Thoughts on Automating Driver Installs for Linux? 129
Auzy asks: "Originally I thought that the implementation of a system in Linux which could automatically locate and install drivers would revolutionize Linux usability, however, there has been some strong negative feedback, including comments such as that it will kill open source drivers in Linux, and that even a system which employs digital signatures could never be secure enough to stop worms. I believe the opposite, and now I want to know from the Slashdot crowd, if they think I should drop the project now and potentially save Linux from possible security problems, or if I am right in saying that potential problems can be avoided, and that this system can become successful."
Huge boost for me (Score:5, Interesting)
I've noticed the opposite (Score:2, Interesting)
Re:I've noticed the opposite (Score:2)
Re:I've noticed the opposite (Score:3, Informative)
For instance we just had a customer with a toshiba laptop we sold him last year. It shipped with XP but he wanted 2000 (per his corporate requirements) so we loaded it and all worked for a year. And then recently they did a windows update and bam, thing won't boot in normal or safe. Repair install does no good (and neither did 2 days of everything else).
Re:I've noticed the opposite (Score:2)
what would really be interesting is a site or chart that attemps to link the hardware to the driver name. I mean how many cards/nics does a tulip driver support? And most of the stuff
Re:I've noticed the opposite (Score:3, Interesting)
Mac OS 8
Windows 98
Linux/FreeBSD/OpenBSD
Free/Oss software emerges as a great way to avoid the planned obsolescence generated by the windows 2 year update cycle.
Re:I've noticed the opposite (Score:1)
Re:I've noticed the opposite (Score:2)
Available on CD-ROM only. This product is non-returnable and non-refundable
But for some reason, the German page [www.umax.de] has the same damn driver available for download for free.
Meanwhile SANE [rauch-domain.de] for Linux supports it out of the box.
Re:Huge boost for me (Score:1)
Re:Huge boost for me (Score:1)
Base it on DKMS (Score:2)
You can turn a DKMS-ized driver package into an RPM or SRPM too. You could then just shunt it off to RPM or YUM or APT to handle keeping track of them at a package level, using the distro's built in package system. (It'd still require DKMS to be installed for RPM to call the scripts that work the magic)
But having a central repository (or
Re:Huge boost for me (Score:1)
First, you must have the source code to your kernel, it is located in
Download the new driver in source code form and mix it in with the linux source code. You either do this via the patch command or by just untar/zipping it on top of the source.
Next go to the source directory and type make menuconfig. You will get a nice menu with all the kernel configuration options. Find your driver, it will be in its logical place. Network card drivers in
Re:Huge boost for me (Score:1)
What driver is that? I've been using Linux for a long time, and I've never heard of such craziness. Why wouldn't they just allow you to specify a location to find the kernel headers, and build outside the kernel source tree?
Re:Huge boost for me (Score:2, Funny)
ja, ja, were it so that we could all ride beside you on ze high horse, sire!
Re:Huge boost for me (Score:4, Insightful)
If it worked out that way for me, I'd be running Linux now. Sorry, not a troll. I will say at the risk of being flamed to heck that I'm not trying as hard as most Linux users would. Fine. Just remember that the less intervention that is required by the end user, the more mainstream Linux will go. Linux is so close to cracking the Windows monopoly, but some attitudes about how 'smart' the user needs to be are really detrimental (sp?).
Re:Huge boost for me (Score:3, Insightful)
It's one of the biggest issues with linux. I know this sounds pro-ms, but drivers just aren't an issue with windows. you swap out drivers whenever you want, and you can always get the ones you want (for free). Windows can even get drivers for you off the net automatically. Custom drivers are available, as well as microsoft-certified ones. I think linux needs to head in t
Re:Huge boost for me (Score:4, Insightful)
This dismissive attitude about problems with Linux (ill-informed or not) is exactly why I won't switch. I'm so sick of the 7337 attitude some people like you have. You're just going to have to deal with the fact that you'll have n00bs complaining about things like this.
Re:Huge boost for me (Score:1)
I think you mean 1337 attitude.
Re:Huge boost for me (Score:1)
Re:Huge boost for me (Score:2)
It's where you're cold, like a which's 7337. Duh.
Re:Huge boost for me (Score:2)
You're being silly. The Anonymous Coward who wrote that dismissive comment almost certainly doesn't write Linux code or have any influence over the process. Their dismissive attitude has little to no bearing on the actual work being undertaken to fix problems in Linux. It almost certainly doesn't reflect the opinion of real Linux developers.
