Are boutique distributions a bag of hurt for new users?
We love a good underdog, but sometimes our excitement gets the best of us and we recommend something that’s not appropriate for a switcher to land on.
Plus some quick thoughts on the beating open source is taking as fallout from the Heartbleed bug.
- Recent discussions on LUP about switching
- End of XP brings this to front of mind.
Ubuntu 14.04 this Sunday on LAS. The big dog on the desktop.
These smaller, boutique distros are great for experienced enthusiasts.
Sending users from the worlds most deployed desktop operating system to a niche distribution of a niche desktop operating system is a recipe for failure.
- Support community is always smaller.
- Random poorly crafted Google searches are less likely to show distro relevant results.
Long term viability of really small teams is always questionable. Larger distros even if corporate backers or the large community dropped it – the code would go on. Smaller distros that’s not always the case.
Do these concerns apply to the more esoteric desktops, ie Cinnamon, MATE?
Heartbleed Butt Hurt
- OSS name getting dragged through the mud.
- Why are we not focused on the patch turn around time?
Ability to audit future code.
A week after the Heartbleed OpenSSL vulnerability wreaked havoc across the web, the conversation is shifting from reaction to reflection. The discussion is no longer about what to do now, but what can be done to prevent another Heartbleed from happening in the future. In other words, we’re entering the blame game chapter in this saga.
Everyone just assumed that OpenSSL must be perfectly safe because, well OpenSSL has a reputation for being safe, therefore it was safe. Developers, website developers, security experts, one and all, it seems no one ever thought to actually use those eyeballs that successful open source relies upon to check the code to see if it really was safe.
Open source does not provide a meaningful inherent security benefit for OpenSSL and it may actually discourage some important testing techniques. Also, panhandling is not a good business model for important software like OpenSSL.
Security experts acknowledge that open source is the best model for crypto, so how do we drive improvements to the model for creating security-critical infrastructure?