| DistroWatch Weekly
|DistroWatch Weekly, Issue 107, 4 July 2005
Welcome to this year's 27th issue of DistroWatch Weekly and happy Independence Day to all our visitors from the United States! Last week's release of SUSE LINUX 9.3 ISO images provided much excitement during the otherwise dull week and many users are now discovering the joys of computing with one of the oldest and best-known Linux operating systems around. In the meantime, the Debian Project ended up with a tarnished reputation for being unable to provide timely security updates for sarge - will this fiasco bring radical changes to the project's security infrastructure? Also in this issue: comment on the recent merger of Mandriva and Lycoris, and an interesting change in the release policy of Fedora Core. Happy reading!
SUSE 9.3 released to mirrors
As the news about the availability of SUSE LINUX 9.3 ISO images spread last week, many users on Linux community forums expressed their excitement about the release. SUSE boxed sets are not readily available for purchase outside of Europe and North America and even where they are, not everybody can afford €100 for an operating system that might or might not be to their liking. In fact, this is the first time ever that SUSE LINUX can be downloaded either as a DVD image or as a set of 5 CD images; SUSE 9.2 was only available as a DVD image and SUSE 9.1 only as a Personal Edition CD image, while all previous versions were provided exclusively as directory trees for remote FTP/HTTP installation. That might explain why we noted a dramatic increase in SUSE page views here on DistroWatch last week which will hopefully translate into increased number of satisfied users of this popular distribution.
We installed SUSE LINUX 9.3 to test it out and see how it compares to previous SUSE releases. Although we didn't have time to perform a thorough test of all the new features and check out the new software packages, our first impression was very good indeed. SUSE 9.3 appears to be a solid product with the usual professional attention to detail, perhaps slightly on the cutting edge of Linux development with less well-tested packages and some alpha software, but this is to be expected for a product that is designed to be a base for SUSE LINUX Enterprise Server and Novell Linux Desktop. Also, of all the major distributions, it appears that SUSE is now the only one maintaining a 6-month release cycle - Mandriva has moved to a 12-month release cycle, while Fedora is now moving to a 9-month release cycle (see below for details).
If you are one of those users who are just discovering SUSE LINUX, you might be interested in keeping an eye on Novell's Cool Solutions pages. They tend to get filled with useful tips and tricks to make your life with SUSE more pleasant and they even provide a Wiki page for user-contributed hacks and solutions. Currently, Novell is building a database of "cool tools", and if you are a developer, or have come up with an interesting way to enhance your SUSE installation, you will get a free T-shirt and might even win an iPod Shuffle. Another helpful web site to bookmark and visit frequently is suselinuxinfo.org - a well-maintained and regularly updated site with good information about everything SUSE.
If you have downloaded and installed SUSE LINUX 9.3, how do you like it? Any pleasant surprises or disappointments? Please discuss below.
SUSE LINUX 9.3 is now available for free download
(full image size: 446kB)
Sarge update issues
If you have installed the recently released Debian sarge, how many security advisories have you received during the past four weeks? Up until late last week the number of sarge-related security advisories issued by the Debian Security Team was exactly zero. Contrast that to Fedora Core 4, which, although released one week later than sarge, has already issued 8 security advisories! So where is the problem? Is the Debian Security Team on strike?
Well, it turns out that the Debian sarge security infrastructure is broken and has been broken since the release of sarge. This was first reported by Heise.de (in German) and later spread to Da Linux French (in French) before a long discussion erupted on the debian-security mailing list. Joey Schultze explains in his blog: "At the time of the release, security.debian.org broke, since the suites stable/testing on the security host did not match the ones on the main archive. In fact, trying to release a security update before the sarge release resulted in a crashed katie program and a half-baked archive. ... So, it looks like we'll be without security updates for quite a while."
This is bad news for those users who have entrusted their servers to the much awaited new Debian release and are now possibly running several applications with known vulnerabilities. The good news is that the above-mentioned instances of "bad publicity" have stirred some action among the Debian Security Team and, by last weekend, the first two Debian security advisories were issued. But the problem is complex and still far from being under control. Martin Krafft explains: "In general, my experience has been that security at debian.org is a black hole, and that offers to help are ignored. Of course, the Debian meritocracy calls for us to just do something to rise the ladder according to our accomplishments, but as with the other obscure domains of the Debian project, which are not open to anyone to just peek at and learn, it's really difficult to do this when it means working as a blind person with a couple of mutes."
