| DistroWatch Weekly
|DistroWatch Weekly, Issue 107, 4 July 2005
Welcome to this year's 27th issue of DistroWatch Weekly and happy Independence Day to all our visitors from the United States! Last week's release of SUSE LINUX 9.3 ISO images provided much excitement during the otherwise dull week and many users are now discovering the joys of computing with one of the oldest and best-known Linux operating systems around. In the meantime, the Debian Project ended up with a tarnished reputation for being unable to provide timely security updates for sarge - will this fiasco bring radical changes to the project's security infrastructure? Also in this issue: comment on the recent merger of Mandriva and Lycoris, and an interesting change in the release policy of Fedora Core. Happy reading!
SUSE 9.3 released to mirrors
As the news about the availability of SUSE LINUX 9.3 ISO images spread last week, many users on Linux community forums expressed their excitement about the release. SUSE boxed sets are not readily available for purchase outside of Europe and North America and even where they are, not everybody can afford €100 for an operating system that might or might not be to their liking. In fact, this is the first time ever that SUSE LINUX can be downloaded either as a DVD image or as a set of 5 CD images; SUSE 9.2 was only available as a DVD image and SUSE 9.1 only as a Personal Edition CD image, while all previous versions were provided exclusively as directory trees for remote FTP/HTTP installation. That might explain why we noted a dramatic increase in SUSE page views here on DistroWatch last week which will hopefully translate into increased number of satisfied users of this popular distribution.
We installed SUSE LINUX 9.3 to test it out and see how it compares to previous SUSE releases. Although we didn't have time to perform a thorough test of all the new features and check out the new software packages, our first impression was very good indeed. SUSE 9.3 appears to be a solid product with the usual professional attention to detail, perhaps slightly on the cutting edge of Linux development with less well-tested packages and some alpha software, but this is to be expected for a product that is designed to be a base for SUSE LINUX Enterprise Server and Novell Linux Desktop. Also, of all the major distributions, it appears that SUSE is now the only one maintaining a 6-month release cycle - Mandriva has moved to a 12-month release cycle, while Fedora is now moving to a 9-month release cycle (see below for details).
If you are one of those users who are just discovering SUSE LINUX, you might be interested in keeping an eye on Novell's Cool Solutions pages. They tend to get filled with useful tips and tricks to make your life with SUSE more pleasant and they even provide a Wiki page for user-contributed hacks and solutions. Currently, Novell is building a database of "cool tools", and if you are a developer, or have come up with an interesting way to enhance your SUSE installation, you will get a free T-shirt and might even win an iPod Shuffle. Another helpful web site to bookmark and visit frequently is suselinuxinfo.org - a well-maintained and regularly updated site with good information about everything SUSE.
If you have downloaded and installed SUSE LINUX 9.3, how do you like it? Any pleasant surprises or disappointments? Please discuss below.
SUSE LINUX 9.3 is now available for free download
(full image size: 446kB)
Sarge update issues
If you have installed the recently released Debian sarge, how many security advisories have you received during the past four weeks? Up until late last week the number of sarge-related security advisories issued by the Debian Security Team was exactly zero. Contrast that to Fedora Core 4, which, although released one week later than sarge, has already issued 8 security advisories! So where is the problem? Is the Debian Security Team on strike?
Well, it turns out that the Debian sarge security infrastructure is broken and has been broken since the release of sarge. This was first reported by Heise.de (in German) and later spread to Da Linux French (in French) before a long discussion erupted on the debian-security mailing list. Joey Schultze explains in his blog: "At the time of the release, security.debian.org broke, since the suites stable/testing on the security host did not match the ones on the main archive. In fact, trying to release a security update before the sarge release resulted in a crashed katie program and a half-baked archive. ... So, it looks like we'll be without security updates for quite a while."
This is bad news for those users who have entrusted their servers to the much awaited new Debian release and are now possibly running several applications with known vulnerabilities. The good news is that the above-mentioned instances of "bad publicity" have stirred some action among the Debian Security Team and, by last weekend, the first two Debian security advisories were issued. But the problem is complex and still far from being under control. Martin Krafft explains: "In general, my experience has been that security at debian.org is a black hole, and that offers to help are ignored. Of course, the Debian meritocracy calls for us to just do something to rise the ladder according to our accomplishments, but as with the other obscure domains of the Debian project, which are not open to anyone to just peek at and learn, it's really difficult to do this when it means working as a blind person with a couple of mutes."
