| DistroWatch Weekly
|DistroWatch Weekly, Issue 321, 21 September 2009
Welcome to this year's 38th issue of DistroWatch Weekly! Computer security has been a hot topic of discussion on these pages in recent weeks. As a result, Caitlyn Martin has embarked upon writing a series of articles covering the basics of computer and Internet security, starting today with part one - user authentication. In the news section, the openSUSE user community launches an initiative to build an enterprise-level distribution with long-term security support, Mark Shuttleworth announces the code name for Ubuntu 10.04, Clement Lefebvre reveals some early information about the improvements in Linux Mint 8 "Helena", and OpenBSD delays the planned October release by a month over a CD manufacturing error. Finally, don't miss the New Distributions section which includes some interesting new additions to the waiting list, including a new Slackware-based desktop distribution called Salix OS. Happy reading!
Listen to the Podcast edition of this week's DistroWatch Weekly in OGG (40MB) and MP3 (38MB) formats
Join us at irc.freenode.net #distrowatch
|Feature Story (by Caitlyn Martin)
Linux Security Basics, Part 1: Authentication
There have been a number of discussions, some of them fairly heated, about system security in the comments section of DistroWatch Weekly (DWW) over the last couple of months. Some have even argued against what most would consider basic Linux security. As a result I received a number of requests to write an article covering Linux security basics, complete with references. There are, of course, entire books written on Linux security and as I began writing, it became clear that one article just wouldn't do the subject justice. Consider this week's feature to be a starting point for a small, intermittent series of articles about Linux security.
I have limited the scope of this article and any future DistroWatch features on security to what makes sense to the home or small office user or, in other words, environments with just a handful of systems and users. Most of what follows can be applied to BSD, OpenSolaris, or indeed any UNIX or UNIX-like operating system, though the file names, specific commands and syntax may be somewhat different. To keep things simple I'm going to stick with Linux systems.
Before I get into describing basic Linux authentication, the recent discussions made it abundantly clear that I need to first define what I mean by security. I also have to answer the most basic question which is why we need to bother with security at all. Some DWW readers claim to have all but ignored security without a single problem for many years. Those claims are undoubtedly true. That doesn't mean the potential for real problems isn't present. Kurt Seifried, in his Linux Administrator's Security Guide, writes: "You only need to make one mistake or leave one flaw available for an attacker to get in. This, of course, means that most sites will eventually be broken into." He adds: "All technical security measures will eventually fail or be vulnerable to an attacker. This is why you must have multiple layers of protection."
The book, Practical UNIX and Internet Security, gives a very simple, straightforward definition of security: "A computer is secure if you can depend on it and its software to behave as you expect." There are many more technical and detailed definitions out there but that one line really does sum it up. If someone makes uninvited use of your system(s) for their own purposes without your consent, that definition is no longer met. Uninvited use can be by a friend or family member who means no harm, a co-worker, or a stranger halfway around the world.
When I talk about security, one of the questions I am frequently asked is why anyone would want to target a home or small business system. Last week Linux Pro Magazine Online published a report describing some 100 poorly secured Linux servers in Russia used as part of a botnet to distribute malware to Windows systems. Keep in mind that many home desktop systems are more powerful than servers of just a few years ago. When you combine the horsepower in today's hardware with the persistent high speed broadband connections many of us now enjoy and you can see how almost any system can be an inviting target.
Accounts and passwords
The first and simplest line of defense is a password. In his book, Securing & Optimizing Linux: The Ultimate Solution, Gerhard Mourani writes: "Many people keep their valuable information and files on a computer, and the only thing preventing others from seeing it is the eight-character string called a password. An unbreakable password, contrary to popular belief, does not exist. Given time and resources all passwords can be guessed either by social engineering or brute force." Some Linux users go even farther, running distributions which have either no password or a well-known and published password on a privileged or root account. This is tantamount to putting out a welcome mat for anyone and everyone who wishes to access your system provided they have physical access. A vulnerability in a service which communicates across the Internet can effectively leave such a system open to literally anyone who is aware of both the flaw and the password. Kurt Seifried, writing about insecure defaults of all sorts, not just passwords, states: "This is one of the problems that have caused no end of security problems since day one."
Mourani lists four basic rules for a good password. Three of them do apply even to home and SOHO systems:
Every major Linux distribution has tools to enforce strong passwords and password aging. Many users don't use them because a long, non-trivial password which changes periodically is inconvenient. Security, by nature, is inconvenient. It is up to each of us to decide how much inconvenience is worth putting up with to have a secure system.
- They should be at least six characters in length, preferably eight characters, with at least one numeral and one special character.
- They must not be trivial; a trivial password is one that is easy to guess and is usually based on the user's name, family, occupation, or some other personal characteristic.
- They should have an aging period, requiring a new password to be chosen within a specific time frame.
The root account (a.k.a the superuser account) is the one account on each and every *nix system which generally has absolutely no restrictions placed on it. Root can do anything. For this reason it is generally recommended to not login and run as root unless it's absolutely necessary.
The first person not running as root protects you from is yourself. I did six weeks of work for a local bank prior to a merger. One of their professional system administrators, a man with years of experience, wrote a script to clean up old files on a server. For obvious reasons it had to run as root. He made a minor syntax error in the script which caused it to run from the root file system rather than one of the file systems where it was supposed to run. To make matters worse he ignored the proper change control procedures because he thought this was trivial maintenance. The script ran overnight and dutifully began removing large parts of the operating system that were older that the date set in his script, effectively wiping out a production server. The point of the story is that even seasoned professionals make mistakes, sometimes with disastrous consequences. If you're running as root you can easily, accidentally do damage to your system without warning. This is why some Linux distributions, e.g. Ubuntu, don't permit root logins by default.
It should go without saying that strong password rules should be applied to the root account first and foremost. If remote root access is permitted, either by design or because of a security vulnerability, a strong password may delay an intrusion long enough to be detected and prevented. There have also been a number of Internet applications, including web browsers, which have had vulnerabilities that effectively allow remote access as the user running the application. If that user is root these security flaws become far more dangerous. This is why some Linux applications have very tersely worded warnings about running them as root.
Every Linux distribution, even the most minimal, has tools to allow the temporary granting of root privileges to an ordinary user. The most common are su, short for "switch user", and sudo, short for "superuser do". The sudo command offers the ability to log what you are doing as root. It also provides the simplest means for doling out a subset of root privileges to someone who needs to do specific tasks which require root privileges but does not need full and absolute control of a system, making it ideal for small business networks. A detailed HOWTO covering both su and sudo will be coming to DWW soon.
Basic Linux authentication: how it works
On any modern Linux system there are three files that provide the most basic level of authentication for the local system:
Every user on the system has a unique user ID (UID), a number, associated with their username. (NOTE: It is possible to assign two usernames to a single UID, effectively creating a single account with two names which can be used to login.) Each user belongs to at least one group of users and each group has a unique group ID (GID) associated with the group name.
The /etc/passwd file is a plain text file. It can be edited with any text editor run as root. It contains seven fields for each user, separated by colons:
The default shell is particularly important for system accounts. Many system tools and some applications require their own user account to run properly. However, you wouldn't want someone to actually be able to login as that task. In this case a dummy shell, typically /bin/false, is used. If there is no valid shell the user can't login.
- the username
- a lowercase x (usually)
- the user ID (UID)
- the user's default group
- the user's full name and, optionally, additional plain text info about the user
- the user's home directory
- the user's default shell
In the dim and distant past the /etc/passwd file also contained the users' passwords in plain text. As networks grew it became clear that some sort of secure way of storing passwords that wasn't human readable was an absolute must and, as usual, it was a security incident that convinced someone of the need. In 1987 Julianne Haugh experienced a break-in and wrote the original Shadow Password Suite, which originally contained the login, passwd, and su commands. Shadow passwords have been included in Linux since 1992 and the suite has grown to 30 commands.
The basic concept of shadowing is easy to understand. I'll quote Seifried again: "For many years the solution has been quite simple and effective, simply hash the passwords, and store the hash, when a user needs to authenticate take the password they enter it, hash it, and if it matches then it was obviously the same password." Over time the computing power grew and it became easier to crack even hashed passwords so Linux and other UNIX systems moved to stronger encryption systems, most commonly MD5. In addition to the username and hashed password, /etc/shadow also contains password aging information.
Using chage to setup password aging
All the major Linux distributions have graphical tools which front end the Shadow Password Suite. However, if you're running a more minimal distribution or if you'd like to manage password aging from the command line on an existing account, the easiest way to do it is with the chage command. At its simplest you can set a period of time after which the password must be changed. For example, if I want to force a user (yes, even myself) to change their password every 90 days I can do it with the command:
chage -m 90 user
where "user" is replaced with the actual user name. It's a lot friendlier to also set a warning with the -W option. Let's say I wanted a 5-day warning before the password actually expires. The command would then be:
chage -m 90 -W 5 user
Any user can check when their password expires with the command:
chage -l user
Pluggable Authentication Modules (PAM)
PAM is something that mostly applies to larger networks but since it is enabled by default as part of the authentication process on many major Linux distributions, it deserves a mention here. On larger networks there are a number of systems (NIS, NIS+ and LDAP, for example) that are used to allow a user to use one account to log onto many systems. There are also more advanced security systems which allow passwords to be changed minute by minute. In many enterprise networks someone who needs access to secure systems is issued a key fob with a small LCD or LED screen which displays the password of the moment. What PAM does is allow administrators to set up rules for how each type of authentication is handled and allows multiple authentication methods to be used and managed in one place. An example of a rule may be one which allows a class of users to only login during certain hours.
OK, so what does this have to do with a home user? Well, if you're running Debian GNU/Linux, Red Hat/Fedora, SUSE Linux Enterprise or many of the distros based on one of those three then PAM is enabled by default on your system and it certainly is possible for you to use it to setup rules for given systems in even a small network. Slackware, on the other hand, doesn't include PAM at all though some Slackware derivatives, notably Zenwalk Linux, do. A slightly dated PAM manual from Red Hat can be found here.
One good use for PAM on home or small business networks is strong password enforcement. PAM includes a module which uses CrackLib to determine if a password is "strong enough". What "strong enough" means on your system(s) is entirely configurable. Some distributions, including Red Hat Enterprise Linux and its clones, including Oracle Enterprise Linux, CentOS and Scientific Linux, enable the pam-cracklib module by default.
In upcoming parts of this series we'll look at basic steps you can take to keep your server secure by limiting which services are running and access to services that need to run. We'll look at network ports, how to tell which are open and which are closed, and how to close ones which aren't needed. We'll look at Linux file system security, covering everything from permissions to encryption. We'll look at the firewall included in the Linux kernel and how to use it and, as promised, we'll cover how to dole out root privileges safely. Finally, we'll end with a primer on system logs and how to determine if you've had an unwanted visitor.
|Miscellaneous News (by Chris Smart)
openSUSE community ponders a CentOS-like enterprise distribution, Ubuntu announces code name for 10.04, Linux Mint hints at improvements in "Helena", OpenBSD delays release over CD manufacturing fault
Leading the news this week is a story about plans among the community to create a long-term supported variant of openSUSE, specifically with servers in mind. Recently Novell announced that it has shortened the support life of the distro further from two years down to just eighteen months. This might help to ease the workload for Novell employees but it means more work for the end users who will now need to upgrade more often. Commercial offerings from the company are, on the other hand, maintained and supported for five to seven years, but will small businesses switch from the free openSUSE to costly SLES with support contracts? Boyd Lynn Gerber doesn't necessary think so and suggested a number of options to combat this problem. Two such options would be to extend support for openSUSE products, in effect creating an openSUSE LTS edition, or a new fork entirely based off the SLES source code à la, openSLES. The latter idea would be similar to CentOS, which builds a new binary distro from the source code of Red Hat Enterprise Linux. Would such a distro be of interest to the wider community and would it hurt or hinder Novell?
Elsewhere in openSUSE land, TuxRadar has published an interview with the project's Program Manager, Andreas Jaegar. The team discusses the distro's new eight month release cycle and asks Jaegar what his favourite features are in the upcoming 11.2 release. A web interface for YaST is one such feature which might see an introduction shortly. He writes: "WebYAST is AJAXy. It's still in its infancy... We might use one or two of its modules in 11.2." TuxRadar also asked whether we might see Con Kolivas' new scheduler in openSUSE, to which Jaegar replied: "Instead of a subjective feeling that it's better, get some numbers to see. And if it's good, we have the openSUSE Build Service - anyone can take our kernel and apply a patch on top of it. But at the moment it's too experimental and unknown." He also discusses the move to KDE as the default desktop, remix versions of the distro thanks to SUSE Studio, working more closely with Red Hat to create more portable RPM files, and more.
* * * * *
It's time again to find out what release of Ubuntu +1 (version 10.04), will be called. According to this blog post by Lisa Hoover, Ubuntu founder Mark Shuttleworth made the announcement at the Atlanta Linux Fest, revealing that the code name of Ubuntu 10.04 will be "Lucid Lynx" (here is the video announcing the new name). The upcoming 9.10 release will be, of course, "Karmic Koala", which builds further on the distro's technology, especially in the cloud. The first version for 2010 will be a long-term support (LTS) release, which are generally less cutting-edge. It's good timing because what Ubuntu needs now is more polish. The One Hundred Paper Cuts project is doing a great job sorting out these small niggling issues, but to compete with Apple's OS X for consumer's money (one of Mark Shuttleworth's primary goals for the distro) still needs work. The release therefore, is aptly named, as it will hopefully indeed be lucid - easily understood and completely intelligible. If Canonical can get it right, it might be the final push companies need to ditch Windows and put Ubuntu on their mainstream consumer products.
* * * * *
The founder of Linux Mint, Clement Lefebvre, has posted an update on what he's been working on recently. He walks through some changes for the upcoming "Helena release", including the renaming of various Mint tools to more useful names, such as "Software Manager" over "mintInstall." He also cites improvements to the installation and removing of packages: "When an application is listed, mintInstall now queries APT to find out whether it's installed on the system and what versions are installed and/or available. This process is almost immediate and doesn't impact the responsiveness. This basically means that, looking at an application, you'll be able to see if it's already installed or not, you'll be able to see its version and you'll be able to install it but also to remove it from mintInstall." The refresh button is also being removed in order to ease the load on Linux Mint servers and some improvements to the interface are coming, including optimisation for the smaller screen size on netbooks.
* * * * *
Finally, it looks like the next release of OpenBSD will be delayed by one month. Theo de Raadt, the project's founder and lead developer, says that the reason for the delay is a problem with CD manufacturing at a third-party manufacturing facility: "They have had serious CD production problems. Because everything in CD manufacturing is so ridiculously outsourced, all I know is that the plant which was used this time (Q Media Services Corporation in Vancouver) has made about six faulty CD pressings in a row." Hopefully there will not be any further delays as the tree was frozen rather early and large numbers of OpenBSD fans have pre-ordered discs. It can be painful waiting for the new version of your favourite operating system to arrive, but no doubt it is better to receive belated media which work, rather than some which are timely but faulty!
|Released Last Week
François Dupoux has released SystemRescueCd 1.3.0, a Gentoo-based live CD designed for administering or repairing an operating system and data after a crash. What's new in version 1.3.0? "Updated the standard kernels to Linux kernel 2.6.31; updated FSArchiver to 0.5.9 (better NTFS support); updated NTFS-3G to version 2009.4.4 AR17 (NTFS-3G advanced release); updated e2fsprogs to 1.41.9 (ext2, ext3, ext4 file system tools); Linux kernel 2.6.31 and btrfs-progs 0.19 are using a new btrfs format; added gdisk 0.3.1 (gdisk is a GPT partition table manipulator); updated the Xfce desktop environment to version 4.6.1; updated Python to version 2.6.2; updated Mozilla Firefox to version 3.5.2." Read the complete changelog for further details.
Oracle Enterprise Linux 5 Update 4
Oracle has announced the release of Oracle Enterprise Linux 5 Update 4, an enterprise-level distribution based on Red Hat Enterprise Linux 5.4: "Oracle is pleased to announce the general availability of Enterprise Linux Release 5 Update 4 for x86 (32-bit) and x86_64 (64-bit) architectures. This update includes the following kernel/driver changes: bug fixes added by Oracle - check to see if hypervisor supports memory reservation change, add Entropy support to IGB, add Xen pv/bonding netconsole support, shrink zone patch, fix aacraid not to reset during kexec, fix failure of file creation from hpux client; fixes and additions from the upstream distribution provider - a new tunable parameter has been added to the kernel, allowing system administrators to change the maximum number of modified pages kupdate writes to disk...." Read the rest of the release announcement for a complete technical changelog.
Muayyad Al-Sadi has announced the release of Ojuba 3, a Fedora-based distribution with Islamic utilities and support for Arabic: "We are proud to announce the release of Ojuba 3. This release comes in two forms: a live DVD/USB and an installation DVD which can be used to upgrade from a previous release. The installation DVD contains packages and serves as a repository for offline installation of packages. It includes GNOME 2.26, KDE 4.3.1, Xfce 4.6.1, LXDE. Features: Ojuba control center, original artwork, Quran browser and Thwab library, many Arabic and Islamic books like Sunan and classical dictionaries, prayer time reminder, Monajat supplications, Hijri calendar, Sun JRE, multimedia support, mlterm with support for Arabic. This release is based on Fedora 11 and it includes fast boot, ext4 support, fingerprint login...." Here is the full release announcement with several screenshots.
Ojuba 3 - a Fedora-based distribution with complete support for Arabic
(full image size: 708kB, screen resolution 1280x800 pixels)
DragonFly BSD 2.4
Matthew Dillon has announced the release of DragonFly BSD 2.4, a general-purpose operating system originally forked from FreeBSD 4.x: "The DragonFly 2.4 release is here! Three release options are now available: a bare-bones CD image, a DVD image which includes a fully operational X environment, and a bare-bones bootable USB disk-key image. In addition we will for the first time be shipping a 64-bit ISO image. 64-bit support is stable but there will only be limited 'pkgsrc' support in this release. DragonFly BSD 2.4 is a bigger release than normal. The single most invasive change is the introduction of DEVFS. The /dev file system is now mounted by the kernel after it mounts the root file system. All major and minor numbers have changed and the old /dev is no longer meaningful." Read the detailed release announcement for a complete list of changes and upgrade notes.
Puppy Linux 4.3
Barry Kauler has announced the release of Puppy Linux 4.3: "Puppy Linux version 4.3 released. Highlights: Linux kernel 18.104.22.168 configured for SMP (multi-processor) systems, with support for the ext4 file system and patched for Aufs2; Internet by dial-up - the kernel has drivers for many modems, including Agere, ESS, Lucent, Conexant, SmartLink, PCTEL and Intel chipsets; Pstreamvid - a great GUI for playing Internet TV; JWM theme maker; Psync - synchronises the clock to an Internet time server; SQLiteManager - a front-end for SQLite and an add-on to SeaMonkey; Hiawatha - a very small and extremely secure web server to serve CUPS, PPLOG and QUISP pages; a screenshot utility based on mtPaint, but with a very basic GUI; Pmirrorget for downloading a complete web site...." Read the detailed release announcement for a complete list of changes and new features.
Puppy Linux 4.3 - a major update of the popular mini-distribution
(full image size: 680kB, screen resolution 1280x1024 pixels)
Parted Magic 4.5
Patrick Verner has released Parted Magic 4.5, a small Linux live CD designed primarily as a hard disk partitioning utility: "This new version of Parted Magic updates the graphical server X.Org, expands networking, improves RAM usage, and fixes some bugs. To combat some of the problems associated with the newer versions of X.Org and Intel chipsets, Parted Magic offers driver versions intel-2.4.1, intel-2.5.1, intel-2.6.3, intel-2.7.1 as boot options. There is a new PPPoE option added to the 'Start Network' program. RAM usage has been significantly reduced for the 'Default settings (Runs from RAM)' and 'Live with low RAM settings' boot options. The default option only requires 192 MB, from 256 MB in version 4.4, to completely run Parted Magic from RAM. The biggest gain was with the low RAM option because that now only requires 48 MB to run." Visit the project's home page to read the release announcement.
* * * * *
Development, unannounced and minor bug-fix releases
|Upcoming Releases and Announcements
Summary of expected upcoming releases
New distributions added to database
- eBox Platform. eBox Platform is a unified network server that offers easy and efficient computer network administration for small and medium-size businesses. It can act as a gateway, an infrastructure manager, a unified threat manager, an office server, a unified communication server or a combination of them. These functionalities are tightly integrated, automating most tasks, avoiding mistakes and saving time for system administrators. eBox Platform is released under the GNU General Public License (GPL) and runs on top of Ubuntu.
* * * * *
New distributions added to waiting list
* * * * *
DistroWatch database summary
* * * * *
And this concludes the latest issue of DistroWatch Weekly. The next instalment will be published on Monday, 28 September 2009.
Caitlyn Martin, Chris Smart and Ladislav Bodnar
|• Issue 624 (2015-08-24): Zorin OS 10, Sabayon's new features, Solus seeks funding, Debian turns 22, new PC-BSD repository|
|• Issue 623 (2015-08-17): VectorLinux 7.1, Ubuntu One source released, Moksha Desktop ships in Bodhi, Fedora developers debate Chromium|
|• Issue 622 (2015-08-10): antiX 15, Fedora tests kdbus, Debian tracks UEFI issues, word processors for the CLI|
|• Issue 621 (2015-08-03): Point Linux 3.0, Debian drops Sparc, Fedora package stats, VirtualBox 5.0|
|• Issue 620 (2015-07-27): Debian GNU/Hurd 2015, Linux Bible, Ubuntu MATE gets new Welcome app, Telegram on Fedora, Plasma Mobile|
|• Issue 619 (2015-07-20): SolydXK 201506, Tanglu's new bug tracker, FSF and Canonical negotiate licensing, Haiku unveils new init system|
|• Issue 618 (2015-07-13): Semplice Linux 7, openSUSE derivatives, Debian adopts GCC 5, Docker ported to FreeBSD|
|• Issue 617 (2015-07-06): Alpine linux 3.2.0, Fedora on MIPS CPUs, Solus offers daily builds, Ubuntu migrating to Snappy|
|• Issue 616 (2015-06-29): MidnightBSD 0.6, openSUSE's "42", encryption added to the ext4 file system, FreeBSD on a Raspberry Pi|
|• Issue 615 (2015-06-22): Raspbian 2015, Fedora works around Intel driver issue, openSUSE adopts GCC 5, frozen desktop while copying files|
|• Issue 614 (2015-06-15): Chromixium OS 1.0, Debian 8.1 released, OpenBSD running in the cloud, sudo myths|
|• Issue 613 (2015-06-08): Fedora 22, Cinnamon 2.6 released, FreeBSD's history, working around Secure Boot|
|• Issue 612 (2015-06-01): Manjaro OpenRC, Debian, Devuan and systemd, Fedora 22 released, Mandriva closes its doors|
|• Issue 611 (2015-05-25): Kubuntu 15.04, openSUSE adopts Plasma 5, Ubuntu's Snappy, words from Debian's Neil McGovern|
|• Issue 610 (2015-05-18): NethServer 6.6, interview with Neil McGovern, CentOS supports AArach64, Foresight discontinued|
|• Issue 609 (2015-05-11): OpenIndiana 2015.03, LXLE 14.04, PC-BSD Current, creating ISO images, Ask A Leader with Peter Ganten|
|• Issue 608 (2015-05-04): Debian 8.0, Bodhi forks Enlightenment, new Debian GNU/Hurd release, distribution release frequency|
|• Issue 607 (2015-04-27): Ubuntu 15.04, Chapeau 21, Debian 8.0 features, Fedora 22 Beta details|
|• Issue 606 (2015-04-20): Linux Mint 2 "LMDE", Matthew Miller, Debian's new Project Leader, Evolve OS name change|
|• Issue 605 (2015-04-13): SuperX 3.0, HAMMER2 features, Linux 4.0, Vince Pooley, Google Code closing|
|• Issue 604 (2015-04-06): Void 20150221, Haiku's commercial partners, Debian release date, Tumbleweed features|
|• Issue 603 (2015-03-30): Tails 1.3, LibreOffice Online, Linux Firewalls book review, Kubuntu with Plasma 5|
|• Issue 602 (2015-03-23): Bodhi Linux 3.0.0, distro popularity, OpenBSD's new web server, GNU Manifesto turns 30|
|• Issue 601 (2015-03-16): Ubuntu MATE 14.10, modern distros for old hardware, AppArmor in Debian, Fedora 22 Alpha|
|• Issue 600 (2015-03-09): Korora 21, distro diversity, Ubuntu gets systemd, PC-BSD security features|
|• Issue 599 (2015-03-02): Sabayon 15.02, creating good passwords, new YaST modules, LMDE preview
|• Issue 598 (2015-02-23): Netrunner 14.1, Vivaldi web browser, Debian election, Cinnamon improvements|
|• Issue 597 (2015-02-16): MakuluLinux MCDE 2.0, Ubuntu phones launch, m0n0wall ceases development, live Linux updates|
|• Issue 596 (2015-02-09): ArchBSD 2014.09.04, encrypted e-mail, Fedora upgrade stats, FreeBSD's support policy|
|• Issue 595 (2015-02-02): ExTiX 15.1, Destroying encrypted data, openSUSE election, OSDisc statistics|
|• Issue 594 (2015-01-26): KaOS 2014.12, Commercial distros, Snappy Ubuntu, PackageKit fixes|
|• Issue 593 (2015-01-19): ReactOS 0.3.17, Unity on Mir, Bluetooth support, openSUSE election|
|• Issue 592 (2015-01-12): Mint 17.1, load averages, binary logs, GNOME Software|
|• Issue 591 (2015-01-05): Manjaro 0.8.11, systemd, Devuan, Torrent Corner|
|• Issue 590 (2014-12-22): Fedora 21, Ubuntu phone, expanding ZFS storage, Able2Extract|
|• Issue 589 (2014-12-15): Parsix 7.0, Ubuntu "Snappy", PC-BSD upgrades, How Linux Works|
|• Issue 588 (2014-12-08): PC-BSD 10.2, rolling-release Ubuntu GNOME, Bitrig, systemd|
|• Issue 587 (2014-12-01): Trisquel 7.0, Kubuntu 14.10 "Plasma5", FreeBSD on 64-bit ARM, Jolla and UbuTab|
|• Issue 586 (2014-11-24): Scientific Linux 7.0, Debian and systemd, Ubuntu MATE, application-level firewalls|
|• Issue 585 (2014-11-17): openSUSE 13.2, PC-BSD's "roles", MATE + Compiz on Mint, cleaning package cache|
|• Issue 584 (2014-11-10): OpenMandriva 2014.1, Debian freeze, trickle, systemd and boot times|
|• Issue 583 (2014-11-03): Ubuntu 14.10, ownCloud, Kylin interview, The Book of PF, Elive's commercial ways|
|• Issue 582 (2014-10-27): GhostBSD 4.0, Tumbleweed and Factory merge, systemd and fork of Debian|
|• Issue 581 (2014-10-20): SparkyLinux 3.5, Fedora's graphics stack, Debian and systemd, OpenBSD 5.6|
|• Issue 580 (2014-10-13): Rolling releases, Arch as best distro, GNOME on Wayland, MINIX 3.3.0|
|• Issue 579 (2014-10-06): PC-BSD 10.0.3, Debian's Jessie freeze, setting up home server|
|• Issue 578 (2014-09-29): Calculate 14, Debian's default desktop, Shellshock vulnerability, practical Tiny Core|
|• Issue 577 (2014-09-22): SymphonyOS 14.1, FreeBSD drops pkg_add, MINIX on ARM, GNU screen|
|• Issue 576 (2014-09-15): PCLinuxOS 2014.08, Mint's documentation, Debian's hardware database, CDE|
|• Issue 575 (2014-09-08): Porteus 3.0.1, Fedora's blivet-gui, Red Hat's Docker, systemd|
|• Issue 574 (2014-09-01): Ubuntu Kylin 14.04, Haiku and Linux kernel, Wayland support, Lumina, Bash completion|
|• Issue 573 (2014-08-25): SolydXK 201407, VPN gateway with FreeBSD, Ubuntu MATE, Raspbian, trusting binary packages|
|• Issue 572 (2014-08-18): ZFSguru 10.1, Fedora's Flock, beta installer for "Jessie", Ubuntu Core, rolling releases|
|• Issue 571 (2014-08-11): HandyLinux 1.6, LMDE update, default desktop in "Jessie", running out of disk space|
|• Issue 570 (2014-08-04): Neptune 4, Kubuntu's KDE Plasma 5, FreeBSD and UEFI, Linux servers|
|• Issue 569 (2014-07-28): Deepin 2014, Ask Fedora, Gentoo and LibreSSL, encrypted package downloads|
|• Full list of all issues|