It looks like a major upheaval in the security infrastructure of Debian is needed to ensure that the current situation does not happen again. But can it be done? Can a rather boring and thankless task of applying patches are releasing advisories be made more attractive and rewarding? Not easily. But it must be done - before Debian's reputation is further tarnished by more sloppy security work.
|Lycoris: Looking forward, looking back (by Robert Norton)
Lycoris: Looking forward, looking back
A good software company is built around its people, not its technology. With a volatile mix of control freaks, egomaniacs and poorly trained volunteers masquerading as employees, it was clear as early as 2003 that Lycoris was almost certain to fail. After a time of destructive indecision, the company's acquisition by Mandriva represents quite an achievement, although given Mandriva's history of botched implementations, it is unclear whether the merger will have any real benefits for either company's users.
There's a lot that could be said about Lycoris' failure to capitalise on its innovations, but I won't dwell too much on this because I think it's improper to air too much dirty laundry in public. While our innovations were real and revolutionary, the problems that plagued us from mid-2002 onwards were as old as time. Although it's true that we failed to acquire any significant venture capital investment and this weighted the odds heavily against us, our other problems - particularly with regards to personnel - would eventually have brought us low anyway.
Joseph Cheek, the CEO and Founder, is a true visionary. In a time when geeks dominated open source and desktop Linux had not even registered on the radar, Joe expanded on the bland Caldera OpenLinux distribution to create a feature-rich, user-friendly, and, yes, Windows-esque Linux desktop that ordinary people could actually use.
When Redmond Linux was released in December 2001, Red Hat Linux 7.2 was the staple distribution of choice. Comparing the two distributions is a bit like comparing Windows 2000 with Windows NT 3.1. Redmond Linux was the first distribution to include centralised access to devices, the first distribution to provide a Windows network browser built on the file manager (rather than a separate application), the first distribution to include a centralised Control Panel that merged system configuration tools with desktop preferences, and the first distribution to slim down the glut of Linux packages to a "best of breed" application set - among other things.
While none of this appears to be revolutionary now, when it often seems that there are more desktop Linux distributions than users, the fact remains that Lycoris was the first to perfect the "desktop Linux" formula. Mandrakesoft, SUSE, Caldera and even please-use-windows Red Hat helped Linux greatly on its journey toward the consumer desktop, but it was Lycoris who perfected the formula for the first time.
Thanks to Mandriva, Joe has the chance to create a fantastic desktop operating system, one that excels in both the technical and usability arenas. Many of Lycoris' technical problems centred around lack of resources, while the last release of Mandrake Discovery Edition was still fairly bloated, in addition to being very ugly, and at times difficult to use. In fact, Mandrake's failure to back up its technical prowess with a highly usable desktop environment was the one of the key factors cited by many new Lycoris users when talking about their decision to switch distributions. Lycoris, in turn, had many technical issues that alienated users, including substandard hardware and application support, an aging installer, and the lack of an automated dependency resolution tool.
The two product offerings, therefore, are highly complementary. Marrying Mandriva's core technology with Lycoris' desktop experience and tools could create one of the best desktop distributions to date. In addition, Joe needs to address three key problems with Mandrake Discovery Edition:
Hopefully Joe will stay with Mandriva long enough to make this vision a reality. Many employees, particularly executives, of newly acquired companies do not stay with their new masters for very long - often less than a year - and it has already been revealed that Joe is only bound to Mandriva by a short-term contract. For all his technical brilliance, Joe's people skills are at times poor, and this may make it difficult for him to work with his new employers in Paris. But by sticking with Mandriva, Joe has the chance he has been longing for: to give his technical innovations the broad audience he has always dreamed about.
- The poor usability of DrakX, the Mandriva installation tool. DrakX for Discovery Edition has too many steps and remains too complex for new users. With some customisations it could closely resemble the Xandros installation tool in terms of ease of use.
- The ugly and at times unusable default desktop. Joe will need to merge technology such as My Linux System, the Network Browser, the Control Center the btX2 font rendering technology, and the AI2 application integration framework. In addition he will need to add the beautiful Lycoris artwork and desktop theme, as well as cleaning up the awful Mandriva menu structure. (As a side note, finally integrating My Linux System and the Network Browser with KDE, rather than having them as largely separate applications, would add significantly to the functionality of the system.)
