This question reads a bit to me like someone asking, “Why do trapeze artists perform above nets? If they were good at what they did they shouldn’t fall off and need to be caught.”
Do you really need a firewall? Well, are you intimately familiar with every smidgeon of software on your machine, not just userland ones but also system ones, and you understand perfectly under which and only which circumstances any of them open any ports, and have declared that only the specific ports you want open actually are at every moment in time? Yes? You’re that much of a sysadmin god? Then no, I guess you don’t need a firewall.
If instead you happen to be mortal like the rest of us who don’t read and internalize the behaviors of every piddly program that runs or will ever possibly run on our systems, you can always do what we do for every other problem that is too intensive to do manually: script that shit. Tell the computer explicitly which ports it can and cannot open.
Luckily, you don’t even have to start from scratch with a solution like that. There are prefab programs that are ready to do this for you. They’re called firewalls.
The point of the firewall is not to make your computer an impenetrable fortress. It’s to block any implicit port openings you didn’t explicitly ask for.
Say you install a piece of software that, without your knowledge, decides to spin up an SSH server and start listening on port 22. Now you have that port open as a vector for malware to get in, and you are implicitly relying on that software to fend it off. If you instead have a firewall, and port 22 is not one of your allowed ports, the rogue software will hopefully take the hint and not spin up that server.
Generally you only want to open ports for specific processes that you want to transmit or listen on them. Once a port is bound to a process, it’s taken. Malware can’t just latch on without hijacking the program that already has it bound. And if that’s your fear, then you probably have a lot of way scarier theoretical attack vectors to sweat over in addition to this.
Yes, if you just leave a port wide open with nothing bound to it, either via actually having the port reserved or by linking the process to the port with a firewall rule, and you happened to get a piece of actual malware that scanned every port looking for an opening to sneak through, sure, it could. To my understanding, that’s not typically what you’re trying to stop with a firewall.
In some regards a firewall is like a padlock. It keeps out honest criminals. A determined criminal who really wants in will probably circumvent it. But many opportunistic criminals just looking for stuff not nailed down will probably leave it alone. Is the fact that people who know how to pick locks exist an excuse to stop locking things because “it’s all pointless anyway”?
The grand theory of classic package managers is the idea that lots of programs all need the same core libraries to function. An analogy would be like noticing most construction jobs need nails. So instead of making everyone bring their own copy of nails, resulting in dozens of redundant copies of it lying around, they have a single nails package that everyone can use.
But there are different versions of nails out there. Each version picks up unique new features, and drops legacy ones. Recent builds may incorporate and thus require the new features, making them incompatible with old versions of nails that don’t have them. On the other hand, some builds may still use and rely on legacy features of nails, and are thus incompatible with the new versions. You may run into a scenario where you want Software A that needs nails version 14+, but also Software B that can only run on nails v <13, and you just can’t, because they don’t overlap.
Additionally, there may just be a totally different competing package out there, screws, that does largely the same job as nails, but in a completely different way that is totally incompatible with projects that expect nails. So if you need Software C that relies on nails, but also Software D that relies on screws, you might cause problems by installing both.
What a distro is is essentially a group of devs declaring that they are putting together some specific list of libraries (like, say, nails v14), and then sculpting up a bundle of software around those specific libraries. Can’t cope with nails v14? That sucks. No package for you, then.
In that sense, distros are differentiated by what libraries and other low-level system softwares are available to the programs you wish to install on them. If you want your program to be available natively on every distro, it needs to be compatible with every competing set of libraries each distro has elected to use.
It is possible to just say “fuck it” to the distro’s built-in libraries, and instead bundling the specific version of nails or screws or whatever you project needs directly with it. Build your own with blackjack and hookers, as it were. That’s exactly what Flatpak does, among others. But it’s trading flexibility for redundancy. In the age of cheap and plentiful storage memory, many people think this trade is well worth it. But it makes many formalists cringe.
imagine if every application on your desktop reacted differently depending on how many times you clicked a spot
yeah, wow, imagine. different applications using different design patterns for different contexts. perish the thought!
