Choosing a good, complex, and memorable password can be tough.

Many of us like to reuse the same password, or passwords, over and over again rather than try to remember dozens of different password for dozens of different sites. Sometimes we run into problems when a site has a particularly stingy set of rules for password creation, and we have to come up with a new password, and we usually don’t remember it for the next time we want to use that site. I went through a five month streak with Verizon Wireless, where I changed my password every month when I went to check my bill online and had forgotten the old password.

So I’ve come up with a system to help you come up with a password to use consistently that meets many of the requirements, as well as being a strong password. You should still be careful with your password, and change it whenever you feel it necessary. One of the biggest ways people’s accounts get exploited is not because of password strength, but because they write it down for everyone to see, or submit it into forms in plain text, or save it on a public computer.

You want to find a 6-8 letter string of characters with numbers and letters. The string should not begin with a number, and should not contain any words within it.

Pick a letter as the first character. Say ‘t’.

Pick a number as the second character. Say ‘3′.

Pick a ,four, five, or six letter word, and purposely misspell it. You can even use a word you commonly misspell, or typo, anyway. It’ll satisfy the ‘no words’ criteria while still being letters you can remember. Say ‘ctach’.

Put them together and you have a fairly easy to remember password that can be used at almost any site out there. ‘t3ctach’

I like to make my string seven characters, this way if I accidentally lock myself out of an account, or my password expires, I can simply add a ‘1′ to the end of my string and have a good chance of remembering it, without having to come up with a new password.

VMware Workstation installs fine in Gentoo, for the most part. There are a few steps that must be taken first, luckily they’re pretty much self-explanatory.

# create init.d symlinks
cd /etc
ln -s init.d rc0.d
ln -s init.d rc1.d
ln -s init.d rc2.d
ln -s init.d rc3.d
ln -s init.d rc4.d
ln -s init.d rc5.d
ln -s init.d rc6.d
ln -s init.d rcS.d

# now, install vmware
sh VMware-Workstation-6.5.1-126130.x86_64.bundle

# and then copy gentoo's init scripts over vmware's
mkdir -p /etc/vmware/init.d
mv /etc/init.d/vmware /etc/vmware/init.d/
cp /usr/portage/app-emulation/vmware-workstation/files/vmware-workstation.rc \
/etc/init.d/vmware
chmod +x /etc/init.d/vmware
rc-update add vmware default

Short version:

sh VMware-Workstation-6.5.1-126130*.bundle
yum install gcc kernel-devel-`uname -r`
mv /usr/lib/vmware/modules/binary /usr/lib/vmware/modules/binary.old
vmware-modconfig –console –install-all

Slightly-less-short version:

1. The .bundles available on VMware’s site are just huge shell scripts. Thus, we execute them like one:

sh VMware-Workstation-6.5.1-126130*.bundle

2. The install should finish successfully, but it won’t run because the modules will not fit into Fedora’s running kernel. To fix that, we first need to install gcc and the kernel-devel package for your running kernel:

yum install gcc kernel-devel-`uname -r`

3. Move the directory where the module object files were installed, then run vmware-modconfig. Because you moved the object files directory, it will try to recompile them.

mv /usr/lib/vmware/modules/binary /usr/lib/vmware/modules/binary.old
vmware-modconfig --console --install-all

VMware should now run.

rsync is a software application for Unix systems which synchronizes files and directories from one location to another while minimizing data transfer using delta encoding when appropriate. (Thanks, Wikipedia.) Since this is supposed to be a quick tutorial, we’ll skip the formal lecture and get on with some usage examples.

