"Tell the truth and run." - Yugoslav proverb

SimplyMEPIS 3.4-3

SimplyMEPIS 3.4-3

Saturday 18th February 2006

Categories: Reviews, GNU/Linux, FLOSS

First Impressions

Time for MEPIS to scoop another award... this time for the worst bug I have ever encountered. I found this bug quite by accident, but, considering it affects password authentication, I think it is rather serious.

Let's say our password is foobarbaz123. As you might expect, if I enter the password as foobarbaz123, it is authenticated. However, if I simply enter foobar, the password is still authenticated. It seems that MEPIS does not care about the digits on the end of any password. I repeated this several times on more than one account, with different passwords, and yet the problem persisted. I just find it remarkable that 1) somebody broke the password authentication in the first place, and 2) nobody noticed.

Naughty edit: It seems MEPIS only cares about the first eight characters. I am told this is common to many *nix distributions, although I've never really looked into it. However, this limitation can be gotten around - indeed, the distribution that MEPIS is built upon, Debian, checks for the full password (so far as I can tell), so why doesn't MEPIS? Perhaps this isn't a huge bug, but it does still seem to me to be a security flaw.

Moving on from that, another problem is the resolution. I cannot get it any higher than 1024x768, yet my monitor and graphics card are more than capable of 1280x1024. This appears to stem from the problem that MEPIS cannot identify my monitor, which is odd since every other 'easy' distribution didn't have a problem with it. Also, there is no option to override the settings to allow me to change the resolution to 1280x1024. While I could dive into the X.Org configuration files, somehow I don't think the average user would be inclined to. There should be a simple alternative, which MEPIS fails to provide. [Please see the first page of comments for more on changing the resolution.]

Having said that, MEPIS does provide simplicity in other areas, specifically the proprietary packages that come preinstalled - namely, Java, Macromedia Flash and the nVidia display driver. This is a boon for users that don't want the hassle of having to install them, especially when some distributions make it hard to install these. Nevertheless, many people want their distribution to be free, similar to Debian and Ubuntu. Also, on many easy distributions, while not installed by default, adding in these packages is not especially hard - indeed, it often remains easier than the process on Windows.

If you glance down towards the bottom of the screen on a fresh installation, you see a few interesting things: some fishes swimming around; a clock; the KStartMenu; the weather; and so on. Of particular interest is KwikDisk. This handy little... thing provides a menu, from which you can mount the various partitions of your hard drive just by clicking on the relevant part. Once again, this makes life that little bit easier for the user.

The menu of Kwikdisk. Within the menu is /, /mnt/hda1, /mnt/hda6, /dev and other commands for Kwikdisk
The menu of Kwikdisk.

One area where I wish MEPIS did make life easier is in the settings. There is a MEPIS OS Center, yet it contains little - the only parts I found useful were the networking, mouse and display settings. I feel that it should really bring together more of the settings, so that you can access and change them from a central point. Also, if you change screen within the OS Center, the settings you changed are lost unless you hit 'Apply'. A little warning would be nice! If the settings are not kept from screen to screen, you should at least be given the option to save the settings, as the KDE Control Center does.

One area where MEPIS does fair a bit better in terms of settings is in the Firewall department. The defaults did allow me to share files, which is better than some of the other firewall experiences I've had. However, it was a bit overprotective when it came to browsing the network servers - initially, I could not access pages hosted locally. This is what brought me to Guard Dog, which sits perfectly with the simplicity ethos. There are dozens of protocols already defined, which you can allow or disallow with a couple of clicks. It is similarly easy to add your own, making security a much less streneous task than usual.

Packages

The packages that are installed with MEPIS cover the areas that most users are likely to want - you can browse the Internet with Firefox, check e-mails with Thunderbird, go instant messaging with GAIM, do work on OpenOffice.org, and so on. One negative point is the absence (so far as I can tell) of any sort of automatic updates. As I have said many times before, there is a world of exploits and security holes out there, which is why keeping up to date is so important. Without automatic updates, some users will likely be left vulnerable - indeed, on the default installation, Firefox 1.5 is installed, yet there is already a security update in the form of Firefox 1.5.0.1. At no point was I prompted to install this new version; nor did it seem to exist in any of the repositories.

[Tiny edit: Since this article was written, there has been a security update, including Firefox 1.5.0.1. This makes me much more satisfied about security updates, although I have still yet to see any automatic updates.]

There are some additional packages that often don't get a mention, such as a synchroniser. Perhaps not all that useful to some people, but synchronisers are incredibly helpful when you're trying to work from two or more computers. The menu editor is nicely made, and works well; I found it easy to use and powerful to boot.

Adding packages is, as you might expect from a Debian derivative, as easy as a few clicks. With apt working behind Synaptic, you have a fast, powerful tool for finding, installing and updating applications. You get the wide range of repositories from Debian since MEPIS, by default, uses Debian Testing/Etch's packages. The one thing I would say is that MEPIS might want to consider using a simpler package manager alongside Synaptic.

Synaptic is an excellent tool, but the huge range of options might be a bit too much for the beginner - consider the various packages just for a normal OpenOffice.org installation. By using a simpler package manager, the user would be less overwhelmed with choices - for example, by just having the one OpenOffice.org option. Using two such programs in conjunction would allow you to use the power of Apt with far more efficiency and, in some case, confidence.

Conclusion

To summarise the good points: the usual things you'd expect from a mainstream distribution, such as stability and working network access, along with the proprietary additions that mean you don't need to spend time setting them up. The installation is fairly simple, and the average user shouldn't really struggle to get to grips with MEPIS.

The bad points? Well, proprietary equals bad for many people, MEPIS also has a password bug, which, to me, is a huge bug, while GRUB isn't as easy to modify as any other distribution I've tested. The lack of updates, both automatic and security, is also slightly unsatisfactory.

In the end, MEPIS failed to really impress me. On the one hand, it does succeed in creating an environment comfortable to work in, that Windows users should be happy to transition to, and it generally adheres to the principle of Keep It Simple, Stupid. Despite this, many other distributions can provide a similarly painless setup for the 'average user', and, especially in the case of SUSE, beat MEPIS in terms of user friendliness. SUSE is also more accessible to the more experienced user, while other alternatives, such as Ubuntu, are at least as straightforward and share the strength of Debian and Apt, without some of the problems of MEPIS.

The only way in which I can strongly recommend SimplyMEPIS 3.4-3 is if you really do not want to have to install support for Java, Flash, MP3s, etc. yourself, even taking into consideration the relative ease with which this can be achieved in other distributions. MEPIS is a very good, solid distribution, but it does have its flaws without putting any other major distributions to shame in any areas. It is definately a consideration when choosing a distribution, yet I'd still prefer Ubuntu or SUSE.

Useful Links