Re: why reliable linux hasn't gained more market share?

[John Hasler]

Children are taught in elementary school that computer == Windows.
-- 
John Hasler 
j...@sugarbit.com
Elmwood, WI USA

Re: why reliable linux hasn't gained more market share?

[tomas]

On Tue, Jul 30, 2024 at 10:44:37AM +0800, hlyg wrote:

[...]

> PS: i am aware that linux has more success in server market

... and the mobile market. Android is, on its underbelly, Linux
after all. So Linux might have the most installations out there,
I guess.

Not that Microsoft didn't try -- they even bought one big phone
manufacturer (Nokia) and killed [1] it in the process of trying
to ram Winphone down the people's throats (Sony paid its price
too). They failed miserably.

The downside of all of that is that it took another monster of
surveillance capitalism to float Linux on that platform, and that
this Linux is unfree in many other strange ways.

It's capitalism: it takes money to make money.

Cheers

[1] See Steven Elop if you want to have some spectacular corporate
   drama: https://en.wikipedia.org/wiki/Steven_Elop#CEO_of_Nokia

-- 
t


signature.asc
Description: PGP signature

Re: why reliable linux hasn't gained more market share?

[hlyg]

i realize i have asked hard question: why free OS hasn't beaten M$ in 
past 30 years? there's no easy answer, it requires years of experience 
in Windows and Linux


1st, programmers from proprietary software company are as clever as best 
from open source community. perhaps they are better organized, their gui 
is more consistent and smooth than linux's, comment by  Michael Grant


2nd, users that have intention to migrate to linux have already done so. 
in crowdstrike crisis, no one talk about replacing MS with linux. Andy 
Smith  point out that linux will have same problem if linux is used.


3rd, situation isn't favorable to linux, M$'s share is overwhelming, 
more users attract more developers, who write more apps, which attract 
more users. some apps run in Windows, not linux, making migration difficult


4th, price isn't decisive factor, switching cost is too high, learning 
to use M$'s applications takes significant time, effort, and training 
costs, few users are willing to switch away.


https://www.investopedia.com/terms/s/switchingcosts.asp

it's almost correct if Intuit is replaced by MS in web page above

it seems safe to bet that linux's share in desktop market won't change 
significantly in next 10 years.


PS: i am aware that linux has more success in server market

Re: why reliable linux hasn't gained more market share? [Dvorak]

[Russell L. Harris]

On Sun, Jul 21, 2024 at 07:55:29PM -0600, Shawn Jefferds wrote:
Your final statement makes me curious about learning Dvorak. 


Shawn Jefferds
??n ??f?rdz
Noli fovere canem ardentum

Vote Vader 2024!

On Sun, Jul 21, 2024, 11:37 Russell L. Harris  wrote:

   On Sun, Jul 21, 2024 at 04:48:19PM +0800, hlyg wrote:
   >
   >On 7/21/24 02:33, Russell L. Harris wrote:
   >>The same reasons the standard typewriter keyboard is QWERTY rather
   >>than Dvorak:
   >>
   >>= The precedent set by the first to market is powerful.
   >>
   >>= The influence of advertising upon a populace lacking in discernment
   >>and addicted to novelty is deadly.
   >>
   >>Add to that extortion and bribes and a compromised legal system.
   >>
   >>The QWERTY system was designed to slow down typists so as to reduce
   >>the problem of jamming of keys of a poorly-designed mechanism.
   >>
   >is it possible to remap keyboard to??Dvorak in X Window? does anyone
   >use it to speed up typing?
   >

   ISO published a Dvorak standard, but it was compromised, for the top
   (numeric) rows of keys were in the order 1234567890 .  Dvorak has the
   keys in the order 7531902468 .

   For several years now, Debian has offered both the bastardized ISO
   mapping ("US > Dvorak") and the original Dvorak arrangement ("US >
   Dvorak Classic").

   IBM manufactured a Selectric with the ISO Dvorak keyboard.  This was
   the original Selectric, not the Correcting Selectric II.

   Back when I ran Window$, one or two keyboard manufacturers (I seem to
   recall the name "Northgate") made Dvorak keyboards and even included a
   set of Dvorak keycaps.

   For me, a Macintosh guru changed the key mapping on a MacClassic to
   Dvorak.

   And long ago in Debian, with a bit of help, I managed to change the
   key mapping file to Dvorak.

   When in High School (A.D. 1963) I learned to type (QWERTY), the
   typewriters in the classroom had blank keycaps.  A layout chart was
   hung on the wall in the front of the room.  We learned to "touch
   type," and were able to reach 95 words per minute.

   I switched to Dvorak circa A.D. 1985, when I was given a project which
   required much typing.  I made learning Dvorak a matter of "swim or
   sink."  The first couple of weeks were painful, but within a month all
   was well.

   And when touch-typing, the labels on the keycaps do not matter.  All
   my keyboards are standard QWERTY.

   In an office environment, the guy using Dvorak with a keyboard labeled
   QWERTY has no worries about others messing with his computer.

   RLH



I always was a good typist, but before switching to Dvorak, I hated to
type numeric material.  But with the original Dvorak layout (in
Debian, Dvorak Classic) numbers are a joy.

Of course, with recent Debian systems, the keyboard mapping can
automatically change depending on the user, in which case the login
screen ought to be QWERTY; see SETTINGS MANAGER > KEYBOARD.

RLH

Re: why reliable linux hasn't gained more market share?

[Nicholas Geovanis]

On Sun, Jul 21, 2024, 10:03 AM Joe  wrote:

> 
>
> Basically, I think that with many more users, we would see more Windows
> users and they would be less secure in their habits. We've already seen
> this to some extent with Ubuntu. I don't think it's any more difficult
> to write a virus for Linux than for Windows, but the R number for such
> a virus, as epidemiologists would put it, would be very much less than
> one, so there's no point. No propagation. I think this would change,
> but this is of course just an opinion.
>

Linux servers are running headless in data centers, not on many desktops in
comparison. So the desktop set of intrusion vectors are not present on
them. Rarely does a human log into them, they're managed and usually
installed remotely using ansible, salt, CloudFormation on AWS, etc.
Software running on them answers requests at TCP ports, that's what they
do.

-- 
> Joe
>
>

Re: why reliable linux hasn't gained more market share? [Dvorak]

[Russell L. Harris]

On Sun, Jul 21, 2024 at 04:48:19PM +0800, hlyg wrote:


On 7/21/24 02:33, Russell L. Harris wrote:

The same reasons the standard typewriter keyboard is QWERTY rather
than Dvorak:

= The precedent set by the first to market is powerful.

= The influence of advertising upon a populace lacking in discernment
and addicted to novelty is deadly.

Add to that extortion and bribes and a compromised legal system.

The QWERTY system was designed to slow down typists so as to reduce
the problem of jamming of keys of a poorly-designed mechanism.

is it possible to remap keyboard to??Dvorak in X Window? does anyone 
use it to speed up typing?




ISO published a Dvorak standard, but it was compromised, for the top
(numeric) rows of keys were in the order 1234567890 .  Dvorak has the
keys in the order 7531902468 .

For several years now, Debian has offered both the bastardized ISO
mapping ("US > Dvorak") and the original Dvorak arrangement ("US >
Dvorak Classic").

IBM manufactured a Selectric with the ISO Dvorak keyboard.  This was
the original Selectric, not the Correcting Selectric II.

Back when I ran Window$, one or two keyboard manufacturers (I seem to
recall the name "Northgate") made Dvorak keyboards and even included a
set of Dvorak keycaps.

For me, a Macintosh guru changed the key mapping on a MacClassic to
Dvorak.

And long ago in Debian, with a bit of help, I managed to change the
key mapping file to Dvorak.

When in High School (A.D. 1963) I learned to type (QWERTY), the
typewriters in the classroom had blank keycaps.  A layout chart was
hung on the wall in the front of the room.  We learned to "touch
type," and were able to reach 95 words per minute.

I switched to Dvorak circa A.D. 1985, when I was given a project which
required much typing.  I made learning Dvorak a matter of "swim or
sink."  The first couple of weeks were painful, but within a month all
was well.

And when touch-typing, the labels on the keycaps do not matter.  All
my keyboards are standard QWERTY.

In an office environment, the guy using Dvorak with a keyboard labeled
QWERTY has no worries about others messing with his computer.

RLH

Re: CrowdStrike and drivers (was Re: why reliable linux hasn't gained more market share?)

[Jeffrey Walton]

On Sun, Jul 21, 2024 at 12:19 PM Hans  wrote:
>
> I do not agree to this. Updates should be installed as soon as they are
> available. Especially security updates. It shows , that within 24 hours after
> the release of an update, an exploit is available for this security hole.

I think you may be conflating two different updates. The first is the
OS or application's updates for a vulnerability, and second is the
antivirus updates to detect an attack using the vulnerability.

The science tells us that most compromised servers happen long after
an exploit is disclosed and patched. The majority of compromises
happen after 90 days, and continue for years afterwards. Confer,
.

So a Patch Management program that tests the OS or application
vendor's updates within about two weeks is usually going to be Ok.
Since it is the OS vendor or application vendor, it might be Ok to be
very aggressive in applying the updates since the OS or application
vendor are the experts for their product. That covers the first case -
OS or application updates for a vulnerability.

The second case is trickier - detecting an attack using the
vulnerability. This is where antivirus comes into play. In my mind's
eye, antivirus companies are an externality/third party, and their
work needs to be tested even more than the OS or application. The
testing needs to be more thorough because the third party does not
have specialized knowledge of the organization or the OS or
application. Yet the third party will likely run with highest of
privileges, and violate a number of the tenets laid out by Saltzer and
Schroeder. Confer,
.

> But you should do it corrdectly, like some hospitals did: First check with a
> canary (a testserver or some unimportant server), then, when everything is
> working without any problems, roll it out to the rest of the servers.

Are the hospitals checking the OS or application updates; or are they
checking the antivirus updates?

> Waiting for some days is a very very bad idea!
>
> I admit, that many people do not so, because they are comfortable and this
> requires more work. But it is the correct way!
>
> And really: This is not a new knowledge, this practice is standard since years
> (or should be everywhere).
>
> If one think, he must not do it and rely on the manufacturer, well his
> decision. If it breaks, i have no pity for him.

Jeff

Re: CrowdStrike and drivers (was Re: why reliable linux hasn't gained more market share?)

[Dan Ritter]

Stefan Monnier wrote: 
> >   - software updates that run as root (including Debian updates)
> > can run anything else as root
> 
> So, maybe a more relevant discussion is: what will happen when a Debian
> stable security update comes with a "big blunder" that crashes the most
> machines in early boot?
> 
> Admittedly, the wider variety of Debian installs might make the "most"
> above much less likely, but it's still something that can
> definitely happen.
> 
> What does Debian do to try and avoid that, and what do *we* (Debian
> users) do to try and mitigate that?


Testing is necessary but not sufficient. If you can afford to have a
spare machine or a spare VM that gets upgraded a few days before your
other machines do, and test the heck out of that.

At sufficient scale -- a scale which is within the reach of increasingly
many people as storage costs continue to reduce -- we can keep our own
mirrors of upstream.

-dsr-

Re: why reliable linux hasn't gained more market share?

[Anssi Saari]

hlyg  writes:

> why free OS hasn't gained more share even after 30 years of development?

But it has. The internet and what connects to it now mostly run Linux,
other than Microsoft's single niche. Mobile phones run a Linux
variant. The PC desktop is the only exception where they have
domination, anywhere else MS is an also-ran or nothing.

Microsoft was recently in near panic since they have nothing on mobile
and their main business (Windows + Office on PC desktops) is
shrinking. I guess they managed to compensate by becoming a cloud player
with Azure. Selling virtualized Linux now.

Re: CrowdStrike and drivers (was Re: why reliable linux hasn't gained more market share?)

[The Wanderer]

On 2024-07-20 at 22:07, Jeffrey Walton wrote:

> On Sat, Jul 20, 2024 at 9:46 PM The Wanderer 
> wrote:
> 
>> On 2024-07-20 at 09:19, jeremy ardley wrote:

>>> The problem is the Windows Systems Administrators who contracted
>>> for / allowed unattended remote updates of kernel drivers on
>>> live hardware systems. This is the height of folly and there is
>>> no recovery if it causes a BSOD.

>> All the sysadmins involved did is agree to let an
>> antivirus-equivalent utility update itself, and its definitions. I
>> would be surprised if this could not have easily happened with
>> *any* antivirus-type utility which has self-update capability; I'm
>> fairly sure all modern broad-spectrum antivirus-etc. suites on
>> Windows do kernel-level access in similar fashion. CrowdStrike just
>> happens to be the company involved when it *did* happen.
> 
> I was around when Symantec Antivirus did about the same to about
> half the workstations at the Social Security Administration. A
> definition file update blue screened about half the Windows NT 4.0
> and Windows 2000 hosts. That was about 50,000 machines, if I recall
> correctly.

There *is* a difference between this incident and that one, in the form
of the *scale* of the issue. But otherwise, yes, I've seen less-severe
breakages of this sort occur in the past as well.

>> That the sysadmins decided to deploy CrowdStrike does not make it 
>> reasonable to fault them for this consequence, any more than e.g.
>> if a gamer decided to install a game, and then the game required a
>> patch to let them keep playing, and that patch silently included
>> new/updated DRM which installed a driver which broke the system (as
>> I recall some past DRM implementations have reportedly done), it
>> would then be reasonable to fault the gamer. In neither case was
>> the consequence foreseeable from the decision.
> 
> Sysadmins don't make that decision in the Enterprise. That decision 
> was made above the lowly sysadmin's pay grade.

It does depend on the enterprise. In my organization, I'm fairly sure
the people who made the decision at least did so with informed input
from the sysadmins, including specifically the people who were
administering the existing antivirus solution (McAfee).

>>> The situation is recoverable if all the windows machines are
>>> virtual with a good backup/restore plan. The situation is not
>>> recoverable if the kernel updates are on raw iron running
>>> Windows.
>> 
>> The situation is trivially recoverable if you can get access to
>> the machine in a way which lets you either boot to safe mode and
>> get local-administrator access, or lets you boot an alternative
>> environment (e.g. live-boot media) from which you can read and
>> write to the hard drive.
> 
> I don't think it's trivial for some enterprises due to the sheer 
> number of machines and the remote workforce.

Yeah - after the fact it occurred to me that I hadn't specified that
what this is *not* is *automatable*, which has inevitable consequences
for the difficulty of scaling the solution out.

At most you could provide bootable media which would, when booted to,
fix the issue and reboot. (If you could set things up for that to be
available by PXE boot, and if you have everything configured to try PXE
booting first before booting locally, then maybe you could automate it
with nothing more than telling people to reboot any computer they see
affected? But even that type of solution has its limits.)

> I'm guessing the company I work for will spend the next week or month
> sorting things out. And the company is a medium size enterprise with
> about 30,000 employees. Imagine how bad it's going to be for an
> enterprise with 100,000 employees.

Oh, I can.

>> I've spent a fair chunk of my workday today going around to
>> affected computers and performing a variant of the latter process.
>> 
>> Once you've done that, the fix is simple: delete, or move out of
>> the way, a single file whose name claims that it's a driver. With
>> that file gone, you can reboot, and Windows will come up normally
>> without the bluescreen.
> 
> Unfortunately, I don't see this as scalable. It works fine for a
> small business with 100 employees, but not an enterprise.

My own organization has thousands of computers, something like 1000-3000
of which have CrowdStrike Falcon as their antimalware solution. The part
of our IT department which would typically be expected to handle the
client-side remediation of something like this (including making and
keeping appointments with remote workers who were impacted) is a maximum
of 16 people, and I believe we're currently working with two positions
empty.

That said, a *lot* of our CrowdStrike-using computers seem to have not
been affected; as far as I can tell, most of them were *off* for the
entire active-issue period, and so never received the problematic
update. Someone has estimated that only 8% of our total computers are
affected. (I don't know where they got the figure 

Re: CrowdStrike and drivers (was Re: why reliable linux hasn't gained more market share?)

[Hans]

I do not agree to this. Updates should be installed as soon as they are 
available. Especially security updates. It shows , that within 24 hours after 
the release of an update, an exploit is available for this security hole.