1) sync a whole directory from one location on the local filesystem to another, while keeping all metadata such as ownership and permissions in tact:

rsync -azvrP /media/disk/source /home/user/destination

Important note: if source does not have a trailing slash, it will create the directory source/ inside destination/ — if it does have a trailing slash, it will copy only the contents of source but not source/ itself. This is similar to `cp /source` vs. `cp /source/*`

2) sync from a local machine over ssh to a remote server

rsync -zvrP /home/user/source user@10.10.10.100:

rsync uses ssh for remote connections by default, so there is nothing special you have to do besides the remote destination syntax which is identical to scp. (Obviously, sshd must be running on the server.) In this example there is nothing after the colon, meaning it defaults to the user’s home directory.

3) sync from a local machine over ssh to a remote server on a non-standard ssh port to a non-home directory

rsync -e ’ssh -p 12345′ -zvrP /home/user/source root@10.10.10.100:/usr/local/

The -e flag takes a string identical to what you would use if you were using ssh manually. In this example, ’ssh -p 12345′ connects using port 12345 on the server. The other difference is the destination directory on the end of the remote IP. To copy from a server to yourself, simply reverse source and destination.

4) sync one directory to another, except for files ending in .iso and .img

rsync zvrP –exclude ‘*.iso’ –exclude ‘*.img’ /home/user/source /media/destination/

Nothing new here except for the –exclude option. (Those are TWO dashes, not one! Wordpress likes to change things without my permission.) This is useful for when you’re backing up a directory but don’t care to transfer huge files that you can easily re-download. For more details about fine-grained exclusion, see the rsync man page.

Command line options
Personally, about 95% of my rsync usage is accomplished with -zvrP. Below is a quick table of all the options seen in the previous examples.

-a: archive (implies -rlptoD)
  -r: recursive
  -l: copy symlinks as symlinks
  -p: preserve permissions
  -t: preserve modification times
  -g: preserve group
  -o: preserve owner (root only)
  -D: (implies --devices --specials)
    --devices: recreates character/block devices
        (receiving end must be root)
    --specials: transfer special files like named sockets

-z: compress during transfer
-v: verbose
-r: recursive
-P:
  --partial: keep partially transferred files
  --progress: show progress during transfer

-e: specify the remote shell to use
--exclude: excludes files matching PATTERN

I never thought this day has come but it did.  Here is the telephone transcript of a call I just had.

Moron: Hello, I cannot access your website

ME: what website?

Moron: The mail site.

ME: What website are you going to.

Moron: https://mail.COMPANY.com

ME: can you get to other websites, like google?

Moron: Yes, I can do everything except get on the mail site.

ME: I verified that the site is working.  Can you provide the web address again, maybe there is a typo.  Also, are you using bookmarks?

Moron: I always type it.  I never use bookmarks.  I am putting in https://male.COMPANY.com…oh wait, it is supposed to be mail.COMPANY.com isn’t it?

ME: Yes, does it work now?

Moron: I have to go now…

Thats right, he was using male instead of mail…where is the world coming to?

Light-Bot is a robot programming game and this article gives you all the programs to complete the game.  I’m a programmer, of course, so this helps a lot.  If you want to play this, you can play it on Kongregate:

http://www.kongregate.com/games/Coolio_Naito/light-bot

F: Forward
R: Right
L: Left
J: Jump
B: Light Bulb
1: Function 1
2: Function 2

Level 1: Program your bot to move and light up the blue tiles!
Main: FFB

Level 2: Try turning your bot!
Main: FLFRFFFRFB

Level 3: Jumping can get you over barriers!
Main: FJJFLBFBFB

Level 4: Jumping can also get you to new heights!
Main: FJJFRFFFFFB

Level 5: Get it now?
Main: JFFLFFFLJJJB

Level 6: Not enough space? Try creating Functions using F1 and F2
Main: F1R1BJR2RR22
F1: JJ
F2: FFFB

Level 7: RE-USING functions is great for REPETITIVE tasks!
Main: 1RFR1
F1: 2222
F2: BFBF

Level 8: Putting the “fun” back in “functions”!
Main: JF111R1
F1: BFFBRFF

Level 9: Now you’re thinking like a programmer.
Main: JLJ1111
F1: BJBFBJR

Level 10: Do you feel your mind getting numb yet?
Main: FFF11BRR1JR2
F1: JFLJFRJF
F2: JL1FB

Level 11: Second-to-last level… up to it?
Main: 1RJR1RJR1
F1: 22LJL22
F2: BFBFBFBF

Level 12: The Final Level Don’t get dizzy!
Main: FJBL1R1R11R2
F1: BJBJBJ
F2: 1R1R1

GREAT JOB You are truly a programmer at heart!