Is that also OK just because one browser started doing it and every other browser copied that function?
one browser did an arguably useful thing, every other browser agreed it was arguably useful, and it became a widely adopted feature? sounds ok to me. gee, it’s almost like this is how standard patterns come to be, or something…
I admire the respect you have for those who ask questions like this, but I think I disagree.
If there is something egregiously wrong with the premise of what a person is seeking to do, and there are no qualifying statements in their query about why they do in fact need to do this specifiic thing in this specific way, chances are high that they are uneducated about why the premise of what they’re trying to do is flawed, and they are best served by being course corrected. Giving them the answer they’re looking for to continue the bad thing while hiding your suggestion of what they should be doing instead in a footnote is just enabling them to double down on the short term path of least resistance that will probably come back to bite them again later.
If they really did know what they were doing with regards to doing an otherwise unsafe and/or unsupported thing, or if the restrictions tied their hands from using the obvious replacement solution, it either should have appeared in their question prompt, or it should be in the first replies to the first round of answers.
I say, withhold outdated advice unless the context of the conversation makes it explicitly clear that the old advice is genuinely required and not substitutable with current advice. But also don’t be smug, rude, dismissive, or standoffish about it. Don’t argue with someone who says they really do need a specific solution.
That said, this only applies in really cut and dry cases like this one, where there very clearly is an indisputable thing you shouldn’t be doing, and a drop-in replacement you should be using. The ones I hate are moreso those you may see on StackOverflow where the question is like, “how do I do <X> in JavaScript?” and five of the seven responses including the accepted answer offer a solution in some big dumb framework or lib that they apparently expect you to just incorporate into your project.
IANAL and I don’t have the actual court papers, but is seems to me they were violating GPLv2 Section 6.
Essentially, what this section says is that if you distribute a chunk of software (in this case, the firmware embedded in a smart TV) that in its compiled form contains part or all of a software library covered by this license (in this case, Busybox, which is a bundle of common shell utilities you use every day in a Linux terminal, compacted into one binary to fit onto embedded systems), you have to do one of these four things:
Package the source code of the GPL’d library with the distribution itself. If your executable contains a version of it modified by you, those modifications must be in the source. In this case this would require putting the raw source code for Busybox on the TV itself in a place the user could access it, or perhaps bundling a flash drive with the source code on it with the TV.
Include a written offer to send the source to anyone who asks for it, at no cost (except for the cost of transfer itself if applicable, e.g. postage), and honor that offer for at least 3 years. I believe this is what most companies that use GPL’d code do.
If the distribution happens at a designated place, offer the source at that same place. This is mostly relevant to download pages, not physical products.
Verify that the customer already has a copy of the source distributed in advance. This is a specific edge case that makes no sense in this context.
This lawsuit was brought about because the sellers of the TVs that contained Busybox were not doing any of the above four things, and those sellers ignored or ghosted plaintiff when plaintiff contacted them about it.
Computers are like servants. They do whatever you ask of them. But to be able to ask them things, you must do so in their language. On the extreme low level that means writing code to make programs, but on a higher level, it means talking to programs someone else already wrote using special commands.
The buttons and switches on a GUI that you can click on with a mouse are like pre-recorded commands that instruct the computer to do some specific thing. The button or whatever will have a symbol or text description that lets you intuitively know what it’s for, and when you click on it, it plays a pre-recorded command to the computer in its language that tells it to do that thing. With these buttons, you can ask things of the computer in its language without having to know that language.
As you get more intimate with the computer, this system can start to feel a bit stiff. You’ve essentially got a butler who doesn’t speak your language, and any time you need to give him a task, you have to fumble through a basket of pre-recorded tape recorder messages to find the one for the task at hand, and play it to him. For more complex tasks, you may need to chain several of these together. It gets slow and awkward. And god forbid you don’t even have a tape recording for the thing you need.