But you should do it corrdectly, like some hospitals did: First check with a 
canary (a testserver or some unimportant server), then, when everything is 
working without any problems, roll it out to the rest of the servers.

Waiting for some days is a very very bad idea!

I admit, that many people do not so, because they are comfortable and this 
requires more work. But it is the correct way!

And really: This is not a new knowledge, this practice is standard since years 
(or should be everywhere).

If one think, he must not do it and rely on the manufacturer, well his 
decision. If it breaks, i have no pity for him.

Best

Hans
> At the very least, updates should be avoided for a few days after
> release, unless they are the exceeding rare 'Oh my God, patch this
> yesterday' kind, such as when the malware writers of the world realised
> that Windows MetaFiles could contain executables...
> 
> Small businesses cannot really do as you say, but any business large
> enough to have logistics problems in fixing all of their machines
> quickly should do so.

Re: why reliable linux hasn't gained more market share?

[The Wanderer]

On 2024-07-21 at 10:42, Joe wrote:

> On Sat, 20 Jul 2024 15:27:17 -0400 gene heskett
>  wrote:
> 
>> And even you Hans, leave out the major, all encompassing, reason
>> for the lack of market share, which is that most business that have
>> a computerized system to run things also value what their MBA
>> says. And since there is no one to sue to cover their personal butt
>> in case the system goes south like cloudflare has in the last 3
>> days, M$ & cloudflare are a brick and morter legal target they can
>> sic the legal team onto.
>> 
>> Their is essentially no one in the linux arena to sue if things go
>>  south, so it doesn't take more than an eighth grade education to
>> see why they won't ever recommend linux no matter how superior it
>> may be at the end of a P report.  They have to have someone to
>> sue.  Bill Shakespear said it best when he wrote "first, we kill
>> all the lawyers." But MBA's had not yet crawled out of the slime
>> schools yet, so he can't be blamed for not including MBA's when he
>> wrote that famous phrase.
> 
> It's a little bit more subtle than that. Debian offers exactly the
> same software warranty as MS or CloudStrike i.e. zilch. Larger
> businesses generally buy service contracts from middlemen, who are
> the ones who get sued. And so they should be if they have not
> provided, as part of their contract, quick and reliable recovery
> systems, and immediate response to emergency calls.
> 
> Overnight full backups would have solved this problem,

How? That is, how would they have eliminated the need to go touch each
computer in order to get it reverted to a state where it can be managed
by e.g. the systems which could restore from the most recent backup?

> and it would never have arisen if the system admins had disabled
> automatic updates and waited the customary few days before applying
> them manually, to see how many people screamed on the day of
> release. Quite a few, in this case.

While I agree that the admins of the CrowdStrike backend systems should
have done more testing before releasing this update to be deployed to
client endpoints in the wild, I have no reason to think that that
release is controlled by an "automatic updates" mechanism, nor that it
is the type of update which it is customary to wait before releasing.

For the admins of the endpoint systems which are running the CrowdStrike
Falcon sensor, it really depends on which kind of update this was. If
this was a new version of the sensor software itself, then there is
indeed a delay mechanism available, and in fact built in to the control
console for the software, and I fully expect that most people who
administer the software for the client enterprises are taking advantage
of it.

That new-version-delay mechanism lets sysadmins divide their endpoints
into groups, and decide which sensor version each group will run: the
latest, the next-to-latest, or the one before that. (You can even move
endpoints from one group to another, and see them change versions - even
potentially downgrading - within short order.) At my own workplace, we
have nearly everything set to "the one before that", i.e. two versions
prior to the current release - exactly in order to avoid being hit by
problems like this one.

In this case, however, the problematic update appears to have gone out
to *all sensor versions simultaneously*.

That tells me that rather than being an update to the sensor itself,
this almost has to have been an update to the *data files* used by the
sensor as it operates - the equivalent of a definition update, for other
common antivirus-type tools. With most such tools that I'm aware of,
those type of updates are typically released *daily*, and being even one
day behind can leave you vulnerable to a zero-day exploit.

I am not at all certain that there is any mechanism to disable
"automatic update" of that type of data, or even that there *should* be;
I am certainly not aware of any customary practice of waiting a few days
before deploying that type of update. Even if there is such a mechanism
and such a practice, the frequent releases and the potentially high
impact of a delay would seem to make it unreasonable for sysadmins to be
expected to make use of them.

(I've snipped the rest of what you wrote, as I have no particular
disagreement with any of it, and agree with some in ways that I don't
feel the need to express.)

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Re: CrowdStrike and drivers (was Re: why reliable linux hasn't gained more market share?)

[Richmond]

Dan Ritter  writes:

> Richmond wrote: 
>> Jeffrey Walton  writes:
>> 
>> Yes the updates should be tested at every stage. Maybe people think that
>> they cannot stop updates, but they can use Group Policy to stop Windows
>> Update. Or maybe they are afraid if they don't allow virus updates then
>> they will allow a virus?
>
> This wasn't Windows Update. This is more akin to Firefox's
> Mozilla-owned self-updating.
>

Windows Updates should be tested too. I worded what I said quite
carefully.

Re: why reliable linux hasn't gained more market share?

[Nicolas George]

Joe (12024-07-21):
> And the important phrase there is 'if you want to'. The point is that
> many people, especially those accustomed to running with admin
> privileges on their Windows computers, would continue to do that.

 No, they will not. They will continue to follow the system
default, whatever it is.

And once again, this is a waste of time because being root is not what
matters on a personal computer.

-- 
  Nicolas George

Re: why reliable linux hasn't gained more market share?

[Nicolas George]

Alain D D Williams (12024-07-21):
> I only needed root as it was for another user.

Exactly. On a computer with only one user account, once the pirate have
access to that account, they can do everything that matters. Including
spy the root password next time it is typed, but why waste the time when
everything profitable is already there.

The root account is important for multi-users systems and servers with
privilege separation of services.

Regards,

-- 
  Nicolas George

Re: why reliable linux hasn't gained more market share?

[Alain D D Williams]

On Sun, Jul 21, 2024 at 05:18:46PM +0200, Nicolas George wrote:

> And it does not matter, because on a personal computer the root account
> is not what matters, what matters is the user account where you can
> install a key logger and get banking credentials or encrypt all the data
> and ask for a ransom.

Which is one of the big problems with MS Windows -- telemetry - which can do
that. Also things like Recall (which only lasted a few weeks recently -
thankfully, but I fear will reappear in some form).

But web browsers are a big problem: Chrome logs all sort of stuff to Google
(but not keystrokes I think), MS Edge does likewise - which is why I stick to
Firefox.

But if you have root access it is easy, I did it on a Unix system V machine in
the late 1980s, a few minutes work. I only needed root as it was for another
user.

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: why reliable linux hasn't gained more market share?

[Nicolas George]

Joe (12024-07-21):
> I accept what you say, the point I was making is that the more users,
> and they will be less IT-competent users, the more will login as root.

No, they will not.

And it does not matter, because on a personal computer the root account
is not what matters, what matters is the user account where you can
install a key logger and get banking credentials or encrypt all the data
and ask for a ransom.

Regards,

-- 
  Nicolas George

Re: why reliable linux hasn't gained more market share?

[Joe]

On Sat, 20 Jul 2024 22:13:00 +0200
Hans  wrote:

> > You missed one: Linux is virtually a virus-free environment, and a
> > large user base would mean many more people running as root, and it
> > would become worth the time of malware writers to target Linux.
> > Linux would become as virus-ridden as Windows.
> > 
> > It would also become a target for data harvesting, from which
> > Debian, at least, is refreshingly free. I have no doubt that MS
> > makes more money from user data sales than it does from sales of
> > domestic versions of Windows.  
> 
> I do not agree. This is an argument, i am often get confronted with.
> The more linux, the more malware? No, it isn't. See, linux is the
> most used OS in the server world. All important companies rely on it.
> EBay, Google, Amazon, and even Microsof. Its DNS running Linux.
> Cloudflare and others, too. 
> 
> So, these are really interesting targets, where you can really hurt
> lots of people. If linux would bre so easy to crack like Windows, the
> attackers would do. But it isn't. It is (mostly) secure by design. 
> 
> There are millions of "viruses" for Windows, but only a handfull of
> viruses (or rootkits) for linux. 
> 
> And think of OpenBSD: Only 2 security holes in more than 15 years.
> How many security holes got Windows in th elast 10-15 years? With all
> their money, which can buy any super, duper coder look at the result. 
> 
> No, I see it else. It can be done (OpenBSD is showing it). It is the
> arrogance of Microsoft (and many other companies). 
> 
> It is not the spread of Windows, it is theire bad quality what makes
> crackers attack this system. Low fruits, you know?
> 
> And there is another thing, that makes linux better: The developers
> want to write stable and secure software. It is theire joy and
> happiness. They do not mourn, when someone is telling a bug or a
> security hole. They are happy, to fix it. Making theire software,
> theire "baby" better. 
> 
> In market, the developers MUST do it, for them fixing software is
> just annoying and more work (for the same money). That is the
> differnce.
> 
> Note: I do not want to claim, linux developers are the better coders.
> But they are coding with theire heart. That makes the difference. 
> 
> It is not the spreading of software.
> 

I accept what you say, the point I was making is that the more users,
and they will be less IT-competent users, the more will login as root.
Windows still makes the first user an administrator, and it takes a bit
of fiddling to set up an unprivileged user and *always* *use* *it*.
It's inconvenient to keep entering the admin password (there's still no
sudo, as far as I know), so people prefer to run with admin privileges.
In most cases, nobody has ever told them why they shouldn't.

This never happens with Linux servers, and not usually with MS ones. I
spent a couple of years on the MS Small Business Server newsgroup,
before it went to web forum, and in every case of a server compromise
it turned out that the admin had been using the web from the server
console, obviously as an administrator. I tried to make this point over
and over, as did the more sensible regular contributors: don't surf the
web with admin privileges, and don't let your users do it.

Basically, I think that with many more users, we would see more Windows
users and they would be less secure in their habits. We've already seen
this to some extent with Ubuntu. I don't think it's any more difficult
to write a virus for Linux than for Windows, but the R number for such
a virus, as epidemiologists would put it, would be very much less than
one, so there's no point. No propagation. I think this would change,
but this is of course just an opinion.

-- 
Joe

Re: CrowdStrike and drivers (was Re: why reliable linux hasn't gained more market share?)

[Stefan Monnier]

>   - software updates that run as root (including Debian updates)
> can run anything else as root

So, maybe a more relevant discussion is: what will happen when a Debian
stable security update comes with a "big blunder" that crashes the most
machines in early boot?

Admittedly, the wider variety of Debian installs might make the "most"
above much less likely, but it's still something that can
definitely happen.

What does Debian do to try and avoid that, and what do *we* (Debian
users) do to try and mitigate that?


Stefan

Re: CrowdStrike and drivers (was Re: why reliable linux hasn't gained more market share?)

[Dan Ritter]

Richmond wrote: 
> Jeffrey Walton  writes:
> 
> Yes the updates should be tested at every stage. Maybe people think that
> they cannot stop updates, but they can use Group Policy to stop Windows
> Update. Or maybe they are afraid if they don't allow virus updates then
> they will allow a virus?

This wasn't Windows Update. This is more akin to Firefox's
Mozilla-owned self-updating.

Are we sufficiently far away from Debian now?

The relevant bits for Debian:

  - when you give root privileges to someone, they own your
computer

  - software updates that run as root (including Debian updates)
can run anything else as root

  - insiders and organizations you hire need to be part of your
security assessment

  - intentional and unintentional acts can do the same amount of
damage


-dsr-

-dsr-

Re: CrowdStrike and drivers (was Re: why reliable linux hasn't gained more market share?)

[Richmond]

Jeffrey Walton  writes:

> This is alarming (to me) from the YC post:
>
> "we push software to your machines any time we want,
> whether or not it's urgent, without testing it" seems to be
> core to the model...
>
> Updates need to be tested inside an organization's lab, and then
> tested with a sampling of the organization's computers. Then, an
> organization is free to release the update to all machines. All of
> that has to happen in two weeks to 30 days.
>

Yes the updates should be tested at every stage. Maybe people think that
they cannot stop updates, but they can use Group Policy to stop Windows
Update. Or maybe they are afraid if they don't allow virus updates then
they will allow a virus?

Re: why reliable linux hasn't gained more market share?

[Nicholas Geovanis]

On Sun, Jul 21, 2024, 12:40 AM  wrote:

> On Sat, Jul 20, 2024 at 03:27:17PM -0400, gene heskett wrote:
>
> [...]
>
> > And even you Hans, leave out the major, all encompassing, reason for the
> > lack of market share, which is that most business that have a
> computerized
> > system to run things also value what their MBA says.  And since there is
> no
> > one to sue to cover their personal butt in case the system goes south
> like
> > cloudflare has in the last 3 days, M$ & cloudflare are a brick and morter
> > legal target they can sic the legal team onto.
>
> First: it wasn't cloudflare -- it was CrowdStrike (a sec firm, of all
> things!)
>
> Second: nobody's going to sue them. Guess what? The big ones have lawyers,
> lots of them. And their best protected tech is "law tech". They wouldn't
> be skimping on quality if it didn't pay off.
>
> Case in point: Solarwinds. 2020, they had a row of high-level attacks
> which knocked off their customer's customers (AFAIR, one third of
> Sweden's supermarkets had to close for three to four days, among many
> other things).
> They were sued for $26 million, that's it.
>

Every time I meet or work for someone who is still running SolarWinds
products (many many :-)  I remind them of this: SolarWinds' source-code
repositories were broken into, the source-code modified by the intruders,
and their changes checked back in like good software developers :-) Then
the corporation sent you that software and you paid for it.

How do you feel? Suppose that the same thing was done to the software in
your car? Would you drive it again? Or in the aircraft you will fly-in next
month? Would you take that plane?

Cheers
>
> [1]
> https://en.wikipedia.org/wiki/SolarWinds#2019%E2%80%932020_supply_chain_attacks
>
> --
> t
>

Re: why reliable linux hasn't gained more market share?

[George at Clug]

Contrary to popular belief, the QWERTY layout was not designed to slow the 
typist down, but rather to speed up typing. 

Indeed, there is evidence that, aside from the issue of jamming, placing 
often-used keys farther apart increases typing speed, because it encourages 
alternation between the hands.

https://en.wikipedia.org/wiki/QWERTY




On Sunday, 21-07-2024 at 18:54 Nicolas George wrote:
> hlyg (12024-07-21):
> > is it possible to remap keyboard to Dvorak in X Window?
> 
> Yes, of course.
> 
> https://letmegooglethat.com/?q=Debian+dvorak
> 
> >   does anyone use it
> > to speed up typing?
> 
> No, only to feel smug.
> 
> # Later experiments have shown that many keyboard designs, including some
> # alphabetical ones, allow very similar typing speeds to QWERTY and Dvorak
> # when typists have been trained for them, suggesting that Dvorak's
> # careful design principles may have had little effect because keyboard
> # layout is only a small part of the complicated physical activity of
> # typing.[19]
> 
> https://en.wikipedia.org/wiki/Dvorak_keyboard_layout
> 
> Regards,
> 
> -- 
>   Nicolas George
> 
> 

Re: why reliable linux hasn't gained more market share?

[Nicolas George]

hlyg (12024-07-21):
> is it possible to remap keyboard to Dvorak in X Window?

Yes, of course.

https://letmegooglethat.com/?q=Debian+dvorak

> does anyone use it
> to speed up typing?

No, only to feel smug.

# Later experiments have shown that many keyboard designs, including some
# alphabetical ones, allow very similar typing speeds to QWERTY and Dvorak
# when typists have been trained for them, suggesting that Dvorak's
# careful design principles may have had little effect because keyboard
# layout is only a small part of the complicated physical activity of
# typing.[19]

https://en.wikipedia.org/wiki/Dvorak_keyboard_layout

Regards,

-- 
  Nicolas George

Re: why reliable linux hasn't gained more market share?

[hlyg]

On 7/21/24 02:33, Russell L. Harris wrote:

The same reasons the standard typewriter keyboard is QWERTY rather
than Dvorak:

= The precedent set by the first to market is powerful.

