| DistroWatch Weekly
|DistroWatch Weekly, Issue 144, 27 March 2006
Welcome to this year's 13th issue of DistroWatch Weekly. Following last week's Fedora 5 release, the next few days will be equally exciting: we are expecting KDE 3.5.2, DesktopBSD 1.0. Frugalware 0.4 and the first release candidate of SUSE Linux 10.1. Before that happens, we'll bring you news about MEPIS switching allegiance, Slackware preparing version 11.0, and Debian compiling with GCC 4.1. Also in this week's issue: Ulteo, a new distribution developed by the founder of Mandrake Linux is nearing release, while the user community of PCLinuxOS gets a new community resource. In the review section we'll take a brief look at an intriguing book entitled Mastering FreeBSD and OpenBSD Security. Happy reading!
Listen to the Podcast edition of this week's DistroWatch Weekly in ogg (5.52MB) or mp3 (6.64MB) format (courtesy of Shawn Milo).
Join us at irc.freenode.net #distrowatch
Miscellaneous news: MEPIS switches allegiance, Slackware 11.0 pre-orders, compiling Debian with GCC 4.1, Ulteo, My.PCLinuxOS
As hinted previously, the developers of MEPIS Linux, an easy-to-use distribution for Linux beginners, have switched their base system from Debian to Ubuntu Linux. If the initial tests prove successful, we are likely to see all future releases of SimplyMEPIS based on the distribution which, although derived from Debian, has a more predictable release cycle and an enviable momentum that has already pushed it to the top of many popularity charts. Designed for experienced beta testers, the first experimental release of the Ubuntu-based SimplyMEPIS 6.0 is only available from the project's premium server (starting at US$14.99), although subsequent betas and the final release should be distributed publicly.
Good news for all fans of the oldest surviving Linux distribution: Version 11.0 of Slackware Linux is now available for pre-order from the distribution's online store. Although there is no word on when the new version will be formally released, the store now offers the usual 4-CD set for US$39.95 as well as a single-DVD edition for US$59.95 and a "Slack Pack" edition containing the DVD with the Slackware Essential book (2nd edition) for US$69.95. The current Slackware development tree is based on Linux kernel 2.4.32 (with version 184.108.40.206 in the testing directory), X.Org 6.9.0, KDE 3.5.1, Apache 1.3.34, PHP 4.4.2, MySQL 5.0.18 and the usual range of popular open source software. If you enjoy Slackware, don't miss this major new update!
Over the last two weeks, Debian developer and former Debian Project Leader Martin Michlmayr compiled the whole Debian archive on a quad-core MIPS machine donated by Broadcom using GCC 4.1. The aim was to find problems in GCC 4.1 itself and bugs in free software projects exhibited by GCC's increased standards conformance (in particular regarding C++ code). By compiling about 6200 packages, over 500 new bugs have been discovered and submitted, 280 of which are specific to the increased strictness of GCC 4.1. In a posting to the Debian development list, Martin classified the bugs he found and offered some useful links to programmers of C++ code. In a posting to the GCC list, he proposed that GCC should only produce new errors after warnings have been shown for at least one release, giving programmers more time to fix their code. This work is part of his research on quality in free software carried out at the University of Cambridge and sponsored by Google.
Last week's news about Ulteo, a new distribution being developed by the freshly unemployed Gaël Duval, has piqued the curiosity of many Linux users. As a result of the buzz, a French web site called NetEconomie expanded on the story by interviewing Monsieur Duval (the link is in French). Although the well-known founder of Mandrake Linux does not seem quite ready to reveal the finer details of the new product just yet, he does disclose that it will focus on ease of use throughout all the facets of the distribution, not just the user interface and that it will be designed for Internet-connected computers in the home and in small offices. Despite the "dot-com" nature of the distribution's domain, Gaël Duval promises that Ulteo will remain a free project, with the business model based on selling associated services rather than the distribution itself. The first beta of Ulteo is expected to be released in May 2006.
A new web site for the PCLinuxOS user community has been launched. Called My.PCLinuxOS, it promises to deliver an organised platform for the development of sub-projects that fall within the PCLinuxOS umbrella, and provide a unified system for creating user manuals, documentation and other relevant material: "We would like to help foster positive involvement within PCLinuxOS for users of all experience levels. We have areas for distributing user contributed software packages, submitting news and HOWTO articles, project newsletters, and areas for project development. No project is too small or large…." While still in its infancy, the new web site is already functional, with forums now ready for your input and the FAQs also starting to take shape. For more information please read the initial announcement and visit MyPCLinuxOS.com.