- The unintuitive software installation system. Mandriva's RPMDrake still largely revolves around individual packages, rather than the concept of software applications (i.e. hiding the actual packages from users). Lycoris was the first company to include an online software repository with their distribution - the Iris Software Gallery - and Joe will need to merge this highly usable and easily understandable front-end with the technically superior RPMDrake on the backend.
For Mandriva's part, it will need to address some of the core problems that have plagued it for years. Timely distribution of retail boxes, the lack of genuine discounts for upgrades, inadequate QA testing and poor consumer channel management have destroyed the company's credibility with many users, although the Mandriva Club has helped to rectify some of these issues in recent times. Mandriva needs to quickly address the problems with its consumer business, or else it risks being relegated to the enterprise space, where it will face steep competition from much larger companies, particularly Novell and Red Hat.
While Lycoris has been relegated to the history books, Mandriva has given its founder a chance to keep on innovating in the desktop Linux space. By merging the desktop know-how of Lycoris with the advanced technology of Mandriva Linux, Mandriva has the opportunity to become of the dominant players in the consumer desktop market after its rough ride over the last few years.
But, as always, a good software company is built around its people, not its technology. Let's hope that both parties will stay the course and adapt to their changed circumstances.
Robert B. Norton worked for Lycoris in a volunteer capacity between 2002 and 2004. He now works for the Sage Group plc, and currently lives in Sydney, Australia.
|Released Last Week
Distribution Release: Thinstation 2.1.1
Thinstation is a new distribution on our list - a modern thin client that does work on its own for basic operations like web browsing, managing removable media and printers, but rely on servers for major applications as well as administration of the clients. A new version was released over the weekend: "The Thinstation project is proud to announce that version 2.1 is released and is ready to download from the download page. Expect the TS-O-Matic servers to hold it within a few days too. Among the goodies: IceWM window manager, xtdesk desktop icons, PCMCIA support, wireless network, Mozilla Firefox 1.0, integration with ICA 9 client, NX client, rdesktop 1.4.1 with native disk, sound, port redirection and a lot of bugs fixed. (EDIT: A missing file has bumped the version to 2.1.1.)" Read the release announcement on the project's home page.
Distribution Release: Knoppel 0.6
Knoppel is a Knoppix-based live CD designed for Greek speakers. The newly released version 0.6 comes with a number of updates and improvements, including the following: synchronised with the latest Debian "testing" branch; upgraded kernel to 188.8.131.52, KDE to 3.4.1, ALSA to 1.0.9, OpenOffice.org to 1.1.4; UnionFS with read/write access while running from live CD; included several enhancements from the KANOTIX project, such as improved hardware auto-detection and hard disk installation program; introduction of Synaptic for package management; support for wireless network cards (ipw2100 and ipw2200); updated FreeNX. Read the full release announcement (in Greek) for further details.
An updated version of Inside Security Rescue Toolkit (INSERT) has been released: "This update fixes a few bugs in different places. Firmware for some wireless adapters was added. The browser was switched to Dillo to reduce size and the graphical FTP client was switched to gFTP for more features. A few packages have been updated. A proxy can be set at boot time or via the menu. usb-install should work again." See the complete changelog for more details about this version.
Parsix GNU/Linux 0.60
Parsix GNU/Linux is a Debian-based live CD with support for Persian (Farsi). Version 0.60 was released today: "We are happy to announce that a new version of Parsix GNU/Linux - a live and installation CD with Persian language support - is available now. Parsix GNU/Linux 0.60 uses latest Debian Sid packages (29-06-2005). A short list of most important improvements: new look and feel thanks to ClearLooks 0.6 GTK style/theme, new installer based on the KANOTIX installer, added Parsix launcher panel, added Parsix icon set, updated Parsix-DOC, GNOME 2.10.1, OpenOffice.org 1.1.4, GIMP 2.2.8, Firefox 1.0.4...." The release announcement, changelog, screenshots.