Well, I have a friend who got fired from his job.  His job forgot to obtain a company issued laptop so he asked me to fix it up for him.  Since they gave him local admin rights, I figured I would spoof up the OS a bit.  The first issue I noticed was that symantec was broken.  I found the following kB article from symantec and ran through this without any issues.  Its a bit tedious, but hell, its worth it!

To remove Symantec AntiVirus from the registry

1. On the Windows taskbar, click Start > Run.
2. In the Open box, type the following text:

   regedit

3. Click OK.
4. In the Windows Registry Editor, in the left pane, go to the following key:

   HKEY_CLASSES_ROOT\*\Shellex\ContextMenuHandlers

5. In the left pane, right-click LDVPMenu, and then click Delete.
6. Expand the following key:

   HKEY_CLASSES_ROOT\Installer\Features

   This key contains many <Package Code> keys.

7. Click each <Package Code> key, and look in the right pane for references to SAVMain.
   If you see any references to SAVMain in the right pane, then delete the entire <Package Code> key.
8. Expand the following key:

   HKEY_CLASSES_ROOT\Installer\Products

   This key contains many <Package Code> keys.

9. Click each <Package Code> key, and look in the right pane for references to Symantec AntiVirus.
   If you see any references to Symantec AntiVirus in the right pane, then delete the entire <Package Code> key.
10. Expand the following key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

    This key contains many <Package Code> keys.

11. Expand each <Package Code> key, and then click the InstallProperties key.
    If you see any references to Symantec AntiVirus in the right pane, then delete the entire <Package Code> key.
12. Expand the following key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

    This key contains many <Package Code> keys.

13. Click each <Package Code> key, and look in the right pane for references to Symantec AntiVirus.
    If you see any references to Symantec AntiVirus in the right pane, then delete the entire <Package Code> key.
14. Delete the following keys:
    • HKEY_CLASSES_ROOT\Installer\UpgradeCodes\20A7FB42A06BB49448A397B3CB77ED4D
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\20A7FB42A06BB49448A397B3CB77ED4D
    • HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\DllUsage\VP6
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\20A7FB42A06BB49448A397B3CB77ED4D
    • HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SPBBC
    • HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec AntiVirus
    • HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SymNetDrv
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\System\SAVRT
15. Expand the following key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features

    This key contains many <Package Code> keys.

16. Click each <Package Code> key, and look in the right pane for references to SAVMain.
    If you see any references to SAVMain in the right pane, then delete the entire <Package Code> key.
17. Expand the following key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products

    This key contains many <Package Code> keys.

18. Click each <Package Code> key, and look in the right pane for references to Symantec AntiVirus.
    If you see any references to Symantec AntiVirus in the right pane, then delete the entire <Package Code> key.
19. Click the following key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

20. In the right pane, delete the vptray value.
21. Click the following key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps

22. In the right pane, delete the following values:
    • AVENGEDEFS
    • Common Client
    • Common Client Data
    • Common Client Decomposers
    • NAVNT
    • SAV Install Directory
    • SAVCE
    • Savrt
    • SPBBC
    • SymNetDrv
    • VP6ClientInstalled
    • VP6UsageCount
23. Expand the following key:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services

24. Delete the following subkeys:
    • ccEvtMgr
    • ccSetMgr
    • DefWatch
    • NAVENG
    • NAVEX15
    • SavRoam
    • SAVRT
    • SAVRTPEL
    • SNDSrvc
    • SPBBCDrv
    • SPBBCSvc
    • Symantec AntiVirus
    • SYMREDRV
    • SYMTDI
25. Expand the following key:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\Application

26. Delete the following subkeys:
    • ccEvtMgr
    • ccSetMgr
    • DefWatch
    • LiveUpdate
    • SavRoam
    • Symantec AntiVirus
27. In the left pane, click My Computer.
28. On the Edit menu, click Find.
29. In the Find what box, type the following text:

    VirusProtect6

    Delete all keys and values that contain this string.