It looks like a major upheaval in the security infrastructure of Debian is needed to ensure that the current situation does not happen again. But can it be done? Can a rather boring and thankless task of applying patches are releasing advisories be made more attractive and rewarding? Not easily. But it must be done - before Debian's reputation is further tarnished by more sloppy security work.
|Lycoris: Looking forward, looking back (by Robert Norton)
Lycoris: Looking forward, looking back
A good software company is built around its people, not its technology. With a volatile mix of control freaks, egomaniacs and poorly trained volunteers masquerading as employees, it was clear as early as 2003 that Lycoris was almost certain to fail. After a time of destructive indecision, the company's acquisition by Mandriva represents quite an achievement, although given Mandriva's history of botched implementations, it is unclear whether the merger will have any real benefits for either company's users.
There's a lot that could be said about Lycoris' failure to capitalise on its innovations, but I won't dwell too much on this because I think it's improper to air too much dirty laundry in public. While our innovations were real and revolutionary, the problems that plagued us from mid-2002 onwards were as old as time. Although it's true that we failed to acquire any significant venture capital investment and this weighted the odds heavily against us, our other problems - particularly with regards to personnel - would eventually have brought us low anyway.
Joseph Cheek, the CEO and Founder, is a true visionary. In a time when geeks dominated open source and desktop Linux had not even registered on the radar, Joe expanded on the bland Caldera OpenLinux distribution to create a feature-rich, user-friendly, and, yes, Windows-esque Linux desktop that ordinary people could actually use.
When Redmond Linux was released in December 2001, Red Hat Linux 7.2 was the staple distribution of choice. Comparing the two distributions is a bit like comparing Windows 2000 with Windows NT 3.1. Redmond Linux was the first distribution to include centralised access to devices, the first distribution to provide a Windows network browser built on the file manager (rather than a separate application), the first distribution to include a centralised Control Panel that merged system configuration tools with desktop preferences, and the first distribution to slim down the glut of Linux packages to a "best of breed" application set - among other things.
While none of this appears to be revolutionary now, when it often seems that there are more desktop Linux distributions than users, the fact remains that Lycoris was the first to perfect the "desktop Linux" formula. Mandrakesoft, SUSE, Caldera and even please-use-windows Red Hat helped Linux greatly on its journey toward the consumer desktop, but it was Lycoris who perfected the formula for the first time.
Thanks to Mandriva, Joe has the chance to create a fantastic desktop operating system, one that excels in both the technical and usability arenas. Many of Lycoris' technical problems centred around lack of resources, while the last release of Mandrake Discovery Edition was still fairly bloated, in addition to being very ugly, and at times difficult to use. In fact, Mandrake's failure to back up its technical prowess with a highly usable desktop environment was the one of the key factors cited by many new Lycoris users when talking about their decision to switch distributions. Lycoris, in turn, had many technical issues that alienated users, including substandard hardware and application support, an aging installer, and the lack of an automated dependency resolution tool.
The two product offerings, therefore, are highly complementary. Marrying Mandriva's core technology with Lycoris' desktop experience and tools could create one of the best desktop distributions to date. In addition, Joe needs to address three key problems with Mandrake Discovery Edition:
Hopefully Joe will stay with Mandriva long enough to make this vision a reality. Many employees, particularly executives, of newly acquired companies do not stay with their new masters for very long - often less than a year - and it has already been revealed that Joe is only bound to Mandriva by a short-term contract. For all his technical brilliance, Joe's people skills are at times poor, and this may make it difficult for him to work with his new employers in Paris. But by sticking with Mandriva, Joe has the chance he has been longing for: to give his technical innovations the broad audience he has always dreamed about.
- The poor usability of DrakX, the Mandriva installation tool. DrakX for Discovery Edition has too many steps and remains too complex for new users. With some customisations it could closely resemble the Xandros installation tool in terms of ease of use.
