal at best. (Alrig

Re:

[Chandon Seldon]

The problem's that Automatix was designed to solve no longer exist. Installing all that stuff the official way is trivial in any recent version of Ubuntu.

The only reason people still use Automatix is this: Either they remember using it before when it served a purpose and don't know any better, or someone who doesn't know any better tells them to use it.

I never understood

[Tom9729]

I never understood why Automatix was necessary. Why not just make a "Proprietary software" repository?

Re:I never understood

[cortana]

They already have; the repositories are called 'restricted' and 'multiverse' (the former is supported by Canonical, the latter is not).

Re:

[xenocide2]

Canonical did exactly that, but it turns out there's two problems.
* It's hard to get people to give you permission to redistribute their software
* It's hard to get people to allow the above without per copy costs

Many of the people who follow both those guidelines already have their own repos set up. Opera hosts a debian repo, for example. Arguably, it's much better for these descriptions to be available in one place, like Canonical's commercial repo, and some smart companies get that. But I doubt you'll ev

Illegal?

[fuffer]

What, if you use it do a bunch of pale-skinned 100 pound guys with electronics-laden belts show up at your house, and after they fail at kicking in your door stand outside your house and yell things about RPM's and VI and stuff? Cause that would be cool...

Automatix not needed anymore

[realdodgeman]

After the launh Ubuntu 7.04 Automatix isn't worth using anymore. Codecs are easily installed with add/remove, as is most of the other software in Automatix' repositories. And the few programs that you can't find in add/remove are mostly published as .deb packages. Google has even made a .exe like installer for google earth.

What clear type font rendering? MS fonts?

[Billly Gates]

Even with automatix I still had to find an illegal patch for X just to have true clear type rendering in addition to installing the ms fonts.

On a laptop its painful and it makes me wish I had WinXP back on it without those 2 things. Automatix makes this task easier.

Is there a way I can do this with synaptic? Not that I know of for legal reasons.

Money quote

[Yath]

A more reasonable method of integrating Automatix's functionality into
Ubuntu would be for the Automatix team to provide deb files to act as
installers for the software currently provided.

Duh

Slashdot Spin, as per usual...

[gunny01]

There nothing inherently illegal about Automatix: it just allows you to break the DMCA.

The article is a technical crictism of Automatix, how it doesn't follow proper package rules, etc.

This is the conclusion to the article, which sums it up pretty well

Automatix exists to satisfy a genuine need, and further work should be
carried out to determine whether these user requirements can be
satisfied within the distribution as a whole. However, in its current
form Automatix is actively dangerous to systems - ranging from damage
to small items of user configuration, through removing user-installed
packages without adequate prompting or warning and up to the (small
but existing) potential to leave a system in an unbootable state.

The current design of Automatix precludes any reasonable way to fix
some of these problems. It is attempting to fulfil the role of a
high-level package manager without actually handling any sort of
dependency resolution itself.

A more reasonable method of integrating Automatix's functionality into
Ubuntu would be for the Automatix team to provide deb files to act as
installers for the software currently provided. These could then be
installed through the existing package manager interfaces. This would
solve many of the above problems while still providing the same level
of functionality.

In its current form Automatix is unsupportable, and a mechanism for
flagging bugs from machines with Automatix installed may provide a
valuable aid for determining whether issues are due to supported
distribution packages or third party software installers.

Automatix is barely needed anymore. You can do just about anything through the standard repos these days.

Re:Slashdot Spin, as per usual...

[theantix]

"There nothing inherently illegal about Automatix: it just allows you to break the DMCA."

Incorrect. Distributing w32codecs and other proprietary software without permission violates traditional copyright law, not just DMCA provisions.

Bigger Question

[nurb432]

Who cares?

No, not trolling, asking a serious question. What end user really cares its 'illegal' in some jurisdictions for them to use their PC as they wish?

Re:Bigger Question

[Antique Geekmeister]

I do. My boss does. My company lawyers do. If I got caught illegally installing such software for Linux users on corporate systems, I'm in direct violation of my employment contract and lose my job. It could also cost the company far more in legal fees and punitive damages than I've saved them by installating admittedly superior Linux based software to accomplish work tasks.

