Things That Went Right

On the flip side of the things that went wrong, we have the things that went right. Most of the Ubuntu experience went right and has been covered previously, so this is going to be a catch-all for other things about Ubuntu that impressed me, but don’t necessarily fit anywhere else.

One of the nicer features of Mac OS X that you don’t see mentioned very much is the Keychain, a credential management framework for applications to use to securely store passwords and the like. Such systems aren’t rare – even Windows has something similar through its Credentials Manager – but Mac OS X is unique in that its implementation at least gets used, at times.

I had not been expecting something similar in Ubuntu, so it caught my eye when a Mac OS-like password box came up when I was logging in to my file server. As it turns out Ubuntu has similar functionality through the Passwords and Encryption Keys application. And since Ubuntu heavily uses the GNOME desktop environment that this application is a part of, a number of its applications are built against the keyring and use it.

It’s not quite as tightly woven as Keychain is under Mac OS X, but it’s better utilized than Windows and used enough that it makes sense to visit the keyring application. The biggest holdout with a stock install is Firefox, which uses its own password manager regardless of what platform it’s on.

Another thing that caught my eye was Ubuntu’s archive manager, called File Roller here. As we’ve lamented many, many times before, Windows’ archive management abilities are terrible. Files are slow to compress, files are slow to uncompress, and just supporting Zip files isn’t quite enough. Mac OS X does a bit better by being faster, but it also has absolutely no support for browsing Zip archives, it just packs and unpacks them. Most power users I know will have something like WinRAR or BetterZip installed to get a proper archive browser and wider archive support.

File Roller is a complete archive manager, and it supports slightly more exotic archive formats like RAR along with the customary Zip and *nix standard of GZip. The biggest knock against it when it comes to archive formats is that it can read more than it can write, RAR again being the example here.

This also brings up an interesting quirk with archives under *nix that you don’t see under Windows. The Zip format specifies it as being both a container for multiple files and a compressor for those files. GZip on the other hand can only compress a single file – so when it comes time to compress multiple files, they must first be packed in a compressionless tarball (TAR), and then the tarball is compressed, resulting in .tar.gz. The quirk is that the Zip format compresses each file separately, while .tar.gz by its very nature compresses all the files together at once; this is commonly known as solid archiving.

Depending on the files being compressed, solid archives can have significant space advantages over individually compressed files by taking advantage of redundancy between the files themselves, and not just the redundancy in individual files. This is also why WinRAR is so common on Windows machines, since the RAR format supports solid and individual archiving.

Now the downside to solid archiving is that it takes longer to pull a file out of a solid archive than an individually compressed archive, since everything ahead of the file must be decompressed first in order to retrieve the data needed to recreate the desired file. So solid archiving isn’t necessarily the best way to go.

Ultimately with the wider support for archive formats under Ubuntu, in some situations it can achieve much better compression ratios than what can be done under Windows. Windows isn’t entirely helpless since when it comes to installers they can use MSI installers (which use solid compression), but as far as plain archives are concerned the only built-in option is individual archiving. It’s a small benefit that can pay out nicely from time to time for Ubuntu.

Things That Went Terribly, Terribly Wrong Wine
Comments Locked

195 Comments

View All Comments

  • ioannis - Wednesday, August 26, 2009 - link

    ...sorry, I think it's Alt+F2 by default. I'm talking about the 'Run Command' dialog.
  • Eeqmcsq - Wednesday, August 26, 2009 - link

    Oh, yes you're right. I stand corrected.
  • sprockkets - Wednesday, August 26, 2009 - link

    Ubuntu doesn't ship with the firewall on eh? Weird. SuSE's is on, and that has been the default for quite some time. GUI management of it is easy too.
  • clarkn0va - Wednesday, August 26, 2009 - link

    For incoming connections I don't quite grasp what good a firewall will do on a system with no internet-facing services. With no open ports you stand little to gain from adding a firewall, and any internet-facing service you might add, well, you don't want to firewall that anyway.

    I can see two theoretically plausible arguments for a host-based firewall, but even these don't really stand up in real-world use: 1) a machine that has open ports out of the box (I'm looking at you, Windows), and 2) for the folks who want to police outgoing connections.

    In the case of the former, why would we open ports and then block them with a firewall, right out of the box? This makes as much sense to me as MS marketing their own antivirus. Third-party firewalls were rightfully introduced to remedy the silly situation of computers listening on networks where they shouldn't be, but the idea of MS producing a host-based firewall instead of just cleaning up their services profile defies common sense.

    In the case of outbound firewalling, I've yet to meet a home user that understood his/her outbound firewall and managed it half-way effectively. Good in theory, usually worse than useless in practice.

    db
  • VaultDweller - Wednesday, August 26, 2009 - link

    Just because a port/service is open, doesn't mean you want it open to the whole world.

    Examples:
    SMB
    NFS
    VNC
    RDP
    SSH
    Web (intranet sites, for example)

    And the list could go on... and on and on and on, really.

    Also, it's erroneous to assume that only 1st party software will want to open ports.

    And that is to say nothing of the possibility of ports being unintentionally opened by rogue software, poorly documented software, naughty admins, or clumsy admins.

    Host-based firewalls help with all of these situations.
  • clarkn0va - Wednesday, August 26, 2009 - link

    Windows firewall doesn't filter by source. In other words, if you want SMB or any other service open to some peers and not others, Windows firewall can't help you; you'll need a more sophisticated product or a hardware firewall for that.

    I'm not saying there's no case for host-based firewalls, I'm just saying it's pointless for most users out of the box, where Ubuntu doesn't need it and Windows should be looking at fixing the problem of unneeded services running, rather than just bolting on another fix.
  • VaultDweller - Wednesday, August 26, 2009 - link

    "I can see two theoretically plausible arguments for a host-based firewall, but even these don't really stand up in real-world use"

    That sounds to me like a claim that there is little or no case for a host-based firewall; at least, that's how I interpreted it.


    "Windows firewall doesn't filter by source. In other words, if you want SMB or any other service open to some peers and not others, Windows firewall can't help you"

    That is incorrect, and you should check your facts before making such statements. The Windows Firewall can filter by source. Any firewall exception that is created can be made to apply to all sources, to the local subnet only, or to a custom list of IPs and subnets.

    The firewall in Vista and Windows 7 goes a step further, as it is location aware. Different ports and services are opened depending on the network you're plugged into, as exemplified by the default behavior of treating all new networks as "Public" (unknown and untrusted) until instructed otherwise.
  • clarkn0va - Wednesday, August 26, 2009 - link

    "The Windows Firewall can filter by source. Any firewall exception that is created can be made to apply to all sources, to the local subnet only, or to a custom list of IPs and subnets. "

    In that case I retract my assertion that an out-of-the-box firewall makes no sense in the case of Windows.

    As for Ubuntu, or any other desktop OS having no open ports by default, I still see including an enabled firewall by default as superfluous. Meanwhile, firewall GUIs exist for those wishing to add them.
  • Paazel - Wednesday, August 26, 2009 - link

    ...not enough pictures. admittedly my interest additionally waned when i read the newest ubuntu isn't be reviewed.
  • philosofool - Wednesday, August 26, 2009 - link

    I'm not done with this article, which I'm loving. However, there's a grammatical/spelling quibble that's driving me nuts: "nevertheless" is one world.

Log in

Don't have an account? Sign up now