惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

G
GRAHAM CLULEY
S
Security @ Cisco Blogs
P
Proofpoint News Feed
Cisco Talos Blog
Cisco Talos Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tor Project blog
WordPress大学
WordPress大学
Project Zero
Project Zero
S
Schneier on Security
P
Proofpoint News Feed
小众软件
小众软件
P
Privacy International News Feed
美团技术团队
L
LangChain Blog
Know Your Adversary
Know Your Adversary
J
Java Code Geeks
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
The Register - Security
The Register - Security
N
Netflix TechBlog - Medium
Microsoft Security Blog
Microsoft Security Blog
Engineering at Meta
Engineering at Meta
I
InfoQ
量子位
Vercel News
Vercel News
博客园 - 三生石上(FineUI控件)
Spread Privacy
Spread Privacy
D
DataBreaches.Net
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
U
Unit 42
P
Privacy & Cybersecurity Law Blog
C
Cybersecurity and Infrastructure Security Agency CISA
T
The Blog of Author Tim Ferriss
Latest news
Latest news
K
Kaspersky official blog
MongoDB | Blog
MongoDB | Blog
L
LINUX DO - 热门话题
Simon Willison's Weblog
Simon Willison's Weblog
云风的 BLOG
云风的 BLOG
S
Securelist
AWS News Blog
AWS News Blog
F
Fortinet All Blogs
T
Threat Research - Cisco Blogs
Stack Overflow Blog
Stack Overflow Blog
Scott Helme
Scott Helme
Help Net Security
Help Net Security
Y
Y Combinator Blog
宝玉的分享
宝玉的分享
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
T
Tenable Blog

David Baron's Weblog

Software engineering, responsibility, and ownership Software engineering, responsibility, and ownership David Baron's weblog: Security and Inequality Running animations on the compositor thread David Baron's weblog: Tying ecosystems through browsers David Baron's weblog: Payments on the Web Thoughts on migrating to a secure Web David Baron's weblog: The need for government David Baron's weblog: Priority of constituencies How browser developers should seek feedback from Web developers A possible approach to shorter release cycles David Baron's weblog: Fifteen years Why debug builds (and assertions) are important Ten years of the Mozilla Foundation Open licensing at the W3C Why adding compositing and blending to CSS is harder than it looks How you can help with removing -moz- prefixes Moving bug history out of the primary display of a bug report Beware of locale-specific behavior in the C library Eating dogfood and shipping software Specification style and the future of the Web The bug system I wish I had CSS border-image changes and unprefixing Improving font size readability on Firefox for Android David Baron's weblog: CSS Animations, part 2 Hue-preserving color inversion with SVG filters Changes to handling of @-moz-keyframes David Baron's weblog: window.matchMedia() David Baron's weblog: CSS Animations What does a blur radius mean? Crash analysis in the future David Baron's weblog: calc() David Baron's weblog: colorDepth David Baron's weblog: Hidden complexity in specifications The most important field in a bug report: the summary WOFF font format submitted to W3C David Baron's weblog: :-moz-any() selector grouping setTimeout with a shorter delay Faster repainting in SVG foreignObject David Baron's weblog: Distributed Extensibility David Baron's weblog: Broadening crash analysis Correlating crashes with binary extensions or plugins David Baron's weblog: ex-HTML Downloadable font formats for the Web Web Accessibility as a Political Movement David Baron's weblog: CSS priorities David Baron's weblog: Bug priorities David Baron's weblog: Semi-vacation Some new CSS features in Firefox 3 David Baron's weblog: New selectors David Baron's weblog: The age of bugs David Baron's weblog: Teaching to the test David Baron's weblog: March 2008 David Baron's weblog: February 2008 David Baron's weblog: January 2008 David Baron's weblog: October 2007 David Baron's weblog: September 2007 David Baron's weblog: August 2007 David Baron's weblog: June 2007 David Baron's weblog: April 2007 David Baron's weblog: March 2007 David Baron's weblog: January 2007 David Baron's weblog: September 2006 David Baron's weblog: August 2006 David Baron's weblog: July 2006 David Baron's weblog: May 2006 David Baron's weblog: February 2006 David Baron's weblog: January 2006 David Baron's weblog: December 2005 David Baron's weblog: October 2005 David Baron's weblog: September 2005 David Baron's weblog: June 2005 David Baron's weblog: May 2005 David Baron's weblog: April 2005 David Baron's weblog: March 2005 David Baron's weblog: February 2005 David Baron's weblog: October 2004 David Baron's weblog: September 2004 David Baron's weblog: August 2004 David Baron's weblog: June 2004 David Baron's weblog: May 2004 David Baron's weblog: April 2004 David Baron's weblog: March 2004 David Baron's weblog: February 2004 David Baron's weblog: January 2004 David Baron's weblog: November 2003 David Baron's weblog: October 2003 David Baron's weblog: September 2003 David Baron's weblog: August 2003 David Baron's weblog: July 2003 David Baron's weblog: June 2003 David Baron's weblog: May 2003 David Baron's weblog: April 2003 David Baron's weblog: March 2003 David Baron's weblog: February 2003 David Baron's weblog: January 2003 David Baron's weblog: December 2002 David Baron's weblog: November 2002 David Baron's weblog: September 2002
Seeking a good Linux distribution
David Baron · 2008-05-14 · via David Baron's Weblog

