Automatix 'Actively Dangerous' to Ubuntu 284
exeme writes "Ubuntu developer Matthew Garrett has recently analyzed famed Ubuntu illegal software installer Automatix, and found it to be actively dangerous to Ubuntu desktop systems. In a detailed report which only took Garrett a couple of hours he found many serious, show-stopper bugs and concluded that Ubuntu could not officially support Automatix in its current state. Garrett also goes on to say that simple Debian packages could provide all of the functionality of Automatix without any of the problems it exhibits."
Illegal? (Score:2)
Re:Illegal? (Score:5, Informative)
Re:Illegal? (Score:5, Interesting)
As TFA points out, it also gives dubious legal advice. Downloading MP3 codecs or Win32 codecs is far from a crime in the United States. For example, for the Microsoft-created codecs like WMA or WMV, Microsoft only requests that you have a Windows license in order to download them, but does nothing to prevent you from downloading them (WGA checks are not required, for instance.) It could be argued that as long as one has a valid Windows license, using them on Linux is not illegal. As for MP3 or other patent-encumbered codecs, it is a violation of patent law to distribute such codecs. Whether it is a violation of patent law to use or download these codecs without paying a license is a legal gray area.
OTOH, downloading libdvdcss may, in fact, be a violation of the DMCA.
Note that I'm not a lawyer, and if you're looking for legal advice, go pay one.
Re:Illegal? (Score:4, Interesting)
Re:Illegal? (Score:5, Interesting)
Re:Illegal? (Score:4, Informative)
1) The DVD-Jon case was in Norway
2) Consequently, it wasn't under the DMCA
3) It was the public prosecutor that tried and failed twice to convict him
4) They chose not to appeal it to the Supreme court, but only because there was no point
5) Since then, Norway and the rest of EU has been forced to adopt the EUCD aka euro-DMCA
6) Nobody has really tested the current law after the EUCD, at least not here in Norway
Re: (Score:3, Informative)
Re:Illegal? (Score:5, Insightful)
"illegal software" installer
and not
illegal "software installer"
WMA and WMV (Score:2, Informative)
Re: (Score:3, Interesting)
It is a shame that those with the ability to make correct, safe software installers and those with the inclination to make souht-after-but-problematic-software installer
Re: (Score:3, Insightful)
The summary said "illegal software installer", which could be read as not implying that the "software installer" is illegal, but that it installs illegal software.
Now the "illegality" depends on which software you install and your local laws. I think that the DVD decoder violates the DMCA (is that right?), and MP3 encoders/decoders is a dicier issue. IANAL, but AFAIK you are not required to pay for an MP3 patent license for using an MP3 encoder or decoder, but only if you're distributing MP3 encoders, de
Your sig is wrong (Score:4, Funny)
Second, towards the end of the relationship, some have been VERY good at blocking pop-ups. All have been good at creating pop-ups. So, I would say that your sig is incorrect.
Re: (Score:2, Funny)
Re: (Score:3, Funny)
Re: (Score:2)
Re:Illegal? Misleading and Misconstrued FUD (Score:5, Informative)
Re:Illegal? Misleading and Misconstrued FUD (Score:5, Funny)
Re:Illegal? Misleading and Misconstrued FUD (Score:5, Insightful)
If you were to learn Linux you would not need Automatix,
Old News (Score:5, Informative)
Re: (Score:2, Insightful)
Automatix has been referred to by many as a tool to "enhance" Ubuntu by lazy users who do not care about system security or stability since Breezy Badger.
Or in other words, people who quite rightly find installing things like codecs and then having to modify countless config files so the media player and the browser can use them either difficult or, quite rightly, a bloody ridiculous thing to have to do.
When Linux distros finally sort out the farce that is installing vendor provided graphics card drivers, software and codecs etc, then tools like Automatix won't be needed.
Re: (Score:3, Informative)
I use Linux, have all of those things, and I've never even heard of Automatix. I'm not using Ubuntu though.
Re:Old News (Score:5, Insightful)
Re: (Score:3, Informative)
Ubuntu handles all that stuff with less problem than finding and installing Automatix.
Automatix *isn't* needed.
Re:Old News (Score:4, Informative)
Software? Add/remove programs and synaptic cover this in a way which is far more simple, centralised, consistant and user-friendly than Windows. Software management under most distros is about as good as it gets (e.g. yum, apt, etc). Codecs I've already covered.