= The influence of advertising upon a populace lacking in discernment
and addicted to novelty is deadly.

Add to that extortion and bribes and a compromised legal system.

The QWERTY system was designed to slow down typists so as to reduce
the problem of jamming of keys of a poorly-designed mechanism.

is it possible to remap keyboard to Dvorak in X Window? does anyone use 
it to speed up typing?

Re: CrowdStrike and drivers (was Re: why reliable linux hasn't gained more market share?)

[Jeffrey Walton]

On Sun, Jul 21, 2024 at 2:15 AM Andy Smith  wrote:
>
> On Sun, Jul 21, 2024 at 10:28:28AM +0800, Bret Busby wrote:
> > Crowdstrike did not strike at Linux or BSD UNIX systems - only MS Windows
> > systems.
>
> Except that time just a few months ago when it *did* happen to
> Crowdstrike+Linux?
>
> https://news.ycombinator.com/item?id=41005936

This is alarming (to me) from the YC post:

"we push software to your machines any time we want,
whether or not it's urgent, without testing it" seems to be
core to the model...

Updates need to be tested inside an organization's lab, and then
tested with a sampling of the organization's computers. Then, an
organization is free to release the update to all machines. All of
that has to happen in two weeks to 30 days.

> Nothing in this story would be different if it was Linux deployed on
> those machines. And nothing would be different if Crowdstrike didn't
> exist, as some other equally useless vendor would be involved.
>
> There is a need to examine why companies are putting high privilege
> junk software on their machines. It's got nothing to do with Linux
> vs Windows.

Jeff

Re: CrowdStrike and drivers (was Re: why reliable linux hasn't gained more market share?)

[Alain D D Williams]

On Sun, Jul 21, 2024 at 08:17:54AM +0800, jeremy ardley wrote:

> The CrowdStrike outage emulated the very thing it is alleged to protect
> against - a zero day exploit.

It was also a demonstration of a huge vulnerability. If $EvilActor were to get
an agent employed at CrowdStrike/whoever then they could take down a lot of
important infrastructure world wide. This could give them a great advantage if
done, for instance, just before they invade another country or something.

In a cynical moment on Friday I did wonder if this was a dry run.

Unfortunately I suspect that the lesson will not be learned and that most will
largely forget this before too long.

:-(

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: why reliable linux hasn't gained more market share?

[Alain D D Williams]

On Sun, Jul 21, 2024 at 08:46:24AM +0800, jeremy ardley wrote:

> A plug for SELinux. It's been around for a long time. It was invented by the
> NSA for use by Government agencies but they kindly open sourced it and it's
> available on many Distros including Debian.
> 
> SELinux is a real pain to get right but when it finally works it's a
> tremendous security boost for internet facing systems.

+1

I use SELinux.

The documentation is awful - there are many different labels that are not
documented as to how they should be used. When there is an issue ausearch will
tell you what to do but not why, I have sometimes found that the recommendation
is wrong and that enabling something else is a better solution.

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: why reliable linux hasn't gained more market share?

[tomas]

On Sat, Jul 20, 2024 at 03:27:17PM -0400, gene heskett wrote:

[...]

> And even you Hans, leave out the major, all encompassing, reason for the
> lack of market share, which is that most business that have a computerized
> system to run things also value what their MBA says.  And since there is no
> one to sue to cover their personal butt in case the system goes south like
> cloudflare has in the last 3 days, M$ & cloudflare are a brick and morter
> legal target they can sic the legal team onto.

First: it wasn't cloudflare -- it was CrowdStrike (a sec firm, of all
things!)

Second: nobody's going to sue them. Guess what? The big ones have lawyers,
lots of them. And their best protected tech is "law tech". They wouldn't
be skimping on quality if it didn't pay off.

Case in point: Solarwinds. 2020, they had a row of high-level attacks
which knocked off their customer's customers (AFAIR, one third of
Sweden's supermarkets had to close for three to four days, among many
other things).

They were sued for $26 million, that's it.

Cheers

[1] 
https://en.wikipedia.org/wiki/SolarWinds#2019%E2%80%932020_supply_chain_attacks

-- 
t


signature.asc
Description: PGP signature

Re: CrowdStrike and drivers (was Re: why reliable linux hasn't gained more market share?)

[Andy Smith]

Hi,

On Sun, Jul 21, 2024 at 10:28:28AM +0800, Bret Busby wrote:
> Crowdstrike did not strike at Linux or BSD UNIX systems - only MS Windows
> systems.

Except that time just a few months ago when it *did* happen to
Crowdstrike+Linux?

https://news.ycombinator.com/item?id=41005936

Nothing in this story would be different if it was Linux deployed on
those machines. And nothing would be different if Crowdstrike didn't
exist, as some other equally useless vendor would be involved.

There is a need to examine why companies are putting high privilege
junk software on their machines. It's got nothing to do with Linux
vs Windows.

Thanks,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: CrowdStrike and drivers (was Re: why reliable linux hasn't gained more market share?)

[Bret Busby]

On 21/7/24 10:07, Jeffrey Walton wrote:



All this points to an incompetent board. If someone's head is going to
be taken (figuratively), then it should start with the CEO and other
executives.



Yes.

But, the people who should be sacked, with loss of benefits, are the 
board members and the CEO's and the CIO's of the institutions - 
government departments and businesses, who were not running Linux or BSD 
UNIX instead of MS Windows.


Crowdstrike did not strike at Linux or BSD UNIX systems - only MS 
Windows systems.


..
Bret Busby
Armadale
West Australia
(UTC+0800)
..

Re: CrowdStrike and drivers (was Re: why reliable linux hasn't gained more market share?)

[Jeffrey Walton]

On Sat, Jul 20, 2024 at 9:46 PM The Wanderer  wrote:
>
> On 2024-07-20 at 09:19, jeremy ardley wrote:
>
> > On 20/7/24 18:35, George at Clug wrote:
> > [...]
> > The problem was not CrowdStrike as such. It happens in the best of
> > operations.
> >
> > The problem is the Windows Systems Administrators who contracted for
> > / allowed unattended remote updates of kernel drivers on live
> > hardware systems. This is the height of folly and there is no
> > recovery if it causes a BSOD.
> [...]
>
> All the sysadmins involved did is agree to let an antivirus-equivalent
> utility update itself, and its definitions. I would be surprised if this
> could not have easily happened with *any* antivirus-type utility which
> has self-update capability; I'm fairly sure all modern broad-spectrum
> antivirus-etc. suites on Windows do kernel-level access in similar
> fashion. CrowdStrike just happens to be the company involved when it
> *did* happen.

I was around when Symantec Antivirus did about the same to about half
the workstations at the Social Security Administration. A definition
file update blue screened about half the Windows NT 4.0 and Windows
2000 hosts. That was about 50,000 machines, if I recall correctly.

> That the sysadmins decided to deploy CrowdStrike does not make it
> reasonable to fault them for this consequence, any more than e.g. if a
> gamer decided to install a game, and then the game required a patch to
> let them keep playing, and that patch silently included new/updated DRM
> which installed a driver which broke the system (as I recall some past
> DRM implementations have reportedly done), it would then be reasonable
> to fault the gamer. In neither case was the consequence foreseeable from
> the decision.

Sysadmins don't make that decision in the Enterprise. That decision
was made above the lowly sysadmin's pay grade.

> > The situation is recoverable if all the windows machines are virtual
> > with a good backup/restore plan. The situation is not recoverable if
> > the kernel updates are on raw iron running Windows.
>
> The situation is trivially recoverable if you can get access to the
> machine in a way which lets you either boot to safe mode and get
> local-administrator access, or lets you boot an alternative environment
> (e.g. live-boot media) from which you can read and write to the hard
> drive.

I don't think it's trivial for some enterprises due to the sheer
number of machines and the remote workforce. I'm guessing the company
I work for will spend the next week or month sorting things out. And
the company is a medium size enterprise with about 30,000 employees.
Imagine how bad it's going to be for an enterprise with 100,000
employees.

> I've spent a fair chunk of my workday today going around to affected
> computers and performing a variant of the latter process.
>
> Once you've done that, the fix is simple: delete, or move out of the
> way, a single file whose name claims that it's a driver. With that file
> gone, you can reboot, and Windows will come up normally without the
> bluescreen.

Unfortunately, I don't see this as scalable. It works fine for a small
business with 100 employees, but not an enterprise.

> > Heads should roll but obviously won't
>
> What good would decapitation do, here?

I think it's a figure of speech; not a literal.

> At most, CrowdStrike's people are
> guilty of rolling out an insufficiently-tested update, or of designing a
> system such that it's too easy for an update to break things in this
> way, or that it's possible to break things in this way not with an
> actual new client version (which goes through a release cascade, with
> each organization deciding which of the most recent three versions each
> of their computers will get) but just with a data-files update (which,
> as we have seen here, appears to go out to all clients regardless of
> version).

At minimum, it is negligence.

> The first would be poor institutional practice; the others would be
> potentially-questionable software design, although it's hard to know
> without seeing the internal architecture of the software in question and
> understanding *why* it's designed that way.
>
> In either case, it's not obvious to me why decapitating a few scapegoats
> would *improve* the situation going forward, unless it can be determined
> that specific people were actually negligent.

The incident affected the company's share price. Shares were down $10
or $15. If the potential issues were not detailed in company
literature and prospectus, then the Securities and Exchange Commission
might get involved for misrepresenting risk and liabilities. There
could be big fines, and that will cost the shareholders more money.

All this points to an incompetent board. If someone's head is going to
be taken (figuratively), then it should start with the CEO and other
executives.

Jeff

Re: why reliable linux hasn't gained more market share?

[jeremy ardley]

On 21/7/24 07:28, Nicholas Geovanis wrote:
Again lacking data center experience? Every server in your data center 
that is outward-facing will be contacted by intruders on its open ports. 
That includes your Debian servers. If your apache server or application 
server running on Debian is vulnerable and open to outside, they will 
knock on your door. What happens _after_ that determines how vulnerable 
you are.


A plug for SELinux. It's been around for a long time. It was invented by 
the NSA for use by Government agencies but they kindly open sourced it 
and it's available on many Distros including Debian.


SELinux is a real pain to get right but when it finally works it's a 
tremendous security boost for internet facing systems.


It assumes, correctly, that your internet facing service will be 
compromised and the baddy will try to further the exploit. It's 
Permissive Action in that unless you specifically permit something to 
happen it won't. A web server trying to read any directories that aren't 
specified as valid by SELinux will be blocked. A web service trying to 
do any system calls not permitted by the policy will be blocked. A web 
server trying to send an email will be blocked. etc. etc.


Even better it logs every attempted breach so log monitors can identify 
anomalous behaviour in seconds if not milliseconds.


The philosophy of SELinux seems quite different to CrowdStrike

SElinux: "If I don't permit it, it won't happen"

CrowdStrike: "I permit eveything until I get an update to block 
something or I suspect something is dodgy"

Re: CrowdStrike and drivers (was Re: why reliable linux hasn't gained more market share?)

[jeremy ardley]

On 21/7/24 06:38, The Wanderer wrote:

The first would be poor institutional practice; the others would be
potentially-questionable software design, although it's hard to know
without seeing the internal architecture of the software in question and
understanding*why*  it's designed that way.

In either case, it's not obvious to me why decapitating a few scapegoats
would*improve*  the situation going forward, unless it can be determined
that specific people were actually negligent.


The CrowdStrike outage emulated the very thing it is alleged to protect 
against - a zero day exploit.


The difference is CrowdStrike has a far better distribution mechanism as 
all its victims willingly accepted it being put on their machines and 
willingly accepted automatic updates, each of which potentially could 
cause a failure.


Given the time delays in recovery and in many organisations reports of 
people having to drive to physical locations to reset machines there was 
clearly no effective mitigation or recovery plans in place.


There are ways to mitigate a zero day exploit such as Out-of-Band 
Management (OOBM) or Baseboard Management Controller (BMC) so at least 
the system can be recovered, at least remotely, and likely 
automatically. Alternatively services can run virtually and can be reset 
automatically by monitoring systems.


There is also the system design issues that even if the majority of 
systems are immune, key system failures will take down a network. Active 
Directory servers seem a particularly weak point.


So my point still stands. Those responsible for mitigation of 
faults/zero day exploits in many cases were negligent in their system 
and process design. Specifically they did not install hardware and 
software that could be remotely and automatically managed out of band 
and they provided essential services such as Active Directory on 
vulnerable hosts with often no easy way to recover them.


On a second level I do have to ask if CrowdStrike and equivalent 
reactive monitoring systems actually provide value? Yes, they reduce the 
time a zero day exploit has to be effective, but you have to assume 
there *will* be a serious exploit and you *will* lose functionality 
and/or data. Focusing on resilience of service, hardening of software, 
and management of data that even if stolen is of no value seems to be 
more useful.

Re: why reliable linux hasn't gained more market share?

[gene heskett]

On 7/20/24 16:45, debian-u...@howorth.org.uk wrote:

Andy Smith  wrote:

Hi,

On Sat, Jul 20, 2024 at 11:54:06AM +0800, hlyg wrote:

crowdstrike makes news headlines, many Windows become blue screens

it is evident that many people around still use Windows

i wonder if linux is more reliable than Windows


For this specific issue, if Linux were used at the same scale and
for the same purposes as these affected Windows machines, then a
similar issue would affect Linux sooner or later.

The reason why this is the case is that the current motivation for
the use of Crowdstrike's software on those Windows machines would
be exactly the same if they were Linux machines, and so these
companies would do the same thing with the same end result.

In fact, Crowdstrike already made a similar mistake earlier this
year with one of their Linux solutions which resulted in end user
machines having a kernel panic. Debian stable end user machines. So
there is no practical difference between Crowdstrike+Windows and
Crowdstrike+Linux.

 https://news.ycombinator.com/item?id=41005936

So then you might assume that the problem here is Crowdstrike's
incompetence and a better vendor would solve all problems. You would
be wrong, because the world is full to the brim with inept software
vendors and there is no real consequence for software failures.


It seems clear to me that what's needed is a change in the law. At the
moment here in the UK we have national news services explaining that
airline passengers won't be able to get compensation because the
'event' was outside the airline's control. That's clearly nonsense
since some airlines weren't affected so perhaps sense will eventually
prevail and the companies that have had problems will be held liable
for damages to their customers. But it would be better if they could
then sue Crowdstrike for installing the faulty update. (Perhaps they
can? I don't know, IANAL.) That might provide some incentive to improve
the systems and processes so problems like this don't occur again.

.
That bit of legaleze should have been addressed about the time NT3.51 
came out.  Maybe by now M$ would have been stung in the bank balance 
enough to have learned they will get caught out eventually. NT deleted 
the main OS library, and of coarse would not boot. I put the drive in 
another machine and poked around a bit, finally finding a file that was 
apparently part of the drives housekeeping but only called if a call to 
rand returned a certain date in the future which turned out to be about 
a day in the past. But it contained nothing in the way of a check to see 
if the file belonged to the os.  I called support, but had no 
registration for that copy because it was a bulk purchase by the 
network, and all the tv stations got was the machine pre-installed, the 
network had not given us the paper work. So I explained to M$ support 
and got called a pie rat by support. Screw M$ and the camel that rode in 
on them. I packed the drive in a padded box & handed it to the fedex 
driver. The network net guru reinstalled and overnighted it back. But 
while it was down, the lack of data to program our 7 meter C band dish 
cost us about 5k$ a day because we were not airing the commercials we 
were contracted to transmit.


So now you know why my hatred of M$ is very long term and incurable.

Cheers, Gene Heskett, CET.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis

CrowdStrike and drivers (was Re: why reliable linux hasn't gained more market share?)