- The ugly and at times unusable default desktop. Joe will need to merge technology such as My Linux System, the Network Browser, the Control Center the btX2 font rendering technology, and the AI2 application integration framework. In addition he will need to add the beautiful Lycoris artwork and desktop theme, as well as cleaning up the awful Mandriva menu structure. (As a side note, finally integrating My Linux System and the Network Browser with KDE, rather than having them as largely separate applications, would add significantly to the functionality of the system.)
- The unintuitive software installation system. Mandriva's RPMDrake still largely revolves around individual packages, rather than the concept of software applications (i.e. hiding the actual packages from users). Lycoris was the first company to include an online software repository with their distribution - the Iris Software Gallery - and Joe will need to merge this highly usable and easily understandable front-end with the technically superior RPMDrake on the backend.
For Mandriva's part, it will need to address some of the core problems that have plagued it for years. Timely distribution of retail boxes, the lack of genuine discounts for upgrades, inadequate QA testing and poor consumer channel management have destroyed the company's credibility with many users, although the Mandriva Club has helped to rectify some of these issues in recent times. Mandriva needs to quickly address the problems with its consumer business, or else it risks being relegated to the enterprise space, where it will face steep competition from much larger companies, particularly Novell and Red Hat.
While Lycoris has been relegated to the history books, Mandriva has given its founder a chance to keep on innovating in the desktop Linux space. By merging the desktop know-how of Lycoris with the advanced technology of Mandriva Linux, Mandriva has the opportunity to become of the dominant players in the consumer desktop market after its rough ride over the last few years.
But, as always, a good software company is built around its people, not its technology. Let's hope that both parties will stay the course and adapt to their changed circumstances.
Robert B. Norton worked for Lycoris in a volunteer capacity between 2002 and 2004. He now works for the Sage Group plc, and currently lives in Sydney, Australia.
|Released Last Week
Distribution Release: Thinstation 2.1.1
Thinstation is a new distribution on our list - a modern thin client that does work on its own for basic operations like web browsing, managing removable media and printers, but rely on servers for major applications as well as administration of the clients. A new version was released over the weekend: "The Thinstation project is proud to announce that version 2.1 is released and is ready to download from the download page. Expect the TS-O-Matic servers to hold it within a few days too. Among the goodies: IceWM window manager, xtdesk desktop icons, PCMCIA support, wireless network, Mozilla Firefox 1.0, integration with ICA 9 client, NX client, rdesktop 1.4.1 with native disk, sound, port redirection and a lot of bugs fixed. (EDIT: A missing file has bumped the version to 2.1.1.)" Read the release announcement on the project's home page.
Distribution Release: Knoppel 0.6
Knoppel is a Knoppix-based live CD designed for Greek speakers. The newly released version 0.6 comes with a number of updates and improvements, including the following: synchronised with the latest Debian "testing" branch; upgraded kernel to 184.108.40.206, KDE to 3.4.1, ALSA to 1.0.9, OpenOffice.org to 1.1.4; UnionFS with read/write access while running from live CD; included several enhancements from the KANOTIX project, such as improved hardware auto-detection and hard disk installation program; introduction of Synaptic for package management; support for wireless network cards (ipw2100 and ipw2200); updated FreeNX. Read the full release announcement (in Greek) for further details.
An updated version of Inside Security Rescue Toolkit (INSERT) has been released: "This update fixes a few bugs in different places. Firmware for some wireless adapters was added. The browser was switched to Dillo to reduce size and the graphical FTP client was switched to gFTP for more features. A few packages have been updated. A proxy can be set at boot time or via the menu. usb-install should work again." See the complete changelog for more details about this version.
Parsix GNU/Linux 0.60
Parsix GNU/Linux is a Debian-based live CD with support for Persian (Farsi). Version 0.60 was released today: "We are happy to announce that a new version of Parsix GNU/Linux - a live and installation CD with Persian language support - is available now. Parsix GNU/Linux 0.60 uses latest Debian Sid packages (29-06-2005). A short list of most important improvements: new look and feel thanks to ClearLooks 0.6 GTK style/theme, new installer based on the KANOTIX installer, added Parsix launcher panel, added Parsix icon set, updated Parsix-DOC, GNOME 2.10.1, OpenOffice.org 1.1.4, GIMP 2.2.8, Firefox 1.0.4...." The release announcement, changelog, screenshots.