Following all the excitement surrounding the announcement of Fedora Core 5 last Monday, this week promises to continue the trend of new, interesting software releases. An update to the popular KDE desktop, version 3.5.2, is now available for Kubuntu (Breezy Badger and Dapper Drake), so the official release announcement can't be too far away now. A major milestone in the development of SUSE Linux 10.1 is expected on Thursday when the first release candidate should give us a good indication about the quality and stability of the new version. Looking through some of the mirror sites earlier today, we also spotted a couple of "wget-watering" and (as yet) unannounced distribution releases: after several release candidates, the CD and DVD images of DesktopBSD 1.0 are now available from a number of FTP and HTTP servers, while those of Frugalware Linux 0.4, officially scheduled for release later this week, have now also started appearing on the project's download sites. Expect the official release announcements of both later in the week.
DesktopBSD 1.0 - although not yet announced, the ISO images of the project's first stable release started appearing on mirrors on Sunday.
(full image size: 722kB, resolution: 1280x1024 pixels)
Finally, a handful of links for those moments when you just want to sit back, relax, and have a good laugh. The first one is meant to dispel the myth that software bug reports provide only boring, highly technical information completely detached of any human emotions. As proven by Bug #330884, the developers and users of Firefox are far from that; in fact some of them are trying to save a 5-year old relationship wrecked by a bug in Firefox that gave away a partner's dark secret - some frequently visited password-protected sites, some of which were a little, er, embarrassing, to say the least. The Register caries a similar story. In the meanwhile, here is a hilarious email exchange between the lead developer of CentOS and the City Manager of Tuttle, Oklahoma, USA, who mistook the default Apache welcome page for an attempt by CentOS to hack the city's web site, even threatening to hand the matter over to the FBI! Last but not least, don't miss the Guy's Guide to Geek Girls, a step-by-step HOWTO explaining the art of attracting, dating and "maintaining" geek girls. Enjoy!
|Book review: Mastering FreeBSD and OpenBSD Security
Book review: Mastering FreeBSD and OpenBSD Security
I have to admit that one of my biggest Internet-related fears is that I wake up one morning to find this site's web server security mechanism cracked and its web pages defaced. This paranoia further accelerates every time I dare to open the auth.log file and start wading through the ever increasing lines indicating that someone somewhere, at this very moment, is attempting a dictionary attack on the SSH server, or when I browse through the tcpdump output providing information about the number of times somebody tried to force their way in through a presumably water-tight port. As a result of this anxiety -- and also to improve my sleep -- I decided to do something: I invested in a copy of O'Reilly's Mastering FreeBSD and OpenBSD Security by Yanek Korff, Paco Hope and Bruce Potter.
Published in March 2005, this 450-page book is divided into three main sections: Security Foundation, Deployment Situations, and Auditing and Incident Response. While some security experts would be able to use the publication as a reference book, the majority of readers targeted by the authors will be wise to read it from the beginning, at least the chapters that are devoted to general security concepts. As the early chapters explain, system security is not a goal, but a journey; it's not something that you attain and forget about - instead, it's a never-ending state of alertness that may at times require fast reaction, lateral thinking and even calculated risks. That's because every security measure implemented on a computer system brings a trade-off. Devising an air-tight security system may indeed give the administrator fewer sleepless nights, but it can also reduce productivity of those users who have legitimate reasons to access the system.
But let's get back to the book. After going through the eye-opening early chapters, it covers the basic building blocks of a BSD system, such as security aspects of sysctl, chroot and jail (the two words that have become synonyms in Linux, but which mean two very different things in FreeBSD), inherent security mechanisms, cryptography and OS tuning. Chapter 3 then goes beyond these elementary concepts by introducing hardening techniques (e.g. sudo, turning off services, and system updates). The first section of the book is then concluded by discussing secure administration techniques, such as access control, network services and system health monitoring. This I found to be perhaps the most valuable chapter of the entire book - not only it covers excellent techniques for organising users, limiting access and dealing with passwords, it also gives many useful tips and warnings over potential pitfalls of granting users seemingly innocent privileges.
The next three chapters deal with practical considerations affecting the most common servers in existence - DNS, mail and web. As anybody who has run Sendmail, Postfix or qmail knows, mail server attacks have become very common in recent years and have been used as gateways to the entire system, or as mail transfer agents for delivering spam. The chapter shows how to guard against malicious mail server attacks and how to reduce the amount of spam delivered to the system's mail boxes. It deals extensively with both Sendmail and Postfix, but qmail users will find it unfair that their mail server is given no more than two paragraphs. Web server attacks are also covered in great detail, together with some advanced prevention techniques, such as the above-mentioned jails.