You seem a little misled by these issues anyway. Stop by in your distro's IRC channel and they'll help you through it.
I think it screws up when upgrading. (Score:5, Interesting)
But I noticed that all the Ubuntu distros, which it is installed upon, get a range of problems with upgrading to the next release of Ubuntu.
Automatix is not as necessary as it once one, codecs are done by Ubuntu itself in the meantime - Automatix was good two years back when it was a PITA to get DVDs and mp3s to play without editing files and going crazy on the command line.
It still is nice to use to install some programs like virtualbox, but the problems it causes are not worth it.
Re: (Score:2)
And even a bit of reading the docs/using google will save you from having to "recover" from Automatix later on:
http://virtualbox.org/wiki/Downloads [virtualbox.org] Just grab your respective
Re: (Score:2)
Re:I think it screws up when upgrading. (Score:5, Informative)
Re: (Score:3, Interesting)
Re:I think it screws up when upgrading. (Score:4, Informative)
Re: (Score:3, Interesting)
Re: (Score:3, Insightful)
Why'd you give her 64 bit Linux? Does her computer have more than 3 gigs of RAM?
In a year or two we may be to the point where a 64 bit OS is essential, but we're not there yet. Give your non-technical friends the 32 bit version.
Re: 64-bit (Score:3, Informative)
Re: (Score:3, Informative)
Re:I think it screws up when upgrading. (Score:5, Informative)
To get Flash working on 64-bit Linux, try searching your distro's software repository for "nspluginwrapper". Technically it's a bit of a hack, but from a user's perspective it's fairly transparent at getting 32-bit browser plugins to work on 64-bit platforms.
Debian, at least, has it.
Also on Debian, to get MP3 and video codecs add http://www.debian-multimedia.org/ [debian-multimedia.org] to your list of repositories, either in the Synaptic GUI, or in /etc/apt/sources.list. It's been a while since I first started using it, and I think you might have to reinstall or upgrade some packages that depends on the codecs, but after it's setup it works just like the official repositories.
Re: (Score:2)
(And before anyone asks, I'm sure it's not nspluginwrapper itself causing the crashes, because I can reproduce them on a pure 32-bit setup, and the whole browser goes down.)
Re: (Score:3, Informative)
I know you're just trying to rant, but in case anybody else is interested:
sudo su -
echo 'deb http://janvitus.interfree.it/ubuntu/ [interfree.it] feisty-upure64 main-amd64' >
apt-get update
apt-get install nspluginwrapper
and voila, you can use the flash plugin on 64bit linux.
Re: (Score:3, Insightful)
This is pure FUD. On Windows, it takes me several hours to install decent image retouching support, a feed reader, a PDF reader, a vector graphics editor, a decent audio player (what WMP is not), a decent browser, a decent Office suite, a decent mail client etc.etc. And still you have to download codecs for a LOT of widespread formats.
On Linux you just have to look a bit for mp3 and dvd codecs, but everything else you need is there. On Windows, yeah, maybe WMP plays mp3s by default, but on a nearly unusabl
Re: (Score:2, Interesting)
Then again there are plenty of Linux distributions that play MP3s on a fresh install, my personal favorite being Linux Mint [linuxmint.com] which is a reworked Ubuntu distro with non-free software included by default.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re:I think it screws up when upgrading. (Score:5, Interesting)
Re:I think it screws up when upgrading. (Score:4, Insightful)
warez? (Score:3, Funny)
Re: (Score:2, Informative)
Re: (Score:2)
Could someone clarify why it is illegal? (Score:2)
Re: (Score:2, Informative)
Re: (Score:3, Informative)
It's a question of whether you want to gamble that large software companies will continue to look the other way on yo
Re: (Score:3, Interesting)
Oh, sweet irony... thou name art Winderz (Score:2)
Actually, Ubuntu can do a pretty good job with most things with just the gstreamer plugins.
This "workaround" however, is quite often used as a workaround for WINDOWS generally poor OOTB media handling. Of course, Windows has other, even more "special" packages similar to this one - like that wonderful and f
Why? (Score:4, Insightful)
I read this while it was in the Firehose, and came up with one question: Why?
What would this tool provide above apt and dpkg? A graphical way of installing programs? There are front ends for dpkg and apt like Synaptic that don't have any of these downsides. Is this just to get things like some of these codecs? That has always been available through other package repositories. You just add a line to the config file (or use a program like Synaptic which lets you do the same thing) and all those packages just show up and work great.