[George at Clug]

On Sunday, 21-07-2024 at 08:38 The Wanderer wrote:
> On 2024-07-20 at 09:19, jeremy ardley wrote:
> 
> > On 20/7/24 18:35, George at Clug wrote:
> > 
> >> On Saturday, 20-07-2024 at 13:54 hlyg wrote:
> >> 
> >>> crowdstrike makes news headlines, many Windows become blue
> >>> screens
> >> 
> >> The CrowdStrike issue was not a Windows issue, it was a CrowdStrike
> >> issue.
> >> 
> >> The problem did not affect our Windows computers as we have not
> >> installed CrowdStrike software.
> >> 
> >> I think the media have a habit of over exaggerating things.
> > 
> > The problem was not CrowdStrike as such. It happens in the best of
> > operations.
> > 
> > The problem is the Windows Systems Administrators who contracted for
> > / allowed unattended remote updates of kernel drivers on live
> > hardware systems. This is the height of folly and there is no
> > recovery if it causes a BSOD.
> 
> Speaking as someone who administers (part of) a CrowdStrike Falcon
> deployment at my workplace, although I was not involved in selecting it
> and would not be able to decide to switch to something else: I do not
> believe this is a fair description of what happened.
> 
> CrowdStrike Falcon does not manage kernel drivers in general. It manages
> its own locally-installed client, which happens to include some
> kernel-level drivers. The update in this case does not appear to have
> actually modified any of those drivers; it appears to have added a new
> data file for use by such a driver, and those data files appear to be
> misleadingly named in such a way that they look like drivers.
> 
> (I have not confirmed that personally yet, although I have access to the
> files in question and intend to do so, but people who are more familiar
> with Windows drivers than I am have stated that the files in question do
> not comport with the binary file format used by Windows driver files.)
> 
> All the sysadmins involved did is agree to let an antivirus-equivalent
> utility update itself, and its definitions. I would be surprised if this
> could not have easily happened with *any* antivirus-type utility which
> has self-update capability; I'm fairly sure all modern broad-spectrum
> antivirus-etc. suites on Windows do kernel-level access in similar
> fashion. CrowdStrike just happens to be the company involved when it
> *did* happen.
> 
> That the sysadmins decided to deploy CrowdStrike does not make it
> reasonable to fault them for this consequence, any more than e.g. if a
> gamer decided to install a game, and then the game required a patch to
> let them keep playing, and that patch silently included new/updated DRM
> which installed a driver which broke the system (as I recall some past
> DRM implementations have reportedly done), it would then be reasonable
> to fault the gamer. In neither case was the consequence foreseeable from
> the decision.
> 
> > The situation is recoverable if all the windows machines are virtual
> > with a good backup/restore plan. The situation is not recoverable if
> > the kernel updates are on raw iron running Windows.
> 
> The situation is trivially recoverable if you can get access to the
> machine in a way which lets you either boot to safe mode and get
> local-administrator access, or lets you boot an alternative environment
> (e.g. live-boot media) from which you can read and write to the hard
> drive.
> 
> I've spent a fair chunk of my workday today going around to affected
> computers and performing a variant of the latter process.
> 
> Once you've done that, the fix is simple: delete, or move out of the
> way, a single file whose name claims that it's a driver. With that file
> gone, you can reboot, and Windows will come up normally without the
> bluescreen.
> 
> > Heads should roll but obviously won't
> 
> What good would decapitation do, here? At most, CrowdStrike's people are
> guilty of rolling out an insufficiently-tested update, or of designing a
> system such that it's too easy for an update to break things in this
> way, or that it's possible to break things in this way not with an
> actual new client version (which goes through a release cascade, with
> each organization deciding which of the most recent three versions each
> of their computers will get) but just with a data-files update (which,
> as we have seen here, appears to go out to all clients regardless of
> version).
> 
> The first would be poor institutional practice; the others would be
> potentially-questionable software design, although it's hard to know
> without seeing the internal architecture of the software in question and
> understanding *why* it's designed that way.
> 
> In either case, it's not obvious to me why decapitating a few scapegoats
> would *improve* the situation going forward, unless it can be determined
> that specific people were actually negligent.

Thanks Wanderer,

Please no 'decapitating', or I would have lost my head many years ago, and 
often (if that is possible).

Testing is important. Like 

Re: why reliable linux hasn't gained more market share?

[Nicholas Geovanis]

On Sat, Jul 20, 2024, 2:09 PM Joe  wrote:

>
> You missed one: Linux is virtually a virus-free environment, and a
> large user base would mean many more people running as root, and it
> would become worth the time of malware writers to target Linux. Linux
> would become as virus-ridden as Windows.
>

There is no reason for "many more people running as root" so I don't think
that's a valid point. Ubuntu is derived from Debian and Ubuntu eliminated
direct root login years ago. But you can do that easily with your own
Debian installation if you want to.

It would also become a target for data harvesting, from which Debian,
> at least, is refreshingly free.


Again lacking data center experience? Every server in your data center that
is outward-facing will be contacted by intruders on its open ports. That
includes your Debian servers. If your apache server or application server
running on Debian is vulnerable and open to outside, they will knock on
your door. What happens _after_ that determines how vulnerable you are.

-- 
> Joe
>
>

CrowdStrike and drivers (was Re: why reliable linux hasn't gained more market share?)

[The Wanderer]

On 2024-07-20 at 09:19, jeremy ardley wrote:

> On 20/7/24 18:35, George at Clug wrote:
> 
>> On Saturday, 20-07-2024 at 13:54 hlyg wrote:
>> 
>>> crowdstrike makes news headlines, many Windows become blue
>>> screens
>> 
>> The CrowdStrike issue was not a Windows issue, it was a CrowdStrike
>> issue.
>> 
>> The problem did not affect our Windows computers as we have not
>> installed CrowdStrike software.
>> 
>> I think the media have a habit of over exaggerating things.
> 
> The problem was not CrowdStrike as such. It happens in the best of
> operations.
> 
> The problem is the Windows Systems Administrators who contracted for
> / allowed unattended remote updates of kernel drivers on live
> hardware systems. This is the height of folly and there is no
> recovery if it causes a BSOD.

Speaking as someone who administers (part of) a CrowdStrike Falcon
deployment at my workplace, although I was not involved in selecting it
and would not be able to decide to switch to something else: I do not
believe this is a fair description of what happened.

CrowdStrike Falcon does not manage kernel drivers in general. It manages
its own locally-installed client, which happens to include some
kernel-level drivers. The update in this case does not appear to have
actually modified any of those drivers; it appears to have added a new
data file for use by such a driver, and those data files appear to be
misleadingly named in such a way that they look like drivers.

(I have not confirmed that personally yet, although I have access to the
files in question and intend to do so, but people who are more familiar
with Windows drivers than I am have stated that the files in question do
not comport with the binary file format used by Windows driver files.)

All the sysadmins involved did is agree to let an antivirus-equivalent
utility update itself, and its definitions. I would be surprised if this
could not have easily happened with *any* antivirus-type utility which
has self-update capability; I'm fairly sure all modern broad-spectrum
antivirus-etc. suites on Windows do kernel-level access in similar
fashion. CrowdStrike just happens to be the company involved when it
*did* happen.

That the sysadmins decided to deploy CrowdStrike does not make it
reasonable to fault them for this consequence, any more than e.g. if a
gamer decided to install a game, and then the game required a patch to
let them keep playing, and that patch silently included new/updated DRM
which installed a driver which broke the system (as I recall some past
DRM implementations have reportedly done), it would then be reasonable
to fault the gamer. In neither case was the consequence foreseeable from
the decision.

> The situation is recoverable if all the windows machines are virtual
> with a good backup/restore plan. The situation is not recoverable if
> the kernel updates are on raw iron running Windows.

The situation is trivially recoverable if you can get access to the
machine in a way which lets you either boot to safe mode and get
local-administrator access, or lets you boot an alternative environment
(e.g. live-boot media) from which you can read and write to the hard
drive.

I've spent a fair chunk of my workday today going around to affected
computers and performing a variant of the latter process.

Once you've done that, the fix is simple: delete, or move out of the
way, a single file whose name claims that it's a driver. With that file
gone, you can reboot, and Windows will come up normally without the
bluescreen.

> Heads should roll but obviously won't

What good would decapitation do, here? At most, CrowdStrike's people are
guilty of rolling out an insufficiently-tested update, or of designing a
system such that it's too easy for an update to break things in this
way, or that it's possible to break things in this way not with an
actual new client version (which goes through a release cascade, with
each organization deciding which of the most recent three versions each
of their computers will get) but just with a data-files update (which,
as we have seen here, appears to go out to all clients regardless of
version).

The first would be poor institutional practice; the others would be
potentially-questionable software design, although it's hard to know
without seeing the internal architecture of the software in question and
understanding *why* it's designed that way.

In either case, it's not obvious to me why decapitating a few scapegoats
would *improve* the situation going forward, unless it can be determined
that specific people were actually negligent.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Re: why reliable linux hasn't gained more market share?

[hlyg]

Thank Clug and all that reply !

On 7/20/24 18:36, George at Clug wrote:


Do you think Windows is not reliable? Why is that?
Windows used to crash often, i rarely use it now, they say it's more 
stable these day

Do you use Linux yourself?

surely i use as this is debian user list

Have you tried to convincing any Windows users into moving to Linux?


no

many Chinese use pirated Windows, not affected by Crowdstrike issue

Windows has better support for Chinese, some Chinese distro might have 
good Chinese support, but i haven't tried them because debian has better 
reputation


more common reason for sticking with Windows is some apps don't run in 
Linux


i have thought desktop linux fare better in developed countries where 
ipr are better protected

Re: why reliable linux hasn't gained more market share?

[Nicolas George]

Andy Smith (12024-07-20):
> And yes here in the UK where we allowed the Post Office to pay
> billions to Fujitsu to develop the Horizon IT system that
> incorrectly accused hundreds of postmasters of fraud, resulting in
> criminal prosecutions and at least one case of suicide.

That was not a bug, that was a feature.

This kind of thing happens not because the industry is clumsy: all
industries are somewhat clumsy.

This kind of thing happens because politicians are perfectly to let a
clumsy industry handle people' lives. The scope statement probably
insisted more in avoiding false negatives than false positives.

Regards,

-- 
  Nicolas George

Re: why reliable linux hasn't gained more market share?

[Andy Smith]

Hi,

On Sat, Jul 20, 2024 at 09:44:52PM +0100, debian-u...@howorth.org.uk wrote:
> It seems clear to me that what's needed is a change in the law. At the
> moment here in the UK we have national news services explaining that
> airline passengers won't be able to get compensation because the
> 'event' was outside the airline's control. That's clearly nonsense
> since some airlines weren't affected so perhaps sense will eventually
> prevail and the companies that have had problems will be held liable
> for damages to their customers.

And yes here in the UK where we allowed the Post Office to pay
billions to Fujitsu to develop the Horizon IT system that
incorrectly accused hundreds of postmasters of fraud, resulting in
criminal prosecutions and at least one case of suicide.

Innocent people died and went to jail — lives were ended and ruined
— and there will be no real consequences for those people to blame.
We will be lucky to see any criminal prosecution of Post Office
management, if there are any they will be a joke, and absolutely
nothing will happen to the vendor Fujitsu UK.

There is still nothing stopping a Horizon IT incident on Linux.

So yes, agreed, the software industry needs to grow up and it's
pointless arguing for our tribe within it at this level.

Thanks,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: why reliable linux hasn't gained more market share?

[debian-user]

Andy Smith  wrote:
> Hi,
> 
> On Sat, Jul 20, 2024 at 11:54:06AM +0800, hlyg wrote:
> > crowdstrike makes news headlines, many Windows become blue screens
> > 
> > it is evident that many people around still use Windows
> > 
> > i wonder if linux is more reliable than Windows  
> 
> For this specific issue, if Linux were used at the same scale and
> for the same purposes as these affected Windows machines, then a
> similar issue would affect Linux sooner or later.
> 
> The reason why this is the case is that the current motivation for
> the use of Crowdstrike's software on those Windows machines would
> be exactly the same if they were Linux machines, and so these
> companies would do the same thing with the same end result.
> 
> In fact, Crowdstrike already made a similar mistake earlier this
> year with one of their Linux solutions which resulted in end user
> machines having a kernel panic. Debian stable end user machines. So
> there is no practical difference between Crowdstrike+Windows and
> Crowdstrike+Linux.
> 
> https://news.ycombinator.com/item?id=41005936
> 
> So then you might assume that the problem here is Crowdstrike's
> incompetence and a better vendor would solve all problems. You would
> be wrong, because the world is full to the brim with inept software
> vendors and there is no real consequence for software failures.

It seems clear to me that what's needed is a change in the law. At the
moment here in the UK we have national news services explaining that
airline passengers won't be able to get compensation because the
'event' was outside the airline's control. That's clearly nonsense
since some airlines weren't affected so perhaps sense will eventually
prevail and the companies that have had problems will be held liable
for damages to their customers. But it would be better if they could
then sue Crowdstrike for installing the faulty update. (Perhaps they
can? I don't know, IANAL.) That might provide some incentive to improve
the systems and processes so problems like this don't occur again.

Re: why reliable linux hasn't gained more market share?

[Jeff Pang]

I would think linux is better as server OS due to reasons of security, 
performance and

Operability etc.

Once aol mail was running on windows. But now aol is merged into yahoo 
mail which was originally run on freebsd but now linux mostly.


And the initial hotmail was running on freebsd too IIRC. Thought MS 
bought it and changed its running environment to windows.


Google FB and many other huge players are using linux as server OS.



On 2024-07-20 21:57, Larry Martell wrote:

I’ve never owned a machine running windows in my life.


--
Jeff Pang
jeffp...@aol.com

Re: why reliable linux hasn't gained more market share?

[Andy Smith]

Hi,

On Sat, Jul 20, 2024 at 11:54:06AM +0800, hlyg wrote:
> crowdstrike makes news headlines, many Windows become blue screens
> 
> it is evident that many people around still use Windows
> 
> i wonder if linux is more reliable than Windows

For this specific issue, if Linux were used at the same scale and
for the same purposes as these affected Windows machines, then a
similar issue would affect Linux sooner or later.

The reason why this is the case is that the current motivation for
the use of Crowdstrike's software on those Windows machines would
be exactly the same if they were Linux machines, and so these
companies would do the same thing with the same end result.

In fact, Crowdstrike already made a similar mistake earlier this
year with one of their Linux solutions which resulted in end user
machines having a kernel panic. Debian stable end user machines. So
there is no practical difference between Crowdstrike+Windows and
Crowdstrike+Linux.

https://news.ycombinator.com/item?id=41005936

So then you might assume that the problem here is Crowdstrike's
incompetence and a better vendor would solve all problems. You would
be wrong, because the world is full to the brim with inept software
vendors and there is no real consequence for software failures.

I expect Crowdstrike's stock value to recover and for this incident
to be forgotten, but even if it isn't it doesn't really matter
because there is an infinite line of similar companies to step into
their clown shoes.

The state of the software supply chain on Linux is not any better
than on Windows, and it may even be worse. You don't notice because
Linux is extremely niche for everything but Internet services and we
don't often look outside our bubble.

We have nothing to be smug about.

To be clear I would never run anything like Crowdstrike on any
machine I had authority over, but my opinion does not change the
fact that demonstrably the majority of the market thinks
and acts differently. This event will not change that, either, but
if you had said, "people need to stop running software like this"
instead of "people need to run Linux", I would be able to agree with
you. Just saying "we need better software" isn't a very catchy
polemic though is it.

Thanks,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: why reliable linux hasn't gained more market share?

[Hans]

> You missed one: Linux is virtually a virus-free environment, and a
> large user base would mean many more people running as root, and it
> would become worth the time of malware writers to target Linux. Linux
> would become as virus-ridden as Windows.
> 
> It would also become a target for data harvesting, from which Debian,
> at least, is refreshingly free. I have no doubt that MS makes more
> money from user data sales than it does from sales of domestic versions
> of Windows.

I do not agree. This is an argument, i am often get confronted with. The more 
linux, the more malware? No, it isn't. See, linux is the most used OS in the 
server world. All important companies rely on it. EBay, Google, Amazon, and 
even Microsof. Its DNS running Linux. Cloudflare and others, too. 

So, these are really interesting targets, where you can really hurt lots of 
people. If linux would bre so easy to crack like Windows, the attackers would 
do. But it isn't. It is (mostly) secure by design. 

There are millions of "viruses" for Windows, but only a handfull of viruses 
(or rootkits) for linux. 