Consider this, if I found you an anonymous Windows user d
Fear, Uncertainty, and Doubt (Score:5, Insightful)
Anytime you come with a new and potentially revolutionary idea, you are going to run into old stick-in-the-muds who will try to bury you in a flood of FUD. FUCK THEM! If you think it's a good idea, GO FOR IT. PROVE that it works, then let the community sort it out.
You should ask yourself... (Score:2, Interesting)
Re:You should ask yourself... (Score:5, Insightful)
Re:You should ask yourself... (Score:2)
You have the distro come with a pgp key, the drivers are signed against that, and put on some website. The url of that website is also put in the tools. The tools grab the ID's of your hardware, grab the ID's of the supported hardware on the remote site, compare them, and download the drivers where they match.
You check the signed drivers, and install.
Where are the security flaws in that extremely easy and automated system?
Re:You should ask yourself... (Score:2)
2. the package is signed with evilGuy's key
3. evilGuy changes the url in the package to be his site that you can verify the package against.
4. you install the hacked package.
Re:You should ask yourself... (Score:2)
And if it's easy, why hasn't anyone managed to get any of the 800 or so debian developers private keys and signed a bad package.
Re:You should ask yourself... (Score:2)
Re:You should ask yourself... (Score:3, Insightful)
Re:You should ask yourself... (Score:2)
There is no threat of someone just creating a key and signing against it. The program will check the signature and know it's not trusted.
Re:You should ask yourself... (Score:2)
Re:You should ask yourself... (Score:2)
For something like this, it's going to be extremely difficult to get a backdoor in.
Take debian for example. Something like this is going to have it's source code checked over before it's signed. It's going to be very difficult to get a hacked packaged signed by a debian developer.
So far, I don't think any cracked package has ever managed to make it into debian.
Re:You should ask yourself... (Score:2)
no cracked package has made it into debian... but by the time debian discovered that their distribution server was hacked, you can bet a few people had already installed potentially compromised packages that were supposed to be safe.
This type of thing happened about 3 times last year to high profile software sites (debian, openss
Re:You should ask yourself... (Score:2)
The debian developers are extremely anal about security.
I'm not talking about whether is it theoritcally possible to crack the system - of course it is.
But realistically, I think it's going to be very difficult for someone to.
Theoritically you could put a back door in the MS Windows's source code. But it's going to be damn difficult to do so.
Re:You should ask yourself... (Score:2)
you went from asking the question Where are the security flaws in that extremely easy and automated system? to defending debian's and windows' security. you have lost your focus.
if you ask a question... be happy you got an answer, and try to listen to it. instead you have dragged this puppy out for several days and probably are none the wiser for it.
welcome to my foes list.
Re:You should ask yourself... (Score:2)
Perhaps I should have phrased it better, and said "Where are the practical security flaws in that?".
I compared it to windows security because what you would need to do is very similiar. In both cases you would have to somehow crack into the cvs server, modify it without being noticed, and then that code being pulled downstream into a package.
Yes it could be done, but there's no weakness in this system that isn't in the system already. It's no less secure than it is as the moment.
Perhaps I should have s
Re:You should ask yourself... (Score:2)
Re:You should ask yourself... (Score:2)
Re:You should ask yourself... (Score:2)
Re:You should ask yourself... (Score:1)
Are you sure it's not the other way around?
Re:You should ask yourself... (Score:1)
If I want to configure something on my Windows machines (Win98, WinXP) I know I can go to the control panel and do it there using basically the same interfa
Re:You should ask yourself... (Score:1)
That's true; there's a lot of diversity between Linux distributions. It's well worth keeping that in mind.
I meant something else, however. The more people who run Linux, the more motivation hardware developers will have to write or to help to write drivers. Things are much better now than they were five years ago. I think this will continue.
Re:You should ask yourself... (Score:2)
Maybe. Personally, I think Windows is easy because it has low self-esteem and a bad coke habit.
Re:OEMs made it ubiquitous, not ease of use (Score:1)
I use WinXP pro at work and at home and I couldn't be happier with how easy it is to use and maintain.