Parsix GNU/Linux - a Debian-based live CD with support for input in Persian
(full image size: 1,994kB)
* * * * *
Development and unannounced releases
|Upcoming Releases and Announcements
Fedora Core 5
We mentioned the existence of a document entitled Proposed Development Areas for Fedora Core 5 and Fedora Project in last week's issue of DistroWatch Weekly, but now we also have a preliminary release plan for Fedora's next release. Interestingly, the previously maintained 6-month release cycle is about to be changed as the final release of Fedora Core 5 is now scheduled for 13 February 2006, nearly 9 months after the release of Fedora Core 4. The first test version is expected in early November. For more details please see the Preliminary Fedora Core 5 Schedule.
Is UserLinux still alive? Several people have been wondering about this on the project's mailing list. The original idea was to release the first version of UserLinux, a commercially supported variant of Debian, as soon as Debian Sarge becomes stable. Surprisingly, there has been no sign of activity on the project's web site and mailing lists even though Sarge has now been stable for several weeks. But maybe things will start moving again - that' according to this message by the project leader Bruce Perens: "I'm catching up after getting a new job. I have all of the pieces and have recently been working on the artwork installer, which was the most broken remaining piece. I hope to have something to show late next week. We would then test the installer and produce CD and DVD masters, and test them." As always, we'll keep you updated with the development.
X/OS Linux 4
X/OS Linux, one of the many distributions rebuilt from source RPM packages for Red Hat Enterprise Linux, is working on version 4, expected later this month: "After several delays, the release of X/OS Linux 4 is now firmly set for the first half of July. Development of the new build system has been frozen and the final builds have been started. Further improvements in the automated build system were finalized, most of the effort spent on additional checking of the build output. With X/OS Linux being a self-hosted distribution, whereby the sources are built upon the binaries generated from the same source, the entire generation process spans several days. Once the final images have been created, additional tests are run to ensure the quality of the final release. With no further difficulties expected at this stage, the first half of July should definitely see the release of X/OS Linux 4." Here is the announcement.
* * * * *
Summary of expected upcoming releases
|Web Site News
June donation: Debian Project receives US$420|
We promised it shortly after launching the monthly DistroWatch donations programme: the Debian Project will receive our monthly donation as soon as it declares "sarge" stable. This happened early last month, so the June donation now goes to the largest Linux distribution project - Debian GNU/Linux.
Of course, Debian is not just a distribution. By creating a large organisation with a strict social structure and painstakingly thorough quality control, it also developed into a base on which dozens of other Linux distributions are built. This was Debian's stated goal right from the beginning, but the current reality has probably exceeded the expectations of the early project leaders. Some of the Debian-based projects, such as KNOPPIX, Ubuntu, MEPIS, Xandros or Damn Small Linux are now recognised brand names and truly valuable distributions in their own rights. This is probably the main reason why Debian deserves our donation - without Debian, our Linux distribution scene would be a lot less exciting than it is today!
The donation will be made to the Software in the Public Interest, Inc (SPI), which is Debian's legal umbrella. Because SPI only accepts US dollar cheques and money orders originating in the United States, we enlisted the help of our friends at MadPenguin.org who will mail a postal order to SPI to be donated to the Debian Project later this week.
As always, our donations programme is a joint initiative between DistroWatch and LinuxCD.org, which contributes US$50 every month. LinuxCD.org is an online store selling low-cost Linux/BSD CDs - they have the largest selection, inclusive of all the latest releases, and they offer the lowest prices. Next time you need to order your favourite Linux or BSD CDs, get them from LinuxCD.org.
Here is the list of projects that received a DistroWatch donation since the launch of the programme:
New distribution additions
- Thinstation. Thinstation is a modern thin client that does work on its own for basic operations like web browsing, managing removable media and printers, but rely on servers for major applications as well as administration of the clients. The clients may be diskless or boot from local media. Thinstation works as a client using X, ICA, RDP, SSH, NX, telnet, tn5250 and other protocols and works on standard PC hardware.
