Right, so apart from what I said in my previous post I've also struggled a fair bit with my computers. To be honest, I think a lot of my free time has gone into that, and that is more than a bit annoying. I really don't want to spend my time working on something that will enable me to do what I actually want to do, I want to spend my time working on what I want to do.
Which brings me to my newly purchased Acer Aspire One, which I feel has consumed most of my evenings. I'd like to go on a long rant here, but I'll try to keep it reasonably brief. As I also mentioned, the Linux version does not come with a kernel that supports iptables, which as far as I know is the way to do firewalls on Linux (it used to be ipchains, but not any more). So maybe the AAO runs some sort of non-standard hack that I can't find any reference of, rather than the tried-and-tested solution, but as far as I can tell, there is no firewall support.
Now, my personal opinion is that you can live without anti-virus software, but you don't want to be without a firewall. This opinion is based on the fact that I have experienced far more port scans than virus alerts. Additionally, you can be duly diligent when it comes to opening e-mails and avoid using cracked versions of Microsoft Office downloaded from Russia, but it only takes one unpatched vulnerability (of a particularly disastrous kind) in a program that accepts connections from the Internet and your system might be hacked. At home, my wireless router drops incoming requests, but the point of the AAO is that it is supposed to be portable, right? So why does Acer not even support the possibility of a firewall? I mean, Ubuntu does not come with a firewall installed either (or at least did not used to), which I think is a bad call (Ubuntu may not have any services running by default, but you only need to install something like Skype and there you are) but at least you can install and start one with a few clicks. With the Acer AAO, not so much.
So, OK. I haven't needed to build custom kernels for Linux before (as I said, I don't want to spend my time building the foundation for doing what I really want to do) but it shouldn't be that hard, right? So I google some and find a link to the kernel source for the AAO, and download that. I take the config file that came with the AAO and go from there, adding base iptables support and some extra options that I imagine I might have use for, and some others for extra measure. The kernel does not compile at first, but that's OK, because the page I'm reading actually pointed out this problem and how to fix it (missing symlink). And then it compiles and I build the modules and install them and try out my new kernel. And at first everything seems fine, but as soon as the AAO tries to use the network, it freezes and the leds start blinking. So I restore the initial modules and the kernel that came pre-installed, and boot up again. Phew, everything seems to work again, except of course I still don't have any iptables support.
So what went wrong? Well, unfortunately, not being a kernel hacker (and quite frankly, not having much interest in becoming one, either), I have trouble finding out. But a quick check of the contents of the module directory shows that it initially contained far more modules than after I installed those I built. So I suppose that those missing modules are causing the issue, but that is just a guess. I could of course go back to the initial, unmodified config file, and build a kernel based on that just to see how many modules that results in...
... which brings me back to what I said at the beginning of this post: I really don't want to spend my time working on something that will enable me to do what I actually want to do, I want to spend my time working on what I want to do.
Am I really expected to spend, I dunno, weeks or even months to learn the ins and outs of kernel hacking just because I want a firewall for my newly purchased laptop? The story above is condensed, but there was a lot of googling for information (turns out kernel building is not mainstream enough that there is an abundance of useful advice on it), downloading the software I needed to even make the attempt, and a fair amount of trial and error going on there, and I was really just skimming the surface and trying to get by with minimal effort there. The problem could be with the downloaded source, it could be the config file is actually outdated, it could be any of a number of things, and I have no idea of where to start, really.
And if not, am I expecting too much when I'd like that kind of functionality out of the box? I hear that Linux netbooks have a pretty high return rate, higher than Windows XP netbooks. I'm sure some of that is due to people thinking they are buying a Windows machine, and then they start it up and it is something else, and they don't want it so they return it... but I also think that some offerings make it really hard to like it. Personally, I don't think a netbook should be without a firewall, but that is actually a pretty low-level requirement. When it comes to the AAO, some pretty elementary stuff in no particular order:
- I should not need to wait hours for updates to complete because the updater (presumably) is hardwired to get the updates from Taiwan.
- I should not have to struggle to get the keyboard to type the letters that are marked on the keys.
- I should not have to type
[Alt-F2] xterm [Enter] xfce-setting-show [Enter]
and click[Desktop icon] [Behaviour tab] [Show Desktop on Right Click' option] [Close] [Close]
in order to get a menu through which I can access most of my system, which also (incidentally) is the only way to install further software that is otherwise available in the repositories. - I should not have to struggle to get a media player that can display DivX encoded video.
- I should not have to jump through hoops to get Firefox 3 rather than Firefox 2, especially as the latter is not even officially supported anymore.
- The system should not come wide open (no password, sudo at will) by default.
- The system should not
accept
a new BIOS password and then semi-arbitrarily mangle it (truncate at eight characters and convert to all-upper-case) because that tends to cause users problems when they try to use the password they initially supplied.
Really, guys at Acer and elsewhere, if you really want to sell netbooks with Linux, this is not the way to do it. I actually had a bunch of various tweaks collected from various pages that I had planned to apply, but what's the point? I no longer want to spend time tweaking my AAO, especially since it seems to be an uphill battle all the way, and I still can't get a firewall installed.
Forget it.
So here is what I'm going to do: I will play around with it for a few months, restricting WLAN use to places where I'm behind a separate firewall, like at home, and keep the WLAN shut down elsewhere. And once April 23rd comes around and Jaunty Jackalope is released, I'm going to install Ubuntu (or possibly the slightly more lightweight Xubuntu derivative), and get my firewall (among other things) out of the box. I'll probably lose the sweet 20 second boot-up time (although quite frankly, the system is still loading and there is not that much you can do at that point anyway), but I will get a lot more in return, I think--booting Intrepid Ibex from a USB stick seems promising enough that I'm convinced it is worth a try.
Is all of this a failing on my part, or on Acer's part, or is this no failure at all and just something you should have come to expect by now and roll with it? I don't know, and frankly, I don't care that much, either. I'm tired of expanding energy on being outraged
(more like experiencing various degrees of disappointment) on stuff like this. You be the judge... and in the meantime, if you happen to know how to get iptables working on the AAO Linpus, let me know before April 23rd.