Next, it's all about firewalls and intrusion detection. OpenBSD's PF (which has since been ported to FreeBSD) is covered in some detail, although a better book to learn all there is about this excellent firewall is Absolute OpenBSD by Michael W Lucas. The last two chapters of the book are devoted to managing audit trails, incident response and forensics. I decided to skip these for the time being - not only I had been overwhelmed by all the new information I had to absorb in the preceding nine chapters, I haven't had a reason (knock on the wood) to learn about recovering compromised systems. But with ever increasing levels of Internet vandalism, it's great to know that a good resource is available as part of this great book.
Anything that could have been done better? Looking through some reader comments on Amazon.com and other forums discussing the book, it was generally very well received. The only aspects that were somewhat disappointing were the above-mentioned neglect of qmail, a rather superficial discussion on firewall failover techniques with CARP (Common Address Redundancy Protocol) and pfsync, and the omission of OpenBSD's systrace. But since this is the book's first edition, let's hope that the authors will expand the next one by incorporating the above topics.
So, will Mastering FreeBSD and OpenBSD Security make your server impenetrable? Of course not. But if you pay attention to some of the security concepts, implement a few security ideas specific to your situation, and understand the risk versus convenience trade-off, you will definitely sleep more soundly. You will be equipped with valuable knowledge that will give you confidence in preventing and dealing with common Internet malice. A great book indeed.
* * * * *
Title: Mastering FreeBSD and OpenBSD Security
Authors: Yanek Korff, Paco Hope and Bruce Potter
|Released Last Week
Fedora Core 5
The eagerly anticipated Fedora Core 5, code name "Bordeaux", has been released: "The Fedora Project is pleased to announce the release of Fedora Core 5. New desktop applications, advances in security, better localization tools, improved software installation and management facilities and strong Java integration help to make Fedora Core 5 the most innovative Linux distribution ever." For more details please read the release announcement, release summary and release notes.
CentOS, a community distribution built from source packages for Red Hat Enterprise Linux, has been updated to version 4.3: "The CentOS development team is pleased to announce the availability of CentOS 4.3. Major changes in this version of CentOS include: upgraded update system - this new system provides more that 100 total mirrors for updates and picks geographically close and non-stale mirrors based on our master server's content; Frysk, InfiniBand Architecture (IBA), and z/VM hypervisor issues are discussed in the upstream release notes; updated and added packages." Read the full release announcement for additional information.
AliXe is a French Canadian Linux live CD based on SLAX. The new version 0.04, released yesterday, is derived from SLAX 5.0.7b with a number of newly updated packages; these include Linux kernel 2.6.15, X.Org 6.9.0, KDE 3.5.0, OpenOffice.org 2.0.1 (replaces KOffice), GIMP 2.2.10, Firefox 220.127.116.11 and Thunderbird 1.5. Two keyboards are supported: Canadian French and Canadian multilingual. A "copy2ram" option is available on systems with the minimum of 512 MB or memory. Please refer to the release announcement and visit the project's home page (both links in French) for further details.
B2D Linux 20060321
Taiwan's B2D project has released a new KNOPPIX-based live CD that includes both KDE (3.5.1) and GNOME (2.12) on a single CD. Called "PureKGB", the new version combines the best software from the two major desktop environments, although due to space restrictions, some applications, notably OpenOffice.org, Nvu and Mozilla Thunderbird, had to be left out from the CD. These can be installed through the "Klik" infrastructure. Apart from this major change, the previously reported midi playback bug in Rosegarden has also been fixed. Please read the release announcement (in Chinese) for more information and screenshots.
SLAX, a popular live CD based on Slackware Linux, has been updated to version 5.0.8: "It's my pleasure to let you know that SLAX 5.0.8 has been released. All users are strongly encouraged to upgrade, because all new modules created from now are not readable in older SLAX releases. What's new? The long-awaited SLAX Server Edition is finally available; all other editions are updated too; 2.6.16 Linux kernel; fixed bug in mounting of DOS partitions (long file names work now); the 'uselivemod' and 'configsave' features work again." See the distribution's changelog for more details.
Ehad is a single-CD, Mandriva-based distribution designed for the speakers of Hebrew. A new major version was released over the weekend. What's new? "Based on Mandriva 2006.0 packages; includes all official updates released until 25-Mar-2006; OpenOffice.org 2.0 (Hebrew version from official project with hspell and Culmus); removed KOffice; the full range of desktop applications are now installed as default; Ehad desktop, boot and LILO theme; local packages: ehad-media (define software repositories with ease) , ehad-guide (a guide for Israeli Internet Connectivity), ehad-radio (Hebrew Internet Radio launcher), hocr (Hebrew OCR), hdate (Hebrew calendar), Anka (new type-1 font from 'culmus fancy' series)." Read the release announcement (in Hebrew) and release notes for more details.