And think of OpenBSD: Only 2 security holes in more than 15 years. How many 
security holes got Windows in th elast 10-15 years? With all their money, 
which can buy any super, duper coder look at the result. 

No, I see it else. It can be done (OpenBSD is showing it). It is the arrogance 
of Microsoft (and many other companies). 

It is not the spread of Windows, it is theire bad quality what makes crackers 
attack this system. Low fruits, you know?

And there is another thing, that makes linux better: The developers want to 
write stable and secure software. It is theire joy and happiness. They do not 
mourn, when someone is telling a bug or a security hole. They are happy, to 
fix it. Making theire software, theire "baby" better. 

In market, the developers MUST do it, for them fixing software is just 
annoying and more work (for the same money). That is the differnce.

Note: I do not want to claim, linux developers are the better coders. But they 
are coding with theire heart. That makes the difference. 

It is not the spreading of software.

Have fun!

Hans  

Re: why reliable linux hasn't gained more market share?

[gene heskett]

On 7/20/24 09:59, Hans wrote:

Hello,

well, the thing is: Do we really want to go to more market share?

Let's imagine, Debian becomes market relevant, what will happen? Sure, more
developers get paid, what is very nice. But not all developers will.

Many good developers will not be paid and when the market will rule things,
then many good developers will be pushed away or demoralied. Because it will
become common, that people will no more cherish theire work.

The development of a few people will be cherished, those, who create programs,
the market wants.

I am using linux since more than 30 years and it is impressive, what people
can do, when they can do, what they want and what they like.

And look at the quality, look, what has been created since the beginning. This
was only possible, because no market forced people, to do things the market
wants, not what the developers want.

I think, we all can be happy, that we are not dependent from any market, the
developers, because theire freedom and theire contentement is not been
deminished, and the users, who get very good and high qulitative software to
work with.

And if you really think, the more you spend, the better the software, you can
of course buy software only from the market.

Or, you can donate linux developers and/or distributors of your money.

Personally(!) I think, the second way is better, because I can speak directly
to developers, could (if I would be capable of) fix things myself together
with the developers and maybe can even ask him, to implenent some functions
especially for me.

All things, a market driven software will never offer.

So, I think, we can be happy, that linux (and debian) is not market relevant.
It will lose its freedom, its high quality and the joy of many people.

Sorry, if I did not always find the right expression, I am not native English.


And even you Hans, leave out the major, all encompassing, reason for the 
lack of market share, which is that most business that have a 
computerized system to run things also value what their MBA says.  And 
since there is no one to sue to cover their personal butt in case the 
system goes south like cloudflare has in the last 3 days, M$ & 
cloudflare are a brick and morter legal target they can sic the legal 
team onto.


Their is essentially no one in the linux arena to sue if things go 
south, so it doesn't take more than an eighth grade education to see why 
they won't ever recommend linux no matter how superior it may be at the 
end of a P report.  They have to have someone to sue.  Bill Shakespear 
said it best when he wrote "first, we kill all the lawyers." But MBA's 
had not yet crawled out of the slime schools yet, so he can't be blamed 
for not including MBA's when he wrote that famous phrase.


Best regards

Hans
  



.


Cheers, Gene Heskett, CET.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis

Re: why reliable linux hasn't gained more market share?

[Joe]

On Sat, 20 Jul 2024 15:59:14 +0200
Hans  wrote:

> Hello,
> 
> well, the thing is: Do we really want to go to more market share?
> 
> Let's imagine, Debian becomes market relevant, what will happen?
> Sure, more developers get paid, what is very nice. But not all
> developers will.
> 
> Many good developers will not be paid and when the market will rule
> things, then many good developers will be pushed away or demoralied.
> Because it will become common, that people will no more cherish
> theire work.
> 
> The development of a few people will be cherished, those, who create
> programs, the market wants. 
> 
> I am using linux since more than 30 years and it is impressive, what
> people can do, when they can do, what they want and what they like. 
> 
> And look at the quality, look, what has been created since the
> beginning. This was only possible, because no market forced people,
> to do things the market wants, not what the developers want.
> 
> I think, we all can be happy, that we are not dependent from any
> market, the developers, because theire freedom and theire
> contentement is not been deminished, and the users, who get very good
> and high qulitative software to work with.
> 
> And if you really think, the more you spend, the better the software,
> you can of course buy software only from the market. 
> 
> Or, you can donate linux developers and/or distributors of your
> money. 
> 
> Personally(!) I think, the second way is better, because I can speak
> directly to developers, could (if I would be capable of) fix things
> myself together with the developers and maybe can even ask him, to
> implenent some functions especially for me.
> 
> All things, a market driven software will never offer. 
> 
> So, I think, we can be happy, that linux (and debian) is not market
> relevant. It will lose its freedom, its high quality and the joy of
> many people.
> 
> Sorry, if I did not always find the right expression, I am not native
> English.
> 

You missed one: Linux is virtually a virus-free environment, and a
large user base would mean many more people running as root, and it
would become worth the time of malware writers to target Linux. Linux
would become as virus-ridden as Windows.

It would also become a target for data harvesting, from which Debian,
at least, is refreshingly free. I have no doubt that MS makes more
money from user data sales than it does from sales of domestic versions
of Windows.

-- 
Joe

Re: why reliable linux hasn't gained more market share?

[Russell L. Harris]

The same reasons the standard typewriter keyboard is QWERTY rather
than Dvorak:

= The precedent set by the first to market is powerful.

= The influence of advertising upon a populace lacking in discernment
and addicted to novelty is deadly.

Add to that extortion and bribes and a compromised legal system.

The QWERTY system was designed to slow down typists so as to reduce
the problem of jamming of keys of a poorly-designed mechanism.

Much of the evil in the world is due to the unbridled pursuit of
money:

For the love of money is the root of all sort of evil: which while some
coveted after, they have erred from the faith, and pierced themselves
through with many sorrows. - I Timothy 6:10

RLH

Re: why reliable linux hasn't gained more market share?

[Nicholas Geovanis]

On Sat, Jul 20, 2024, 12:16 AM  wrote:

> On Sat, Jul 20, 2024 at 02:45:37PM +1000, David wrote:
> > On Sat, 2024-07-20 at 11:54 +0800, hlyg wrote:
>
> [...]
>
> > > why free OS hasn't gained more share even after 30 years of
> > > development?
> >
> > Because people don't have it hammered into them via the educational
> > formats, it doesn't come preinstalled on almost every computer you buy:
> > offered as the only option, Linux isn't advertised, and probably never
> > will be.
>

Both writers are ignoring the places where the vast majority of Linux
images run:
The corporate data center.
Linux rules the corporate data center and cloud these days. Not so much
Debian there but plenty of Ubuntu and Red Hat/fedora/CentOS.

All of them good factors. I may add yet another: because in the current
> economic ideology, investing in things seems preferrable than investing
> in people --


Any "capital good" like a semi-tractor or a corporate server and the
software on it is "depreciated": We pretend that it lost 6% or more of its
value each year, and we let the corporation write that "loss" off its taxes.

But I'm not allowed to do the same with my car or with the Dell Poweredge
R710 sitting next to me that used to live in the world's largest data
center.

This isn't really ideology except where ideology permits tax cheats to
thrive. Capitalism does that for tax cheats who have power and wealth, not
so much for those who dont.

and Windows (and MacOS) were marketed as "can be administered
> by anyone". Which, of course, as often in marketing, is a lie.
>
> Cheers
> --
> t
>

Re: why reliable linux hasn't gained more market share?

[Hans]

Which is not quite correct. As a hamradio (I am one), you are allowed to 
develop your very owh rf-devices. Transceivers, measure equipment, whatever 
you like.

Many things, we are using today in consumer devices are first developed by 
radio amateurs (example shorthand "packet radio", which is data over hf).

When you have a radio amateur license, you can do lots of things in the air. 
Sure, there are regulations, you are not allowed to transmit anywhere and your 
transmit power is reduced to 750W, but this does not technical restrict you.

Hamradio is the freedom in the air, you have in coding in linux. Also here are 
some rules (GPL, ethicness, kindness whatever), but those do not techniocal 
restrict you in any way.

Best regards

Hans   

> Which the current rules for such does not allow, by FCC edicts, only
> sealed FCC approved blobs are allowed to play in the rf field.
> So don't blame the coders, blame the regukatory agencies.
> 
> > Regards,
> 
> Cheers, Gene Heskett, CET.

Re: why reliable linux hasn't gained more market share?

[gene heskett]

On 7/20/24 09:58, Larry Martell wrote:

I’ve never owned a machine running windows in my life.
I've owned one. I needed a lappy I could use with a gps for roadmap, had 
the then new XP on it, cleared the disk a week later and put mandrake on 
it because XP had no drivers that could run the broadcom radio in it, 
should have been a free module update from hp. I don't think that 20 
years later there has ever been a driver for that particular radio that 
Just Works. The lappy has long since suicided. Typical hp chinese 
sourced stuff even before they sold it all to lenovo.


Now there are around 10 linux installs here, half running armbian, they 
get better uptimes than x86-64's.


Cheers, Gene Heskett, CET.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis

Re: why reliable linux hasn't gained more market share?

[Nicolas George]

gene heskett (12024-07-20):
> > If they were, you'd have support for software-defined radio signal
> > processing in FFmpeg, for example.
> Which the current rules for such does not allow, by FCC edicts, only sealed
> FCC approved blobs are allowed to play in the rf field.
> So don't blame the coders, blame the regukatory agencies.

signal processing ≠ emitting

-- 
  Nicolas George

Re: why reliable linux hasn't gained more market share?

[George at Clug]

On Saturday, 20-07-2024 at 23:59 Hans wrote:
> Hello,
> 
> well, the thing is: Do we really want to go to more market share?
> 
> Let's imagine, Debian becomes market relevant, what will happen? Sure, more 
> developers get paid, what is very nice. But not all developers will.
> 
> Many good developers will not be paid and when the market will rule things, 
> then many good developers will be pushed away or demoralied. Because it will 
> become common, that people will no more cherish theire work.
> 
> The development of a few people will be cherished, those, who create 
> programs, 
> the market wants. 
> 
> I am using linux since more than 30 years and it is impressive, what people 
> can do, when they can do, what they want and what they like. 
> 
> And look at the quality, look, what has been created since the beginning. 
> This 
> was only possible, because no market forced people, to do things the market 
> wants, not what the developers want.
> 
> I think, we all can be happy, that we are not dependent from any market, the 
> developers, because theire freedom and theire contentement is not been 
> deminished, and the users, who get very good and high qulitative software to 
> work with.
> 
> And if you really think, the more you spend, the better the software, you can 
> of course buy software only from the market. 
> 
> Or, you can donate linux developers and/or distributors of your money. 
> 
> Personally(!) I think, the second way is better, because I can speak directly 
> to developers, could (if I would be capable of) fix things myself together 
> with the developers and maybe can even ask him, to implenent some functions 
> especially for me.
> 
> All things, a market driven software will never offer. 
> 
> So, I think, we can be happy, that linux (and debian) is not market relevant. 
> It will lose its freedom, its high quality and the joy of many people.

Hans, I find much wisdom in your above statement regards 'freedom', thank you, 
George.

> 
> Sorry, if I did not always find the right expression, I am not native English.
> 
> Best regards
> 
> Hans  
>  
> 
> 
> 

Re: why reliable linux hasn't gained more market share?

[gene heskett]

On 7/20/24 04:28, Nicolas George wrote:

hlyg (12024-07-20):

Thank David! market share is important though it isn't "reliable
recommendation for quality": more users attract more programmers, who
develop more apps,


The programmers who are attracted by market share are not necessarily
the ones who are interested in developing quality and/or innovative
software, though.

If they were, you'd have support for software-defined radio signal
processing in FFmpeg, for example.

Which the current rules for such does not allow, by FCC edicts, only 
sealed FCC approved blobs are allowed to play in the rf field.

So don't blame the coders, blame the regukatory agencies.


Regards,



Cheers, Gene Heskett, CET.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis

Re: why reliable linux hasn't gained more market share?

[Hans]

Hello,

well, the thing is: Do we really want to go to more market share?

Let's imagine, Debian becomes market relevant, what will happen? Sure, more 
developers get paid, what is very nice. But not all developers will.

Many good developers will not be paid and when the market will rule things, 
then many good developers will be pushed away or demoralied. Because it will 
become common, that people will no more cherish theire work.

The development of a few people will be cherished, those, who create programs, 
the market wants. 

I am using linux since more than 30 years and it is impressive, what people 
can do, when they can do, what they want and what they like. 

And look at the quality, look, what has been created since the beginning. This 
was only possible, because no market forced people, to do things the market 
wants, not what the developers want.

I think, we all can be happy, that we are not dependent from any market, the 
developers, because theire freedom and theire contentement is not been 
deminished, and the users, who get very good and high qulitative software to 
work with.

And if you really think, the more you spend, the better the software, you can 
of course buy software only from the market. 

Or, you can donate linux developers and/or distributors of your money. 

Personally(!) I think, the second way is better, because I can speak directly 
to developers, could (if I would be capable of) fix things myself together 
with the developers and maybe can even ask him, to implenent some functions 
especially for me.

All things, a market driven software will never offer. 

So, I think, we can be happy, that linux (and debian) is not market relevant. 
It will lose its freedom, its high quality and the joy of many people.

Sorry, if I did not always find the right expression, I am not native English.

Best regards

Hans  
 

Re: why reliable linux hasn't gained more market share?

[Larry Martell]

I’ve never owned a machine running windows in my life.

Re: why reliable linux hasn't gained more market share?

[jeremy ardley]

On 20/7/24 18:35, George at Clug wrote:

On Saturday, 20-07-2024 at 13:54 hlyg wrote:
 > crowdstrike makes news headlines, many Windows become blue screens

The CrowdStrike issue was not a Windows issue, it was a CrowdStrike issue.

The problem did not affect our Windows computers as we have not 
installed CrowdStrike software.


I think the media have a habit of over exaggerating things.


The problem was not CrowdStrike as such. It happens in the best of 
operations.


The problem is the Windows Systems Administrators who contracted for / 
allowed unattended remote updates of kernel drivers on live hardware 
systems. This is the height of folly and there is no recovery if it 
causes a BSOD.


The situation is recoverable if all the windows machines are virtual 
with a good backup/restore plan. The situation is not recoverable if the 
kernel updates are on raw iron running Windows.


Heads should roll but obviously won't

Re: why reliable linux hasn't gained more market share?

[Jeff Pang]

My reason to keep windows is that I can’t play Starcraft under Linux.

--
Jeff Pang
jeffp...@aol.com

Re: why reliable linux hasn't gained more market share?

[Michel Verdier]

On 2024-07-20, Michael Kjörling wrote:

> On 20 Jul 2024 16:57 +0800, from hlyg2...@outlook.com (hlyg):
>> statistics about market share might come from web servers and game servers,
>> they know how many users use linux and Windows.
>
> No. They at most can know what platform user agents report.

There is also some web server surveys with some stats. For exemple
https://www.netcraft.com/blog/june-2024-web-server-survey/
where you see that apache and nginx are clearly leaders.

I also read bind reaches 60% (80% ?) of dns servers, but I failed to
retrieve my source.

Re: why reliable linux hasn't gained more market share?

[Michel Verdier]

On 2024-07-20, Michael Grant wrote:

> OpenOffice is quite featureful, it is not 100% bug for bug compatible with
> real MS Office products.

I failed to read an old version word file on a newer word. And succeed
with libreoffice. So yes it's not 100% bug compatible :)

> choices.  There is no clear single choice.   And then there's the different
> packaging systems...

Differences and choices are a good thing for evolution

> 4) I've not see a single X-windows based desktop that looked as slick and as
> polished as modern Windows or MacOS.  Everything seems to just look and work
> more clunkily and a bit slower.

You don't search the right place. Better than windows and macos exists and
works much better.

> 6) Support.  Who does the non-technical user go to for tech support?

I never found a *free* windows support. I got much for debian :)

But I stop here for this so obvious disinformation troll. Same thing for
George at Clug.

Re: why reliable linux hasn't gained more market share?

