vacancies advertise contact news tip The Vault
facebook rss twitter

HEXUS.interviews: Michael Robertson of Linspire Inc.

by Jo Shields on 19 April 2005, 00:00

Tags: Linspire

Quick Link:

Add to My Vault: x

Clicking, Running, Rooting

Jo: Okay, what about Linspire 5 is so incredible and amazing compared to Suse or Fedora or any other cheap or free desktop Linux that it's worth Ā£50 [CD or download edition with one-year CNR membership]. What's the main feature that warrants the added cost over other desktop Linux releases, or even some of the free ones such as Fedora? What's the real killer app?

Michael: There's no one killer program that we have that nobody else has. We do have the click and run [CNR] service, so installing or updating your computer is one-click easy. There are 2200 apps you can choose from, so there's one - our pretty unique service, CNR. It is an ongoing value, be it security updates, it really is one-click easy.

Michael: However, this is a service model. I heard you say you were fighting with MythTV - hey, it makes sense to give us a hundred bucks if your time is worth anything, because as you know, getting Linux to do what you want it to do often takes hours and hours. So it's not any one little piece as such, but if you sum up all the hundreds and hundreds of small things that we HAVE done. For example, just getting onto a Wi-Fi network, with Linux is a pain in the ass. But Linspire will auto-sense it, it'll auto-configure it, etcetera. That's just one thing out of hundreds and hundreds that we do which make Linux practical for the mass market.

Michael: We're not trying to win ultra-geeks. Ultra-geeks LIKE having to type commands, they think it's fun to learn the system, and to know the secret codes. That's just not our customer.

Jo: On the security front, I noticed during the presentation that you were running everything as root. Is that really a wise idea, to train users to run everything as the one user who can mess everything up whenever they feel like it? Should you not try to teach them one basic UNIX security idea, that you really don't want to run things as root?

Michael: I think, like everything, it's a question of balance. Ease of use, versus security. I defy anybody to tell me why is it more secure to not run as root. Nobody really has a good answer. They say "oh, yeah, it is!", but it really isn't. Here's why: What's the most important thing on your desktop? It's the data. If someone gets access to your libraries or whatever, who cares? Your data is the most precious thing on your computer. And whether you log in as root or log in as user, you have access to that data, technically anyone who's compromising your account has access to your data as well.

Michael: Then you could say "Well, it's not really about your data, it's that people could accidentally mess things up!". Well, you could accidentally drive into a wall as well, it doesn't mean we should make all cars drive at 10 miles an hour. So, I don't see the added benefit. I DO see it's an added pain in the ass when grandma tries to change her wallpaper, and it tells her "you don't have root privileges". What are you talking about, man? I'm just trying to use my computer, or change the clock, or any one of a hundred other things. So, people always say "it's less secure", but I defy anyone to point out a single instance, and people all go "Well, I, erm, it's theoretical!". There's no one area I think you can point out where a machine that's run with the root user could be compromised. It couldn't be.

Michael: I know the hardcore geeks feel differently, that's fine. When somebody installs Linspire, we say "do you want to set up users, yes or no", we give them the choice, right there when they start up for the first time. If they want to set up multiple users, they're welcome to do that, but we don't force them to. That's the difference we have.

Jo: Is there any particular reason you decided to use Debian GNU/Linux as the basis for Linspire, rather than any of the other "mature" distributions out there to build on?

Michael: The click and run technology that we built runs best off dpkg package-managing strategies rather than RPM. We think dpkg is superior to RPM for CNR, so that's what drove us to use Debian. When we chose Debian four years ago, it was not as popular as it is today, it was all Red Hat but Debian's had a resurgence. It would have been much easier, and probably more "approved" generally, if we'd used Red Hat, but we feel there's a real advantage to going with Debian, because it's the foundation that allowed us to build CNR on top.