Ehad 2006 - a single-CD Mandriva-based distribution with support for Hebrew
(full image size: 335kB, resolution: 1280x1024 pixels)
* * * * *
Development and unannounced releases
|Upcoming Releases and Announcements
Summary of expected upcoming releases
New distributions added to the waiting list|
- Aegean Linux. Aegean Linux is an i686-optimised Linux distribution designed for intermediate and advanced users.
- Openfiler. Openfiler is a CentOS-based network storage software distribution. It delivers file-based Network Attached Storage and block-based Storage Area Networking in a single framework.
* * * * *
DistroWatch database summary
That's all for today. The next issue of DistroWatch Weekly will be published on Monday, 3 April 2006. See you then :-)
|• Issue 616 (2015-06-29): MidnightBSD 0.6, openSUSE's "42", encryption added to the ext4 file system, FreeBSD on a Raspberry Pi|
|• Issue 615 (2015-06-22): Raspbian 2015, Fedora works around Intel driver issue, openSUSE adopts GCC 5, frozen desktop while copying files|
|• Issue 614 (2015-06-15): Chromixium OS 1.0, Debian 8.1 released, OpenBSD running in the cloud, sudo myths|
|• Issue 613 (2015-06-08): Fedora 22, Cinnamon 2.6 released, FreeBSD's history, working around Secure Boot|
|• Issue 612 (2015-06-01): Manjaro OpenRC, Debian, Devuan and systemd, Fedora 22 released, Mandriva closes its doors|
|• Issue 611 (2015-05-25): Kubuntu 15.04, openSUSE adopts Plasma 5, Ubuntu's Snappy, words from Debian's Neil McGovern|
|• Issue 610 (2015-05-18): NethServer 6.6, interview with Neil McGovern, CentOS supports AArach64, Foresight discontinued|
|• Issue 609 (2015-05-11): OpenIndiana 2015.03, LXLE 14.04, PC-BSD Current, creating ISO images, Ask A Leader with Peter Ganten|
|• Issue 608 (2015-05-04): Debian 8.0, Bodhi forks Enlightenment, new Debian GNU/Hurd release, distribution release frequency|
|• Issue 607 (2015-04-27): Ubuntu 15.04, Chapeau 21, Debian 8.0 features, Fedora 22 Beta details|
|• Issue 606 (2015-04-20): Linux Mint 2 "LMDE", Matthew Miller, Debian's new Project Leader, Evolve OS name change|
|• Issue 605 (2015-04-13): SuperX 3.0, HAMMER2 features, Linux 4.0, Vince Pooley, Google Code closing|
|• Issue 604 (2015-04-06): Void 20150221, Haiku's commercial partners, Debian release date, Tumbleweed features|
|• Issue 603 (2015-03-30): Tails 1.3, LibreOffice Online, Linux Firewalls book review, Kubuntu with Plasma 5|
|• Issue 602 (2015-03-23): Bodhi Linux 3.0.0, distro popularity, OpenBSD's new web server, GNU Manifesto turns 30|
|• Issue 601 (2015-03-16): Ubuntu MATE 14.10, modern distros for old hardware, AppArmor in Debian, Fedora 22 Alpha|
|• Issue 600 (2015-03-09): Korora 21, distro diversity, Ubuntu gets systemd, PC-BSD security features|
|• Issue 599 (2015-03-02): Sabayon 15.02, creating good passwords, new YaST modules, LMDE preview
|• Issue 598 (2015-02-23): Netrunner 14.1, Vivaldi web browser, Debian election, Cinnamon improvements|
|• Issue 597 (2015-02-16): MakuluLinux MCDE 2.0, Ubuntu phones launch, m0n0wall ceases development, live Linux updates|
|• Issue 596 (2015-02-09): ArchBSD 2014.09.04, encrypted e-mail, Fedora upgrade stats, FreeBSD's support policy|
|• Issue 595 (2015-02-02): ExTiX 15.1, Destroying encrypted data, openSUSE election, OSDisc statistics|
|• Issue 594 (2015-01-26): KaOS 2014.12, Commercial distros, Snappy Ubuntu, PackageKit fixes|