30. In the left pane, click My Computer.
31. On the Edit menu, click Find.
32. In the Find what box, type the following text:

    vpshell2.dll

    Delete all keys and values that contain this string.

33. In the left pane, click My Computer.
34. On the Edit menu, click Find.
35. In the Find what box, type the following text:

    933187C5788574F4889B3B1FBB35638A

    Delete all keys and values that contain this string.

    ---

    WARNING: Follow the next four steps only if the conditions that are described in the steps are met. These instructions affect registry entries that other Symantec products use. If you delete a key or value that another Symantec product uses, that product must be removed and installed again.

    ---

36. If no other Symantec application that uses virus definitions is installed, then delete the following key:

    HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs

37. If Symantec AntiVirus is the only Symantec program that is installed, delete the following keys:
    • HKEY_LOCAL_MACHINE\Software\Symantec\Common Client
    • HKEY_LOCAL_MACHINE\Software\Symantec\SymEvent
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SymEvent
38. If Symantec AntiVirus is the only Symantec program that is installed, go to the following key

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

39. In the right pane, delete the ccApp value.
40. Restart the computer.

Symantec AntiVirus client is now disabled, even though traces of it remain in the registry. These traces have little impact on how your computer operates. You do not need to remove them.

Remove Symantec AntiVirus from the Start menu and from the hard drive
After Symantec AntiVirus is disabled, you need to remove leftover files and shortcuts to the program.

To remove Symantec AntiVirus from the Start menu

1. On the Windows taskbar, right-click Start, and then click Open All Users.
2. Double-click Programs.
3. Double-click Symantec Client Security.
4. Do one of the following:
   • If more than one program is listed in this folder, right-click Symantec AntiVirus, and then click Delete.
   • If Symantec AntiVirus is the only program that is listed in this folder, right-click Symantec Client Security, and then click Delete.
5. Exit Windows Explorer.

To remove Symantec AntiVirus from the hard drive

1. On the Windows taskbar, click Start > Programs > Accessories > Windows Explorer.
2. Open the Program Files folder.
3. Right-click the Symantec Client Security folder, and then click Delete.
   

   ---

   WARNING: Follow the next three steps only if the conditions that are described in the steps are met. These instructions affect registry entries that other Symantec products use. If you delete a key or value that another Symantec product uses, that product must be removed and installed again.

   ---

4. If Symantec AntiVirus is the only Symantec product on your computer, delete the Symantec folder.
5. Open the following folder:

   Program Files\Common Files\Symantec Shared

6. If Symantec AntiVirus is the only Symantec product on your computer, delete the following folders:
   • Decomposers
   • SPBBC
   • SPManifests
   • SSC
   • VirusDefs
7. Open the following folder:

   C:\Documents and Settings\All Users\Application Data\Symantec

8. Delete the following folders:
   • Common Client
   • Symantec AntiVirus Corporate Edition
9. Exit Windows Explorer.

About a month ago, I had written a little piece on DisplayLink external videocard adapters. Feel free to read it here.

Well since then, I have decided to take this product to the next level. Not only did I replace the first adapter, I decided to buy another one and see how two units work in one system. I must say I am pleasantly pleased.

First, installation is a breeze! No removing your computer case or need to pay for a computer guy to come along. All you need to do is insert the cd and hit next! Once the software is installed, plug in the USB cable into your computer and the other side into the external adapter.

