But you are ignoring everything you had to do to get you to that point.

The first of which is to become aware of Linux, or even "What an op-er-at-ing sys-tem is". You know, but do not take it for granted that everyone does. Nor wants to.

My sister joined a bank from college and worked her way through the system to being a senior manager. She has used computers in her work for the last 20 years, but she has enough to do with keeping up with all the legislation and changes in the financial field without being bothered with how to use a compiler and configure and make and all that other good stuff just to get her home PC running. With effort, it's perfectly possible to secure an MS system, and I have done that for her.

If she used a pre-packaged binary, Linux solution from a commercial CD, what would she have gained and at what cost?

She still would have to pay for the OS; still have no idea what was going on within the system; still be left trusting the company from which she purchased the OS; still require a firewall. Yes, she may be less vulnerable to virus infection by dint of Linux systems being less targeted, but if enough people start using Linux the crooks will expend more effort in targeting it. Just cos it's open source it won't stop them. Linux maybe less prone to vulnerabilities than MS, but they exist. And when there is enough incentive, the crooks will go looking. Just how many Linux users read every line of every piece of code they install?

However, if she moved to Linux, she would no longer have support from the PC manufacturer. She would no longer be able to work at home on spreadsheets, WP docs or presentations from work; or connect to her company network and trivially interchange programs and data with it; or do her husbands accounts (which his accountant needs to upload to his MS systems), or do the VAT returns (which the government accepts in MS format).

And her husband wants to be able to exchange the architectural plans he prepares on their PC with his customers and their architects. As things stand now, that means using programs that run on MS systems.

I'm not saying that all of these things cannot be done using a Linux solution, only that in their world, to do so would involve considerable extra time and effort in conversion to and fro. And that would require acquiring considerable additional computer skills that they do not have, currently do not need, and for which they have neither the time nor interest in acquiring. These are not "dumb" people. They are both very accomplished in their chosen fields, they just aren't computer geeks nor have any interest or incentive to becoming such.

It offends me when I hear them, and the millions like them, being written off as "dumb".

Your point is a good one; not everyone wants to get under the hood and mess with the guts. Just because someone doesn't want to learn what's inside, doesn't mean they're dumb, lazy, or foolish. Computers should work like TV's - turn it on, it goes, and you don't have to know a thing about what's going on inside.

The problem is that we're not really there yet. I have yet to find a computer that didn't require me to intervene in some way (I have no experience with the Mac; some claim it's worry-free). All the computers I've had required me to dig into whatever version of Windows I had, to correct dumb mistakes that Microsoft made, to change the defaults to suit my tastes, and to beef up the security. I've had to buy and learn to use anti-virus, firewall, and anti-spyware software.

Most people I know have not the slightest interest in learning about their computers. They just want it to work. Unfortunately for them, they don't "just work". All these people have had serious, sometimes catastrophic, problems that included malware, screwed-up programs, and loss of data. This happened because they weren't aware of the need for protective software, or they weren't aware of bugs in the software they were using that could cause data loss, or they had no idea they should back up their data.

I chose to install Linux on some of my computers. As I mentioned above, installing Linux was as simple (or as difficult) as installing Windows. When I turned on the computer, it did "just work", though I had plenty of things to twiddle with if I wanted to get into trouble. It's a matter of choice. The main difference was that when I installed Windows, I had to do it twice. I neglected to disconnect the network cable, and before I had Windows properly installed, the computer was infected with Nimda.

You made an interesting comment about your sister's experience: With effort, it's perfectly possible to secure an MS system, and I have done that for her. This is important. She had you to help her out with this vital process. Without your expertise, I suspect that she might have had security problems. Or at least, she'd have had to learn a bunch of stuff about security.

One final note: Ken Thompson created a truly devious hack in which the source code did not reflect what the compiler did (he compromised the compiler). So even if you *do* read every line of your source code, you might still wind up with a compromised system.

The main difference was that when I installed Windows, I had to do it twice. I neglected to disconnect the network cable, and before I had Windows properly installed, the computer was infected with Nimda.

Very strange. I've installed most versions of Windows at one time or another, most of them many times and on a variety of machines, but I've never had any of them initiate a connection to the network. Indeed, I don't recall ever having used a version of Windows that would allow me to connect to the internet until it (Windows itself), was fully installed such that I could (and had to), then install/configure the software required to connect to my choice of ISP.