|• Issue 593 (2015-01-19): ReactOS 0.3.17, Unity on Mir, Bluetooth support, openSUSE election|
|• Issue 592 (2015-01-12): Mint 17.1, load averages, binary logs, GNOME Software|
|• Issue 591 (2015-01-05): Manjaro 0.8.11, systemd, Devuan, Torrent Corner|
|• Issue 590 (2014-12-22): Fedora 21, Ubuntu phone, expanding ZFS storage, Able2Extract|
|• Issue 589 (2014-12-15): Parsix 7.0, Ubuntu "Snappy", PC-BSD upgrades, How Linux Works|
|• Issue 588 (2014-12-08): PC-BSD 10.2, rolling-release Ubuntu GNOME, Bitrig, systemd|
|• Issue 587 (2014-12-01): Trisquel 7.0, Kubuntu 14.10 "Plasma5", FreeBSD on 64-bit ARM, Jolla and UbuTab|
|• Issue 586 (2014-11-24): Scientific Linux 7.0, Debian and systemd, Ubuntu MATE, application-level firewalls|
|• Issue 585 (2014-11-17): openSUSE 13.2, PC-BSD's "roles", MATE + Compiz on Mint, cleaning package cache|
|• Issue 584 (2014-11-10): OpenMandriva 2014.1, Debian freeze, trickle, systemd and boot times|
|• Issue 583 (2014-11-03): Ubuntu 14.10, ownCloud, Kylin interview, The Book of PF, Elive's commercial ways|
|• Issue 582 (2014-10-27): GhostBSD 4.0, Tumbleweed and Factory merge, systemd and fork of Debian|
|• Issue 581 (2014-10-20): SparkyLinux 3.5, Fedora's graphics stack, Debian and systemd, OpenBSD 5.6|
|• Issue 580 (2014-10-13): Rolling releases, Arch as best distro, GNOME on Wayland, MINIX 3.3.0|
|• Issue 579 (2014-10-06): PC-BSD 10.0.3, Debian's Jessie freeze, setting up home server|
|• Issue 578 (2014-09-29): Calculate 14, Debian's default desktop, Shellshock vulnerability, practical Tiny Core|
|• Issue 577 (2014-09-22): SymphonyOS 14.1, FreeBSD drops pkg_add, MINIX on ARM, GNU screen|
|• Issue 576 (2014-09-15): PCLinuxOS 2014.08, Mint's documentation, Debian's hardware database, CDE|
|• Issue 575 (2014-09-08): Porteus 3.0.1, Fedora's blivet-gui, Red Hat's Docker, systemd|
|• Issue 574 (2014-09-01): Ubuntu Kylin 14.04, Haiku and Linux kernel, Wayland support, Lumina, Bash completion|
|• Issue 573 (2014-08-25): SolydXK 201407, VPN gateway with FreeBSD, Ubuntu MATE, Raspbian, trusting binary packages|
|• Issue 572 (2014-08-18): ZFSguru 10.1, Fedora's Flock, beta installer for "Jessie", Ubuntu Core, rolling releases|
|• Issue 571 (2014-08-11): HandyLinux 1.6, LMDE update, default desktop in "Jessie", running out of disk space|
|• Issue 570 (2014-08-04): Neptune 4, Kubuntu's KDE Plasma 5, FreeBSD and UEFI, Linux servers|
|• Issue 569 (2014-07-28): Deepin 2014, Ask Fedora, Gentoo and LibreSSL, encrypted package downloads|
|• Issue 568 (2014-07-21): Antergos 2014.06.24, Mint based on Debian stable, upgrading CentOS, BinaryTides|
|• Issue 567 (2014-07-14): Manjaro 0.8.10, PC-BSD jails, Debian and glibc, Fedora's DNF, Xiki and Opera 24|
|• Issue 566 (2014-07-07): LXLE 14.04, OpenBSD's SimpleDE, openSUSE artwork, home security basics|
|• Issue 565 (2014-06-30): Chakra 2014.05, Fedora on BeagleBone, Matthew Miller interview, e-book readers|
|• Issue 564 (2014-06-23): Antergos 2014.05.26 and Q4OS 0.5.11, Debian LTS and glibc, Fedora DNF|
|• Issue 563 (2014-06-16): Mint 17, CentOS 7 pre-release, Debian MATE, accessing encrypted content|
|• Issue 562 (2014-06-09): GoboLinux 015, Gentoo interview, Fedora leader change, climagic tricks|
|• Issue 561 (2014-06-02): OpenMandriva 2014.0, Debian GNU/Hurd, Lubuntu and LXQt, Final Term, TrueCrypt|
|• Full list of all issues|