It’s easier if you learn the butler’s language yourself. Then you can ask him for things directly. You’re not bound to any collection of pre-recorded messages to use, you can tell him exactly what you need. And if you don’t happen to know the word for something, you can look it up. It cuts out all the faffery with fumbling over a tape recorder looking for the messages you need to play.
Using a terminal is roughly the computer equivalent of speaking to your butler in his native language. You’re not limited to only the buttons and features any particular program lets you have; you can make up exactly what you need on the spot. And you never have to bounce your hand between a mouse and keyboard to do it, you can keep your hands in one position at all times, which really adds up over time in both speed and comfort.
Practicing this will also give you the side perk of better understanding how the computer actually works overall, and what it’s actually doing. This knowledge can come in super handy when diagnosing problems with the thing. When a GUI gives up, a terminal can keep digging.
this could’ve been done by most people with a little gumption.
My point was not that installing Linux is intrinsically difficult, it’s that people who have “a little gumption” to figure it out are a far rarer breed than you seem to believe.
Also, I wasn’t intending to “shit all over the possibility” of salvaging old PCs. I support that! I think Linux (Mint, specifically) would be a perfect drop-in for most light use Windows users, as it is a stable and friendly solution to common needs. I was just raising the part most people overlook: actually getting it running. Not just the technical challenges, but the mental ones, too. The people who stand to gain the most from a free and stable OS are paradoxically the same people who are the least equipped to find and set it up.
We have a long road ahead of us to normalize the procedures of obtaining and installing a new OS in the public eye. Linux can be as user friendly as you like, but it’s all for nothing to the average Joe if he doesn’t understand how to get it. Or why he should even bother getting it, for that matter.
But, assuming most people aren’t complete morons and can actually do stuff if they decide to sit down, Google how to do it and actually do it instead of declaring “I am stupid” and not even try
Extremely charitable assumption, I’d say.
I do think most people do in fact possess the ability to follow instructions and succeed at installing Linux from USB. But it all falls apart at the key word “decide”. Very few people choose to devote the low, but nonzero, effort required to pull it off.
for linux specifically the hard part is entering the BIOS to disable secure boot and then go into the boot menu to select the USB
I would say, for the demographic I’m thinking of, the hardest part is actually getting the installation media in the first place. Not because it’s challenging to do, but just getting over the mental barrier of this (to them) extremely unorthodox method of installing software.
Like, first you have to find the thing and download it. Which, fine, that’s typical so far But the thing you download isn’t some .exe you run. No, you need to put it on a flash drive. So you need one of those lying around, either empty or with nothing important on it. But you don’t just copy the installl file onto it the ““normal”” way, nooo… you also have to separately download some strange utility that burns it onto the flash drive in some special way or else it won’t work. Only then do you have to tickle the BIOS.
I understand if you or anyone else reading rolls their eyes at that description because these steps are so boneheadedly simple. And I agree, they are. But it’s not so much a question of whether it’s hard to do, it’s a question of whether it feels safe and natural to do. Which, to you and me, it is. But to the kind of person who, as you say, shouldn’t even be using a computer in the first place (but they must anyhow, because trying to live in our modern information age society without one closes too many doors), it’s an uncomfortable, dark ritual.
I guess by “Windows installer” I actually meant the setup wizard that runs the first time you boot an OEM machine from the factory. The thing 99% of Windows users actually see. Not sure if that’s significantly different.
And if you want to claim even that is terrible, I really have to question by what metric you’re measuring. Is it because it doesn’t give you the options you want, like creating an offline user account, or because it’s full of bloat screens for products like OneDrive? Sure, I guess. But I’d say having these criticisms are very specifically the kind of things that make you an outlier compared to the average person I’m talking about. These are things normal people don’t bat an eye at. Giving them more control just intimidates them.
And yeah, I’m sure you agree, “provided [they] can create a USB” is a huge ask for a lot of people. Child’s play for us, but weird and scary black magic to most. Guides can and do make it crystal clear what to do, but as long as it feels spooky to download and run the magic programs, no one will feel comfortable doing it.