Cygwin, why does my lab recommend to NOT use it?

  • Thread starter profroop
  • Start date
  • Tags
    Lab
In summary: Windows. However, there are still some programs that I cannot compile with it, but I have been able to get them to work with gcc 3.2 by using an older version of cygwin on my home laptop.The only issue with cygwin is that if you are using many different old apps compiled for different versions of the cygwin library it can be a pain to make sure they all get the correct one.
  • #1
17
0
I have been using cygwin since a long time now, but my system administrator recommend that we no longer have cygwin installed on the lab computers because it is "in bad shape". I have also seen this on ROOT's website. "http://root.cern.ch/root/Version522.html" [Broken]"

What is this poor state that they speak of? What harm will come if I install it on my home laptop? I have been Googling, but I haven't found anything about this.
 
Last edited by a moderator:
Physics news on Phys.org
  • #2
I don't know about cygwin. The recent versions of gcc are fair-to-poor on Windows systems, though -- there are programs I can't compile properly anymore.
 
  • #3
I think they say it have something to do with some backdoor open or a Trojan built into it or something along that lines.
 
  • #4
profroopchan said:
I think they say it have something to do with some backdoor open or a Trojan built into it or something along that lines.

Nonsense.
 
  • #5
gcc is one of the best compilers, it is generally far more standards compliant than MS.
The only issue with cygwin is that if you are using many different old apps compiled for different versions of the cygwin library it can be a pain to make sure they all get the correct one.

There is also mingw-msys which is gcc but using windows runtime libraries.
 
  • #6
Why does Root (which is the standard analysis software for CERN experiment), have on their website that cygwin is in very poor shape?
 
  • #7
Okay, so I spoke to my system administrator, and he says that cygwin has a problem where a lot of the mirror sites have been infected with trojans. He said the only trusted one used to be Aargon, but then they started having problems as well, so he just say that we should not use it on our PCs in the office.
 
  • #8
profroopchan said:
Okay, so I spoke to my system administrator, and he says that cygwin has a problem where a lot of the mirror sites have been infected with trojans. He said the only trusted one used to be Aargon, but then they started having problems as well, so he just say that we should not use it on our PCs in the office.
Hello profroopchan.
I think your system administrator must have a misunderstanding. If there are trojans or even just corrupt files on any mirror site, they will fail either the md5 checksum test or the setup.ini digital signature check; setup.exe will refuse to install an invalid or tampered package.

What has probably caused your admin to think this is that some of the most common antivirus packages have been repeatedly hitting false positives on standard Cygwin utilities quite a bit over the past year - AVG in particular has had multiple failures in this regard. So it's easy to think that something downloaded from a mirror site was trojanned, when in fact the mirror site is carrying a perfectly valid file and it's just the anti-virus at the receiving PC making a mistake.
 
  • #9
CRGreathouse said:
I don't know about cygwin. The recent versions of gcc are fair-to-poor on Windows systems, though -- there are programs I can't compile properly anymore.
There are a number of known problems in current GCC when compiled for windows, relating mostly to exception handling with DLLs in use. (There are also a lot of backwardly-incompatible changes in recent GCC that make it more demanding of strict standards compliance in C++ usage than it used to be, and these are also a very common cause of being unable to compile old programs with newer versions; it's worth making sure that the old code wasn't just slightly invalid in some technical way or other). There aren't as many of us working on the windows ports as there are on e.g. linux, so it doesn't get as much attention.
However, please do report bugs that you find to the GCC mailing list, as we will try and take care of them. There is an effort under way to bring the windows versions up-to-date and get everything working properly for them.
 
  • #10
profroopchan said:
I have been using cygwin since a long time now, but my system administrator recommend that we no longer have cygwin installed on the lab computers because it is "in bad shape". I have also seen this on ROOT's website. "http://root.cern.ch/root/Version522.html" [Broken]"

What is this poor state that they speak of? What harm will come if I install it on my home laptop? I have been Googling, but I haven't found anything about this.

The Root website first put up that warning about Cygwin's gcc when it was gcc version 3.2. Cygwin currently uses gcc 3.4 which is a much better compiler (largely due to Dave Korn, who also posted on this forum). It's also true that some of the people who have been contributing to Cygwin's mailing list are people trying to get Root to behave better on Windows.

I have had cygwin on my laptops for many years now, and have had Root compiled with gcc for more than 6 years. From root versions 4.00.08 to 5.20. I've compiled it myself on occasion (to get Ruby and Python binding support), but of late have been using the precompile binaries as they come with everything I've needed.

I've complained on the Root websites about this (mostly) unfounded prejudice without much luck. They push Microsoft's VC++ compiler, but that means giving up posix paths, the same Makefiles, etc... I use the same Makefile to compile stand-alone executables that dynamically link against the root libraries on Cygwin/gcc and linux with no problems.

The only issue that is true is that it compiling with gcc on Cygwin can be quite a bit slower than compiling using VC++. This almost never matters, but you'll notice it when building very large packages.

Long-story-short: I highly recommend using Cygwin/gcc's version of Root.

Cheers,
Charles Plager

p.s. The warnings about viruses and mal-ware are, well, crap.
 
Last edited by a moderator:
  • #11
profroopchan said:
I think they say it have something to do with some backdoor open or a Trojan built into it or something along that lines.

Why would a library have a trojan built into it? It seems that it'd likely be related to the work everyone else at your company is working on. Cygwin and MinGW do take two different approaches. I recall from a time when I had an assignment which used POSIX threads, that it didn't seem that I could compile it using MinGW. But, I wasn't really trying to get it compiles on Windows and was only curious.

But, in anycase, I don't know why people use either of the two on Windows, when Windows has the POSIX-certified Interix. Yet, I don't have an intimate knowledge of any of the three.
 