*NOTE: for blackberry users, it happens to be the same plug to charge your BB.

At this point, windows see the device like any other videocard and off you go. I like to push the button a little bit and wanted to see if there was any performance degrade by having two units on my system. With both units running, the software only takes 40k worth of memory! In comparison, outlook is taking 73k and firefox is taking 83k. I had just updated firefox, so that number is pretty low. Aim also takes up more resources hanging at 57k. In a nutshell, you wouldn’t even notice a performance issue.

The next thing I tried was to use a wide screen monitor and a standard box monitor. Both screens are 17 inches (along with my traditional monitor that uses a built in videocard) Since I still like to see my text, I have the monitors set at 1280×1024. The widescreen monitor is set for 1440 by 900. I have a lot of experience with multiple displays, and I can honestly say I do not notice a functionality difference between having the videocards internal or external.

The next joy I discovered, is the portability of these units. When I leave at night, I unplug both cards and this also does not affect the functionality of the computer. It barely even takes a hit at all. When the card is unplugged, any windows shift to the internal display. Once the card is plugged back in, I can move the windows back. Windows takes it like a champ and doesn’t complain at all!

The downside? The colors are slightly washed out when I view them on the external card as opposed to the internal one. Your average user will never even notice a difference. I also would avoid playing games on these units because the refresh rate on them is not as good as a powerful graphics card. It does well on playing videos and other “normal” internet stuff so do not be discouraged.

Also, the units get really HOT! I unplug them when I leave the office to make sure that they do not break. I believe this is why the first unit failed. I always left the unit plugged in and I am only use my office computer 3 out of 4 days in a week! That is a lot of wasted time for units that get so hot!

Would I recommend this to clients? YES! I have already pitched this product to a few clients in the hedge fund industry and hopefully they will bite! They wanted to upgrade all of their computers to accommodate dual display and I countered with DisplayLink! These units would work great in the financial district! If you are a huge gamer, stick with your traditional videocards that beef up in internal memory and has huge heat sinks on it to make sure it doesn’t overheat. If you are just looking to increase productivity, and do not want to replace your existing videocard, DisplayLink is for you! For 99 dollars, I say it is a well worth investment!

Well, I do not think I have ever gone into my hatred for comcast, so now seems like a great time to start! Lets start with the background a bit and then go into present day. Over a year ago, I had signed up for the triple play package. I never needed the phone part, but it cut the cost of my cable bill by about 15 dollars a month. Who doesn’t want to save money right?

Well, over the next couple months with it, comcast would continually put filters on my line because I used too much bandwidth. Now, when they did this, they would cut services to the phone and internet. Again, I didn’t care about the phone, but I definitely cared about the internet! I allowed this to happen about 3 times and then I terminated the service and went to dsl. Two months later after the termination, I got charged for the cable modem. A month after that, I returned the cable modem to a tech that was dispatched to look at my cable signal and was never compensated for this.

Now, lets go to present day! Over a year after canceling the service, I just got a bill in the mail charging me for the cable modem AGAIN! Can you believe this? Besides the fact that their service is crappy, they have the nerve to charge me for the cable modem that I had already paid for! I had inquired why I would get charged again, and the customer service reps are just no assistance. I am currently going to plee to charge me the new price and credit me for the old price. Hopefully, this will work. Regardless, if you can get by without using these cable companies, I would recommend it! Cable companies need more competition in order to keep the quality of service high!

This article will try to provide a contrast between ‘the Debian way’ and ‘the Slackware way’ when it comes to distribution management. The idea is to really attempt to illuminate people on why Debian, and many other distributions may not be ideal, and why a classic approach such as Slackware still has merit in this world of modern feature-crazy distributions.

I start this article knowing full well that it will offend people, even so, I think this needs to be said.