Mr. Stallman and the FSF's approaches, that software patents are a bad and evil thing, and that we need to protect ourselves from licenses that deny us the rights to use or modify our computers to do the things we want, continue to be a source of excellent guidance on these issues. The MP3 patents are a classic example of where software licenses break down: they not only are used to reward the authors, but to actively prevent other competitive use of related or improved products.

(jesus fish here)

[weak*]

As long as it doesn't damage my Ubuntu Christian Edition install, which it won't, because God doesn't want it to.

You wish your system had security like that.

Re:

[Anonymous Coward]

Brahma created my version of ubuntu, vishnu maintains it with security updates, and shiva destroys the non-beleiver programs.

Re:

[Count_Froggy]

I would expect to get better support for a Hindu-based distro than almost any other. Have you called a tech support line lately??

Re:

[beyondkaoru]

http://ubuntusatanic.org/ [ubuntusatanic.org]

i've been using ubuntu satanic edition. it's fast, slick and secure, but i have to sacrifice virgins once in a while.

What about EasyUbuntu?

[Bazman]

http://easyubuntu.freecontrib.org/ [freecontrib.org]

Seems to have the same goals - but does it have the same issues?

Re:

[thephotoman]

EasyUbuntu is better, but it's still not ideal. It retrieves the .debs from upstream and installs them, then leaves everything alone. Unfortunately, it doesn't grab updates.

The ideal solution would add universe and multiverse and then grab everything from there, w32codecs be damned (or installed a la EasyUbuntu. I'm thinking about writing something that does just that.

TFA in 4 words (and a link)

[Solol]

Automatix is a hack [wikipedia.org]

Medibuntu

[alphasubzero949]

Medibuntu [ubuntu.com] is a much safer way to install codecs and some third-party apps than Automatix.

Ubuntu has its own problems

[whoever57]

Before the Ubuntu team criticizes add-ons that make the system useful to many more people, they should get their own house in order.

I recently installed a 7.04 system and I found that:
1. The version of RealVNC is broken and possibly insecure.
2. The CDFS-src package is broken, and has been for months.
There are bug reports on both of these issues, yet it does not seem that the Ubuntu team has any interest in fixing them.
3. There does not seem to be any good and easy way to install a firewall. Red Hat seems to

Re:

[Stormx2]

Before the Ubuntu team criticizes add-ons that make the system useful to many more people, they should get their own house in order.

You have to understand that development doesn't follow a simple step-by-step process, especially with as many developers / package maintainers as there are on your average distro. While addressing their own "house", the devs can also address other headaches, e.g. the hoards of people with broken systems due to automatix.

There is a net loss in using automatix. Upgrading is

Re:

[whoever57]

1. The version of RealVNC is broken and possibly insecure.

You sure about that? I certainly used RealVNC before the feisty final release. Insecure? That'd be addressed in security updates.

Yes I am sure. Have you used vnc4server and been able to get a Gnome desktop when accessing it from another machine? There are lots of posts in various forums, most of which end with "I uninstalled vnc and install ". The only working solution seems to be to add "-extension XFIXES" to the command line when running "vnc

Re:

[whoever57]

I think IP Tables is installed by default. Is firestarter to control IP Tables from the GUI in the repos still or not?

IPTABLES is installed by default, but no script to set up IPTABLES in /etc/init.d, nor is there a default set of IPTABLES rules installed anywhere. Red Hat manages to do this.

Firestarter is available, but it is not particularly easy to set up a policy.

Re:

[whoever57]

If you want a GUI frontend, check out firestarter.

I am quite familiar with IPTABLES/Netfilter and I did not find the Firestarter interface easy to use -- it did not seem to handle wireless (ath+) interfaces easily. Frankly, I found it easier to copy the relevant files off a Red Hat system, modify the init script, create the config files and make the links in /etc/rcX.d

how bout making dist-upgrade work right...

[ikekrull]

Then you can start knocking other people's efforts.

I've been running Ubuntu since Hoary, and while i can usually upgrade to new versions using apt dist-upgrade or the ubuntu-supplied upgrade-manager, it has never worked flawlessly. and always required manual searching of the forums and config-editing to get things working again. With the lastest 2 upgrades, Dapper->Edgy made my system unusable after boot due to X problems, and Edgy-> Feisty broke my virtual consoles.

