Linux Software Installation, Part VI: Conclusions

The arguments are posted, and there is little left to say. This is the closing summary of my article series about Linux Software Installation. You can find an overview of all articles at this page.

The bottom line is: installing software on Linux is a horror at the moment. This horror leads to some absurd, some strange and also some very mean situations. The main point for me in this regard is:

Linux is hostile to small applications and niche software.

There are tools and solutions available to make it easier. However none of them can really integrate with the underlying operating system. The best solution to overcome this situation would be the native package manager API – together with strict rules and quality conditions. But although the LSB says this will take some time I haven’t seen any progress or even any positive words about this in recent time.

The next step therefore is: to ask the people responsible for that situation. The distributors. They are in charge for the topic software installation, and as long as they don’t move – as long as they don’t want to move – nothing will change.
So, if you know some of the people: ask them. Also, ask them what they think about the arguments. As I already said: many of the opponents of such solutions don’t have a closer look at the current situation. And they tend to not see the real disadvantages: when you ever start a discussion about that topic, keep clear that you are not (even) talking about propriatary software. Not at all.

In the meantime, I’m not sure what I’m going to do with my friends. I simply cannot recommend Linux for their computers. It will not work out. They will feel restricted and limited, and that’s the last thing I want. Maybe the next who asks me will get a “Mac OS” as answer, since you can easily install software – and at least the core and some of the other important bits of the system are free. :/

Solid development

Solid is supposed to become the library to talk to when KDE 4 applications need to interact with the system hardware. It was now announced that the base libraries are ready for integration now. Also, a glimpse at what can be expected from the features of Solid was given.

In a recent Linux.com interview about the last KDE 4 snapshot Will Stephenson talked a bit about Solid and the current state.
The base libraries are ready now: and that means that application developers who are developing applications which need to interact with the system hardware somehow should start using Solid. This would help Solid to see where it fulfills the needs of the developers and where it is still lacking functionality. It would help to bring Solid into an even better shape which in return would help other developers.

The question is where Solid will actually be used, and which application developers should have a closer look. The answer is pretty easy: if you have an application which had some hardware related code whatsoever, you might want to talk to the Solid developers – because if the techniques your application needs are integrated into Solid other applications can use them as well.

One example is kopete: kopete is able to talk to a webcam. This is pretty nice and helpful, but there are other applications which need this feature also. Therefore, the developers will integrate this code into Solid to provide it to all applications. You might even go so far to dream of a simple webcam-application which is written in just a few lines.

Also, think of the network connection: Solid can take care of this and can be the central place to inform all other users when the network connection gets lost or is re-connected. To accomplish that aim Solid will work together with kNetworkManager:

And of course, last but not least your applications becomes portable: if your application accesses only Solid you don’t have to care if the underlying Operating System provides NetworkManager, or if it provides the v4l API – Solid will take care of it.

Linux Software Installation, Part V: Arguments

After I wrote about possible solutions this article of my series dedicated to Linux Software Installation now comes to the tough stuff: the arguments pro and contra binary installers. I will try to discuss the most important arguments I read and heard over time and also in the comments of the previous articles.

To summarize: in my previous post I stated that the perfect solution would be an API provided by the native package manager. This API would make it possible to register new packages and also new files to the package manager. The tool which would use that API would be a binary installer.

Contra

There are several objections I read against binary installers. I will pick up the topics quality, security, technical details, updates, some other arguments and one dumb one.

Quality

Quality wise a general binary installer which is not fully part of the native package management is sub-optimal. That’s right. You can go even further: every package maintained by someone else than the original developer is most certainly not optimal.
But on the other side it is not realistic to assume that every developer of software will learn several different package managers, even more packaging rules, and after that keep a track of several different distributions. Therefore it doesn’t make sense to wait for the perfect situation.
And although a native package is usually better than other attempts, a package following clear rules (think of LSB and FHS here) and which registers with the native database would not totally wreck the quality. In fact, if everything is done right the quality could be acceptable. And compared to a set of different self made binaries provided by different projects/developers (which already exists) such a solution would be much better. Also quality wise.

