Hello World!

[core]

Hi, I'm not new in the bbox community, as in I often read behind the scenes the articles this cool community posts and trying to learn as much as I can on my own, but today I finally decided to get out from the shadow and register up, so I just wanted to say Hi :) o/.

I would also thank raffaele and the whole community that mantain this awesome distro especially ostendali and zerof that I see very active 'till this days :) , I love it, I'm using it since the beginning pretty much, I love your philosophy behind it:

"keep it simple, bloat free from redundant software and make it good-looking", so thanks guys!

I hope to get more active now that I signed up and give back something to the community.

I would like to ask something though, since the beginning, you focused on build it upon ubuntu, and that really made me wonder, is there any particular reason the founder decided to go this way instead of building it directly upon a more reliable solution like debian? (also being more true to the keep it simply bloat free  ;D )

Moreover due to the new decision from ubuntu to basically destroy all their products (I wouldn't be surprised if in a couple of years they decide to kill the ubuntu desktop project aswell), would you ever see this project jump the ship and go to the debian route?

Thank you in advance for your answer

-twisted core-   

[core]

Edit:

Actually I found out a similar question made by another user about the debian-ubuntu thing.

Sorry about that, I did miss it at first.


Because the past topic is 1 year old, I decided to make this new post on the matter.
If I'm wrong in doing this, please let me know and I will correct my behave thanks :).


Going back to the matter quoting ostendali:

There is no big difference between Debian and Ubuntu the latter depends on previous one so it a matter of personal taste I have to say if you dont like ubuntu. Said that, Backbox is not Ubuntu, it is core been built on ubuntu simply because there is no need to reinvent the wheel as it is already there. Another reason is the repository system, ubuntu has better organized repository system where everyone can contribute to that. Since I am Debian fan really, I can't say the same about the Debian repo. So there are a number of reasons behind the choice of building BB on ubuntu core...

I have to disagree with that, if you are referring to the ppa system, you can use them as well in debian.

Speaking of its usability, ubuntu repos (not bbox) are a mess, I will make an example:


- Trying to search and install the virualbox-guest packeges, a user will get this from apt search result:

https://pastebin.com/REPFAKU7

really?! all the past LTS iteration are there?! how is that supposed to be user friendly and clear for a new comer? Why not list\have just the lts version ubuntu\bbox is based upon?!

- Without talking about making a customized backbox ISO, I did that and after a long headache, I just cope with the fact that ubuntu customization state is broke as f*ck, and the only way to make one usable customization iso is to hold some packages from the build and fix them later once installed in persistent mode or such.
This is a known ubuntu bug that goes back since freaking 14.04 version o.O was fixed for a version I believe, and then reappeared.
Probably for the same reason, you don't have a guide on the wiki on how to make a custom iso, to spare headache to the other users I guess am I wrong (or are other reason behind it)?
Again never happened with debian customization scripts.

- More important overall, let's talk about portability, with debian maintaining other platforms as arm and such, it could open huge opportunities for backbox in future development.
ubuntu portability is...none

- I think I made my point without going further with examples, or talking about poor ubuntu upgrade system that from time to time broke the system on dist-upgrades for newcomers (although that's probably more user's fault not paying attention to apt-get and knowing how to use it properly, but again never happened on debian even on sid).

- Also I'm interested in the future of this matter in the light of the ubuntu situation right now, as I stated in my previous post.

- Indeed I will take a look at ostendali's suggestion of use bbox packages on top of debian and see what happens.

That could be fun to play with, I thought was a bad idea to mix "backbox\ubuntu package" with debian itself, but if everything will go smoothly could be a great thing, use this awesome distro and tweaks, with a much better stable distro as debian. Any thoughts on why should it be a bad idea?

[ firing up virtualbox \o/ yeyyyyyyy ]

Indeed I would like to clarify that this post is not made to start a flamewar or creted to be disrespectful, as I said I love backbox and the whole community, I'm trying to support it in any way as much as I can, proof is I'm still using it since day 0 despite I'm not in love with the ubuntu ecosystem lately.

My only intent is to open an honest and interesting discussion about it, and maybe find a reason to change my point of view, I'm totally open minded so :)

P.s.

Sorry for this huge wall of words

[ostendali]

hey Core,
first of all I'd like to thank you for bringing this up and we absolutely take this very positively, so no flames at all ;)

We have many other reasons why we don't move to Debian, compatibility, repository (bb is on launchpad), packaging system and most importantly is the lack of resources from core team side.

I personally like the idea and support it, I did support in the past as well but that post of mine was the outcome of team's decision.

I am assuming you are referring to the latest news about ubuntu stopping unity development and so on, plus the position taken from by ubuntu's founder against free software community... Well, I have read those news as well and all I can say from my end is that we are not really big fan of unity and all that stuff that comes with ubuntu, we use ubuntu core because of the facility like launchpad provide an easy way of packaging and maintaining our tools. In the other end, I am also aware of the contribution that ubuntu did to free software and it will be foolish to not recognize that. mr ubuntu made some comments and he has his reasons I believe...