  • #12
michinobu said:
But, in anycase, I don't know why people use either of the two on Windows, when Windows has the POSIX-certified Interix. Yet, I don't have an intimate knowledge of any of the three.

I'm not convinced that Interix (now Microsoft's SUA) is POSIX-certified (although that's somewhat irrelevant). Second, Root is built for Cygwin and not for SUA/Interix. And is SUA/Interix still being maintained?

Charles
 
  • #13
michinobu said:
when Windows has the POSIX-certified Interix.
POSIX certified doesn't mean very much. You can specify subsets of POSIX for machines which don't have a filesystem, don't have threads, or a network etc.
So you can be perfectly POSIX compliant by having a header file just saying - no fileio, no stdio, no network, no memory etc.

This is what NT did, it was POSIX compliant (in order to sell to government) but the POSIX sub-system couldn't use the network, threads, windows or most of the features of NTFS. So it was officially POSIX and totally useless.

The bad memory of this and since MS doesn't exactly go out of it's way to promote it, means that the new POSIX stuff in server2003 (Interix became services for unix) gets ignored.

MS pulled a similar trick with Orange book/C2 security. They submitted a machine without networking under the section which assumes physical security of the console. They then advertised NT as military grade secure - yes it was assuming the machine wasn't on a network and had an armed guard on the keyboard !
 
  • #14
DaveK.cygwin said:
Hello profroopchan.
I think your system administrator must have a misunderstanding. If there are trojans or even just corrupt files on any mirror site, they will fail either the md5 checksum test or the setup.ini digital signature check; setup.exe will refuse to install an invalid or tampered package.

What has probably caused your admin to think this is that some of the most common antivirus packages have been repeatedly hitting false positives on standard Cygwin utilities quite a bit over the past year - AVG in particular has had multiple failures in this regard. So it's easy to think that something downloaded from a mirror site was trojanned, when in fact the mirror site is carrying a perfectly valid file and it's just the anti-virus at the receiving PC making a mistake.

the false positives are coz cygwin works sort of like rootkit.
as the correct md5/sha hashes are available, they're no big deal.

the real problem is cygwin tends to fail mysteriously.
for example, their official site list some major programs known not to work along with it.

and it's not surprising if a physicist (like the professor of the OP) prefers the minimalist way (the mingw fork) to cygwin.

let me end this with a reference to the discussion on reddit (not necessarily my viewpoint):

http://www.reddit.com/r/linux/comments/9szou/cygwin_vs_gnuwin32_which_is_better_for_linux/c0eapi1
 
  • #15
philoveritas said:
the false positives are coz cygwin works sort of like rootkit.
as the correct md5/sha hashes are available, they're no big deal.

Cygwin is nothing like a root kit. This statement is just silly.

philoveritas said:
the real problem is cygwin tends to fail mysteriously.
for example, their official site list some major programs known not to work along with it.

There are several programs that are known to interfere with Cygwin. These programs interfere with many others and not just Cygwin and are generally doing bad things. I have never heard of any program that is interfered with by Cygwin.


philoveritas said:
and it's not surprising if a physicist (like the professor of the OP) prefers the minimalist way (the mingw fork) to cygwin.

There are several good reasons to prefer Cygwin. It has an environment that is much more similar to linux and that makes porting code to Cygwin much easier than MingW. It has precompiled versions of Root, for example. ...

Cheers,
Charles
 
  • #16
Gentlemen. I am not a tech guy, although I am a competent Windows user. My computer was recently acting weird when browsing. I looked at the network and sharing window and clicked on "show me all the files and folders I am sharing". There came up a very long list of what looked like names followed by references to cygwin folders. I used RegScrub Vista to search out and remove all registry references to cygwin and did the same by searching the folders. (Cygwin had previously been uninstalled, these were leftovers.) The browser seems to function better and the hourglass does not show stuff loading when the page has already completed. Is this a trojan? I don't know enough to be sure, but it certainly seemed suspicious to my non-geek eyes.
RH
 

1. Why is Cygwin not recommended for use in the lab?

Cygwin is not recommended for use in the lab because it is primarily designed for use in a Windows environment and may not be compatible with all scientific software and tools used in the lab. This can lead to errors and compatibility issues that could affect the accuracy and reliability of research results.

2. Can Cygwin be used for scientific data analysis?

While Cygwin does offer a variety of tools and packages for data analysis, it is not specifically designed for scientific data analysis and may not have the same level of functionality and accuracy as other specialized software. It is always best to use software specifically designed for scientific data analysis for more reliable results.

3. Are there any security concerns with using Cygwin in the lab?

There have been security concerns raised about using Cygwin in a lab setting. As it is an open-source software, it may not have the same level of security measures in place as commercially available software, leaving lab data vulnerable to potential breaches. It is always important to prioritize security when working with sensitive data.

4. Is there a risk of data loss when using Cygwin?

There is always a risk of data loss when using any software, including Cygwin. As it is a third-party software, there is a possibility of bugs and errors that could lead to data loss. It is important to regularly backup data and ensure proper protocols are in place to prevent data loss.

5. What are the alternatives to using Cygwin in the lab?

There are many alternatives to using Cygwin in the lab, depending on the specific needs and requirements of the research. Some popular alternatives include using a virtual machine or dual-booting with a Linux operating system, or using specialized software designed for scientific data analysis. Consult with lab colleagues and IT professionals to determine the best alternative for your specific needs.

Suggested for: Cygwin, why does my lab recommend to NOT use it?

Replies
3
Views
1K
Replies
2
Views
916
Replies
6
Views
821
Replies
3
Views
688
Replies
3
Views
664
Replies
6
Views
2K
Replies
1
Views
1K
Replies
3
Views
752
Back
Top