OEMs like it when they can hold somebody financially responsible to the shit they install on the machines they sell. People feel more comfortable at home buying from them in turn since somebody on the other end of the line can tell them "Open your browser, click tools, etc." versus "edit
Kudzu (Score:2)
Re:Kudzu (Score:1)
From the frontpage of http://driverondemand.sourceforge.net/
Overview of Driver On Demand
Driver on demand is an attempt to ease driver installations in linux. Basically, what happens is that a user installs a PCI, PCMCIA, or USB (not implemented yet) device, if a driver isn't found, the client connects to a CGI server, to check if the device is known, if it isn't, then the driver lookup fails and the user is no worse off
My thoughts (Score:3, Interesting)
While I'm posting anyway, I'll drop in my other thoughts on the story to avoid multiple posts:
I could see something like this happening, but I think that it's going to need heavy interaction with the big distros to come out.
If money is a concern (as it apparently is, based on your requests for it) you could try to get hired on at one of the distro companies, though I wouldn't count your chickens (especially
Do it. (Score:2)
People hate change, so sometimes you just have to do what you want.
yes, do it. (Score:4, Insightful)
if you write it and it works it'll be an amazing feature that will make the world a better place
if you write it and it doesnt work, no one will use it and no worries. it'll be a learning experience
everyone else has an agenda up their butt =)
Re:yes, do it. (Score:1)
cooool (Score:4, Insightful)
i dont want to nessecarily start debugging drivers under linux or having to compile them
thats for developers of the drivers.. not the users of the drivers
so a thumbs up to your vision
Sounds like a fantastic idea (Score:5, Interesting)
Re:Sounds like a fantastic idea (Score:3, Insightful)
Great idea (Score:1)
Seems like the key is the database. Keep that open and if there are real security issues, a darn good competing project will spring up (with more security) from the same folk who pooh-poohed your initial project. And that is EXACTLY what you and the community need.
Remember what happend with CD signature databases (CDDB) -- it was well populated, but the owner of the data was... well... the OWNER.
Keep it open, and this project won't f
Re:Great idea (Score:2)
CDDB is one thing, but it's not tied into someone's OS, and stops their computer booting if it mis-recognises a celine dion CD. :)
Full Automation (Score:2)
go for it (Score:2, Insightful)
-Money to allow me to spend more time on this project, so i dont need to run off and get a job anytime soon. ", I'd recommend possibly toning that down a bit. It struck me in a negative fashion as I am sure it will strike alot of people. Thats just my 2 cents. As to hardware however, I may look through my piles of
New ideas in Free software always... (Score:1)
If you get it working, and no one uses or codes on it, THEN you can consider dropping it, but until then, just code away.
Nice idea..but (Score:1)
Re:Nice idea..but (Score:2)
Hardware mfrs create hardware. They then spend 95% of their time working on drivers that run on 95% of desktop computers (windows). Why should they have to spend more than 5% of their time to support 5% of users?
When linux is large enough, and on enough machines, hardware mfrs will sit up and take notice. After all, if your latest graphics card doesn't work on linux, and linux is 50% of the market, they'll make linux drivers.
sounds good, but what does it actually solve? (Score:2, Informative)
I pop in a new card. If my distro kernel (and this is mostly aimed at people using distro kernels) supports it the driver is already there it just may take some config, i.e. sound cards and the like.
Otherwise I need a new kernel. Debian's woody release defaults to a 2.2 kernel but has the option of 2.4. Many newbies install the 2.2 and then have non-supported hardware. A project like this won't help them.
The real problem here is the Linux kernel cha
Re:sounds good, but what does it actually solve? (Score:2)
It would be more accurate to say that it works because Microsoft and Apple had the foresight to define a stable ABI for drivers. The Linux kernel developers refuse to do this.
There's a lot of people that want that... (Score:2)
1) Encourages companies to release binary-only drivers, which hampers porting efforts and slows debugging (no better than windows)
2) Sometimes changes to the kernel are far reaching and make certain assumed behaviors incorrect (even if certain APIs didn't change). Memory leaks are the least of your worries here.
So then the only other option is to have all the drivers in source form, and built right at the time the kernel is built, all in one shot.
I think t
Re:sounds good, but what does it actually solve? (Score:2)
That said, if the driver is available as a module for a 2.4 kernel, but the user has a 2.2 kernel, the process could be handled in one of two ways.
Feedback to the driver writer that lets them know that there is a (or several) users who could use the driver compiled for the 2.2 kernel, and would they please compile such.
Ask the user if they would like to contribute to a bounty fund for that device, such that when someone sees the available bounty, they
Keep working. (Score:3, Interesting)
Technical issues...