Furthermore, Backbox has its own repo system based on launchpad and we don't really have any troubles, we don't use ubuntu repos to be clear.

In order to do porting from ubuntu to debian, we will need a dedicated team forked from BB ubuntu project and start to build new system, plus we have to deal with repositories from scratch again, so it is not an easy task and again, we have no troubles so far with ubuntu and I don't see why we couldn't stay with ubuntu core system. You need to add additional and extras repos of ubuntu manualyl if you want to, that is why you couldn't get what you were searching I assume..

If we have enough resources to take ownership why not ;)

We do have discussion ongoing about portability referring in particular to arm platform etc, people wants to run BB on rasperry pi now of course but all comes down to resources and we are all full time employed with limited time to dedicate to this project.

If we have 3-4 eager young paddawans like we might definitely consider of doing this, until then I am afraid we have to stick with what we have now.

In conclusion, this topic was never closed and now you broth it back and it is still open as you see.

Now let me ask you a question: how good you are in linux and packaging systems and would you be interested in participate actively/responsible if we happen to decide to do such step and how many other people would be interested in participating at the same level?

We are an open community and therefore open to everything, we live in democracy so, I will roll the ball over to you now :)

[core]

Hey ostendali, thanks for the answer.

First and foremost, thanks for the pentesting with backbox publication, it was fun and useful to read also a great way to sustain the project.
Coming back in this field since a long time, it was a fun read to catch up on the matter, really appreciated that.

We have many other reasons why we don't move to Debian, compatibility, repository (bb is on launchpad), packaging system and most importantly is the lack of resources from core team side.

This make sense actually, I can understand why you went in that direction.

I am also aware of the contribution that ubuntu did to free software and it will be foolish to not recognize that.

Totally agree with you on that. I'm not one of the "death to ubuntu" club.  I respect them, and I like some of the stuff they brought, first and foremost make linux more mainstream, it just happen that I like debian better and see more potential in it, but it's just a matter of taste I guess.

You need to add additional and extras repos of ubuntu manualyl if you want to, that is why you couldn't get what you were searching I assume..

If you are referring to my issue with building up the custom iso..I was trying to include some packages that I needed with uck first and then manually from scratch without it (thought that was the culprit at first), both gave me the same error at the end of the iso build, a problem updating\breaking package of postgresql and another lib (I don't clearly remember which one now, it's been 3\4 months since I made it)

Looking through google back then, I found out was a known bug in ubuntu's build scripts, on 14.04 fixed for a release or two and come back from the dead in 16.04, it still happens if you try to custom build bbox 4.7, but no big deal I solved as I said before, and my persistent custom usb works wonder!

If you were referring to my pastebin instead, I didn't have a particular problem, I was using it as an example searching for virtualbox-guest packages it spit out all LTS virtualbox-guest packages instead just the one relevant to the xenial release that I suppose bbox 4.7 is based on (I guess), it was just an example to explain my point of view in "ubuntu be bloated for no reason and not so much user friendly in some department".

That could be just me being  more used to the simplicity of debian package nomenclature and the awareness of what I get from it.

Now let me ask you a question: how good you are in linux and packaging systems and would you be interested in participate actively/responsible if we happen to decide to do such step and how many other people would be interested in participating at the same level?

That sir, would be an honor for me, I'm thrilled by the idea.
About my skills, I have to advise though, I'm not professionally involved in security or programming fields nor system administration, so what I know is based just on my curiosity, In the specific I have some years of experience with debian systems, I love to thinkering with and break them :°D build package\backports from source the debian way and so on.

I've been exposed to debian and redhat on desktop side overall at work, so I feel pretty confident in a linux environment, especially when I want to throw it outside the window  ::), most important I'm used to the "google is your friend" rule.

I would be thrilled to get involved and learn new things!

Having said that, it all depends on what the real workload is to say "yes I can" or "no I shouldn't" but for the moment I can say I'm all in.

To put simply I like to be a paddawan, but I must advise that I like more the dark side than yoda, and that all the fuss about "one shot laser destroy the dark star and sh*t" is freaking bulls*it they deserved to rule the empire  8)

[core]

Little update @ostendali:

I followed your suggestion to try install debian with bbox tools, done tonight broke 2 vms :°D

Apparently there is a problem with ruby2.2 dependencies and such, stretch\sid doesn't let me install them complaning about broke packages...

pffff no one tell me what to do!!  ;D

From a fast view it seems doesn't want to pull those package dependencies from the bbox ppa, despite it being signed with the correct pgp key..maybe it just a matter of pinning packages.

I'll see what's going on when I have more time, so...failed for now :°D but I will not surrender c'ptain arrrrrrrrrrr!

[ostendali]

I am glad you liked the book, it was written in a very fast pace without paying to much attention to particular details ;)

I hope it was useful and good hint for every paddawan and I am glad you enjoyed ;D

If you really are interested in helping core team for the development than I welcome you, likewise by everyone in this community. We have a community group on telegram, if you'd like to join pls supply your telegram user so we can invite you. From there we will take it forward and discuss all your ideas and proposals.

How is that sounds to you?