Parsix GNU/Linux - a Debian-based live CD with support for input in Persian
(full image size: 1,994kB)
* * * * *
Development and unannounced releases
|Upcoming Releases and Announcements
Fedora Core 5
We mentioned the existence of a document entitled Proposed Development Areas for Fedora Core 5 and Fedora Project in last week's issue of DistroWatch Weekly, but now we also have a preliminary release plan for Fedora's next release. Interestingly, the previously maintained 6-month release cycle is about to be changed as the final release of Fedora Core 5 is now scheduled for 13 February 2006, nearly 9 months after the release of Fedora Core 4. The first test version is expected in early November. For more details please see the Preliminary Fedora Core 5 Schedule.
Is UserLinux still alive? Several people have been wondering about this on the project's mailing list. The original idea was to release the first version of UserLinux, a commercially supported variant of Debian, as soon as Debian Sarge becomes stable. Surprisingly, there has been no sign of activity on the project's web site and mailing lists even though Sarge has now been stable for several weeks. But maybe things will start moving again - that' according to this message by the project leader Bruce Perens: "I'm catching up after getting a new job. I have all of the pieces and have recently been working on the artwork installer, which was the most broken remaining piece. I hope to have something to show late next week. We would then test the installer and produce CD and DVD masters, and test them." As always, we'll keep you updated with the development.
X/OS Linux 4
X/OS Linux, one of the many distributions rebuilt from source RPM packages for Red Hat Enterprise Linux, is working on version 4, expected later this month: "After several delays, the release of X/OS Linux 4 is now firmly set for the first half of July. Development of the new build system has been frozen and the final builds have been started. Further improvements in the automated build system were finalized, most of the effort spent on additional checking of the build output. With X/OS Linux being a self-hosted distribution, whereby the sources are built upon the binaries generated from the same source, the entire generation process spans several days. Once the final images have been created, additional tests are run to ensure the quality of the final release. With no further difficulties expected at this stage, the first half of July should definitely see the release of X/OS Linux 4." Here is the announcement.
* * * * *
Summary of expected upcoming releases
|Web Site News
June donation: Debian Project receives US$420|
We promised it shortly after launching the monthly DistroWatch donations programme: the Debian Project will receive our monthly donation as soon as it declares "sarge" stable. This happened early last month, so the June donation now goes to the largest Linux distribution project - Debian GNU/Linux.
Of course, Debian is not just a distribution. By creating a large organisation with a strict social structure and painstakingly thorough quality control, it also developed into a base on which dozens of other Linux distributions are built. This was Debian's stated goal right from the beginning, but the current reality has probably exceeded the expectations of the early project leaders. Some of the Debian-based projects, such as KNOPPIX, Ubuntu, MEPIS, Xandros or Damn Small Linux are now recognised brand names and truly valuable distributions in their own rights. This is probably the main reason why Debian deserves our donation - without Debian, our Linux distribution scene would be a lot less exciting than it is today!
The donation will be made to the Software in the Public Interest, Inc (SPI), which is Debian's legal umbrella. Because SPI only accepts US dollar cheques and money orders originating in the United States, we enlisted the help of our friends at MadPenguin.org who will mail a postal order to SPI to be donated to the Debian Project later this week.
As always, our donations programme is a joint initiative between DistroWatch and LinuxCD.org, which contributes US$50 every month. LinuxCD.org is an online store selling low-cost Linux/BSD CDs - they have the largest selection, inclusive of all the latest releases, and they offer the lowest prices. Next time you need to order your favourite Linux or BSD CDs, get them from LinuxCD.org.
Here is the list of projects that received a DistroWatch donation since the launch of the programme:
New distribution additions
- Thinstation. Thinstation is a modern thin client that does work on its own for basic operations like web browsing, managing removable media and printers, but rely on servers for major applications as well as administration of the clients. The clients may be diskless or boot from local media. Thinstation works as a client using X, ICA, RDP, SSH, NX, telnet, tn5250 and other protocols and works on standard PC hardware.
- Voltalinux. Voltalinux is a GNU/Linux distribution based on Slackware Linux and the pkgsrc package system from NetBSD. The project offers a pre-built distribution where the user can enjoy the clean design of Slackware Linux with the availability of over 5,000 NetBSD ports ready to be installed.
New on the waiting list
- pQui Linux. pQui Linux is a new Brazilian distribution based on Slackware Linux. It is designed as a desktop distribution, especially for users who have never used Linux before.