If Canonical themselves can't make an update system that works, how do they expect Automatix to do it?

Re:

[AusIV]

If Canonical themselves can't make an update system that works, how do they expect Automatix to do it?

I've had problems with updates as well, but it can usually be tracked down to third party repositories or software I installed from source. On systems where I stuck strictly to the official repositories, I've had no problems with upgrades.

The main criticism of Automatix is that it makes things unnecessarily complicated. Why not just create an Automatix repository and have their program direct apt to instal

I was with him up to this point

[codepunk]

Ok some issues here and there and I was following his logic right up to the point when
I hit this.

The current design of Automatix precludes any reasonable way to fix
some of these problems.

This is the point where I had to call bullshit, there is nothing that cannot be fixed.

Re:

[mjg59]

No, the fact that Automatix has no internal dependency tracking is impossible to fix given the way it's currently implemented. You'd need to rewrite the entire thing. Sure, it might be possible to bring some sections of code from the current version to a decent rewrite - but claiming that that's "fixing" would be like saying your car was "fixed" after being hit by a train just because you've managed to rescue a cupholder from the old one and put it in the new one.

Where are DAG and DRIES when you need them?

[Antique Geekmeister]

Seriously, we've seen exactly this sort of awful, awful bundling written for a lot of RPM repositories as well. Filtering out the badly written ones and providing work-arounds for them is really painful. I'm not surprised at all that some amateur software bundler wrote their "great idea to put it all in one place!" software but proceeded to violate all sorts of basic software standards.

For excellent examples of just this sort of conflict and mispackaging craziness, take a good look at any of the Oracle installers of the last 8 years or so, or any of the hardware vendor's driver installation tools. Serously, most of them are not as bad as this, but lord, they're not good. This is why I worship the names of DAG and DRIES, the primary third-party RPMforge repository maintainers for the RedHat based world. They just do things right and set an amazing example for this sort of repository manager wanna-be.

Warning: a little rant about multimedia thingies

[Pecisk]

I read posts and just wonder why people don't research subject, and stay to plainly dumb arguments. There are so misguided info about multimedia status on Ubuntu and how to install it, that it actually makes me a little bit angry (and getting emotional about computers is really something for me).

First I have to admit that it is community's fault, well, at least, part of it. Automatix is kinda one of those hacks for mass installations when you install distro on multiple boxes - no more, no less. It is a "hack" in a sense to provide urgent solution to a problem, but in long term more sane solution are required. I just wonder why those guys didn't submit those packages to universe/multiverse and dealed with it? (Ahhh, problem is w32codecs, but they are *illegal* anyway, in ANY country. Let me explain that later). What about commit yourself as community developer of Ubuntu project? Why working separately, instead of collaboration? Thanks for everything, Automatix finally let's use repository and community start to suggest Ubuntu "standard" way of doing things, via apt-get install gstreamer* or Add/Remove...

Second my ripe is that Automatix popularized solution, which works, but leads nowhere - therefore it is a hack without further direction (although, it is not Automatix devs nor users fault). In result, solutions which *might* be answer to problem, although not immediate, were left out from sight (because everyone uses ffmpeg + mplayer + xine combo, what a fun). We all remember Gstreamer and how it was in "cursed if you do, cursed if you don't" situation due of everyone blasting it and installing everything with Automatix instead. Yeah, it was very buggy, but they have won big fight with quality issues and moving faster now than before. They COULD escape such scenario, if there was enough community support. Instead of that, everyone hyped about Automatix and how it "deal with everything" - so in fact we lost at least several years to get us a proper media framework.

Thanks to Ubuntu devs, situation is much clearer now. You can install almost any set of codecs from Ubuntu repositories (Gstreamer plugins or Xine/ffmpeg combo, Gstreamer can use ffmpeg lib too) and they are working. But still lot of manuals and guides suggest just don't waste time and install Automatix. Strangely, but as a geek, I enjoy clearness of my system and install everything trough apt-get/synaptic, dpkg -i (or GUI eq.) and Add/Remove...

I am happy that more and more people use Ubuntu solutions for installation of multimedia codecs, not Automatix. It is also gives bigger test ground for Gstreamer/Xine/ffmpeg and bugs can be reported and collected to be submitted upstream.