[Michael Kjörling]

On 20 Jul 2024 16:57 +0800, from hlyg2...@outlook.com (hlyg):
> statistics about market share might come from web servers and game servers,
> they know how many users use linux and Windows.

No. They at most can know what platform user agents report.

Which isn't necessarily the same thing at all.

-- 
Michael Kjörling  https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

Re: why reliable linux hasn't gained more market share?

[Michael Kjörling]

On 20 Jul 2024 17:25 +0800, from jeremy.ard...@gmail.com (jeremy ardley):
>> A lot of paid-for programmer time isn't necessarily for what the
>> individual programmer_wants_  to do. If one's employer dictates that
>> their products should support Mac OS and Windows, for example, then
>> there's usually little that a programmer, no matter how motivated, can
>> do to extend that support to include Linux; especially if the product
>> in question is heavily dependent on OS-specific APIs.
> 
> There are plenty of applications that run O/S agnostic.

Yes. And there are plenty of (quite possibly a far larger number of)
applications which require one of a small set of particular operating
systems, especially once you get into specialized expert tools; and
even people who need those particular applications for their
day-to-day work, and who _can't_ easily switch to an alternative
implementation of the same general concept.

That there exist counterexamples doesn't help those who _need_ to run
applications which don't run well - or at all - under Linux.

And it puts quite a lot of people off to be told "just switch to an
open-source alternative, it's easy" when they mention that their
day-to-day use requires _particular, specific_ applications which are
only available for proprietary operating systems; often without even
naming them or what those applications do, sometimes because they are
so specialized that few outside of some specialized field would even
recognize the name, much less be able to intelligently suggest
alternatives.

Don't get me wrong; I advocate for Free alternatives where those are
reasonable. Most people don't actually need specialized tools, and for
a large subset of those who do, reasonable alternatives _do_ indeed
exist. But quite a few do need specific tools that _aren't_
cross-platform, and failing to recognize that reflects poorly on
_everyone_.

-- 
Michael Kjörling  https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

Re: why reliable linux hasn't gained more market share?

[George at Clug]

On Saturday, 20-07-2024 at 13:54 hlyg wrote:
> crowdstrike makes news headlines, many Windows become blue screens

The CrowdStrike issue was not a Windows issue, it was a CrowdStrike
issue.

The problem did not affect our Windows computers as we have not
installed CrowdStrike software.

I think the media have a habit of over exaggerating things. 

I am not long back from shopping at a supermarket, I asked if they
were affected. Well they were, but not for long as their IT staff
worked furiously to apply the CrowdStrike fix, and soon had things
working again. Not sure how long they were out for, but it did not
adversely affect me, in fact I would never had known if not for the
media hype.

At least I was not travelling on any flights at the time the faulty
update had been pushed. I can wait a day to go buy food, but changing
flights while travelling is something you do not want delays with.

> 
> it is evident that many people around still use Windows

I would agree that Windows is the most used OS for desktop PCs.

> 
> i wonder if linux is more reliable than Windows

Do you think Windows is not reliable?  Why is that?

> 
> according to some statistics linux has only 4% desktop market, 73%
for 
> MS, 15% for MacOS

Windows is loosing ground?, they have over 90% market share once, when
I was checking out stats.

> 
> why free OS hasn't gained more share even after 30 years of
development?

Do you use Linux yourself?

If not, why not?

Have you tried to convincing any Windows users into moving to Linux?

The usual reasons I am given from Windows users are:  

1) They see Microsoft Office as a necessity so then can share
documents with other people. Or they want to use Outlook as their
email client.
(a benefit of having market dominance with a product that can only
effectively run on your own OS)

2) Windows Users believe Windows has more real-time virus scanners
than Linux does.  Please remind me of the list of real-time virus
scanners available for Linux.

3) One thing that concerns me when I try to recommend Linux to Windows
users, is that I cannot get by without using terminal commands in
Linux, but in Windows powershell and command prompt are not required
to be used by standard users. Is it possible to use Linux only from
GUI programs? Many Windows users I know struggle just finding where
their photos are.

4) Software which runs on Windows but is not available on Linux. Photo
shop, various games, etc.   (I am curious how Windows on Copilot+ PC
will go, I expect companies will eventually recompile their software
for the new Snapdragon hardware, but unlikely to rewrite their
software for Linux)

For me, Linux has and does all I require, and I don't mind using
terminal commands now and then. But I am unable to recommend Linux to
anyone who does not 'want' to use it.

> 
> 
> 
>

Re: why reliable linux hasn't gained more market share?

[hlyg]

On 7/20/24 15:02, Michel Verdier wrote:

Linux is not on the market. I buy M$ but download debian. How can you say
how many people is using debian? Once upon a time there was a
linuxcounter...


Thank tomas, Verdier and George!

statistics about market share might come from web servers and game 
servers, they know how many users use linux and Windows.

Re: why reliable linux hasn't gained more market share?

[jeremy ardley]

On 20/7/24 16:56, Michael Kjörling wrote:

On 20 Jul 2024 10:28 +0200, fromgeo...@nsup.org  (Nicolas George):

Thank David! market share is important though it isn't "reliable
recommendation for quality": more users attract more programmers, who
develop more apps,

The programmers who are attracted by market share are not necessarily
the ones who are interested in developing quality and/or innovative
software, though.

A lot of paid-for programmer time isn't necessarily for what the
individual programmer_wants_  to do. If one's employer dictates that
their products should support Mac OS and Windows, for example, then
there's usually little that a programmer, no matter how motivated, can
do to extend that support to include Linux; especially if the product
in question is heavily dependent on OS-specific APIs.


There are plenty of applications that run O/S agnostic.

The earliest were the utterly awful apps in Java that thankfully are now 
biting the dust - "Write Once Run Anywhere" actually meant Write Once 
and run anywhere the identical JVM is in place and the identical O/S.


A while later QT came along and a lot of software uses the QT API fairly 
successfully.


Even later Javascript/Typescript have popped up so applications like 
Visual Studio Code run seamlessly on different O/S


And of course Python is now the language du jour and runs equally well 
on Windows and Linux especially in the AI realm.

Re: why reliable linux hasn't gained more market share?

[Michael Kjörling]

On 20 Jul 2024 10:28 +0200, from geo...@nsup.org (Nicolas George):
>> Thank David! market share is important though it isn't "reliable
>> recommendation for quality": more users attract more programmers, who
>> develop more apps,
> 
> The programmers who are attracted by market share are not necessarily
> the ones who are interested in developing quality and/or innovative
> software, though.

A lot of paid-for programmer time isn't necessarily for what the
individual programmer _wants_ to do. If one's employer dictates that
their products should support Mac OS and Windows, for example, then
there's usually little that a programmer, no matter how motivated, can
do to extend that support to include Linux; especially if the product
in question is heavily dependent on OS-specific APIs.

And let's not forget how many regularly conflate "common" with
"popular". That something is _common_ doesn't necessarily mean that it
is _popular_; it can rather be simply the choice of least resistance.
To within experimental error Linux is always going to face resistance
on the individual level because switching to Linux involves
_replacing_ something which one _knows is working_ on the hardware in
question (as well as something one has a sense of _knowing how to
use_), which is always going to be a rather big step. Myself, I often
emphasize that yes, Linux is _different_ from Windows, but it's not
necessarily _harder to use_, especially for typical office-style tasks
and after a brief period of adjustment.

That said, I've seen a lot of chatter in the creative communities on
the Fediverse (writers/authors in particular) about switching from
Windows to Linux because of Microsoft's recent Recall debacle. I think
I've personally seen three or four people say things to the effect of
"that's it, I'm switching to Linux"; and several more saying things to
the effect of "when I can no longer run my current version of Windows
on my computer I'm switching to Linux". With regards to this week's
Crowdstrike mess, most people who _can_ switch from Windows to Linux
aren't in a position of even having that software on their systems, so
for them personally switching won't have any impact either way. With
Microsoft's Recall, the situation is somewhat different.

-- 
Michael Kjörling  https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

Re: why reliable linux hasn't gained more market share?

[Nicolas George]

hlyg (12024-07-20):
> Thank David! market share is important though it isn't "reliable
> recommendation for quality": more users attract more programmers, who
> develop more apps,

The programmers who are attracted by market share are not necessarily
the ones who are interested in developing quality and/or innovative
software, though.

If they were, you'd have support for software-defined radio signal
processing in FFmpeg, for example.

Regards,

-- 
  Nicolas George

Re: why reliable linux hasn't gained more market share?

[hlyg]

Thank David! market share is important though it isn't "reliable 
recommendation for quality": more users attract more programmers, who 
develop more apps, which attract more users. e.g. many vpn providers 
support Windows and android, not linux.


linux can get distributed by word-of-mouth if it is good, no advertising 
needed

Re: why reliable linux hasn't gained more market share?

[Michel Verdier]

On 2024-07-20, hlyg wrote:

> i wonder if linux is more reliable than Windows

no doubt :)

> according to some statistics linux has only 4% desktop market, 73% for MS, 15%
> for MacOS

Linux is not on the market. I buy M$ but download debian. How can you say
how many people is using debian? Once upon a time there was a
linuxcounter...

Re: why reliable linux hasn't gained more market share?

[tomas]

On Sat, Jul 20, 2024 at 02:45:37PM +1000, David wrote:
> On Sat, 2024-07-20 at 11:54 +0800, hlyg wrote:

[...]

> > why free OS hasn't gained more share even after 30 years of
> > development?
> 
> Because people don't have it hammered into them via the educational
> formats, it doesn't come preinstalled on almost every computer you buy:
> offered as the only option, Linux isn't advertised, and probably never
> will be.

All of them good factors. I may add yet another: because in the current
economic ideology, investing in things seems preferrable than investing
in people -- and Windows (and MacOS) were marketed as "can be administered
by anyone". Which, of course, as often in marketing, is a lie.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: why reliable linux hasn't gained more market share?

[David]

On Sat, 2024-07-20 at 11:54 +0800, hlyg wrote:
> crowdstrike makes news headlines, many Windows become blue screens
> 
> it is evident that many people around still use Windows
> 
> i wonder if linux is more reliable than Windows
> 
> according to some statistics linux has only 4% desktop market, 73%
> for 
> MS, 15% for MacOS

Market share is not a reliable recommendation for quality.
How much market share do Rolls Royce or Bugatti have?

> why free OS hasn't gained more share even after 30 years of
> development?

Because people don't have it hammered into them via the educational
formats, it doesn't come preinstalled on almost every computer you buy:
offered as the only option, Linux isn't advertised, and probably never
will be.
Basically, all the same reasons that Mac is the only option offered in
almost every design school.
Cheers!

Re: Why is Firefox crashing so much lately?

[Gary Dale]

On 2024-07-19 11:09, Gary Dale wrote:

On 2024-07-19 10:42, The Wanderer wrote:

On 2024-07-19 at 10:34, Gary Dale wrote:


On 2024-07-18 09:52, Gary Dale wrote:

Thanks for the tips guys, but I'm not going to switch to XFCE, I'm
using an old AMD graphics card, it's a desktop machine, and the
problem isn't specific to PDFs - although that seems to be one of
the major triggers.

My system has been upgrading from earlier versions of Debian since
Potato. I've been on Trixie since it became the new testing. This
crashing of Firefox is a new issue - had few problems with Trixie
before that.

I'm beginning to suspect it may be related to my recent
introduction of a Pi-Hole into my network. Could it be a problem
for Firefox when it gets a 0.0.0.0 address returned on a DNS
lookup?

Well, I can confirm it's not the Pi-Hole. Took it out of the DNS
chain and Firefox is still crashing frequently. In fact, it's worse
today. Now it crashes when I'm on Facebook and scrolling down using
the mouse wheel.

What kind of crashes are we talking about? I think there may be an
'about:crashes' or similar type of page built in to Firefox, which could
give information about what it's seen happen.

If it's memory-access-related, there might be benefit to trying to e.g.
run under valgrind, intentionally reproduce a crash, and see what that
tool reports. Then again, Firefox is a sufficiently complex app that
that might not be fruitful.

Have you tried running any hardware-error checking tools, e.g. one of
the memtest suites? Crashes that frequent (with software, versions, and
data which other people do not reproduce the problem with) suggest a
possible hardware issue to my mind, although if nothing else is
exhibiting visible issues that makes the hardware a less likely culprit.

Is there any possibility that something in the library/etc. stack which
Firefox sits on top of may be unreliable, or at least be of different
versions from those which the people not observing the problem are
using? One obvious candidate would probably be the graphics stack
(driver, firmware, etc.), but that's not necessarily the only 
possibility.


Looking at the submitted and unsubmitted reports, it seems the 
crashing started on July 10. It always seems to be "CanvasRenderer" as 
the culprit with libxul.so as the guilty module. Firefox was 
reportedly installed 32 days ago.


Anyway, the Firefox developers have received dozens of automated crash 
reports from me over the past10 days.


I do have a rather old graphics card, but it's an AMD one so the 
drivers should be OK. I doubt it's anything else hardware related as 
I'm not having problems with other programs.


The only other things of note:
1) my screen does briefly go blank sometimes while doing something 
involving windows.

2) Plasma 5 isn't saving my desktop when I reboot.


It's not X11 either. It's happening when I use Plasma 5 on Wayland.

Re: Why is Firefox crashing so much lately?

[Gary Dale]

On 2024-07-19 10:42, The Wanderer wrote:

On 2024-07-19 at 10:34, Gary Dale wrote:


On 2024-07-18 09:52, Gary Dale wrote:

Thanks for the tips guys, but I'm not going to switch to XFCE, I'm
using an old AMD graphics card, it's a desktop machine, and the
problem isn't specific to PDFs - although that seems to be one of
the major triggers.

My system has been upgrading from earlier versions of Debian since
Potato. I've been on Trixie since it became the new testing. This
crashing of Firefox is a new issue - had few problems with Trixie
before that.

I'm beginning to suspect it may be related to my recent
introduction of a Pi-Hole into my network. Could it be a problem
for Firefox when it gets a 0.0.0.0 address returned on a DNS
lookup?

Well, I can confirm it's not the Pi-Hole. Took it out of the DNS
chain and Firefox is still crashing frequently. In fact, it's worse
today. Now it crashes when I'm on Facebook and scrolling down using
the mouse wheel.

What kind of crashes are we talking about? I think there may be an
'about:crashes' or similar type of page built in to Firefox, which could
give information about what it's seen happen.

If it's memory-access-related, there might be benefit to trying to e.g.
run under valgrind, intentionally reproduce a crash, and see what that
tool reports. Then again, Firefox is a sufficiently complex app that
that might not be fruitful.

Have you tried running any hardware-error checking tools, e.g. one of
the memtest suites? Crashes that frequent (with software, versions, and
data which other people do not reproduce the problem with) suggest a
possible hardware issue to my mind, although if nothing else is
exhibiting visible issues that makes the hardware a less likely culprit.

Is there any possibility that something in the library/etc. stack which
Firefox sits on top of may be unreliable, or at least be of different
versions from those which the people not observing the problem are
using? One obvious candidate would probably be the graphics stack
(driver, firmware, etc.), but that's not necessarily the only possibility.

Looking at the submitted and unsubmitted reports, it seems the crashing 
started on July 10. It always seems to be "CanvasRenderer" as the 
culprit with libxul.so as the guilty module. Firefox was reportedly 
installed 32 days ago.


Anyway, the Firefox developers have received dozens of automated crash 
reports from me over the past10 days.


I do have a rather old graphics card, but it's an AMD one so the drivers 
should be OK. I doubt it's anything else hardware related as I'm not 
having problems with other programs.


The only other things of note:
1) my screen does briefly go blank sometimes while doing something 
involving windows.

2) Plasma 5 isn't saving my desktop when I reboot.

Re: Why is Firefox crashing so much lately?