- Voltalinux. Voltalinux is a GNU/Linux distribution based on Slackware Linux and the pkgsrc package system from NetBSD. The project offers a pre-built distribution where the user can enjoy the clean design of Slackware Linux with the availability of over 5,000 NetBSD ports ready to be installed.
New on the waiting list
- pQui Linux. pQui Linux is a new Brazilian distribution based on Slackware Linux. It is designed as a desktop distribution, especially for users who have never used Linux before.
- Sun Java Desktop System. As widely reported in the Linux media, it appears that the Sun Java Desktop System distribution has been put on the back burner by the company's executives: "The Java Desktop System will continue to exist as a product, but now chiefly as software based on Sun's Solaris operating system and directed at programmers, John Loiacono, executive vice president of software, said at a meeting with reporters here at the JavaOne trade show. 'You're going to see less of an emphasis on JDS on Linux,' Loiacono said. 'The strategy has changed slightly.'" This is hardly a big surprise given Sun's half-baked effort to promote the distribution and the lack of any success stories of large-scale deployments in the enterprise. More information is available in this story at News.com.
DistroWatch database summary
That's all for today. We hope that you enjoyed this week's DistroWatch Weekly!
|• Issue 586 (2014-11-24): Scientific Linux 7.0, Debian and systemd, Ubuntu MATE, application-level firewalls|
|• Issue 585 (2014-11-17): openSUSE 13.2, PC-BSD's "roles", MATE + Compiz on Mint, cleaning package cache|
|• Issue 584 (2014-11-10): OpenMandriva 2014.1, Debian freeze, trickle, systemd and boot times|
|• Issue 583 (2014-11-03): Ubuntu 14.10, ownCloud, Kylin interview, The Book of PF, Elive's commercial ways|
|• Issue 582 (2014-10-27): GhostBSD 4.0, Tumbleweed and Factory merge, systemd and fork of Debian|
|• Issue 581 (2014-10-20): SparkyLinux 3.5, Fedora's graphics stack, Debian and systemd, OpenBSD 5.6|
|• Issue 580 (2014-10-13): Rolling releases, Arch as best distro, GNOME on Wayland, MINIX 3.3.0|
|• Issue 579 (2014-10-06): PC-BSD 10.0.3, Debian's Jessie freeze, setting up home server|
|• Issue 578 (2014-09-29): Calculate 14, Debian's default desktop, Shellshock vulnerability, practical Tiny Core|
|• Issue 577 (2014-09-22): SymphonyOS 14.1, FreeBSD drops pkg_add, MINIX on ARM, GNU screen|
|• Issue 576 (2014-09-15): PCLinuxOS 2014.08, Mint's documentation, Debian's hardware database, CDE|
|• Issue 575 (2014-09-08): Porteus 3.0.1, Fedora's blivet-gui, Red Hat's Docker, systemd|
|• Issue 574 (2014-09-01): Ubuntu Kylin 14.04, Haiku and Linux kernel, Wayland support, Lumina, Bash completion|
|• Issue 573 (2014-08-25): SolydXK 201407, VPN gateway with FreeBSD, Ubuntu MATE, Raspbian, trusting binary packages|
|• Issue 572 (2014-08-18): ZFSguru 10.1, Fedora's Flock, beta installer for "Jessie", Ubuntu Core, rolling releases|
|• Issue 571 (2014-08-11): HandyLinux 1.6, LMDE update, default desktop in "Jessie", running out of disk space|
|• Issue 570 (2014-08-04): Neptune 4, Kubuntu's KDE Plasma 5, FreeBSD and UEFI, Linux servers|
|• Issue 569 (2014-07-28): Deepin 2014, Ask Fedora, Gentoo and LibreSSL, encrypted package downloads|
|• Issue 568 (2014-07-21): Antergos 2014.06.24, Mint based on Debian stable, upgrading CentOS, BinaryTides|