How do you plan to deal with all the different kernel versions? Are you providing your own image version? How do you deal with different architectures?
Network Card Drivers. (Score:4, Funny)
Re:Network Card Drivers. (Score:1)
Re:Network Card Drivers. (Score:1)
Huh? Obviously you'll put in a distribution (or independent) CD that contains a large set of drivers.
You can't please everybody (Score:4, Insightful)
Tough luck for them. They don't need to use your software,and they don't need to include it in their distributions.
If it were built into Mandrake or Knoppix or Fedora, I'd love the feature and never think twice about it.
I'm of two minds on this one (Score:3, Insightful)
I know that people are afraid of it, but compiling the kernel isn't that big a deal ( especially if you don't mess with the config and just include everything ).
On the other hand, as someone who has to deal with supporting end users, I like the idea that people will be forced to learn wtf they're doing before they're able to do it.
Most of the 'stupid' users out there are simply lazy, and feel that if they whine long enough the computer will do for them.
Re:I'm of two minds on this one (Score:2)
And the obvious question to ask is why the hell doesn't it? It's perfectly capable of doing so after all.
It is ridiculous to require a user to do things that can be easily automated. That includes compiling a kernel on a system where regular kernel upgrades are a requirement.
Intel Drivers (Score:5, Insightful)
I am tired of having to recompile my kernel because some function isn't enabled by default (hotplug in this case.) Frustration with the 2.4.25/6 kernel forced me to dig around looking at the 2.6 kernel. Then finding out that the (2.6.6) kernel version has a problem with my laptop in atkbd so whenever I press a certain key I get a kernel error, oh but now modprobe ipw2100 works as long as I make sure I compile the driver in legacy firmware mode bypassing hotplug. Not to mention the fact that there are little inconsistencies in procedure between kernels and packages. Not that this is the kernel developers fault, but having to enable PCMCIA support in the 2.6 to get HOSTAP to compile and having to disable it in 2.4 is something that the joe-blow consumer isn't even going to comprehend, let alone know how to do via config/menuconfig etc.
Automatic driver installation would be a headache to secure, but the need is surely there. My headaches are those of someone who's had to do this before... I can only imagine the headaches of someone un-initiated.
Re:Intel Drivers (Score:2)
On the issue of drivers, this is related with reverse engineering, one of the hacker qualities on which the open source movement has been based. Alienating driver hacks would greatly undermine Linux.
Re:Intel Drivers (Score:2)
Why? This is an open source project, for an open system. If it were to do so then we'd simply change it. If the original maintainer goes in a different direction we just fork it and declare a new official release.
Re:Intel Drivers (Score:2)
Just because it can't happen doesn't mean that people won't be afraid that it will.
Re:Intel Drivers (Score:2)
I'm not saying people won't be afraid it will. I'm saying that since it cannot happen there is no reason to RESPECT the sentiment, only to dispel it.
Bring it on! (Score:3, Insightful)
I welcome something like Kudzu matched with an automatic driver download / install service.
There are ways to help with the security aspects, like requiring digital signatures, giving the user plenty of information about who is providing the driver, etc etc.
And frankly, I don't care if the driver is open source or not. Yes, I do prefer open source drivers, but when it comes down to it, if I have to deal with binary only to make a great piece of hardware work well, I can cope. (NVIDIA drivers, anyone?)
Giving the user information is key. (Score:1)
Giving the user a chance to say "no" is vital. There are a lot of people who would be willing to run a signed binary driver from someone like nvidia, but would *not* be willing to install a binary driv
How would this work? (Score:3, Interesting)
There are multiple versions of the kernel, smp and non-smp.
Typically, to load a driver module requires building it against the source tree for your particular kernel, which requires a kernel C compiler, and build environment to be installed.
A possible solution is to provide an architecture neutral layer (forth, byte-code) in which drivers could be written. A layer can introduce this to the kernel, giving only a single module to move. Perhaps existing drivers could be "compiled" into this intermediate (C -> driver language or byte-code).
Then, only the interface layer would need to be added into a Linux system -- and if built once, could be distributed as a binary. The "binary" drivers could be compiled into native code on the fly. Perhaps even x86 code could be used as the intermediate system (use something like QEMU to do the translation). Self-modifying code wouldn't be a problem. The "shim" layer for x86->x86 is simply an interception layer.