I could see it a bit if it helped with commercial applications (like Click-N-Run does). But reading this stuff I just wonder... what was the point of using a program like this on a Debian based distro? Even with it's faults, even Yum makes these seem quite unnecessary.
So I ask: has anyone used this? Why?
Re: (Score:2)
Re:Why? (Score:5, Informative)
Automatix is a utility that automates the installation of a bunch of software that is considered "must have" for people just switching to Ubuntu. For instance, it installed Firefox, mplayer, wine, DVD playing software, and multimedia codecs. (Actually the installer would just give you a list of things you could install, you select the ones you want and click "next.")
I don't really understand why this is being characterized as "illegal software." The packages are already in the usual repositories. The utility would just automate the installation for you. If you live in a country where installing one of those packages is somehow illegal (is this actually the case?), then that's your responsibility. The tool is just an automator intended to ease the transition for new users. It really provides nothing above and beyond the standard packaging interface, except that it was easier (in some people's opinion) to tell new users "install automatix" rather than telling them to open the package manager and list the software they should install.
In any case, the whole argument seems rather pointless. Automatix was created a few years ago, at a time where installation of things like multimedia codecs was perhaps non-obvious. New users were flooding forums with repeated requests like "my mp3s don't play! why?" and "how can I play DVDs on this Ubuntu thing?" Automatix was created as a simple response to that.
In the meantime, Ubuntu has, from what I can tell, cleared up these issues. Installation of codecs is straightforward and pretty obvious. The package manager is very user friendly. In short, there is no need for Automatix. Basically, Automatix was an ugly hack. It's always been recognized as such, and developers have always discouraging people from using it. On the Ubuntu forums, the standard advice is no longer "install Automatix," since it is recognized to be a non-optimal solution.
So, in short... I think this issue has already passed us by.
Re:Why? (Score:5, Informative)
That stuff is exactly what the "ubuntu-restricted-extras" package is for.
Rather than screw around with Automatix, perhaps someone should post the following script instructions:
I really don't see how installing some random script off a website and then messing with a new GUI program is any easier than that.
Re: (Score:3, Interesting)
"...could provide..." (Score:4, Insightful)
Automatix only exists because there is a need for it. If it's so simple to make the package provide the functionality, why hasn't anyone done it? Automatix seems to be the (only?) ones who have tried to do something that many people need.
Re:"...could provide..." (Score:5, Informative)
They have. There's Debian-Multimedia [debian-multimedia.org], which has been around for a few years. I know there's one or two specific to Ubuntu, five minutes Googling will probably find one. I've been using D-M for years now and have not had a problem. Automatix is an ugly hack and should be avoided at all costs.
Re: (Score:2)
Whoever wrote Automatix is probably a programmer and not a package maintainer, and simply did what he was most comfortable with.
Creating packages would have been the -proper- way, but we all know how much the 'proper way' is enforced when the product is questionably legal at best. (Alrig
Re: (Score:2)
The problem's that Automatix was designed to solve no longer exist. Installing all that stuff the official way is trivial in any recent version of Ubuntu.
The only reason people still use Automatix is this: Either they remember using it before when it served a purpose and don't know any better, or someone who doesn't know any better tells them to use it.
I never understood (Score:2, Insightful)
Re:I never understood (Score:5, Informative)
Re: (Score:2)
* It's hard to get people to give you permission to redistribute their software
* It's hard to get people to allow the above without per copy costs
Many of the people who follow both those guidelines already have their own repos set up. Opera hosts a debian repo, for example. Arguably, it's much better for these descriptions to be available in one place, like Canonical's commercial repo, and some smart companies get that. But I doubt you'll ev
Illegal? (Score:5, Funny)
Automatix not needed anymore (Score:3, Informative)
What clear type font rendering? MS fonts? (Score:2)
On a laptop its painful and it makes me wish I had WinXP back on it without those 2 things. Automatix makes this task easier.
Is there a way I can do this with synaptic? Not that I know of for legal reasons.
Money quote (Score:3, Insightful)
Duh
Slashdot Spin, as per usual... (Score:4, Informative)
The article is a technical crictism of Automatix, how it doesn't follow proper package rules, etc.
This is the conclusion to the article, which sums it up pretty well
Automatix is barely needed anymore. You can do just about anything through the standard repos these days.
Re:Slashdot Spin, as per usual... (Score:5, Informative)
Incorrect. Distributing w32codecs and other proprietary software without permission violates traditional copyright law, not just DMCA provisions.