So, yes, you need to have strict rules for such installers. But that’s possible. You can set guidelines as well as providing testing tools like rpmlint.

Security

This one is raised most often: if you have a binary installer it can do evil things. And I have to admit: this argument is the one I never got at all. No question: binaries provide you with the possibilities to do evil things like starting services, installing root kits, and read your e-mail.
But that is possible already: you can provide binary installers which install on almost every Linux platform and even compile a kernel module. VirtualBox uses such an installer. Mono also provides an all-distribution-binary.
Also, if you are experienced enough you can already build a set of native packages for different distributions. Skype does that, for example.
There would be nothing new at all with a binary installer just because it registers with the local package management.

Also, if you trust someone that he develops good source code, why shouldn’t you trust him with the binary he provides – given that it is according the strict necessary rules? If you do not trust that person, don’t install the program at all – the developer wouldn’t make good source code but attach bad stuff to the binary, he would just include it into the source code, deeply hidden in obfuscated code.

And: the way of integrating a package first into the native repositories adds one more level of security problems. Take my case: I even maintain a program like ktorrent for Fedora which sends and receives a lot of network traffic. You have to trust me that I do not suddenly turn evil and introduce some bad scripts into the package (as post-install scripts or patches, for example). Or that my computer is not suddenly overtaken and that evil code is introduced by some evil cracker. Or that I’m blackmailed.
There is not more security in the repository system, but less: given a repository like Fedora’s you add more than 200 extra people you have to trust. Trust that they don’t turn evil, trust that they keep a good eye at their computer, trust that they are not blackmailed in any way, etc.

The only security advantage I see from native packages at the moment is that the packages are signed and that you can be sure that they haven’t been changed in the way from the server to yours. But binary installer could be singed as well.

Technical details

One major technical concern against binary installers was that it only solves the problem to a certain degree: you would still have to provide different packages for different architectures. But that is plain wrong: Apple showed that it is indeed possible to provide cross-architecture binaries even for big and complex applications. Sure, they have their shortcomings also (well, mainly size as it looks like), but it works, and if it is done right and if the appropriate tools are available the developers start to adopt that technique. Firefox for example provides Universal Binaries for Mac OS X.

Another technical concern, this time from the other side, is the question why the binary installer would have to deal with the native package management – it could just drop its software to /opt/. If it would correspond to the LSB specifications for installing software than this part would be even easier since the chance of overwriting files would be almost zero. It would be enough to query for the LSB version.
This is true, and I think some of the installers out there are working in this way. However, in the long term there should be more applications delivered by this way, and these applications would have dependencies. And in the long term such a package manager API could also provide that. Not necessarily call for installing additional software, but at least asking if library X of package Y is already installed or not.
Additionally history has proven that such package-manager-ignoring attempts are not liked by the native package manager developers. And we can’t fight them (let alone that I do not want to). Also, this option is there already – and it wasn’t picked up by the majority.

This argument also ignores that most of the software developers I am talking about are running a Linux distribution and like their package manager. This might be different for big companies, but as I said my focus is not on them.

Updates

I give you that: a binary installer planned in the way described here would not have a proper way to update itself. But that is more due to the fact that the attempt described here is evolutionary. There is no reason why future API versions could not also include possibilities to register update techniques with the native software management.
However, lets start with small steps. When the first version of such an API is there we can think about more possibilities: real dependencies for specific software like databases, apache, compilers, and so on, and also ways to update software.

Some other arguments

There were also some strange arguments I read and heard during discussing that topic.

Once I was faced with: “source code is the Unix way of delivering software”. Well, no. First of all Linux (which is technically not a Unix, btw.) distributions normally provide a huge amount of pre-compiled software, and second Apple’s Unix (the probably most used Unix around) provides binaries also. No source-code-only.
Also this argument is a bit odd because “the Unix way” was also to be never attracting to normal people, just to software developers and system administrators. That has changed. And “the Unix way” was for years that it never had a usability focused GUI. Gnome and KDE changed that.

