kerry-s
Posts: 49
Joined: Sat May 05, 2018 3:50 am

iso's need a refresh

Sat May 05, 2018 1:03 pm

the first update after a clean install is huge 870+mb almost as much as the iso.
felt like downloading the iso twice.

WonderingDane
Posts: 68
Joined: Wed Sep 02, 2015 4:02 pm
Location: Denmark
Contact: Website

Re: iso's need a refresh

Sat May 05, 2018 1:47 pm

kerry-s wrote:
Sat May 05, 2018 1:03 pm
the first update after a clean install is huge 870+mb almost as much as the iso.
felt like downloading the iso twice.
Solus 4 is coming soon, which will mean an ISO refresh as well :)
Image

kerry-s
Posts: 49
Joined: Sat May 05, 2018 3:50 am

Re: iso's need a refresh

Sat May 05, 2018 1:56 pm

Solus 4 is coming soon, which will mean an ISO refresh as well :)
that's been the rumor for month's & month's, doesn't help anyone doing a solus install. if you install & updates replace almost the whole install.
my Internets not the greatest, very slow sometimes. you just shouldn't need to download that much after a clean install.

sunnyflunk
Development Team
Posts: 2967
Joined: Sun Mar 13, 2016 11:35 pm

Re: iso's need a refresh

Sun May 06, 2018 3:05 am

kerry-s wrote:
Sat May 05, 2018 1:56 pm
Solus 4 is coming soon, which will mean an ISO refresh as well :)
that's been the rumor for month's & month's, doesn't help anyone doing a solus install. if you install & updates replace almost the whole install.
my Internets not the greatest, very slow sometimes. you just shouldn't need to download that much after a clean install.
As an example, in the last 2 days before the last sync there was >400MB of updates on my installation. ISO's would need to be weekly if based on not requiring large updates after installation. ISO's are feature based, it just happens that the number of features keeps on expanding for this release.

kerry-s
Posts: 49
Joined: Sat May 05, 2018 3:50 am

Re: iso's need a refresh

Sun May 06, 2018 3:14 am

yeah, but there should be a point where a refresh makes since. when updates are 75% of the iso.

for me. it took maybe 2 hours to download the iso, then at least another hour after install to update.

my internets 3mb shared with the rest of the family. pretty soon we're going to drop cable & hopefully can get more internet.
not everyone can afford the fast stuff.

testmonkey
Posts: 56
Joined: Mon Jul 18, 2016 1:06 am

Re: iso's need a refresh

Thu Aug 09, 2018 7:45 pm

It's not even a matter of cutting down on wasted time (wherein a few hours' work for the Solus team translates to thousands of hours saved for users). It's a security issue. Although it's unlikely, doing a fresh install from a very old ISO just reactivates old vulnerabilities. On the off chance that one of them requires little or no user interaction to exploit -- or more likely, that the installing person is lazy about applying updates -- the result could be a security compromise (and not necessarily easily detected as such). There's actually some published research on this patch latency issue with regards to Windows malware, including statistical measurements of expected time to infection. (The measurements are from years ago, but the concept still applies.) Also don't forget that a better user experience leads to faster viral growth of the entire user base, all else being equal. I do realize that generating ISOs is not exactly the best use of the team's skills, however, so perhaps it's worth looking into a way of automating the process as much as possible.

User avatar
Lorien
Posts: 50
Joined: Wed May 03, 2017 2:05 am

Re: iso's need a refresh

Thu Aug 09, 2018 11:37 pm

testmonkey wrote:
Thu Aug 09, 2018 7:45 pm
It's not even a matter of cutting down on wasted time (wherein a few hours' work for the Solus team translates to thousands of hours saved for users). It's a security issue. Although it's unlikely, doing a fresh install from a very old ISO just reactivates old vulnerabilities. On the off chance that one of them requires little or no user interaction to exploit -- or more likely, that the installing person is lazy about applying updates -- the result could be a security compromise (and not necessarily easily detected as such).
Security issues get fixed all the time, so if you are dealing with "lazy" users that do not update, it does not help him or her that it is an up to date iso, they will make their system insecure 7 days, 14 days or 1 month after they installed it anyway...

If people have not learned to keep their systems updated, there is not much the devs can do for them as i see it.

Sure it will be great to have a sparkling new up to date iso, maybe some support through Patreon could help, next goal 4000,- will "allow expansion of the Solus workforce".

I think it will be good to have a new iso because, it will be a better experience for new users, better support for new hardware, and no need to download the many updates. I am sure we wont have to wait for long.

Just my two cents.

User avatar
Lorien
Posts: 50
Joined: Wed May 03, 2017 2:05 am

Re: iso's need a refresh

Fri Aug 10, 2018 12:09 am

This is what is left to be done before the next iso: https://dev.solus-project.com/T5010

Budgie 10.5 is done as i understand it: https://youtu.be/6d40jbAKEcs?t=35796
>>Update<< Well almost it seems: "At this moment in time, it’s primarily tackling issues with Icon Tasklist as well as continued polish of the new functionality for this release." https://solus-project.com/2018/08/10/summertime-solus/

From Solus on reddit:
"Where is Solus 4

We're actively working on the last two major roadblockers, Budgie 10.5 and the new Software Center."

https://www.reddit.com/r/SolusProject/c ... e_posting/

testmonkey
Posts: 56
Joined: Mon Jul 18, 2016 1:06 am

Re: iso's need a refresh

Sun Aug 12, 2018 6:26 pm

Yes, based on your references, it sounds like a new ISO will be available soon. But unless current practices change, it, too, will soon become stale.

Good point: I do think it makes sense to encourage donation to the team's Patreon account as ISO generation is mainly just an issue of more man-hours.

The security issue affects everyone, lazy or not. It boils down to the window of vulnerability that exists between the installation of a stale ISO, and its upgrading to the latest security patches. (Technically, even that's not enough, as the system usually needs to be rebooted once more in order to allow them to take effect.) Exploits of this window were demonstrated years ago on Windows, and conceptually, it's similar to Linux (even though the latter is more secure, all round). All that matters is the existence of an exploit, and sufficient time to carry it out. This vulnerability is linearly magnified by repeatedly installing systems, which lots of us MIS folks do on a daily basis. It's not always possible to create a drive image and clone it, due to the diversity of devices that arrive on our desks. While creating ISOs more frequently won't solve this problem, it might effectively constrain the number of vulnerabilities available to exploit, from months' worth to days' worth.

Return to “Ideas”