Bigger Question (Score:2)
No, not trolling, asking a serious question. What end user really cares its 'illegal' in some jurisdictions for them to use their PC as they wish?
Re:Bigger Question (Score:4, Insightful)
Mr. Stallman and the FSF's approaches, that software patents are a bad and evil thing, and that we need to protect ourselves from licenses that deny us the rights to use or modify our computers to do the things we want, continue to be a source of excellent guidance on these issues. The MP3 patents are a classic example of where software licenses break down: they not only are used to reward the authors, but to actively prevent other competitive use of related or improved products.
(jesus fish here) (Score:5, Funny)
You wish your system had security like that.
Re: (Score:2, Funny)
Re: (Score:3, Funny)
Re: (Score:2)
i've been using ubuntu satanic edition. it's fast, slick and secure, but i have to sacrifice virgins once in a while.
What about EasyUbuntu? (Score:2)
Seems to have the same goals - but does it have the same issues?
Re: (Score:3, Interesting)
The ideal solution would add universe and multiverse and then grab everything from there, w32codecs be damned (or installed a la EasyUbuntu. I'm thinking about writing something that does just that.
TFA in 4 words (and a link) (Score:2)
Medibuntu (Score:5, Informative)
Ubuntu has its own problems (Score:2)
I recently installed a 7.04 system and I found that:
1. The version of RealVNC is broken and possibly insecure.
2. The CDFS-src package is broken, and has been for months.
There are bug reports on both of these issues, yet it does not seem that the Ubuntu team has any interest in fixing them.
3. There does not seem to be any good and easy way to install a firewall. Red Hat seems to
Re: (Score:3, Informative)
You have to understand that development doesn't follow a simple step-by-step process, especially with as many developers / package maintainers as there are on your average distro. While addressing their own "house", the devs can also address other headaches, e.g. the hoards of people with broken systems due to automatix.
There is a net loss in using automatix. Upgrading is
Re: (Score:2)
Yes I am sure. Have you used vnc4server and been able to get a Gnome desktop when accessing it from another machine? There are lots of posts in various forums, most of which end with "I uninstalled vnc and install ". The only working solution seems to be to add "-extension XFIXES" to the command line when running "vnc
Re: (Score:2)
Firestarter is available, but it is not particularly easy to set up a policy.
Re: (Score:2)
how bout making dist-upgrade work right... (Score:3, Interesting)
I've been running Ubuntu since Hoary, and while i can usually upgrade to new versions using apt dist-upgrade or the ubuntu-supplied upgrade-manager, it has never worked flawlessly. and always required manual searching of the forums and config-editing to get things working again. With the lastest 2 upgrades, Dapper->Edgy made my system unusable after boot due to X problems, and Edgy-> Feisty broke my virtual consoles.
If Canonical themselves can't make an update system that works, how do they expect Automatix to do it?
Re: (Score:2)
I've had problems with updates as well, but it can usually be tracked down to third party repositories or software I installed from source. On systems where I stuck strictly to the official repositories, I've had no problems with upgrades.
The main criticism of Automatix is that it makes things unnecessarily complicated. Why not just create an Automatix repository and have their program direct apt to instal
I was with him up to this point (Score:2)
I hit this.
The current design of Automatix precludes any reasonable way to fix
some of these problems.
This is the point where I had to call bullshit, there is nothing that cannot be fixed.
Re: (Score:2)
Where are DAG and DRIES when you need them? (Score:3, Informative)
For excellent examples of just this sort of conflict and mispackaging craziness, take a good look at any of the Oracle installers of the last 8 years or so, or any of the hardware vendor's driver installation tools. Serously, most of them are not as bad as this, but lord, they're not good. This is why I worship the names of DAG and DRIES, the primary third-party RPMforge repository maintainers for the RedHat based world. They just do things right and set an amazing example for this sort of repository manager wanna-be.
Warning: a little rant about multimedia thingies (Score:4, Insightful)
First I have to admit that it is community's fault, well, at least, part of it. Automatix is kinda one of those hacks for mass installations when you install distro on multiple boxes - no more, no less. It is a "hack" in a sense to provide urgent solution to a problem, but in long term more sane solution are required. I just wonder why those guys didn't submit those packages to universe/multiverse and dealed with it? (Ahhh, problem is w32codecs, but they are *illegal* anyway, in ANY country. Let me explain that later). What about commit yourself as community developer of Ubuntu project? Why working separately, instead of collaboration? Thanks for everything, Automatix finally let's use repository and community start to suggest Ubuntu "standard" way of doing things, via apt-get install gstreamer* or Add/Remove...