Another time I read “providing binaries is not the developers job”. That is very interesting because: who says that? I personally never read that from a software developer. In contrast, I much too often crossed pages were there were binaries provided – for Windows, but not for Linux.
I would like to leave this up to the developer. One developer even decided to write his own binary installer out of the need that he wanted to provide the binary!

One reader mentioned that the current problem teaches the users: if they are not provided with binary installers they become educated computer users who can compile software by themselves. Well, this might be true, but there is no need for that. Sure, we need educated computer users security wise. One of my current jobs in real life is actually to educate computer users and to explain why the internet can be dangerous. We need to tell the computer users what it means to download binaries, what it means to open e-mail attachments, and so on.
But that has nothing to do with compiling software. My friends do not have to know about that: for them a computer is the tool to work with, not the tool to work at. It should help them solving problems, not become a new problem. Everyone should know how to use a computer in a secure way, but not everyone should know how to build OpenOffice.

The dumb one

Well,the dumb one is the one I hear when an opponent ran out of arguments: “you just want to duplicate Windows, go and use that!”.
No. I don’t want to duplicate Windows. And I don’t want to use it. I love the choice I have on Linux (you might want to remember the word “choice” for another argument later on…), I want to have a possibility for people I know to easily install software provided at usual places on their Linux machines.
And, btw.: this is not a features existing on Windows only. Mac OS has that feature. Most smaller operating systems have that feature also.

And, for everyone using this argument because there is no real one left: feel free to not use such a binary installer if it ever comes into existence. Why object a technical feature you don’t have to use? After all, the source code will not magically vanish when such a binary installer comes to life.

Pro

Well, I already said quite a lot about the binary installer and the API, and why we need them. Out of that reason this section will mainly describe the disadvantages of the current situation. I think most people do not really think about that reasons and that it is important to point them out.

The main argument

Just to have it in this article as well: the main argument for an API/a binary unified installer is that software installation on Linux would get easy enough for average computer users. It would empower the users to be able to install software they like instead of just the software their distributions likes. On the other hand developers would have an easy way to provide their software in an actual usable way (from an average users point of view).

If both problems are solved more users come to the Linux platform which in return brings more power to the Linux platform.

Pure mainstream software

From an average computer users point of view the only software available for Linux is pure mainstream software: Firefox, OpenOffice, etc. Other software, especially small tools or niche applications, are not. And they will not be available.

To say it in even more drastic words: currently Linux, the platform dedicated to free choice in every case, does limit the software choice brutally to the big, main applications. Small or specialized applications have little to no chance to get a foot on the Linux platform because they cannot be installed by average users.
(Remembered it? )

Linux is hostile to small applications and niche software.

Commercial vendors

This is another wacky thing: you need quite some knowledge and time to provide different binaries for different distributions. Therefore, projects with a lot of money – especially proprietary software projects – which have this money are more likely to provide such binaries and therefore have a much better stand against competitors.
Sure, Free Software can find its way into the repositories eventually. But to get there it has to be good enough and popular enough. But how to become popular and widespread if you have a strong opponent? How to attract good developers and usability experts if you don’t get popular? Also, it can take a long time to be integrated and it is not granted at all that the repositories will ever include your software. And I know of much too much software which is not in all large repositories yet although the software is around for a long time already.

Against testers and new software

Currently testing new software or new versions of software is possible only for people who know how to compile software. There is no way how a broader audience for example could test a RC or beta software. Also, even if you release a total new stable version you only slowly get feedback because the repositories have slow response times. Some repositories only need days to catch up, but others need weeks or months.
And every developer knows how crucial it can be to have a broader audience testing a new piece of software.

No one gets hurt

I know that some people will not pick up the idea even after reading through this arguments page. But that is ok, because: nothing would change for these people. Nothing at all. There would still be source code provided, and there would still be the big distribution repositories. The API for the binary installer would just add another possibility, not a necessity.