In principle, this could be done. And yes, I would use such a thing. As it is, whenever I upgrade a kernel, I have to rebuild all non-vendor modules (only 2 -- shfs and wlan-ng) and it is a pain in the ass.
Would sandboxing be of interest? Easier if not, but could be done if something like forth was used (declare the ports that the driver will touch -- provided for inspection to the operator, and trap all other references -- can also be filtered by kernel call).
Of course the shim would have to be GPLd, but would make proprietary drivers even easier than Windows (because they can be cross-platform).
Yes, this is a good idea.
Ratboy
PS I would be interested in working on this - contact me at fred (at) hotmail.com
No thanks (Score:2, Insightful)
Looks like a big potential security risk to me. And the same reason why it's disabled on future Windows OS's.
Re:No thanks (Score:1)
Re:No thanks (Score:1)
and there is also no reason why you could not have a SECOND boox that pops up and asks for the root password (if your installing it system wide). This is something I like with OSX, when something is going ot be installed system wide it pops up and asks for a root password. theres a lot of app's
Re:No thanks.. its no less secure then package man (Score:1)
Re:No thanks (Score:2)
I love it when people have opinions differing from me, I just hate it when those opinions are based on nothing.
Excellent Idea (Score:2)
First, you'll need the distro's working with you on this. But develop first, the distro's will ignore you until you actually have something.
Develop this with support for local module configuration as well. If the module is already there, great, this should pick up on it and configure the module (this resolves the issue of there being a single module for 200 different pieces are hardware which are functionally similar but different model numbers, vendors, etc and all called
Already exists (Score:1)
What I'd rather see effort pumped into is NOTEBOOK DRIVERS. Please people I have this shiny screaming Dell hotness but I can't get anything to run on it because I'm lac
Re:Already exists (Score:1)
I like it (Score:2)
I think a unified driver/configuration solution would be optimal for desktop users lik
Related Projects (Score:2)
--
Tried installing WINDOWS lately? (Score:1)
Anyone who says Linux is "too hard to install" has probably NEVER installed any version of Windows.
I've installed or reinstalled every version of Windows from 3.11 to XP, Slackware, Mandrake, Redhat, Fedora, and Debian, on a wide variety of hardware - 486's, Dual CPU PII's, etc. There is no doubt in my mind that on WINDOWS is generally the harder operating system to install,
Re:Tried installing WINDOWS lately? (Score:1)
Err.. if it wasn't obvious from the rant, I was trying to install them under Win2k. I found the drivers for the exact motherboard from the manufacturers site in
It's late. I'm tired and frustrated, but for fucks sake will you all get OFF this "Linux is too hard to install" shit. In my far-from-insignificant experience, Windows is much ha
Re:Tried installing WINDOWS lately? (Score:2)
Also, windows has a "sysprep" utility which you can use before ghosting the hard disk. Install your windows (including office suite, firewall, whatever), run sysprep, then take an image off the computer. I single-handedly installed windows on 10 PCs one afternoon. It only took me about an hour, and no CDs.
Similar Premise (Score:2)
Why not everything on demand? (Score:2, Insightful)
Even better: file by file on demand. Why should I install all the 100 files of a package X today if my usage habit only really accesses 10 of them today, and 10 more tomorrow, and others never.
Hmm... While we are at it, why stop at file level. Why not memory map the remote files to local VM and fetch them page by page on demand from the network? Persistent local page cache (a new sort o
I really don't get it...the kernel HAS drivers... (Score:2)
Go for it! Something has to give (Score:3, Insightful)
Drivers (Score:2)
One thing that would be important though is having a GUI to also view basic parameters for the drivers (MAC address, ATA mode, etc.)
Driver ABI (Score:2)
Binary drivers (regardless of whether the source was available or not) could be distributed, and it would, in general, make it a lot easier for users to understand and manage the drivers present on their system.
However, this meets resistance because:
a) the linux kernel is rearchitected too often to preserve an ABI across more than 4 point-versions, it seems.
b) Kernel de
Re:Driver ABI (Score:2)
You don't see a lot of standard APIs (let alone ABIs) in the Open Source world because programming has to be enjoyable to attract programmers and let's face it, coding around standards generally isn't enjoyable. Not to mention the fact that the kernel is notorious for doing huge overhauls to support greater scalability, etc. The kernel is a great example of a project th
Re:No worse than package management (Score:2)