It's only at that point, when installing or configuring the software for an ISP, either from CD or pre-installed by the hardware vendor, that the system becomes connectable, and therefore vulnerable.

It's hardly the fault of the OS vendor, if the ISP/hardware vendor supplied Internet connection software doesn't pre-install appropriate safeguards to protect the machine once it is connected. It is pretty much par for the course for MS to get blamed for the inadaquacies of these third parties.

I'm not for one moment suggesting that MS do not carry a burden of responsibility. If they would set up their OEM distributions configured for maximum security--ie. disable about half of the services that are enabled and open by default--then far fewer exposures would result. But not all exposures are as a result of MS action or inaction, and attributing them all to MS without considering the other parties involved in the distribution and configuration chain just clouds the issues.

You made an interesting comment about your sister's experience: ... She had you to help her out with this vital process. Without your expertise, I suspect that she might have had security problems.

Agreed, but again I'll point the finger at the hardware vendor who tailored the OEM installation of XP that came on her machine. They completely re-configured the OS; custom backgrounds; help facilties; machine specific utilities and extensions. They added a gob-load of 3rd part software packages; including 3 or 4 "sign-up on first use" Internet connections. She chose to use one of these when she first got the machine. Despite all the configurations they made, they failed to set the machine up with a firewall. They didn't even enable the XP built in firewall. Inadaquate as it may be, it would have been better than nothing. Who do you blame here?

Of course, MS could have enabled the firewall from the get go, but then 2 dozen firewall vendors would be launching law suites against them for "bundling" software with the machine and encroaching upon their marketplace. Sound familiar?

As I understand it, if you install Linux, you are still responsible for obtaining and installing a firewall, and will be vulnerable, until you do. I've no idea how you go about configuring Linux to connect to the internet (via dialup); whether you just type a command and enter the phone number and password; or whether you need to install some additional software first. The OS cannot come pre-configured for your ISP.

Either way, if you take those steps and then connect without having installed/configured/enabled a firewall (IPTables?), then you would also be vulnerable. Less likely to get found and exploited by virtue of obscurity--there are less dirtbags out there searching for and exploiting Linux vulnerabilities; at least so far--but still vulnerable.

And if you use (say) Firefox, then you are still responsible for keeping up to date on the fixes to it's vulnerabilities. Like the 21 recently discovered. The same is true for other browsers.

---

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.

Lingua non convalesco, consenesco et abolesco. -- Rule 1 has a caveat! -- Who broke the cabal?

"Science is about questioning the status quo. Questioning authority".

In the absence of evidence, opinion is indistinguishable from prejudice.

The examples here are:
• Linux/BSD never comes preinstalled on standard computers
• Linux/BSD support from big hardware manufacturers is nil
• It is hard to interoperate with the standard Office formats
These interoperability examples have something in common. A criminal monopolist.

It offends me when I hear them, and the millions like them, being written off as "dumb".

I am, frankly, the archetypical stupid user in quite a lot of areas -- and don't have problems with people that think other subjects than computers are worth their time. (I would love to spend decades on quite a few other subjects, personally.)

But it offends me when my life quality is lowered by convicted criminals, which e.g. make systems that are designed to be too complex to interoperate!

Update: OMG, this was my first negatively voted post ever. It even ended up on Worst of the day. (My only other negative of all time is four levels below this.)

I will stay out of the classical holy wars (at least, those irrelevant to Perl).

Don't worry, sometimes post get downvoted for no understandable reason. Looks like some people can't even stand strong opinions (probably because they have none by themselves).

On the monopoly issue, I agree with you. It's a shame that the DoJ watered down their ruling so that it amounted to little more than a slap on the wrist. (Makes you wonder why? But that's a different conspiracy theory:). Maybe the EU will do something more effective?

I wonder if Apple, and Sony, and DELL and a raft of smaller players aren't moving in the same direction? I'm not a lover of government intervention in business, it usually just creates red-tape and costs that we consumers have to bear, but maybe it will take action and legislation by governments to sort out these issues in the modern world.

As for your "quality of life". Is that any more important (other than to you), than that of all those who's quality of life would be severely curtailed if they couldn't use their computers to conduct their lives as they currently do?