I got a new laptop two weeks ago, and I decided to install Ubuntu on it rather than Fedora. I've been considering this for a long time, as each new Fedora release breaks yet another major subsystem of my machine. For example, Fedora 8 broke audio (in multiple ways) and broke connecting to the secure wireless network in my office, never mind shipping with an installer that didn't actually work. Fedora 7 was also one problem after another, plus the big proprietary video driver problem that I should have known about (and not upgraded in the first place) but could work around in really ugly ways (see also my first, second, and third video driver blog posts), plus having to figure out whether the packaging disasters were the cause of my suspend+resume problems (they weren't). Colleagues kept telling me that Ubuntu just worked when it was installed. This did actually turn out to be my experience installing it on my new ThinkPad. Beyond that, I'm not particularly excited or upset about the change from the perspective of a user; some things are better and some things are worse.

My hesitation over switching to Ubuntu (and the reason I didn't switch much sooner) came from seeing bugs over the past half a decade or so (fewer in the past few years, though) related to how Mozilla was packaged on Debian, and from looking through the diffs in Debian's Mozilla packages, and I think Ubuntu's as well. (Ubuntu is based on Debian.) I saw patches that were obviously written by people who wanted to fix one particular bug, but didn't particularly understand the code they were modifying or what else their modifications would break. Given that, today's security advisories from Debian and from Ubuntu didn't surprise me very much. I had a pretty good idea of the tradeoff I was making when I was switching from Fedora to Ubuntu.

Fedora as a project seems to have a pretty healthy community that, at a local level (changes to a particular package), strikes a pretty good balance between getting things to work and doing things right. Their developers are often good about contributing patches upstream, and are major contributors to many of the projects that they depend on. I haven't observed this volume of upstream patches or major contributions from Debian or Ubuntu. I suspect they attract developers whose patches are often not good enough to be accepted upstream, and I suspect the projects nevertheless encourage those developers to fix particular serious (and sometimes not-so-serious) bugs. However, fixing a set of serious bugs before shipping is an important part releasing software, and I don't think Fedora has done this well the past few releases. But bugs also need to be fixed correctly -- with a good understanding of why the changes are being made, and what they could break. That often requires sending the patches upstream to the developers who wrote and understand the code being patched. This seems to me to be the big weakness of Debian and Ubuntu (and also occasionally a problem for Fedora as well, but not as much)

I'd love to see a Linux distribution that is good at both shipping releases at a high quality bar, and at using only a limited set of high-quality local patches that are quickly pushed upstream rather than doing extensive and long-term patching of code that they don't understand. I haven't found one yet.