[The Wanderer]

On 2024-07-19 at 10:34, Gary Dale wrote:

> On 2024-07-18 09:52, Gary Dale wrote:

>> Thanks for the tips guys, but I'm not going to switch to XFCE, I'm
>> using an old AMD graphics card, it's a desktop machine, and the 
>> problem isn't specific to PDFs - although that seems to be one of
>> the major triggers.
>> 
>> My system has been upgrading from earlier versions of Debian since
>> Potato. I've been on Trixie since it became the new testing. This
>> crashing of Firefox is a new issue - had few problems with Trixie
>> before that.
>> 
>> I'm beginning to suspect it may be related to my recent
>> introduction of a Pi-Hole into my network. Could it be a problem
>> for Firefox when it gets a 0.0.0.0 address returned on a DNS
>> lookup?
> 
> Well, I can confirm it's not the Pi-Hole. Took it out of the DNS
> chain and Firefox is still crashing frequently. In fact, it's worse
> today. Now it crashes when I'm on Facebook and scrolling down using
> the mouse wheel.

What kind of crashes are we talking about? I think there may be an
'about:crashes' or similar type of page built in to Firefox, which could
give information about what it's seen happen.

If it's memory-access-related, there might be benefit to trying to e.g.
run under valgrind, intentionally reproduce a crash, and see what that
tool reports. Then again, Firefox is a sufficiently complex app that
that might not be fruitful.

Have you tried running any hardware-error checking tools, e.g. one of
the memtest suites? Crashes that frequent (with software, versions, and
data which other people do not reproduce the problem with) suggest a
possible hardware issue to my mind, although if nothing else is
exhibiting visible issues that makes the hardware a less likely culprit.

Is there any possibility that something in the library/etc. stack which
Firefox sits on top of may be unreliable, or at least be of different
versions from those which the people not observing the problem are
using? One obvious candidate would probably be the graphics stack
(driver, firmware, etc.), but that's not necessarily the only possibility.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Re: Why is Firefox crashing so much lately?

[Gary Dale]

On 2024-07-18 09:52, Gary Dale wrote:

On 2024-07-17 21:25, Gary Dale wrote:
I'm running Debian/Trixie on an AMD64 system, using the Plasma 5 over 
X desktop. Firefox 115.12.0esr is crashing multiple times per day. It 
frequently happens when page I'm transfers to another page that 
creates a PDF or just has a complicated link. It's annoying.


To visit some pages, I have to use Chromium instead.  Earlier today I 
had to rename a sessionstore-backups json file because Firefox got 
caught in loop where it recognized it had a new tab open but the tab 
caused it to crash.


I also have found that at least one site refuses to work with 115. 
That's been going on for a while. Again, I have to use Chromium for 
that site.


Thanks for the tips guys, but I'm not going to switch to XFCE, I'm 
using an old AMD graphics card, it's a desktop machine, and the 
problem isn't specific to PDFs - although that seems to be one of the 
major triggers.


My system has been upgrading from earlier versions of Debian since 
Potato. I've been on Trixie since it became the new testing. This 
crashing of Firefox is a new issue - had few problems with Trixie 
before that.


I'm beginning to suspect it may be related to my recent introduction 
of a Pi-Hole into my network. Could it be a problem for Firefox when 
it gets a 0.0.0.0 address returned on a DNS lookup?


Well, I can confirm it's not the Pi-Hole. Took it out of the DNS chain 
and Firefox is still crashing frequently. In fact, it's worse today. Now 
it crashes when I'm on Facebook and scrolling down using the mouse wheel.

Re: Why is Firefox crashing so much lately?

[mick.crane]

getting elderly is brilliant.
After getting everything just nice, experienced several system crashes.
"I'll install the nvidia driver and see if that fixes it."
Then I remember why I tried to remove the nvidia driver.
an upgrade caused X to refuse to start.
Install No3 and halfway through making it nice.
My reasoning for installing trixie is that because I'm slow,
if there are any issues, I've more time to sort them out.
mick

Re: Nvidia chipsets and Debian 12 [WAS Re: Why is Firefox crashing so much lately?]

[Gary Dale]

On 2024-07-18 13:51, Andrew M.A. Cater wrote:

On Thu, Jul 18, 2024 at 10:41:50AM -0700, Van Snyder wrote:

On Thu, 2024-07-18 at 07:55 +, Andrew M.A. Cater wrote:

HOW did you upgrade? Did you go via 11?


Fresh install on reformatted boot and root partitions.


OK


I can't do that with my old Dell Vostro 1700 because the NVidia
graphics chip is soldered to the motherboard, and it needs the 340
driver, which is also no longer available.


One chipset.


If it *just* has Nvidia - at this point, use Nouveau - stop trying to
use Nvidia drivers on old hardware and that Dell is 2008 vintage?

I gave up trying to install the NVidia 340 driver on Debian 12.5. If
the rendering is unbearably slow, I'll revert to Debian 10.


Please *don't* do that. Debian 10 is out of security support. Debian 11
will receive a final security update on 31st August as it transitions
to Freexian and LTS. Please use Debian stable wherever feasible.


Software movces on - the very latest Nvidia drivers are "more free"
but
also incorporate entire RISC-V chipsets on board the latest cards.

These are the very latest cards for a desktop/workstation.


I can't upgrade a soldered-in chip.


So just use Nouveau already on a ~15 year old laptop.

All the very best, as ever,

Andy Cater
(amaca...@debian.org)
  


I've been using Debian 12 (Bookworm) on my notebook for the past year 
without issues. It does require the NVidia drivers for the external 
display to work - something to do with the on-board AMD graphics chipset 
apparently.

Re: Why is Firefox crashing so much lately?

[Gary Dale]

On 2024-07-18 09:52, Gary Dale wrote:

On 2024-07-17 21:25, Gary Dale wrote:
I'm running Debian/Trixie on an AMD64 system, using the Plasma 5 over 
X desktop. Firefox 115.12.0esr is crashing multiple times per day. It 
frequently happens when page I'm transfers to another page that 
creates a PDF or just has a complicated link. It's annoying.


To visit some pages, I have to use Chromium instead.  Earlier today I 
had to rename a sessionstore-backups json file because Firefox got 
caught in loop where it recognized it had a new tab open but the tab 
caused it to crash.


I also have found that at least one site refuses to work with 115. 
That's been going on for a while. Again, I have to use Chromium for 
that site.


Thanks for the tips guys, but I'm not going to switch to XFCE, I'm 
using an old AMD graphics card, it's a desktop machine, and the 
problem isn't specific to PDFs - although that seems to be one of the 
major triggers.


My system has been upgrading from earlier versions of Debian since 
Potato. I've been on Trixie since it became the new testing. This 
crashing of Firefox is a new issue - had few problems with Trixie 
before that.


I'm beginning to suspect it may be related to my recent introduction 
of a Pi-Hole into my network. Could it be a problem for Firefox when 
it gets a 0.0.0.0 address returned on a DNS lookup?


For those asking for a particular site, here's one that has crashed 
Firefox twice on me - but not when I visit the page. When I scroll down 
using the mouse wheel, it's crashed three times when I get to around item 9.

Nvidia chipsets and Debian 12 [WAS Re: Why is Firefox crashing so much lately?]

[Andrew M.A. Cater]

On Thu, Jul 18, 2024 at 10:41:50AM -0700, Van Snyder wrote:
> On Thu, 2024-07-18 at 07:55 +, Andrew M.A. Cater wrote:
> > 
> > HOW did you upgrade? Did you go via 11?
> > 
> Fresh install on reformatted boot and root partitions.
> 

OK

> > > I can't do that with my old Dell Vostro 1700 because the NVidia
> > > graphics chip is soldered to the motherboard, and it needs the 340
> > > driver, which is also no longer available.
> > > 
> One chipset.
> 
> > If it *just* has Nvidia - at this point, use Nouveau - stop trying to
> > use Nvidia drivers on old hardware and that Dell is 2008 vintage?
> 
> I gave up trying to install the NVidia 340 driver on Debian 12.5. If
> the rendering is unbearably slow, I'll revert to Debian 10.
> 

Please *don't* do that. Debian 10 is out of security support. Debian 11
will receive a final security update on 31st August as it transitions
to Freexian and LTS. Please use Debian stable wherever feasible.

> > Software movces on - the very latest Nvidia drivers are "more free"
> > but
> > also incorporate entire RISC-V chipsets on board the latest cards.
> 

These are the very latest cards for a desktop/workstation.

> I can't upgrade a soldered-in chip.
>

So just use Nouveau already on a ~15 year old laptop.

All the very best, as ever,

Andy Cater
(amaca...@debian.org)
 

Re: Why is Firefox crashing so much lately?

[Van Snyder]

On Thu, 2024-07-18 at 07:55 +, Andrew M.A. Cater wrote:
> On Wed, Jul 17, 2024 at 08:00:06PM -0700, Van Snyder wrote:
> > On Wed, 2024-07-17 at 22:17 -0400, e...@gmx.us wrote:
> > > On 7/17/24 21:25, Gary Dale wrote:
> > > > I'm running Debian/Trixie on an AMD64 system, using the Plasma
> > > > 5
> > > > over X
> > > > desktop. Firefox 115.12.0esr is crashing multiple times per
> > > > day. It
> > > > frequently happens when page I'm transfers to another page that
> > > > creates a  > PDF or just has a complicated link. It's annoying.
> > 
> > I upgraded from Debian 10 to Debian 12.5 "Bookworm." The NVidia 390
> > driver no longer works, so I had software rendering because nouveau
> > apparently can't do GPU rendering. Rather than crashing, the system
> > essentially froze. After waiting for a VERY long time, I would give
> > up
> > and cycle power, with my reboot set up to start an empty session,
> > not
> > the one I had going at time of the power cycle. I replaced the
> > graphics
> > card with a Quadro K2200, which works with the nvidia-drivers
> > package
> > that's still part of the Debian 12.5 distro. With GPU rendering, I
> > no
> > longer have the problem.
> > 
> 
> HOW did you upgrade? Did you go via 11?
> 
> Did you purge all Nvidia drivers at that point? Nouveau works fairly
> well
> if there's no other trace of Nvidia on the system. Freezing is
> definitely
> a symptom of drivers fighting.

Fresh install on reformatted boot and root partitions.

> > I can't do that with my old Dell Vostro 1700 because the NVidia
> > graphics chip is soldered to the motherboard, and it needs the 340
> > driver, which is also no longer available.
> > 
> 
> If this is the Dell with dual chipsets - one Nvidia to do the heavy 
> graphics, an Intel chipset for basics - like a bunch of gaming
> laptops
> you'd need to look at the Debian Nvidia pages for primus and so on.

One chipset.

> If it *just* has Nvidia - at this point, use Nouveau - stop trying to
> use Nvidia drivers on old hardware and that Dell is 2008 vintage?

I gave up trying to install the NVidia 340 driver on Debian 12.5. If
the rendering is unbearably slow, I'll revert to Debian 10.

> Software movces on - the very latest Nvidia drivers are "more free"
> but
> also incorporate entire RISC-V chipsets on board the latest cards.

I can't upgrade a soldered-in chip.

Re: Why is Firefox crashing so much lately?

[Sven Joachim]

On 2024-07-17 21:25 -0400, Gary Dale wrote:

> I'm running Debian/Trixie on an AMD64 system, using the Plasma 5 over
> X desktop. Firefox 115.12.0esr is crashing multiple times per day. It
> frequently happens when page I'm transfers to another page that
> creates a PDF or just has a complicated link. It's annoying.

Apparently this is bug #1072557[1] in mesa.

> To visit some pages, I have to use Chromium instead.  Earlier today I
> had to rename a sessionstore-backups json file because Firefox got
> caught in loop where it recognized it had a new tab open but the tab
> caused it to crash.

I experienced a similar problem on my laptop where firefox-esr crashed
shortly after the start before even reloading the current tab in all
open windows.  The workaround was to run it with LIBGL_ALWAYS_SOFTWARE=1
set in the environment.

Cheers,
   Sven


1. https://bugs.debian.org/1072557

Re: Why is Firefox crashing so much lately?

[Gary Dale]

On 2024-07-17 21:25, Gary Dale wrote:
I'm running Debian/Trixie on an AMD64 system, using the Plasma 5 over 
X desktop. Firefox 115.12.0esr is crashing multiple times per day. It 
frequently happens when page I'm transfers to another page that 
creates a PDF or just has a complicated link. It's annoying.


To visit some pages, I have to use Chromium instead.  Earlier today I 
had to rename a sessionstore-backups json file because Firefox got 
caught in loop where it recognized it had a new tab open but the tab 
caused it to crash.


I also have found that at least one site refuses to work with 115. 
That's been going on for a while. Again, I have to use Chromium for 
that site.


Thanks for the tips guys, but I'm not going to switch to XFCE, I'm using 
an old AMD graphics card, it's a desktop machine, and the problem isn't 
specific to PDFs - although that seems to be one of the major triggers.


My system has been upgrading from earlier versions of Debian since 
Potato. I've been on Trixie since it became the new testing. This 
crashing of Firefox is a new issue - had few problems with Trixie before 
that.


I'm beginning to suspect it may be related to my recent introduction of 
a Pi-Hole into my network. Could it be a problem for Firefox when it 
gets a 0.0.0.0 address returned on a DNS lookup?

Re: Why is Firefox crashing so much lately?

[mick.crane]

On 2024-07-18 04:00, Van Snyder wrote:

On Wed, 2024-07-17 at 22:17 -0400, e...@gmx.us wrote:

On 7/17/24 21:25, Gary Dale wrote:
> I'm running Debian/Trixie on an AMD64 system, using the Plasma 5
> over X
> desktop. Firefox 115.12.0esr is crashing multiple times per day. It
> frequently happens when page I'm transfers to another page that
> creates a  > PDF or just has a complicated link. It's annoying.


I upgraded from Debian 10 to Debian 12.5 "Bookworm." The NVidia 390
driver no longer works, so I had software rendering because nouveau
apparently can't do GPU rendering. Rather than crashing, the system
essentially froze. After waiting for a VERY long time, I would give up
and cycle power, with my reboot set up to start an empty session, not
the one I had going at time of the power cycle. I replaced the graphics
card with a Quadro K2200, which works with the nvidia-drivers package
that's still part of the Debian 12.5 distro. With GPU rendering, I no
longer have the problem.


My only issue is random system freezes seemingly caused by the browser.
I remembered that that was the reason I installed the nvidia 470 driver.
on originally Bookworm -> Trixie with Vivaldi browser it was stable.

This fresh install of Trixie has had system freeze with firefox
with nouveau driver. Less so (touch wood) with Vivaldi.
There was a message while I was fiddling about that the
 nvidia Quadro K4000 is not supported by something or other.
Perhaps I should invest in a newer graphics card.
mick

Re: Why is Firefox crashing so much lately?

[Andrew M.A. Cater]

On Wed, Jul 17, 2024 at 08:00:06PM -0700, Van Snyder wrote:
> On Wed, 2024-07-17 at 22:17 -0400, e...@gmx.us wrote:
> > On 7/17/24 21:25, Gary Dale wrote:
> > > I'm running Debian/Trixie on an AMD64 system, using the Plasma 5
> > > over X
> > > desktop. Firefox 115.12.0esr is crashing multiple times per day. It
> > > frequently happens when page I'm transfers to another page that
> > > creates a  > PDF or just has a complicated link. It's annoying.
> 
> I upgraded from Debian 10 to Debian 12.5 "Bookworm." The NVidia 390
> driver no longer works, so I had software rendering because nouveau
> apparently can't do GPU rendering. Rather than crashing, the system
> essentially froze. After waiting for a VERY long time, I would give up
> and cycle power, with my reboot set up to start an empty session, not
> the one I had going at time of the power cycle. I replaced the graphics
> card with a Quadro K2200, which works with the nvidia-drivers package
> that's still part of the Debian 12.5 distro. With GPU rendering, I no
> longer have the problem.
> 

HOW did you upgrade? Did you go via 11?

Did you purge all Nvidia drivers at that point? Nouveau works fairly well
if there's no other trace of Nvidia on the system. Freezing is definitely
a symptom of drivers fighting.

> I can't do that with my old Dell Vostro 1700 because the NVidia
> graphics chip is soldered to the motherboard, and it needs the 340
> driver, which is also no longer available.
> 

If this is the Dell with dual chipsets - one Nvidia to do the heavy 
graphics, an Intel chipset for basics - like a bunch of gaming laptops
you'd need to look at the Debian Nvidia pages for primus and so on.

