The other day, I was trying to explain to my wife why I wanted to install Ubuntu on my Eee PC in place of Xandros. She is not tech-stupid. She’s quite tech-savvy actually. She just isn’t that Linux-savvy. I found myself spewing out a whole bunch of words I knew she wouldn’t understand. Why would any normal person know what a distro or a repository is? What’s a kernel? What’s sudo? Well, the sudo thing she got, because she’s a Mac user and has used OS X’s terminal before.
Explaining the switch to someone who isn’t Linux-savvy forced me to think about what’s important to me as a computer user and to realize that I’m a little geekier than I thought I was. Sure, I’m no programmer. I’m not a system administrator or even help desk (except as a volunteer on the Ubuntu Forums). But here I was with Xandros, a Linux version customized to work flawlessly with the Eee PC, and I was ditching it. The boot time on Xandros is about 24 seconds from the time I press the power button to having a usable desktop with a wirelessly-connected Firefox session.
That’s not enough for me. Apparently, I also want security. The fact that you cannot have sudo in Xandros prompt you for a password without rendering your system unbootable makes Xandros, as my wife puts it, “no better than Windows.” For almost all intents and purposes, you are running as root (the total administrative with all privileges). There are software packages you can’t remove without removing essential components, and you can’t even get Xandros to not have a “What do you want to do?” prompt every time you plug in a USB device.
Most importantly, though, Xandros’ software repositories are weak. There are workarounds, but they are all flawed – mixing and matching various repositories, keeping multiple versions of the same libraries, pinning sources. It’s too convoluted and risky. I had to explain to my wife the idea of a software repository as different from Windows and Mac. In Windows and Mac, if you want to install software, you launch your web browser and search for a program, download it, and install it. In Linux, there are software repositories that have collections of software and software package managers that take a look at what’s in the repositories and download and install whatever you want from what’s available. It’s a bit like online shopping… “like Amazon,” I said. The package manager checks what’s in stock, you put things in your shopping cart, and then you check out, and the package manager installs things for you. “Installing software in Ubuntu is like shopping on Amazon, where you can get just about anything, and installing software in Xandros is like….” I was trying to figure out how to bring Xandros into the picture here, when she stepped in, “shopping at 7-11?” Yes, that was it exactly.
In Ubuntu, you just need to click a few times to add several vast repositories of software with lots available and very few conflicting packages. In Xandros, you have to use limited user-maintained extra repositories or mix and match with Debian repositories (which are only partially compatible with Xandros), and then you sometimes have to force the package manager to install an older version of MPlayer to get certain functionality or manually “install” a newer GTK library to install the latest version of Firefox.
Don’t get me wrong, Asus has created a wonderful internet appliance with the Xandros Eee PC, but I think an internet appliance-like Linux operating system can also be created that allows people to easily tweak it without worrying about breaking things. Ubuntu gives me that freedom, and that’s why I’m using eeeXubuntu on my Eee PC… even if it does take me 56 seconds to boot.
quote: In Ubuntu, you just need to click a few times to add several vast repositories of software with lots available and very few conflicting packages.
Yeah it’s like that with Mandriva too, and the security is even better, with Mandriva, because you don’t rely on the user’s password to do System changes, you have a real root and a separate root password.
quote:”Yeah it’s like that with Mandriva too, and the security is even better, with Mandriva, because you don’t rely on the user’s password to do System changes, you have a real root and a separate root password.”
I have to dissagree with you there, The advantage of not having a root is that you don’t have a root session, you just grant root privilages to an application of one execution only with sudo. If you choose a good passwd there is no issue. If you are realy parranoid, you can treat the primary user account like root and create a limited account for normal day to day use. I don’t see any advantage in the seperate root model. Also, anyone trying to break in will be expecting a root accoutn immediatly, whereas in ubuntus method, they’d have to guess the admins username too!
quote: I have to dissagree with you there, The advantage of not having a root is that you don’t
Of course you do.
The problem is, all the person breaking in to the Ubuntu system has to know is the user’s password, and they have the keys to the kingdom, and most people use easily guessable passwords for their own account, as most people find creating and typing in passwords onerous.
However on my Mandriva System, even if you do manage to get my personal password, or indeed the personal password of any other user on my Mandriva Systems, you still have to find the root password.
The point of universal sudo, for system administration, on Ubuntu is not improved security. It’s point is to provide a Linux that has a user experience that is closer to the user experience on Windows, in order to get Windows users, particularly less technical windows users, to use a Linux.
Have to agree with you on the Xandros-eeeXubuntu thing – Xandros is pretty lame, even after you’ve enabled the ‘Advanced’ desktop
Actually Mandriva works even better on the Eee. The USB version of Mandriva was developed specifically for the Eee for sale in Congo.
You can give root a password in ubuntu.
# sudo passwd root new_password new_password
you can even do sudo gdmsetup (( i think it is gdmsetup)) and enable a graphical root Logon.
Great post BTW. You are on my rss list.
quote: You can give root a password in ubuntu.
# sudo passwd root new_password new_password
Yes you can, but you still have sudo userpassword, which is intrinsically unsafe. sudo was not designed to be a generic tool for doing system administration, it was designed so that a System Administrator, a person with root access (that is the person with access to the root password), could give non adminstration users temporary and minimal access to certain system commands. By using sudo the way Ubuntu does, reduces the security of the Linux system.
Also in practice very few, if any, Ubuntu users are going to go to the trouble of setting up a root user and root password, so that Ubuntu functions the same way as other linuxes. The whole point of sudo, on Ubuntu, was to make the experience of using close to the Windows experience as possible. In the process Linux security has been compromised somewhat.
quote: you can even do sudo gdmsetup (( i think it is gdmsetup)) and enable a graphical root Logon.
That would be stupid. you would have an even more broken linux, like Linspire is.
That whole deal about sudo being less secure is total and utter bullocks.
You are not supposed to give sudo rights to all users, just to the one(s) that needs to install stuff, and he is the supposed admin of the system, what’s better is that you are not giving root passwords to anyone, yet an app getting vulnered will not be able to scalate either. At the end sudo is at least as safe as the alternative, if not safer.
Sudo is safer than su because, you still just have 1 root password. It’s just the sane as your account. With su, if someone’s trying to break into a machine, they already know the username of the root account. If they are trying to break into a sudo-protected account, they need to guess the username too.