|• Issue 567 (2014-07-14): Manjaro 0.8.10, PC-BSD jails, Debian and glibc, Fedora's DNF, Xiki and Opera 24|
|• Issue 566 (2014-07-07): LXLE 14.04, OpenBSD's SimpleDE, openSUSE artwork, home security basics|
|• Issue 565 (2014-06-30): Chakra 2014.05, Fedora on BeagleBone, Matthew Miller interview, e-book readers|
|• Issue 564 (2014-06-23): Antergos 2014.05.26 and Q4OS 0.5.11, Debian LTS and glibc, Fedora DNF|
|• Issue 563 (2014-06-16): Mint 17, CentOS 7 pre-release, Debian MATE, accessing encrypted content|
|• Issue 562 (2014-06-09): GoboLinux 015, Gentoo interview, Fedora leader change, climagic tricks|
|• Issue 561 (2014-06-02): OpenMandriva 2014.0, Debian GNU/Hurd, Lubuntu and LXQt, Final Term, TrueCrypt|
|• Issue 560 (2014-05-26): KaOS 2014.04, Wayland and KDE 5 on Fedora, distros with commercial support, DenyHosts|
|• Issue 559 (2014-05-19): VortexBox 2.3, LTS-only Linux Mint, FreeBSD 11 ambitions, KDE 5 beta|
|• Issue 558 (2014-05-12): RHEL 7 Workstation impressions, LXQt and Lumina, Haiku interview|
|• Issue 557 (2014-05-05): Xubuntu 14.04, Ubuntu 14.10 roadmap, Fedora Workstation, ownCloud|
|• Issue 556 (2014-04-28): Ubuntu 14.04, LibreSSL, Lumina desktop, Deepin interview|
|• Issue 555 (2014-04-21): Robolinux 7.4.2, Ubuntu release day stats, Debian security, Porteus update|
|• Issue 554 (2014-04-14): Review of FreeNAS, OpenSSL bug, Fedora.next, Robolinux Stealth VM, measuring memory|
|• Issue 553 (2014-04-07): Puppy 5.7 "Slacko", end of Ubuntu One, file encryption with GPG|
|• Issue 552 (2014-03-31): Tanglu 1.0, Ubuntu GNOME LTS, SliTaz for ARM|
|• Issue 551 (2014-03-24): Linux Mint "Debian" 201403, call for end to proprietary firmware, LVM|
|• Issue 550 (2014-03-17): Review of NixOS 13.10, Lubuntu seeking feedback, Android-x86 4.4-rc1 impressions|
|• Issue 549 (2014-03-10): ClearOS 6.5 and UCS 3.2, Gentoo interview, Ubuntu app contest, Into the Core|
|• Issue 548 (2014-03-03): Review of Mageia 4, FreeBSD console driver, filtering web content, Pitivi fundraiser|
|• Issue 547 (2014-02-24): Chakra 2014.02, Ubuntu privacy, preventing unwanted remote logins|
|• Issue 546 (2014-02-17): Review of PC-BSD 10.0, Red Flag closure, Ubuntu and systemd, SlackE18, Fedora book review|
|• Issue 545 (2014-02-10): Impressions of FreeBSD 10.0, Debian votes systemd, Ubuntu file manager, server security|
|• Issue 544 (2014-02-03): Netrunner 13.12, openSUSE future, Ubuntu Touch in emulator, running commands in multiple places|
|• Issue 543 (2014-01-27): Review of Korora 20, FreeBSD 10.0, DNF, ZFS rescue CD, Bridge Linux interview|
|• Issue 542 (2014-01-20): QupZilla, Ubuntu with MATE, Arch on Raspberry Pi, best applications|
|• Issue 541 (2014-01-13): openSUSE 13.1 and Zentyal 3.3, CentOS joins Red Hat, Bodhi on Chromebooks|
|• Issue 540 (2014-01-06): SMS 2.0.6 and SME Server 8.0, Hawaii desktop, PHR statistics 2013, more on multi-part archives|
|• Issue 539 (2013-12-23): Centrych 12.04.3, Fedora 20 and its spins, dividing archives across multiple discs|
|• Issue 538 (2013-12-16): Mint 16 review, RHEL and CentOS 7 plans, SteamOS, Windows XP replacement suggestions|
|• Issue 537 (2013-12-09): OpenMandriva 2013.0, Gentoo developer interview, project Neon, Linux Mint and security|
|• Issue 536 (2013-12-02): Impressions of openSUSE 13.1, Ubuntu Touch, FreeBSD 10 delay, troubleshooting OS lock-ups|
|• Full list of all issues|