---

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.

Lingua non convalesco, consenesco et abolesco. -- Rule 1 has a caveat! -- Who broke the cabal?

"Science is about questioning the status quo. Questioning authority".

In the absence of evidence, opinion is indistinguishable from prejudice.

That's funny, my wife and I find using Linux just that easy, switch on the computers, fire up a browser and email client, and it all just works out of the box. :)

Same here. I put in the installation disk, booted, followed some prompts, and the OS was up and running in less than an hour. Works right out of the box.

The thing is, if I *want* to go digging around and get myself into trouble, it's very simple to do. Linux gives me the choice - easy to use, or dangerous toy that will blow up in my face as I boldly go where no (wo)man has gone before...

Same here. I put in the installation disk, booted, followed some prompts, and the OS was up and running in less than an hour. Works right out of the box.

So the PC doesn't really work out of the box then does it? You have to the install media for Linux available, depending on the BIOS config of the PC you may have to alter the settings to get it to boot from the CD or floppy rather than the hard disk and once you have the install process started you had to answer some questions that may have required some technical knowledge (what's a 'partition'?, what is this 'X' thing?). I apply the "Mother Touchstone" here: could my mother do this without calling me with a question? On the other hand, when you took it out of the box, it is odds-on that the PC already did have a working operating system on it, possibly not one that fits your requirements but nonetheless a working OS that satisfies the requirements of the vast majority of people that will buy that model of PC.

On the other hand I bought a new PC the other day which had a "perfectly functional" OS already installed (Windows XP home as it happens) which I wanted to replace with Linux, "easy", I thought, "only an hour or so of CD juggling" (it would have been less if I had known that I had a DVD of the required distribution as well.) Oh no. It won't even boot the installer with the ACPI enabled so I have to supply a boot flag to turn off acpi detection (I knew this because I have been installing software on PC hardware for a long time and power management has always been the first suspect :), well of course that's fine but now it is detecting but failing to initialize the wireless chipset so no networking, of course I know to look in /var/log/messages for the evidence, ooh that looks suspiciously like the ipw2200 driver needs ACPI to work .... tum ti tum. Well I've spent the best part of a day on it now and it still won't load what I know absolutely to be the correct sound module and I have had to disable the PCMCIA subsystem in order to enable the ACPI and I had to stop X before I could install the proprietary graphics driver... Mother would have gone "thanks for all the help dear but I got the windows CD off $random_neighbour and everything is okay now, I didn't really need that Lunix stuff anyway" ten hours ago.

/J\

The OS ran out of the box. My experience with installing Linux was comparable to my experience installing Windows, except that with Windows, I was infected by a worm before I could finish the installation (I had neglected to disconnect the Internet connection). I had to reinstall Windows after a very difficult time trying to remove the worm.

I have not personally had a chance to examine or use any of the computers that come with Linux already installed; however, I am told that those computers do actually run right out of the box, but I can't claim to know this personally.

As for my experience with installing Linux - I did not need to select anything outside the defaults. I put the CD (or DVD) into the drive and rebooted. I followed the prompts without thinking, and the installation program chose appropriate defaults for me. Only when it came to user names and passwords, did I have to actually come up with something semi-creative.

The main reasons people have trouble with Linux, IMNSHO, are: 1) Most manufacturers deliberately choose to use BIOS, drivers, etc. that cater to Windows, and software-emulated hardware such as "WinModems", which saves more money and ensures Microsoft gets its licensing fee, even if someone will later remove Windows; and 2) once Linux is installed, it offers the unwary user a huge amount of power to do things, including wiping out the entire directory structure if you're not careful.

Linux is not for everyone. If you just want to play a few video games, get some e-mail, surf the net, maybe write a few letters - Windows is OK for this. No need to use anything else. The occasional crash isn't really that much of a problem. Most Windows programs save your work on an ongoing basis, so that when Windows crashes, you can recover most of your work. Buying the firewall, antivirus, and anti-spamware programs isn't that much of an expense, and these days those program will automatically update. So will Windows, if you need patches.

Still, I rather like my Linux boxes, and find they're no more difficult to use than Windows; and as I noted above, I had no more difficulty installing Linux, than Windows.

And as always: YYMV.