Other arguments

There are several arguments I haven’t picked up. For example, in the long term a unified binary could also take usage of functions like triggering by the package management (re-registering of plugins, kernel rebuilds, etc.). Also, I didn’t even look at proprietary software vendors which would also benefit from such an installer. Also non-internet distribution of software (additional software on CD when you buy hardware xy, distribution of software to people who have slow connections, etc.) would become possible.

Closing words

So far about the arguments. I’m pretty sure that not everyone agrees on every point, feel free to leave a comment. I will not dive into page long discussions here since a blog is the wrong place for it but sharing arguments would be nice.
However, if you actually read the entire blog, please keep also one thing in mind: my focus is on the real world. I want to have a solution which is working good in real life. Not one which is absolutely perfect in the sense of philosophical trueness. If you search for your personal religion here there is no need to share arguments because it would not make sense.

This series is almost at the end, I will just sum up everything in a last article. Well, at least that’s the plan. In the meantime, you can have a look at the extra page I created which lists these articles. It makes it easier to get an overview about this series.

More KDE developers become official WebKit reviewers

Since the official launch of the WebKit project other KDE developers already got reviewer positions. Now three other KDE developers got these rights too.

WebKit is Apples port/fork of khtml and base for Apple’s web browser Safari and other applications. It was in the beginning mainly driven by Apple’s own development team and there were actually discrepancies between the khtml team and the WebKit team since the WebKit team had a strange wa to release their patches.
However, fortunately this seems to have mainly settled: several KDE developers joined and helped to develop WebKit in the past, Zack Rusin and Rob Buis already got reviewers rights.

Now the WebKit team gave other KDE developers these rights too: Lars Knoll, the original creator of KHTML, and Nikolas Zimmermann, who created KSVG2 together with Rob Buis. Well, they have deserved these rights, no question. I mean, they were the main developers, they created the foundations for this project. Btw., I already blogged about these two guys and WebKit quite some time ago.
Also, Qt ninja George Staikos got review rights for patches for the Qt port of WebKit.

What does this all mean now?
First: nothing special. Some main KDE developers got review rights on an interesting project. But there are now good chances that the khtml and the WebKit development cooperate more now and share features and fixes. Keep in mind that the CSS3 support in khtml is the best available today, but that the WebKit people didn’t sleep either. Also, it could be possible that we see a Qt-WebKit port which would be available also as a browser for KDE.
Also there is the possibility that WebKit comes available as a kpart for KDE – that would mean you could exchange the khtml kpart with the WebKit kpart. You wouldn’t see the change directly (no new GUI, for example) but the rendering might be different from the khtml rendering.

But anyway, *afaik* there haven’t been made any decision about that, so we will see.

Small but nice KDE app: kis

There are plenty of new applications every day in the Free Software world. Sometimes some of them are very small but yet can be very helpful because they manage a small but clear task in an easy way. In this regard, welcome kis.

I just came across kis which is actually more a kommander script than an application. It delivers one single service to the user which is yet quite important: internet connection sharing.

Don’t get me wrong, you can easily get such a sharing by yourself when you know which rules you have to apply to iptables. However, not everyone likes to do that or wants to write his own script. Also, there are users who are not able to perform something like that one the terminal. And last but not least: I don’t see the point of forcing users to the terminal.

Kis now does this for you – and it comes with a clean GUI for that task. You choose your interfaces, the IP range you want to share, and you’re done. Clean, fast and easy.
Of course the example of this application comes from the Windows world, but that does not mean it has to be bad

And, since I was a bit bored but also interested how to deal with kommander scripts in rpm packages I tried to come up with a rpm – and it actually works. It even creates a menu entry
Here are the necessary files: rpm (x86), srpm

This is, btw., again a good example of the difficulties to spread nice but small software among the Linux community – I honestly doubt that this tool will find its way into the repositories since it is very small, just performs one single task and does not even has to be compiled…