- Sun Java Desktop System. As widely reported in the Linux media, it appears that the Sun Java Desktop System distribution has been put on the back burner by the company's executives: "The Java Desktop System will continue to exist as a product, but now chiefly as software based on Sun's Solaris operating system and directed at programmers, John Loiacono, executive vice president of software, said at a meeting with reporters here at the JavaOne trade show. 'You're going to see less of an emphasis on JDS on Linux,' Loiacono said. 'The strategy has changed slightly.'" This is hardly a big surprise given Sun's half-baked effort to promote the distribution and the lack of any success stories of large-scale deployments in the enterprise. More information is available in this story at News.com.
DistroWatch database summary
That's all for today. We hope that you enjoyed this week's DistroWatch Weekly!
|• Issue 508 (2013-05-20): Review of Debian 7.0, interviews with Clement Lefebvre and Gaël Duval, scripting with xdotool|
|• Issue 507 (2013-05-13): Impressions of Calculate Linux, 13.4, Ubuntu's portable packages, mintDrivers|
|• Issue 506 (2013-05-06): Ubuntu and Kubuntu 13.04, Debian "Wheezy", Slackware on systemd, distros for Raspberry Pi|
|• Issue 505 (2013-04-29): First look at PCLinuxOS 2013.04, Saucy Salamander, Remastersys and System Imager, Linux containers|
|• Issue 504 (2013-04-22): Look at Bodhi 2.3.0, Ubuntu 13.04 features, building OpenBSD ports, opening large files|
|• Issue 503 (2013-04-15): CentOS versus Scientific Linux, PCLinuxOS 64, Lucas Nussbaum, ZFS/Btrfs versus ext4|
|• Issue 502 (2013-04-08): Look at Mint 201303 "Debian", Ubuntu versus openSUSE, comparing ZFS and Btrfs file systems|
|• Issue 501 (2013-04-01): KANOTIX 2013 and GhostBSD 3.0, openSUSE Rescue-CD, Haiku package management, computer forensics|
|• Issue 500 (2013-03-25): Look at openSUSE 12.3, Ubuntu release changes, Debian backports, growing divide|
|• Issue 499 (2013-03-18): MINIX 3.2.1, openSUSE 12.3 on desktop, Ubuntu GNOME and UbuntuKylin, distros for musicians, KolibriOS|
|• Issue 498 (2013-03-11): Sabayon Linux 11, Ubuntu's Mir, Linux malware|
|• Issue 497 (2013-03-04): Rebellin Linux 1.00 "Adrenaline", rolling-release Ubuntu, Arch vs spin-offs, justification and diversity|
|• Issue 496 (2013-02-25): Review of Chakra 2013.02, The Book of GIMP, Ubuntu and privacy, FreeNAS vs NAS4Free|
|• Issue 495 (2013-02-18): SparkyLinux 2.1 "Ultra", Fedora 19 schedule, Xubuntu on DVD, cloud privacy|
|• Issue 494 (2013-02-11): FreeBSD 9.1, web server stats, Anaconda, rolling-release PC-BSD, fixing broken packages in Arch|
|• Issue 493 (2013-02-04): UberStudent 2.0, OmniBoot 1.0, MariaDB, Enlightenment 0.17|
|• Issue 492 (2013-01-28): Fedora 18 review, systemd, Kali Linux, Ubuntu Unleashed|
|• Issue 491 (2013-01-21): Fuduntu 2013.1, Fedora 18 desktop choices, Consort, accessing encrypted drive|
|• Issue 490 (2013-01-14): Look at Manjaro Linux 0.8.3, openSUSE on Chromebook, Able2Extract 8.0|
|• Issue 489 (2013-01-07): PC-BSD 9.1, Arch spin-offs, rolling-releases, year-end PHR stats, removing applications|
|• Issue 488 (2012-12-24): Reviews of Unity and Puppy Linux 5.4 "Slacko", FreeBSD 10|
|• Issue 487 (2012-12-17): Cinnarch 2012.11.22, OpenMandriva, Fedora Magazine, Tumbleweed, OpenJDK vs Oracle Java|