Now, for some background, I started using Linux sometime in 2000, my first distribution was Mandrake 7.0, and I eventually switched to Slackware 7.1 in order to try and accelerate my learning curve by forcing myself to use a more ‘pure’ environment, this worked fairly well. In the first year, my knowledge of the various modular components and how they fit together grew rapidly. At some point in 2004 I believe, I started using Gentoo on my laptop, and it quickly became one of my favorites. Several months ago, I realized I no longer wanted to spend valuable time waiting for various software packages to compile, I also grew very frustrated with their masking ‘feature’, and decided it would be time to look elsewhere.

And here finally, is the crux (no pun intended) of the story. Out of all the options out there, I figured my best bet would be Debian; after all, if there is one distribution that could be considered a ‘flagship’ of the Linux community, it would have to be Debian. Furthermore I liked the idea that like Gentoo, the base system came in a minimal configuration, and you added packages as you need them. Of course, because of various factors, I didn’t get the chance to do my migration right away, and it ended up being put off for a few months.

Then one day, while googling around for some info on XULRunner, I stumbled upon Mike Hearn’s blog, where he was discussing Debian’s controversial method of forking software; it is old news, but still important to evaluate I believe. I have to say that this shocked me immensely. Despite not using the distribution yet, and therefore not being a ‘fan’ per se, I held a lot of respect for the project and it’s leaders, for fighting the good fight and standing strong when it came to software freedom. The notion that Debian could do any evil was alien to even a non-user like me. I read on and I found myself agreeing with Mike on pretty much all his points. I googled for more details on this controversy and discovered this which explains some more details about the whole incident. As near as I can see, the Debian maintainers feel that Mozilla’s linking strategy is not ‘unixy’ enough, and have decided to ‘correct’ that by changing the way the software functions on their distribution. This has the potential of breaking compatibility as noted by both Mike and Benjamin. And I would add that this is just a total slap in the face to the hard work of the Mozilla developers. Bottom line is, if you want to get all patch-happy on some piece of software, then change the name; the upstream developers do not deserve to suffer all sorts of support headaches simply because you decided to do your own thing.

The fun doesn’t stop there however. On May 13th, one of the most severe and critical security problems in years was discovered in Debian’s version of OpenSSL, and this problem affects Debian forks as well such as Ubuntu, Mint, DreamLinux (unconfirmed) and MEPIS. All of those are in the top 10 of DistroWatch as I write this (with Ubuntu in 1st place), except for MEPIS which is #12. The issue arose because once again, one of the Debian package maintainers decided to go their own way without including upstream developers in the process. The short of it is that Valgrind, a well known memory debugger, was coming up with “uninitialized data” warnings in code linked to OpenSSL. This apparently is a well known issue, and there have been discussions about why the issue comes up and what to do about it. It is related to the fact that Valgrind and IBM’s Rational Purify usually view “uninitialized data” as a bad thing, when in the case of a random number generator, it is actually necessary.

The Debian ‘patch’ essentially removes the ability for OpenSSL to generate random numbers properly, the result of which causes keys generated with OpenSSL on Debian (and it’s derivatives) to be extremely easy to guess in a short amount of time using an amateurish brute-force attack. Worse yet, this Debian ‘maintainer’ didn’t alert upstream developers to his ‘patch’ and therefore the problem went uncaught for years and has now put many unsuspecting users at risk.

I may not be a developer, but even I can see the absolute stupidity behind the OpenSSL debacle. And it is all because of their absolute refusal to respect the wishes of upstream developers regarding their software. This is nothing new of course; distributions have been doing this sort of bullshit for years. I recall back in the day when Red Hat ended up shipping a CVS version of GCC known as “GCC 2.96″, which broke compilation with many packages, the official stable GCC release at the time was 2.95.3, and this newer 2.96 version was actually a development snapshot for the upcoming 3.x releases. Then there was the whole controversy with various distributions shipping broken copies of MPlayer due to patent fears; SuSE and Debian (yep, them again) were two notable offenders as I recall.