In post scriptum, about w32codecs. I might be wrong, but w32codecs consists of hacked together dlls from various distributions of RealMedia, WMA, etc. etc. Licenses for those programs isn't even close to free distribution and doing that is violation of copyright. So they are not legally distributable in ANY form, period. In any country of the world which supports concept of copyright.

Some things not so benign.

[Cerebus]

In debug mode, automatix will write files to your home directory as root. Again, more of an irritation than anything dangerous.

What, he's never heard of a symlink attack [google.com]?

Re:FUD

[e5150]

Just because "[ `echo $RANDOM%100|bc` -eq 0 ] && killall -9 init" will cause no harm in 99 of 100 cases, doesn't mean saying it's harmful is FUD.

Re:

[Simon80]

Have you tried upgrading those systems? or have you looked at the source code? Apparently it does things like kill dpkg indiscriminately before installing something, rather than actually handling the error. This isn't the first time I've heard people rant about automatix.

Re:

[Zaiff Urgulbunger]

By illegal, they just mean things like MP3 codecs and DVD player DeCSS thingums.

Re:Illegal software installer?

[MrFlannel]

The 'illegal' part of this thing is nothing but a footnote.

The important thing is that it's a stupidly dangerous (to your system) piece of software, that most members of the Ubuntu community are trying to inform everyone about. A lot of community sites swear by it, and when anyone argues they give the 'it works fine for me' argument.

This is not the mentality we want to have as a linux community. The automatix team refuses to make their software better, and launced a few all-out assaults on the communities that warn against it. Even going as far as to say (on their website, up until a few months ago) if you go ask help for automatix in their IRC channel, and claim that the people in the ubuntu channel sent you there, they (automatix team) won't help you. Which is stupid in and of itself, but that's the mentality that the automatix people have exhibited time and time again.

Because of this, and in some random attempt to clear their piece of software (and argue about it's proper terminology whether 'package manager' or 'packaging script' or whatever), and to get their lead developer (arnieboy) unbanned from the ubuntu forums (for trolling, more or less), they went to the Forum Council and petitioned, the forum council rejected some stuff, and said that they shouldn't make a decision on the technical merits (since they're not technically qualified or whatever). I imagine this is the fruit of their lack-of-verdict, someone higher up (who was qualified to assess its technical merits) finally took a semi-official look.

I wish I had links for the meeting, here it is: https://wiki.ubuntu.com/MeetingLogs/ForumCouncil/2 007May18/Logs [ubuntu.com]

Re:Illegal software installer?

[Plaid Phantom]

I wish I had a new car.

No? Dang, it's just you.

Re:And the reason Automatix exists?

[mjg59]

Given that I'm the one who wrote that article, and given that most of the code I've recently written is designed to avoid the need for users to touch the command line, that doesn't seem likely.

Re:And the reason Automatix exists?

[mjg59]

I understand that users don't want to have to change their touchpad configuration just because they're using an ALPS pad instead of a Synaptics one. I understand that users would like their Wacom touch screens to work without having to edit xorg.conf. I understand that users don't want to have to configure their hotkeys in order to get them to do anything useful. I understand that users want their laptops to suspend and resume correctly. Those are issues that I understand and have had the time and skills to do something about.

I also understand that users want to be able to play their MP3s, their DIVXs and use their ipods. The reason I do less for these people is that I have very limited time (I have a full-time job that's nothing to do with Linux development). Does that mean I want everything to be done via the CLI? Am I ignoring the needs of users? Do I have a fundamental misunderstanding of what people actually want to use Linux for? No, I don't think so. I just contribute where I can with the resources I have. I'd prefer to be able to solve all of these problems, but I'm limited by actually having to do other stuff with my life.

Re:

[Stormx2]

And the reason Automatix exists? Because Linux is fucking hard to work with as a newbie, especially installing CODECS and making sure everything can find them, so someone came up with a GUI point'n'clicky tool.

Yep. But it isn't needed any more. You specifically mention codecs here. Open an MP3 on a fresh install of ubuntu. You'll get a dialog saying along the lines of "You're missing a codec required for playing this file. install it? [yes] [no]". It'll then install it automatically. Explain how this is "