{"id":1317,"date":"2008-05-13T15:00:46","date_gmt":"2008-05-13T20:00:46","guid":{"rendered":"http:\/\/brucegarrett.com\/brucelog\/1317"},"modified":"2008-05-13T15:00:46","modified_gmt":"2008-05-13T20:00:46","slug":"why-i-dont-use-debian-family-linux","status":"publish","type":"post","link":"https:\/\/brucegarrett.com\/brucelog\/1317","title":{"rendered":"Why I Don&#8217;t Use Debian Family Linux"},"content":{"rendered":"<p>Via Slashdot&#8230;&nbsp; In a nutshell&#8230;<\/p>\n<blockquote>\n<h3><a href=\"http:\/\/it.slashdot.org\/it\/08\/05\/13\/1533212.shtml\">Debian Bug Leaves Private SSL\/SSH Keys Guessable<\/a><\/h3>\n<p>SecurityBob writes <em>&quot;Debian package maintainers tend to very often modify the source code of the package they are maintaining so that it better fits into the distribution itself. However, most of the time, their changes are not sent back to upstream for validation, which might cause some <a href=\"http:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=477454\">tension between upstream developers and Debian packagers<\/a>. Today, <a href=\"http:\/\/article.gmane.org\/gmane.linux.debian.security.announce\/1614\">a critical security advisory<\/a> has been released: a Debian packager modified the source code of OpenSSL back in 2006 so as to remove the seeding of OpenSSL random number generator, which in turns makes cryptographic key material generated on a Debian system guessable. The solution? Upgrade OpenSSL and re-generate all your SSH and SSL keys. This problem not only affects Debian, but also all its derivatives, such as Ubuntu.&quot;<\/em>\n<\/p>\n<\/blockquote>\n<p>At last year&#8217;s Open Source Conference in Portland (<a href=\"https:\/\/brucegarrett.com\/brucelog\/wp-admin\/www.conferences.oreilly.com\/oscon\/\">OSCON<\/a>), I was made aware of a wee dust-up between the Apache project and &quot;some&quot; Linux distros.&nbsp; Specifically, the Apache folks were complaining that certain Linux Distributions routinely modified their product, sticking libraries and configuration files wherever they damn well pleased because that was how, in their opinion, things should work.&nbsp;\n<\/p>\n<p>Now&#8230;the beauty of Linux and open source in general is that it is open and community driven and anyone can do whatever they damn well please with it.&nbsp; I hope it always stays that way, <a href=\"http:\/\/www.groklaw.net\/article.php?story=20080511115151164\">Microsoft&#8217;s backdoor attempts to stifle it notwithstanding<\/a>.&nbsp; But the other side of that coin is that if you modify someone else&#8217;s software to work with yours now it&#8217;s your responsibility.&nbsp; The Apache folks were complaining that they could not help end users configure their servers when they themselves didn&#8217;t know how the software worked anymore, particularly when it came to configuring it.&nbsp; That&#8217;s not a trivial complaint coming from a project that powers the majority of web servers.&nbsp; Most of what you see on the World Wide Web was fed to you by an Apache server, running on either Linux or Unix.<\/p>\n<p>Well, the Debian folks pretty well knew who the Apache folks were talking about and sure as the sun rises they started pointing their fingers back at Apache&#8217;s big monolithic configuration file, and other in-their-righteous-opinion Apache shortcomings.&nbsp; Begun, the clone wars have&#8230;<\/p>\n<p>My feeling is, if you change it you own it.&nbsp; At least in the sense of now you have to support it.&nbsp; At minimum you ought to run your &quot;fixes&#8217; by the people who are maintaining the software you are &quot;correcting&quot;.&nbsp; They might actually appreciate what you&#8217;ve done and incorporate the changes into their build.&nbsp; Or they might tell you why you shouldn&#8217;t do that.&nbsp; Sometimes you should listen to that.&nbsp; But from what I hear, listening isn&#8217;t one of the Debian project&#8217;s best points.\n<\/p>\n<p>I keep hearing about how wonderful Ubuntu is, and knowing that it&#8217;s a Debian family distro I&#8217;ve been highly reluctant to bother with it.&nbsp; I get along fine in the Red Hat family.&nbsp; For the past couple years I&#8217;ve been happily running CentOS here at Casa del Garrett and I admit I would like it a lot better if it came bundled with better multi-media support, but on the other hand adding packages to it isn&#8217;t hard because everything is pretty much where everyone expects it to be.&nbsp; Yes, I have to configure a lot of it in its own specific way, as opposed to having a nice common configuration system to do it for me.&nbsp; If you want consistency, open source isn&#8217;t going to work for you.&nbsp; Try Apple.&nbsp; Seriously.&nbsp; I run Macs here at Casa del Garrett too and damned if I haven&#8217;t been impressed by how well integrated everything is on a Mac.&nbsp; I do all my artwork on Bagheera, my art room G5 tower, because it just gets out of my way when I&#8217;m in a creative mood and lets me create.&nbsp; I love that.&nbsp; On the other hand, it&#8217;s like that because Steve won&#8217;t let software developers color outside the lines.&nbsp; Just ask anyone who ever unlocked an iPhone.&nbsp; That&#8217;s why I&#8217;m still running Linux here too.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Via Slashdot&#8230;&nbsp; In a nutshell&#8230; Debian Bug Leaves Private SSL\/SSH Keys Guessable SecurityBob writes &quot;Debian package maintainers tend to very often modify the source code of the package they are maintaining so that it better fits into the distribution itself. However, most of the time, their changes are not sent back to upstream for validation, [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[36,19],"class_list":["post-1317","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-computer-geeking","tag-the-jackass-chronicles"],"_links":{"self":[{"href":"https:\/\/brucegarrett.com\/brucelog\/wp-json\/wp\/v2\/posts\/1317","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/brucegarrett.com\/brucelog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/brucegarrett.com\/brucelog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/brucegarrett.com\/brucelog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/brucegarrett.com\/brucelog\/wp-json\/wp\/v2\/comments?post=1317"}],"version-history":[{"count":0,"href":"https:\/\/brucegarrett.com\/brucelog\/wp-json\/wp\/v2\/posts\/1317\/revisions"}],"wp:attachment":[{"href":"https:\/\/brucegarrett.com\/brucelog\/wp-json\/wp\/v2\/media?parent=1317"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/brucegarrett.com\/brucelog\/wp-json\/wp\/v2\/categories?post=1317"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/brucegarrett.com\/brucelog\/wp-json\/wp\/v2\/tags?post=1317"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}