Essentially, for whatever reason, some distributors seem to think that their Linux distribution is a proper place to dump all their dirty hacks and patches, and to completely spit at the hard work that upstream developers put into their stable releases. It is heartbreaking to see the community in this sort of uncooperative state.

Many years ago I read an opinion article titled “Does Slackware still matter?“, I remember being pretty miffed about the whole thing, but at the same time I couldn’t really produce a comeback. Over the years of course I’ve gained more insight into these matters, and I can now definitively say that, YES, it matters perhaps more than any distribution currently out there.

Patrick Volkerding started Slackware back in 1993, and the first release came on July 16th of that year. Originally not intended to be a serious project, it eventually grew, and exists to this day as the longest living Linux distribution ever. The philosophy behind the project very much obeys the “Keep It Simple, Stupid” philosophy, or KISS for short. The idea is that the system should shy away from over-reaching complexity and abstraction layers, and instead keep things clean. In following this philosophy, most of Slackware’s packages are often sparsely modified compared to their upstream counterparts, and given that this is a one-man project, it would be pretty difficult to go around patching everything and then having even more testing to deal with. There are some exceptions I would imagine, perhaps some security issues and so on; also, back when the Gnome environment came standard, Patrick would often have to clean up after the upstream Gnome, and make sure it doesn’t essentially ‘take over’ the system.

I truly believe that the Slackware way of distributing, is the right way, with minimal changes from upstream, and very few abstraction layers for configuration (bash scripts like netconfig are all that come to mind), as well as an easy to work with BSD init script set up, it is easy to see that Slackware does not ‘hide’ the system from you like many others do.

I mean let’s be clear, when you use Gentoo, with it’s bizarre init and config system, you don’t learn Linux so much as you learn ‘Gentoo’, and when you use SUSE, you don’t learn Linux so much as you’re just learning ‘SUSE’, and so on with every distribution. Now of course I may be exaggerating; after all there are more similarities than differences, and truly, experienced Linux users can easily pick up another distro and understand what’s going on. Besides, often many of the ‘default’ usual configuration files will point you in the right direction, like when editing resolv.conf on Gentoo, a note will mention how you have to add your DNS servers in /etc/conf.d/net instead. Even so, it does mean that there are serious challenges in administering many boxes with different distributions.

Of course, the first natural riposte to my article will probably be “are you against freedom of choice or something?”, and the answer to that question is no, I am not. I fully understand that everyone has the freedom to do things their own way, and of course, to the “Windows user” that joins the Linux community through Ubuntu, they probably don’t care whether resolv.conf is edited directly or whether there is some abstraction layer; but to people who want to learn system administration, it can be a pain in the ass to move between distributions if you haven’t learned how the system really works behind all the abstraction. And of course, it is a slippery slope; there are configuration hacks/abstractions, and then there are actual source code patches that change the behavior of the program in question; and we can see that this patch-happy attitude can often have some serious repercussions, like in the Debian OpenSSL case. If anything, I am not suggesting we all become robots and obey one standard ‘method’ of doing things, however I think there needs to be a more conservative attitude when it comes to breaking consistency with upstream. Let us remember that upstream projects develop the applications, and distributions are supposed to distribute.

To conclude and sum this up, when I download a package from a distribution’s repository, I think it is not unreasonable to expect the package to be the same as the one I would download from the upstream maintainer’s website. If it isn’t, then there isn’t really much of a point to pitching the idea of online package repositories as an alternative to traditional methods of software distribution. I think Mike Hearn’s example of a distribution mirror altering a package is a very good example, because in such a scenario, many individuals would be outraged and angry, and yet Linux distributions get away with this kind of thing all the time.

And that is pretty much all I have to say about that.

P.S.: As I said when starting out, I know some folks will be offended by this, and I know how articles and posts like this can easily cause flame wars, I hope there are no hard feelings. Also, it seems that one of the first instincts when reading an article like this is for people to question the author’s competency and so on, I hope you can manage to keep it civilized despite any disagreements you may have with my opinion.