|• Issue 486 (2012-12-10): Linux Mint 14 review, Ubuntu "spyware" controversy, Haiku overview, troubleshooting Linux servers|
|• Issue 485 (2012-12-03): Kwort Linux 3.5, Mint bug-fix update, Fedora's new Anaconda, defining a distribution|
|• Issue 484 (2012-11-26): Look at SMS 2.0.1, Fedora pre-beta report, Illumos, Secure Boot update|
|• Issue 483 (2012-11-19): DragonFly BSD 3.2.1 and Xubuntu 12.10, Gentoo and udev, switching file systems|
|• Issue 482 (2012-11-12): Review of Zenwalk 7.2, Clang in FreeBSD, Omniboot 0.5, priorities on external drives|
|• Issue 481 (2012-11-05): Look at Tails 0.13, EFF on Ubuntu and privacy, Debian installer changes, ext4 data corruption bug|
|• Issue 480 (2012-10-29): Review of Ubuntu 12.10, Wayland 1.0, FreeBSD's pkgng|
|• Issue 479 (2012-10-22): Look at Zentyal 3.0, Debian bug reporting, initiating a halt|
|• Issue 478 (2012-10-15): Slackware 14.0 review, Ubuntu donations, connecting to multiple machines behind router|
|• Issue 477 (2012-10-08): Review of ODROID-X, OpenBSD's anti-Linux song, interview with Vincent Untz, Linux as operating system|
|• Issue 476 (2012-10-01): Review of openSUSE 12.2, Slackware 14.0 features, accessing home computer with SSH|
|• Issue 475 (2012-09-24): Look at PCLinuxOS 2012.08, Ubuntu and Amazon, SolusOS and PiSi, ownCloud|
|• Issue 474 (2012-09-17): Bodhi Linux 2.0.1, OpenIndiana interview, Frugalware history, update notifications|
|• Issue 473 (2012-09-10): The Linux Command Line, Slackware documentation project, Debian's new primary arch, Goobuntu|
|• Issue 472 (2012-09-03): Kororaa Linux 17, OpenIndiana and SchilliX, Ubuntu GNOME remix, home server tip|
|• Issue 471 (2012-08-27): Linux Mint 13 "KDE", Ubuntu 12.10 features, Slax update, folder quotas|
|• Issue 470 (2012-08-20): Liberté Linux 2012.2, Arch and systemd, NetBSD's sysbuild and sysupgrade, 19 years of Debian|
|• Issue 469 (2012-08-13): Peppermint OS Three, SUSE on Secure Boot, GNOME OS, moving email to Linux|
|• Issue 468 (2012-08-06): First look at CentOS 6.3, Debian installer beta, Fedora and MATE, Libtrash|
|• Issue 467 (2012-07-30): Ubuntu Made Easy, Debian "Jessie", OpenBSD on Secure Boot, Rawhide troubles|
|• Issue 466 (2012-07-23): Fuduntu 2012.3, Linux in PC-BSD jails, secure boot on older computers|
|• Issue 465 (2012-07-16): Netrunner 4.2, Mandriva's two codebases, firewalls and window frames|
|• Issue 464 (2012-07-09): Zorin OS 6, FSF's views on secure boot, Virtual PDF Printer|
|• Issue 463 (2012-07-02): TurnKey Linux 11.3, Red Hat and Btrfs, Sabayon's MATE spin, ZFS on Linux|
|• Issue 462 (2012-06-25): Sabayon 9, "Wheezy" freeze, Zorin OS overview, Vinux interview, mounting network shares|
|• Issue 461 (2012-06-18): Linux Mint 13, openSUSE 12. delays, Debian Multimedia, Mageia 3 roadmap|
|• Issue 460 (2012-06-11): Look at Fedora 17, PC-BSD and Slackware interviews, Openfiler and FuguIta|
|• Issue 459 (2012-06-04): Impressions of Mageia 2, Fedora updates, Debian or Raspberry Pie, improving software performance|
|• Issue 458 (2012-05-28): Impressions of SolusOS 1, Linux kernel 3.4, encrypting home folder|
|• Issue 457 (2012-05-21): Linux accessibility, Fedora 17 overview, MultiSystem, launching tasks|
|• Issue 456 (2012-05-14): Look at OpenBSD 5.1, Debian Installer 7.0 alpha, UDS news round-up|
|• Issue 455 (2012-05-07): Review of Ubuntu 12.04, "Quantal Quetzal" plans, Debian infographic|
|• Full list of all issues|