Mono, suse vs ubuntu

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So it's definitely after installing pyMySQL and pyGTK and pyOpenSSL
that you realize the whole point of Mono and Microsoft's CLR is to
avoid having to write wrappers at all. There are whole huge projects
writing wrappers for every C library in the world. pyGTK is a great
example of a team doing such a thing. But the Common Language Runtime
eliminates all that, with the penalty of everyone writing to the same
generic VM.

Of course, with the original CLR, you couldn't do Python and Ruby. But
soon those will be first class members of the CLR family under
Windows, and I assume Mono will follow fairly quickly. At that point,
writing code in cPython or cRuby will become a rather silly idea,
since something wrapped in Mono will will be available to both the
Ruby and Python people equally well (or equally poorly.)

But then, deploying software under this model is hugely painful. Want
to make sure they have the right version of the Virtual Machine? Get
ready to deploy your app with 2 gigs of random Mono directories. It's
almost easier to deploy every app as a virtual appliance based on ubuntu.

Anyways, this is my thought of the morning, because SuSE is the best
operating system I've ever used, except for their software
installation system, which is crap. Also, you need some sort of
magical skill to understand what Novell AppArmor is all about, because
the usability there is hard for even software security specialists.
Security needs to be "Baked In" as they say, and not something the
user has to click on. If I can't tell if AppArmor is doing anything
useful, then for sure it's wasted space in the configuration menu.

Things that rock about SuSE 10.0:
  o Default install looks and feels awesome. Wireless worked after
some ndisdriver magic. Verizon EVDO card works better than it did
under Windows and was a snap to set up. Suspend works (after adding
vga=0 to kernel conf via pretty gui after console message told me
too). Sound works. Ethernet magically works. Gnome's new sexy pop up
messages make the whole system feel more responsive.
  o XGL make Windows people sad. It even makes Mac people sad.
"Virtual Desktops? What's that?" It's better than Vista, and it's on
your laptop right now with about 10 seconds of effort.
  o Nautilus has finally stopped crashing.
  o All of the custom Immunity software "just worked". SPIKE, CANVAS,
etc. SPIKE is still quite useful. I know the press is just finding out
that making small strings big can find security flaws, but it's fun to
test software stacks with the old C SPIKE just because it's so much
faster than they expect anything to happen to them. This week I
crashed one of the bigger application server systems by using cSPIKE
to just log in five hundred thousand times a second. Fun for the whole
family!
  o No broken selinux that you have to disable to get anything done
like fedora

Things that suck about SuSE 10.0:
  o Installer retarded. In fact, entire software management system
worst ever. Even Fedora is better. Example: Under fedora, if you want
to go wild and crazy and get your VLC player for divx's, you browse to
"Set up fedora to play divx" somewhere on the web, and there is a YUM
repository (livna or something) and you just clickscript your way to
divx, or whatever support you need. It always works. Under SuSE they
have the "packman" repository, which will almost work, but then it
will assume "perl" is a broken dependency that needs to be removed. I
don't think so.
  o Mega-Old versions of Firefox and Thunderbird installed by default.
Does anyone use Evolution? Why is this the default on anything?

Ubuntu has the world's best software installer. What I really want
here is a way to commercialize it. I want to have the user able to
enter a username and password for canvas_ubuntu.immunityinc.com and
then have their canvas get updated along with everything else on their
system, passing that authentication down the line to our repository.
Maybe someday. VMware would be nice to install this way too.

They do appear to have completely ignored security in their
development process, which is annoying. By installing GRSecurity in
the default kernel, and going through some basic work to blacklist a
few things that don't work with it (VMware, for instance), ubuntu
could be a ton better.


- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFFVHIqB8JNm+PA+iURAjd6AJ0WLZtABpuFdBNfvXnL0my8qRlJDACbBLF9
0EwPXGKTGeKNw4ln3HmVVEQ=
=E2Lx
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave