| DistroWatch Weekly
|DistroWatch Weekly, Issue 144, 27 March 2006
Welcome to this year's 13th issue of DistroWatch Weekly. Following last week's Fedora 5 release, the next few days will be equally exciting: we are expecting KDE 3.5.2, DesktopBSD 1.0. Frugalware 0.4 and the first release candidate of SUSE Linux 10.1. Before that happens, we'll bring you news about MEPIS switching allegiance, Slackware preparing version 11.0, and Debian compiling with GCC 4.1. Also in this week's issue: Ulteo, a new distribution developed by the founder of Mandrake Linux is nearing release, while the user community of PCLinuxOS gets a new community resource. In the review section we'll take a brief look at an intriguing book entitled Mastering FreeBSD and OpenBSD Security. Happy reading!
Listen to the Podcast edition of this week's DistroWatch Weekly in ogg (5.52MB) or mp3 (6.64MB) format (courtesy of Shawn Milo).
Join us at irc.freenode.net #distrowatch
Miscellaneous news: MEPIS switches allegiance, Slackware 11.0 pre-orders, compiling Debian with GCC 4.1, Ulteo, My.PCLinuxOS
As hinted previously, the developers of MEPIS Linux, an easy-to-use distribution for Linux beginners, have switched their base system from Debian to Ubuntu Linux. If the initial tests prove successful, we are likely to see all future releases of SimplyMEPIS based on the distribution which, although derived from Debian, has a more predictable release cycle and an enviable momentum that has already pushed it to the top of many popularity charts. Designed for experienced beta testers, the first experimental release of the Ubuntu-based SimplyMEPIS 6.0 is only available from the project's premium server (starting at US$14.99), although subsequent betas and the final release should be distributed publicly.
Good news for all fans of the oldest surviving Linux distribution: Version 11.0 of Slackware Linux is now available for pre-order from the distribution's online store. Although there is no word on when the new version will be formally released, the store now offers the usual 4-CD set for US$39.95 as well as a single-DVD edition for US$59.95 and a "Slack Pack" edition containing the DVD with the Slackware Essential book (2nd edition) for US$69.95. The current Slackware development tree is based on Linux kernel 2.4.32 (with version 220.127.116.11 in the testing directory), X.Org 6.9.0, KDE 3.5.1, Apache 1.3.34, PHP 4.4.2, MySQL 5.0.18 and the usual range of popular open source software. If you enjoy Slackware, don't miss this major new update!
Over the last two weeks, Debian developer and former Debian Project Leader Martin Michlmayr compiled the whole Debian archive on a quad-core MIPS machine donated by Broadcom using GCC 4.1. The aim was to find problems in GCC 4.1 itself and bugs in free software projects exhibited by GCC's increased standards conformance (in particular regarding C++ code). By compiling about 6200 packages, over 500 new bugs have been discovered and submitted, 280 of which are specific to the increased strictness of GCC 4.1. In a posting to the Debian development list, Martin classified the bugs he found and offered some useful links to programmers of C++ code. In a posting to the GCC list, he proposed that GCC should only produce new errors after warnings have been shown for at least one release, giving programmers more time to fix their code. This work is part of his research on quality in free software carried out at the University of Cambridge and sponsored by Google.
Last week's news about Ulteo, a new distribution being developed by the freshly unemployed Gaël Duval, has piqued the curiosity of many Linux users. As a result of the buzz, a French web site called NetEconomie expanded on the story by interviewing Monsieur Duval (the link is in French). Although the well-known founder of Mandrake Linux does not seem quite ready to reveal the finer details of the new product just yet, he does disclose that it will focus on ease of use throughout all the facets of the distribution, not just the user interface and that it will be designed for Internet-connected computers in the home and in small offices. Despite the "dot-com" nature of the distribution's domain, Gaël Duval promises that Ulteo will remain a free project, with the business model based on selling associated services rather than the distribution itself. The first beta of Ulteo is expected to be released in May 2006.
A new web site for the PCLinuxOS user community has been launched. Called My.PCLinuxOS, it promises to deliver an organised platform for the development of sub-projects that fall within the PCLinuxOS umbrella, and provide a unified system for creating user manuals, documentation and other relevant material: "We would like to help foster positive involvement within PCLinuxOS for users of all experience levels. We have areas for distributing user contributed software packages, submitting news and HOWTO articles, project newsletters, and areas for project development. No project is too small or large…." While still in its infancy, the new web site is already functional, with forums now ready for your input and the FAQs also starting to take shape. For more information please read the initial announcement and visit MyPCLinuxOS.com.
Following all the excitement surrounding the announcement of Fedora Core 5 last Monday, this week promises to continue the trend of new, interesting software releases. An update to the popular KDE desktop, version 3.5.2, is now available for Kubuntu (Breezy Badger and Dapper Drake), so the official release announcement can't be too far away now. A major milestone in the development of SUSE Linux 10.1 is expected on Thursday when the first release candidate should give us a good indication about the quality and stability of the new version. Looking through some of the mirror sites earlier today, we also spotted a couple of "wget-watering" and (as yet) unannounced distribution releases: after several release candidates, the CD and DVD images of DesktopBSD 1.0 are now available from a number of FTP and HTTP servers, while those of Frugalware Linux 0.4, officially scheduled for release later this week, have now also started appearing on the project's download sites. Expect the official release announcements of both later in the week.
DesktopBSD 1.0 - although not yet announced, the ISO images of the project's first stable release started appearing on mirrors on Sunday.
(full image size: 722kB, resolution: 1280x1024 pixels)
Finally, a handful of links for those moments when you just want to sit back, relax, and have a good laugh. The first one is meant to dispel the myth that software bug reports provide only boring, highly technical information completely detached of any human emotions. As proven by Bug #330884, the developers and users of Firefox are far from that; in fact some of them are trying to save a 5-year old relationship wrecked by a bug in Firefox that gave away a partner's dark secret - some frequently visited password-protected sites, some of which were a little, er, embarrassing, to say the least. The Register caries a similar story. In the meanwhile, here is a hilarious email exchange between the lead developer of CentOS and the City Manager of Tuttle, Oklahoma, USA, who mistook the default Apache welcome page for an attempt by CentOS to hack the city's web site, even threatening to hand the matter over to the FBI! Last but not least, don't miss the Guy's Guide to Geek Girls, a step-by-step HOWTO explaining the art of attracting, dating and "maintaining" geek girls. Enjoy!
|Book review: Mastering FreeBSD and OpenBSD Security
Book review: Mastering FreeBSD and OpenBSD Security
I have to admit that one of my biggest Internet-related fears is that I wake up one morning to find this site's web server security mechanism cracked and its web pages defaced. This paranoia further accelerates every time I dare to open the auth.log file and start wading through the ever increasing lines indicating that someone somewhere, at this very moment, is attempting a dictionary attack on the SSH server, or when I browse through the tcpdump output providing information about the number of times somebody tried to force their way in through a presumably water-tight port. As a result of this anxiety -- and also to improve my sleep -- I decided to do something: I invested in a copy of O'Reilly's Mastering FreeBSD and OpenBSD Security by Yanek Korff, Paco Hope and Bruce Potter.
Published in March 2005, this 450-page book is divided into three main sections: Security Foundation, Deployment Situations, and Auditing and Incident Response. While some security experts would be able to use the publication as a reference book, the majority of readers targeted by the authors will be wise to read it from the beginning, at least the chapters that are devoted to general security concepts. As the early chapters explain, system security is not a goal, but a journey; it's not something that you attain and forget about - instead, it's a never-ending state of alertness that may at times require fast reaction, lateral thinking and even calculated risks. That's because every security measure implemented on a computer system brings a trade-off. Devising an air-tight security system may indeed give the administrator fewer sleepless nights, but it can also reduce productivity of those users who have legitimate reasons to access the system.
But let's get back to the book. After going through the eye-opening early chapters, it covers the basic building blocks of a BSD system, such as security aspects of sysctl, chroot and jail (the two words that have become synonyms in Linux, but which mean two very different things in FreeBSD), inherent security mechanisms, cryptography and OS tuning. Chapter 3 then goes beyond these elementary concepts by introducing hardening techniques (e.g. sudo, turning off services, and system updates). The first section of the book is then concluded by discussing secure administration techniques, such as access control, network services and system health monitoring. This I found to be perhaps the most valuable chapter of the entire book - not only it covers excellent techniques for organising users, limiting access and dealing with passwords, it also gives many useful tips and warnings over potential pitfalls of granting users seemingly innocent privileges.
The next three chapters deal with practical considerations affecting the most common servers in existence - DNS, mail and web. As anybody who has run Sendmail, Postfix or qmail knows, mail server attacks have become very common in recent years and have been used as gateways to the entire system, or as mail transfer agents for delivering spam. The chapter shows how to guard against malicious mail server attacks and how to reduce the amount of spam delivered to the system's mail boxes. It deals extensively with both Sendmail and Postfix, but qmail users will find it unfair that their mail server is given no more than two paragraphs. Web server attacks are also covered in great detail, together with some advanced prevention techniques, such as the above-mentioned jails.
Next, it's all about firewalls and intrusion detection. OpenBSD's PF (which has since been ported to FreeBSD) is covered in some detail, although a better book to learn all there is about this excellent firewall is Absolute OpenBSD by Michael W Lucas. The last two chapters of the book are devoted to managing audit trails, incident response and forensics. I decided to skip these for the time being - not only I had been overwhelmed by all the new information I had to absorb in the preceding nine chapters, I haven't had a reason (knock on the wood) to learn about recovering compromised systems. But with ever increasing levels of Internet vandalism, it's great to know that a good resource is available as part of this great book.
Anything that could have been done better? Looking through some reader comments on Amazon.com and other forums discussing the book, it was generally very well received. The only aspects that were somewhat disappointing were the above-mentioned neglect of qmail, a rather superficial discussion on firewall failover techniques with CARP (Common Address Redundancy Protocol) and pfsync, and the omission of OpenBSD's systrace. But since this is the book's first edition, let's hope that the authors will expand the next one by incorporating the above topics.
So, will Mastering FreeBSD and OpenBSD Security make your server impenetrable? Of course not. But if you pay attention to some of the security concepts, implement a few security ideas specific to your situation, and understand the risk versus convenience trade-off, you will definitely sleep more soundly. You will be equipped with valuable knowledge that will give you confidence in preventing and dealing with common Internet malice. A great book indeed.
* * * * *
Title: Mastering FreeBSD and OpenBSD Security
Authors: Yanek Korff, Paco Hope and Bruce Potter
|Released Last Week
Fedora Core 5
The eagerly anticipated Fedora Core 5, code name "Bordeaux", has been released: "The Fedora Project is pleased to announce the release of Fedora Core 5. New desktop applications, advances in security, better localization tools, improved software installation and management facilities and strong Java integration help to make Fedora Core 5 the most innovative Linux distribution ever." For more details please read the release announcement, release summary and release notes.
CentOS, a community distribution built from source packages for Red Hat Enterprise Linux, has been updated to version 4.3: "The CentOS development team is pleased to announce the availability of CentOS 4.3. Major changes in this version of CentOS include: upgraded update system - this new system provides more that 100 total mirrors for updates and picks geographically close and non-stale mirrors based on our master server's content; Frysk, InfiniBand Architecture (IBA), and z/VM hypervisor issues are discussed in the upstream release notes; updated and added packages." Read the full release announcement for additional information.
AliXe is a French Canadian Linux live CD based on SLAX. The new version 0.04, released yesterday, is derived from SLAX 5.0.7b with a number of newly updated packages; these include Linux kernel 2.6.15, X.Org 6.9.0, KDE 3.5.0, OpenOffice.org 2.0.1 (replaces KOffice), GIMP 2.2.10, Firefox 18.104.22.168 and Thunderbird 1.5. Two keyboards are supported: Canadian French and Canadian multilingual. A "copy2ram" option is available on systems with the minimum of 512 MB or memory. Please refer to the release announcement and visit the project's home page (both links in French) for further details.
B2D Linux 20060321
Taiwan's B2D project has released a new KNOPPIX-based live CD that includes both KDE (3.5.1) and GNOME (2.12) on a single CD. Called "PureKGB", the new version combines the best software from the two major desktop environments, although due to space restrictions, some applications, notably OpenOffice.org, Nvu and Mozilla Thunderbird, had to be left out from the CD. These can be installed through the "Klik" infrastructure. Apart from this major change, the previously reported midi playback bug in Rosegarden has also been fixed. Please read the release announcement (in Chinese) for more information and screenshots.
SLAX, a popular live CD based on Slackware Linux, has been updated to version 5.0.8: "It's my pleasure to let you know that SLAX 5.0.8 has been released. All users are strongly encouraged to upgrade, because all new modules created from now are not readable in older SLAX releases. What's new? The long-awaited SLAX Server Edition is finally available; all other editions are updated too; 2.6.16 Linux kernel; fixed bug in mounting of DOS partitions (long file names work now); the 'uselivemod' and 'configsave' features work again." See the distribution's changelog for more details.
Ehad is a single-CD, Mandriva-based distribution designed for the speakers of Hebrew. A new major version was released over the weekend. What's new? "Based on Mandriva 2006.0 packages; includes all official updates released until 25-Mar-2006; OpenOffice.org 2.0 (Hebrew version from official project with hspell and Culmus); removed KOffice; the full range of desktop applications are now installed as default; Ehad desktop, boot and LILO theme; local packages: ehad-media (define software repositories with ease) , ehad-guide (a guide for Israeli Internet Connectivity), ehad-radio (Hebrew Internet Radio launcher), hocr (Hebrew OCR), hdate (Hebrew calendar), Anka (new type-1 font from 'culmus fancy' series)." Read the release announcement (in Hebrew) and release notes for more details.
Ehad 2006 - a single-CD Mandriva-based distribution with support for Hebrew
(full image size: 335kB, resolution: 1280x1024 pixels)
* * * * *
Development and unannounced releases
|Upcoming Releases and Announcements
Summary of expected upcoming releases
New distributions added to the waiting list|
- Aegean Linux. Aegean Linux is an i686-optimised Linux distribution designed for intermediate and advanced users.
- Openfiler. Openfiler is a CentOS-based network storage software distribution. It delivers file-based Network Attached Storage and block-based Storage Area Networking in a single framework.
* * * * *
DistroWatch database summary
That's all for today. The next issue of DistroWatch Weekly will be published on Monday, 3 April 2006. See you then :-)
|• Issue 638 (2015-11-30): Qubes OS 3.0, KaOS with Plasma, NetBSD 7.0, Fedora seeks Wayland testers, scheduling tasks|
|• Issue 637 (2015-11-23): NixOS 15.09, Antergos introduces ZFS support, MINIX shares new features, copying an OS to a new computer|
|• Issue 636 (2015-11-16): openSUSE 42.1, Fedora uses Wayland by default, Debian replaces live CD project, Steam consoles launch|
|• Issue 635 (2015-11-09): Fedora 23, Cinnamon 2.8 released, a Fedora KDE packager quits, Red Hat signs deal with Microsoft|
|• Issue 634 (2015-11-02): Ubuntu 15.10, Chakra upgrades to Plasma 5, OpenMandriva plans new editions, MINIX plans conference|
|• Issue 633 (2015-10-26): GhostBSD 10.1, Bodhi Linux to get new settings panel, Fedora 23 delayed, creating live image of existing OS|
|• Issue 632 (2015-10-19): Linux Lite 2.6, 32-bit build of CentOS, OpenBSD turns 20, Bodhi Linux releases AppPack|
|• Issue 631 (2015-10-12): Parsix 8.0, Manjaro seeks new artwork, sending commands to multiple servers, Debian drops LSB support|
|• Issue 630 (2015-10-05): Android-x86 4.4-r3, Ubuntu's new installer, Raspbian defaults to GUI interface, cleaning out dot files|
|• Issue 629 (2015-09-28): Open source desktops and touch interfaces, locking down user accounts, OpenMandriva opens gaming documentation|
|• Issue 628 (2015-09-21): Neptune 4.4, changes to pfSense, Pinguy OS releases updated ISO images, accessing hard disk images|
|• Issue 627 (2015-09-14): Mageia 5, Snappy co-exists with Debian packages, creating PDF/A documents, Antergos previews Poodle|
|• Issue 626 (2015-09-07): Status of Wayland and Mir, Cinnamon improvements, an OpenBSD hypervisor, HAMMER2 gets deduplication|
|• Issue 625 (2015-08-31): OpenELEC 5.0.8, Fedora's new Wayland features, Tails releases update, the LILO boot loader|
|• Issue 624 (2015-08-24): Zorin OS 10, Sabayon's new features, Solus seeks funding, Debian turns 22, new PC-BSD repository|
|• Issue 623 (2015-08-17): VectorLinux 7.1, Ubuntu One source released, Moksha Desktop ships in Bodhi, Fedora developers debate Chromium|
|• Issue 622 (2015-08-10): antiX 15, Fedora tests kdbus, Debian tracks UEFI issues, word processors for the CLI|
|• Issue 621 (2015-08-03): Point Linux 3.0, Debian drops Sparc, Fedora package stats, VirtualBox 5.0|
|• Issue 620 (2015-07-27): Debian GNU/Hurd 2015, Linux Bible, Ubuntu MATE gets new Welcome app, Telegram on Fedora, Plasma Mobile|
|• Issue 619 (2015-07-20): SolydXK 201506, Tanglu's new bug tracker, FSF and Canonical negotiate licensing, Haiku unveils new init system|
|• Issue 618 (2015-07-13): Semplice Linux 7, openSUSE derivatives, Debian adopts GCC 5, Docker ported to FreeBSD|
|• Issue 617 (2015-07-06): Alpine linux 3.2.0, Fedora on MIPS CPUs, Solus offers daily builds, Ubuntu migrating to Snappy|
|• Issue 616 (2015-06-29): MidnightBSD 0.6, openSUSE's "42", encryption added to the ext4 file system, FreeBSD on a Raspberry Pi|
|• Issue 615 (2015-06-22): Raspbian 2015, Fedora works around Intel driver issue, openSUSE adopts GCC 5, frozen desktop while copying files|
|• Issue 614 (2015-06-15): Chromixium OS 1.0, Debian 8.1 released, OpenBSD running in the cloud, sudo myths|
|• Issue 613 (2015-06-08): Fedora 22, Cinnamon 2.6 released, FreeBSD's history, working around Secure Boot|
|• Issue 612 (2015-06-01): Manjaro OpenRC, Debian, Devuan and systemd, Fedora 22 released, Mandriva closes its doors|
|• Issue 611 (2015-05-25): Kubuntu 15.04, openSUSE adopts Plasma 5, Ubuntu's Snappy, words from Debian's Neil McGovern|
|• Issue 610 (2015-05-18): NethServer 6.6, interview with Neil McGovern, CentOS supports AArach64, Foresight discontinued|
|• Issue 609 (2015-05-11): OpenIndiana 2015.03, LXLE 14.04, PC-BSD Current, creating ISO images, Ask A Leader with Peter Ganten|
|• Issue 608 (2015-05-04): Debian 8.0, Bodhi forks Enlightenment, new Debian GNU/Hurd release, distribution release frequency|
|• Issue 607 (2015-04-27): Ubuntu 15.04, Chapeau 21, Debian 8.0 features, Fedora 22 Beta details|
|• Issue 606 (2015-04-20): Linux Mint 2 "LMDE", Matthew Miller, Debian's new Project Leader, Evolve OS name change|
|• Issue 605 (2015-04-13): SuperX 3.0, HAMMER2 features, Linux 4.0, Vince Pooley, Google Code closing|
|• Issue 604 (2015-04-06): Void 20150221, Haiku's commercial partners, Debian release date, Tumbleweed features|
|• Issue 603 (2015-03-30): Tails 1.3, LibreOffice Online, Linux Firewalls book review, Kubuntu with Plasma 5|
|• Issue 602 (2015-03-23): Bodhi Linux 3.0.0, distro popularity, OpenBSD's new web server, GNU Manifesto turns 30|
|• Issue 601 (2015-03-16): Ubuntu MATE 14.10, modern distros for old hardware, AppArmor in Debian, Fedora 22 Alpha|
|• Issue 600 (2015-03-09): Korora 21, distro diversity, Ubuntu gets systemd, PC-BSD security features|
|• Issue 599 (2015-03-02): Sabayon 15.02, creating good passwords, new YaST modules, LMDE preview
|• Issue 598 (2015-02-23): Netrunner 14.1, Vivaldi web browser, Debian election, Cinnamon improvements|
|• Issue 597 (2015-02-16): MakuluLinux MCDE 2.0, Ubuntu phones launch, m0n0wall ceases development, live Linux updates|
|• Issue 596 (2015-02-09): ArchBSD 2014.09.04, encrypted e-mail, Fedora upgrade stats, FreeBSD's support policy|
|• Issue 595 (2015-02-02): ExTiX 15.1, Destroying encrypted data, openSUSE election, OSDisc statistics|
|• Issue 594 (2015-01-26): KaOS 2014.12, Commercial distros, Snappy Ubuntu, PackageKit fixes|
|• Issue 593 (2015-01-19): ReactOS 0.3.17, Unity on Mir, Bluetooth support, openSUSE election|
|• Issue 592 (2015-01-12): Mint 17.1, load averages, binary logs, GNOME Software|
|• Issue 591 (2015-01-05): Manjaro 0.8.11, systemd, Devuan, Torrent Corner|
|• Issue 590 (2014-12-22): Fedora 21, Ubuntu phone, expanding ZFS storage, Able2Extract|
|• Issue 589 (2014-12-15): Parsix 7.0, Ubuntu "Snappy", PC-BSD upgrades, How Linux Works|
|• Issue 588 (2014-12-08): PC-BSD 10.2, rolling-release Ubuntu GNOME, Bitrig, systemd|
|• Full list of all issues|