[conspire] [Felton LUG] Fwd: Apple Users Targeted
Rick Moen
rick at linuxmafia.com
Tue Mar 8 23:50:04 PST 2016
Quoting Paul Zander (paulz at ieee.org):
> So back to my personal project of downloading assorted Linux iso files.
>
> Finding the checksums sometimes isn't easy.
You're right, and it's annoying, and I think we can blame everyone's
mania for a simple, drool-proof WebUI:
> For example, go to www.debian.org
>
> In the upper right is a box, "Download Debian 8.3"
>
> Click on the box and it starts downloading
> debian-8.3.0-amd64-i386-netinst.iso
> But where is the file with the checksums for that particular file?
Not shown anywhere near that soothingly green button, nor even anywhere
on that page. The webmonkey in question should be ashamed.
It's findable if you know where it _probably is_, which is in the same
directory tree the ISO is in. If you have years of working around
stupid webmonkeys the way I do, the subsequent drill is almost
automatic:
1. Where's the download link specifically? Right-click the download
button, to grab the URL. Editify. It's...
http://cdimage.debian.org/debian-cd/8.3.0/multi-arch/iso-cd/debian-8.3.0-amd64-i386-netinst.iso
Strip off the filename portion, to get the basedir URL. Load that in a
browser. URL is (of course)
http://cdimage.debian.org/debian-cd/8.3.0/multi-arch/iso-cd/ .
Well, howdy there! Your basic 1993 rivets-and-suspenders Web page with
a bunch of too-much-text, a page that haplessly fails to put most-needed
stuff on top. A page written by engineers, yay. It's so bad that
oldtimers will feel right at home. And at the bottom it has an
Apache-autoindex directory listing of files. In other words, the
prepended too-much-text stuff was what Apache parsed from a .message (or
whatever it is) file.
Below that appears the actual Apache autoindex, which is this (edited
slightly for e-mail):
Name Last modified Size
.. -
MD5SUMS 2016-01-24 19:06 70
MD5SUMS.sign 2016-01-24 19:08 819
SHA1SUMS 2016-01-24 19:06 78
SHA1SUMS.sign 2016-01-24 19:08 819
SHA256SUMS 2016-01-24 19:06 102
SHA256SUMS.sign 2016-01-24 19:08 819
SHA512SUMS 2016-01-24 19:06 166
SHA512SUMS.sign 2016-01-24 19:08 819
debian-8.3.0-amd64-i386-netinst.iso 2016-01-23 23:20 556M
So, there you go -- an actually excessive selection of checksums, and
gpg signatures for each.
It's annoying that one is forced to get creative and dig for those, but
at least logic, persistence, and lengthy Internet experience _can_ get
you there.
I'd say this is the sort of brain damage sadly likely when the online
culture presses to hide all possible detail: Exactly one operation
(in this case, grab the ISO) is made very easy; every other operation is
made harder because artifically invisible.
The depressing bit is: In general, Debian Project is better than
everyone else at consistently providing checksums and verifiable
signatures. And yet, the novice-friendly front-door page for the
underlying files (in this case) goes out of its way to _hide_ all of
those and present only the ISO.
I have no solution, but can sit with you and admire the problem.
More information about the conspire
mailing list