Second my ripe is that Automatix popularized solution, which works, but leads nowhere - therefore it is a hack without further direction (although, it is not Automatix devs nor users fault). In result, solutions which *might* be answer to problem, although not immediate, were left out from sight (because everyone uses ffmpeg + mplayer + xine combo, what a fun). We all remember Gstreamer and how it was in "cursed if you do, cursed if you don't" situation due of everyone blasting it and installing everything with Automatix instead. Yeah, it was very buggy, but they have won big fight with quality issues and moving faster now than before. They COULD escape such scenario, if there was enough community support. Instead of that, everyone hyped about Automatix and how it "deal with everything" - so in fact we lost at least several years to get us a proper media framework.
Thanks to Ubuntu devs, situation is much clearer now. You can install almost any set of codecs from Ubuntu repositories (Gstreamer plugins or Xine/ffmpeg combo, Gstreamer can use ffmpeg lib too) and they are working. But still lot of manuals and guides suggest just don't waste time and install Automatix. Strangely, but as a geek, I enjoy clearness of my system and install everything trough apt-get/synaptic, dpkg -i (or GUI eq.) and Add/Remove...
I am happy that more and more people use Ubuntu solutions for installation of multimedia codecs, not Automatix. It is also gives bigger test ground for Gstreamer/Xine/ffmpeg and bugs can be reported and collected to be submitted upstream.
In post scriptum, about w32codecs. I might be wrong, but w32codecs consists of hacked together dlls from various distributions of RealMedia, WMA, etc. etc. Licenses for those programs isn't even close to free distribution and doing that is violation of copyright. So they are not legally distributable in ANY form, period. In any country of the world which supports concept of copyright.
Some things not so benign. (Score:3, Interesting)
What, he's never heard of a symlink attack [google.com]?
Re:FUD (Score:5, Funny)
Re: (Score:2)
Re: (Score:3)
Re:Illegal software installer? (Score:5, Informative)
The important thing is that it's a stupidly dangerous (to your system) piece of software, that most members of the Ubuntu community are trying to inform everyone about. A lot of community sites swear by it, and when anyone argues they give the 'it works fine for me' argument.
This is not the mentality we want to have as a linux community. The automatix team refuses to make their software better, and launced a few all-out assaults on the communities that warn against it. Even going as far as to say (on their website, up until a few months ago) if you go ask help for automatix in their IRC channel, and claim that the people in the ubuntu channel sent you there, they (automatix team) won't help you. Which is stupid in and of itself, but that's the mentality that the automatix people have exhibited time and time again.
Because of this, and in some random attempt to clear their piece of software (and argue about it's proper terminology whether 'package manager' or 'packaging script' or whatever), and to get their lead developer (arnieboy) unbanned from the ubuntu forums (for trolling, more or less), they went to the Forum Council and petitioned, the forum council rejected some stuff, and said that they shouldn't make a decision on the technical merits (since they're not technically qualified or whatever). I imagine this is the fruit of their lack-of-verdict, someone higher up (who was qualified to assess its technical merits) finally took a semi-official look.
I wish I had links for the meeting, here it is: https://wiki.ubuntu.com/MeetingLogs/ForumCouncil/
Re:Illegal software installer? (Score:5, Funny)
I wish I had a new car.
No? Dang, it's just you.
Re:And the reason Automatix exists? (Score:5, Insightful)
Re:And the reason Automatix exists? (Score:4, Informative)
I also understand that users want to be able to play their MP3s, their DIVXs and use their ipods. The reason I do less for these people is that I have very limited time (I have a full-time job that's nothing to do with Linux development). Does that mean I want everything to be done via the CLI? Am I ignoring the needs of users? Do I have a fundamental misunderstanding of what people actually want to use Linux for? No, I don't think so. I just contribute where I can with the resources I have. I'd prefer to be able to solve all of these problems, but I'm limited by actually having to do other stuff with my life.
Re: (Score:3)
Yep. But it isn't needed any more. You specifically mention codecs here. Open an MP3 on a fresh install of ubuntu. You'll get a dialog saying along the lines of "You're missing a codec required for playing this file. install it? [yes] [no]". It'll then install it automatically. Explain how this is "