If it *just* has Nvidia - at this point, use Nouveau - stop trying to
use Nvidia drivers on old hardware and that Dell is 2008 vintage?

Software movces on - the very latest Nvidia drivers are "more free" but
also incorporate entire RISC-V chipsets on board the latest cards.

> I tried several of the methods discussed in this thread to get the
> drivers working, but had no success. Maybe I was just holding my mouth
> wrong.
> 
See above.

> > 
> > 
> > I have Firefox 115.13.0esr and it rarely crashes for me, and I have
> > dozens
> > of tabs open.  I use straight XFCE, no Plasma.  Could be it doesn't
> > do PDFs
> > well?  I use Zathura to view PDFs.  It's rather ... "feature free",
> > so I may
> > change.
> > 

Also works for me under GNOME but my usage is light - I don't keep
dozens of tabs open.

All a moot point - we'll probably get 128.* soonest as that's the new
ESR.

All best, as ever,

Andy Cater
(amaca...@debian.org)

> > Can you say what that site is?
> > 
> > --
> >     An idea that is not dangerous is unworthy of
> >     being called an idea at all. -- Oscar Wilde
> > 
> 

Re: Why is Firefox crashing so much lately?

[Van Snyder]

On Wed, 2024-07-17 at 22:17 -0400, e...@gmx.us wrote:
> On 7/17/24 21:25, Gary Dale wrote:
> > I'm running Debian/Trixie on an AMD64 system, using the Plasma 5
> > over X
> > desktop. Firefox 115.12.0esr is crashing multiple times per day. It
> > frequently happens when page I'm transfers to another page that
> > creates a  > PDF or just has a complicated link. It's annoying.

I upgraded from Debian 10 to Debian 12.5 "Bookworm." The NVidia 390
driver no longer works, so I had software rendering because nouveau
apparently can't do GPU rendering. Rather than crashing, the system
essentially froze. After waiting for a VERY long time, I would give up
and cycle power, with my reboot set up to start an empty session, not
the one I had going at time of the power cycle. I replaced the graphics
card with a Quadro K2200, which works with the nvidia-drivers package
that's still part of the Debian 12.5 distro. With GPU rendering, I no
longer have the problem.

I can't do that with my old Dell Vostro 1700 because the NVidia
graphics chip is soldered to the motherboard, and it needs the 340
driver, which is also no longer available.

I tried several of the methods discussed in this thread to get the
drivers working, but had no success. Maybe I was just holding my mouth
wrong.

> 
> 
> I have Firefox 115.13.0esr and it rarely crashes for me, and I have
> dozens
> of tabs open.  I use straight XFCE, no Plasma.  Could be it doesn't
> do PDFs
> well?  I use Zathura to view PDFs.  It's rather ... "feature free",
> so I may
> change.
> 
> > I also have found that at least one site refuses to work with 115.
> > That's
> > been going on for a while. Again, I have to use Chromium for that
> > site.
> 
> Can you say what that site is?
> 
> --
>     An idea that is not dangerous is unworthy of
>     being called an idea at all. -- Oscar Wilde
> 

Re: Why is Firefox crashing so much lately?

[Mike Castle]

At my new job I've been using 115.12.0esr for about three weeks now,
with no crashes.  However, also XFCE.

At home, I use Mozilla's debian repo as described at
https://support.mozilla.org/en-US/kb/install-firefox-linux#w_install-firefox-deb-package-for-debian-based-distributions
for a while now, currently 128.0.  Also XFCE.  You could give that or
a manual install a try to see if it is still a problem outside of ESR.

mrc

Re: Why is Firefox crashing so much lately?

[eben]

On 7/17/24 21:25, Gary Dale wrote:

I'm running Debian/Trixie on an AMD64 system, using the Plasma 5 over X
desktop. Firefox 115.12.0esr is crashing multiple times per day. It
frequently happens when page I'm transfers to another page that creates a  > 
PDF or just has a complicated link. It's annoying.


I have Firefox 115.13.0esr and it rarely crashes for me, and I have dozens
of tabs open.  I use straight XFCE, no Plasma.  Could be it doesn't do PDFs
well?  I use Zathura to view PDFs.  It's rather ... "feature free", so I may
change.


I also have found that at least one site refuses to work with 115. That's
been going on for a while. Again, I have to use Chromium for that site.


Can you say what that site is?

--
   An idea that is not dangerous is unworthy of
   being called an idea at all. -- Oscar Wilde

Re: Why can't i get gnome extensions installed on bookwork?

[Richard]

In theory it should work, as Stable should have the new connector. Maybe
because they adapted to Manifest V3 they had to drop support for ESR.
Though they would have written that in the changelog. But you can easily
test that, Mozilla has their own Debian repo now. Install the normal
Firefox from there and try with that.

As a workaround, you can install the Extension Manager as Flatpak, this
will allow you to install and manage extensions - compared to the
preinstalled one only being able to manage them.

Best
Richard

On Thu, Jun 27, 2024, 22:43 DdB 
wrote:

> So i tried to follow that suggestion, but ...
> on a fresh bookworm install (with firefox-esr), going to
> extensions.gnome.org, i get the prompt to install the
> browser-integration first, but following it leads to a failure-message,
> saying, it would be incompatible to my FFox-version (115.12.0)
>
> The Wiki-page referenced tells me to install the connector fiorst, but
> the latter is installed by default in bookworm.
>
> Now, i am lost. I thought, in stable, the Fox-esr would be compatible
> with the gnome extensions, but it claims, that would not be case.
>
> What am i missing?
> DdB
>
>

Re: Why can't i get gnome extensions installed on bookwork?

[DdB]

Am 27.06.2024 um 19:59 schrieb Dan Ritter:
>   - GNOME doesn't want to support the extensions.
>   - Firefox doesn't want to support the extensions.
>   - Debian doesn't want to support the extensions but provides
>   the package
>   - the person who wrote the GNOME extension manager doesn't
>   provide support.
> 
> -dsr-

Thanks a lot for this info.
i was able to dig out an outdated version, that does work still ... for
the the being. (and i agree to people not wanting to support the
extensions, as that is a nightmare with continuously changing api's)

Re: Why can't i get gnome extensions installed on bookwork?

[Dan Ritter]

DdB wrote: 
> Hello list,
> 
>  i am out of luck and into a rabbit hole, please help me out!
> 
> Now, i am lost. I thought, in stable, the Fox-esr would be compatible
> with the gnome extensions, but it claims, that would not be case.
> 
> What am i missing?

As far as I can tell, this needs two parts. A Debian package
(gnome-browser-connector) and a Firefox extension which comes
from https://extensions.gnome.org/ 

- GNOME doesn't want to support the extensions.
- Firefox doesn't want to support the extensions.
- Debian doesn't want to support the extensions but provides
the package
- the person who wrote the GNOME extension manager doesn't
  provide support.

-dsr-

Re: Why isn't the "whois" package (Priority: standard) installed by default?

[Vincent Lefevre]

On 2024-06-13 22:15:05 +0200, Javier Barroso wrote:
> Hello,
> 
> El jue., 13 jun. 2024 20:48, Vincent Lefevre  escribió:
> 
> > On 2024-06-13 14:43:25 -0400, Greg Wooledge wrote:
> > > On Thu, Jun 13, 2024 at 07:57:59PM +0200, Vincent Lefevre wrote:
> > > > The "whois" package has "Priority: standard".
> > >
> > > hobbit:~$ apt-cache show whois | grep Priority
> > > Priority: optional
> >
> > qaa:~> apt-cache show whois | grep Priority
> > Priority: optional
> > Priority: optional
> >
> > but
> >
> > qaa:~> dpkg -s whois | grep Priority
> > Priority: standard
> >
> I think it is ftpmaster override
> 
> See https://wiki.debian.org/FtpMaster/Override

Yes, but why isn't the priority of the package changed instead?

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Re: Why isn't the "whois" package (Priority: standard) installed by default?

[Vincent Lefevre]

On 2024-06-13 14:43:25 -0400, Greg Wooledge wrote:
> On Thu, Jun 13, 2024 at 07:57:59PM +0200, Vincent Lefevre wrote:
> > The "whois" package has "Priority: standard".
> 
> hobbit:~$ apt-cache show whois | grep Priority
> Priority: optional

qaa:~> apt-cache show whois | grep Priority
Priority: optional
Priority: optional

but

qaa:~> dpkg -s whois | grep Priority
Priority: standard

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Re: Why isn't the "whois" package (Priority: standard) installed by default?

[Javier Barroso]

Hello,

El jue., 13 jun. 2024 20:48, Vincent Lefevre  escribió:

> On 2024-06-13 14:43:25 -0400, Greg Wooledge wrote:
> > On Thu, Jun 13, 2024 at 07:57:59PM +0200, Vincent Lefevre wrote:
> > > The "whois" package has "Priority: standard".
> >
> > hobbit:~$ apt-cache show whois | grep Priority
> > Priority: optional
>
> qaa:~> apt-cache show whois | grep Priority
> Priority: optional
> Priority: optional
>
> but
>
> qaa:~> dpkg -s whois | grep Priority
> Priority: standard
>
I think it is ftpmaster override

See https://wiki.debian.org/FtpMaster/Override

Regards

Re: Why isn't the "whois" package (Priority: standard) installed by default?

[Greg Wooledge]

On Thu, Jun 13, 2024 at 07:57:59PM +0200, Vincent Lefevre wrote:
> The "whois" package has "Priority: standard".

hobbit:~$ apt-cache show whois | grep Priority
Priority: optional

Re: Why LVM

[David Christensen]

On 4/8/24 16:54, Stefan Monnier wrote:

If I have a hot-pluggable device (SD card, USB drive, hot-plug SATA/SAS
drive and rack, etc.), can I put LVM on it such that when the device is
connected to a Debian system with a graphical desktop (I use Xfce) an icon
is displayed on the desktop that I can interact with to display the file
systems in my file manager (Thunar)?


In the past: definitely not.  Currently: no idea.
I suspect not, because I think the behavior on disconnection is still
poor (you want to be extra careful to deactivate all the volumes on the
drive *before* removing it, otherwise they tend to linger "for ever").

I guess that's one area where partitions are still significantly better
than LVM.


 Stefan "who doesn't use much hot-plugging of mass storage"



Thank you for the clarification.  :-)


David

Re: Why LVM

[Stefan Monnier]

> If I have a hot-pluggable device (SD card, USB drive, hot-plug SATA/SAS
> drive and rack, etc.), can I put LVM on it such that when the device is
> connected to a Debian system with a graphical desktop (I use Xfce) an icon
> is displayed on the desktop that I can interact with to display the file
> systems in my file manager (Thunar)?

In the past: definitely not.  Currently: no idea.
I suspect not, because I think the behavior on disconnection is still
poor (you want to be extra careful to deactivate all the volumes on the
drive *before* removing it, otherwise they tend to linger "for ever").

I guess that's one area where partitions are still significantly better
than LVM.


Stefan "who doesn't use much hot-plugging of mass storage"

Re: Why LVM

[David Christensen]

On 4/8/24 14:08, Stefan Monnier wrote:

David Christensen [2024-04-08 11:28:04] wrote:

Why LVM?


Personally, I've been using LVM everywhere I can (i.e. everywhere
except on my OpenWRT router, tho I've also used LVM there back when my
router had an HDD.  I also use LVM on my 2GB USB rescue image).

To me the question is rather the reverse: why not?
I basically see it as a more flexible form of partitioning.

Even in the worst cases where I have a single LV volume, I appreciate
the fact that it forces me to name things, isolating me from issue
linked to predicting the name of the device and the issues that plague
UUIDs (the fact they're hard to remember, and that they're a bit too
magical/hidden for my taste, so they sometimes change when I don't want
them to and vice versa).


 Stefan



If I have a hot-pluggable device (SD card, USB drive, hot-plug SATA/SAS 
drive and rack, etc.), can I put LVM on it such that when the device is 
connected to a Debian system with a graphical desktop (I use Xfce) an 
icon is displayed on the desktop that I can interact with to display the 
file systems in my file manager (Thunar)?



David

Re: Why LVM (was: HDD long-term data storage with ensured integrity)

[DdB]

Am 08.04.2024 um 23:08 schrieb Stefan Monnier:
> David Christensen [2024-04-08 11:28:04] wrote:
>> Why LVM?
> 
> Personally, I've been using LVM everywhere I can (i.e. everywhere
> except on my OpenWRT router, tho I've also used LVM there back when my
> router had an HDD.  I also use LVM on my 2GB USB rescue image).
> 
> To me the question is rather the reverse: why not?
> I basically see it as a more flexible form of partitioning.

As an LVM-newbie (never used it before, i am more familar with ZFS), i
did already collect quite a bit of misconceptions of mine/design
problems with lvm. Therefore i would rather renew the question: Why?

Just one example:
In order to be able to use thin snapshots on my root partition, i did
every thing i could, to have it inside a thinpool... until i noticed
some weird problems booting from it (attributed to grub), so i setup a
/boot outside, but the problems stayed (due to lvm's limitations).

I came to use it to gain some flexibility (although it is an experiment)
and found myself setting up zfs for its data integrity + flexibility,
just to have a quality backup of the lvm-volume(s) on a zfs pool.

> 
> Even in the worst cases where I have a single LV volume, I appreciate
> the fact that it forces me to name things, isolating me from issue
> linked to predicting the name of the device and the issues that plague
> UUIDs (the fact they're hard to remember, and that they're a bit too
> magical/hidden for my taste, so they sometimes change when I don't want
> them to and vice versa).

Even GPT brings you the chance to name hings (like part_label), only it
does not force you. But i have been using that for 10+ years as a routine.

DdB

Re: Why is /var/lib/apt/lists not in /var/cache?

[tomas]

On Mon, Dec 18, 2023 at 09:05:22AM -0500, Stefan Monnier wrote:
> > I would imagine that it's due to the FHS (Filesystem Hierarchy Standard)
> > which defines what the various directories on a "typical Linux system" are
> > for. "man hier", for example, tells me that:
> >
> > * /var/cache - Data cached for programs.
> >
> > * /var/lib - Variable state information for programs.
> 
> These leave open the question of what "data cached for the program" mean
> and what "Variable state" means.
> 
> Another way to look at it is in terms of what it implies.
> For me, `/var/lib` data is data that is important to keep, e.g. data you
> definitely don't want to delete/lose without a very good reason, whereas
> `/var/cache` is data that's handy to have but not indispensable because
> we can reconstruct it (or something close enough) from other sources,
> which means that it doesn't have to be included in backups and it can
> be deleted if it strikes your fancy (typically when you're in urgent need
> of a tiny bit more disk space).

[...]

Most probably you are right, especially since TLDP only says you can
delete /var/cache's content safely across reboots [1]. The apt lists
will be regenerated after doing an apt-get update, so...

OTOH it'd be only a true-real-honestly-promised cache if every apt
command did an apt-get update whenever it found that file missing.

Cheers

[1] https://tldp.org/LDP/Linux-Filesystem-Hierarchy/html/var.html
-- 
t


signature.asc
Description: PGP signature

Re: Why is /var/lib/apt/lists not in /var/cache?

[Stefan Monnier]

> I would imagine that it's due to the FHS (Filesystem Hierarchy Standard)
> which defines what the various directories on a "typical Linux system" are
> for. "man hier", for example, tells me that:
>
> * /var/cache - Data cached for programs.
>
> * /var/lib - Variable state information for programs.

These leave open the question of what "data cached for the program" mean
and what "Variable state" means.

Another way to look at it is in terms of what it implies.
For me, `/var/lib` data is data that is important to keep, e.g. data you
definitely don't want to delete/lose without a very good reason, whereas
`/var/cache` is data that's handy to have but not indispensable because
we can reconstruct it (or something close enough) from other sources,
which means that it doesn't have to be included in backups and it can
be deleted if it strikes your fancy (typically when you're in urgent need
of a tiny bit more disk space).

> system, so apt's state is more like the state of the repositories.

But both the "files that contain the list of .deb files" and "the .deb
files" are part of the state of the repositories :-)

Or, stated in another way, this way to look at the problem degenerates
into philosophical questions.  So I think the question "does it have
to be included in the backup" is a better guide.


Stefan