| DistroWatch Weekly
|DistroWatch Weekly, Issue 321, 21 September 2009
Welcome to this year's 38th issue of DistroWatch Weekly! Computer security has been a hot topic of discussion on these pages in recent weeks. As a result, Caitlyn Martin has embarked upon writing a series of articles covering the basics of computer and Internet security, starting today with part one - user authentication. In the news section, the openSUSE user community launches an initiative to build an enterprise-level distribution with long-term security support, Mark Shuttleworth announces the code name for Ubuntu 10.04, Clement Lefebvre reveals some early information about the improvements in Linux Mint 8 "Helena", and OpenBSD delays the planned October release by a month over a CD manufacturing error. Finally, don't miss the New Distributions section which includes some interesting new additions to the waiting list, including a new Slackware-based desktop distribution called Salix OS. Happy reading!
Listen to the Podcast edition of this week's DistroWatch Weekly in OGG (40MB) and MP3 (38MB) formats
Join us at irc.freenode.net #distrowatch
|Feature Story (by Caitlyn Martin)
Linux Security Basics, Part 1: Authentication
There have been a number of discussions, some of them fairly heated, about system security in the comments section of DistroWatch Weekly (DWW) over the last couple of months. Some have even argued against what most would consider basic Linux security. As a result I received a number of requests to write an article covering Linux security basics, complete with references. There are, of course, entire books written on Linux security and as I began writing, it became clear that one article just wouldn't do the subject justice. Consider this week's feature to be a starting point for a small, intermittent series of articles about Linux security.
I have limited the scope of this article and any future DistroWatch features on security to what makes sense to the home or small office user or, in other words, environments with just a handful of systems and users. Most of what follows can be applied to BSD, OpenSolaris, or indeed any UNIX or UNIX-like operating system, though the file names, specific commands and syntax may be somewhat different. To keep things simple I'm going to stick with Linux systems.
Before I get into describing basic Linux authentication, the recent discussions made it abundantly clear that I need to first define what I mean by security. I also have to answer the most basic question which is why we need to bother with security at all. Some DWW readers claim to have all but ignored security without a single problem for many years. Those claims are undoubtedly true. That doesn't mean the potential for real problems isn't present. Kurt Seifried, in his Linux Administrator's Security Guide, writes: "You only need to make one mistake or leave one flaw available for an attacker to get in. This, of course, means that most sites will eventually be broken into." He adds: "All technical security measures will eventually fail or be vulnerable to an attacker. This is why you must have multiple layers of protection."
The book, Practical UNIX and Internet Security, gives a very simple, straightforward definition of security: "A computer is secure if you can depend on it and its software to behave as you expect." There are many more technical and detailed definitions out there but that one line really does sum it up. If someone makes uninvited use of your system(s) for their own purposes without your consent, that definition is no longer met. Uninvited use can be by a friend or family member who means no harm, a co-worker, or a stranger halfway around the world.
When I talk about security, one of the questions I am frequently asked is why anyone would want to target a home or small business system. Last week Linux Pro Magazine Online published a report describing some 100 poorly secured Linux servers in Russia used as part of a botnet to distribute malware to Windows systems. Keep in mind that many home desktop systems are more powerful than servers of just a few years ago. When you combine the horsepower in today's hardware with the persistent high speed broadband connections many of us now enjoy and you can see how almost any system can be an inviting target.
Accounts and passwords
The first and simplest line of defense is a password. In his book, Securing & Optimizing Linux: The Ultimate Solution, Gerhard Mourani writes: "Many people keep their valuable information and files on a computer, and the only thing preventing others from seeing it is the eight-character string called a password. An unbreakable password, contrary to popular belief, does not exist. Given time and resources all passwords can be guessed either by social engineering or brute force." Some Linux users go even farther, running distributions which have either no password or a well-known and published password on a privileged or root account. This is tantamount to putting out a welcome mat for anyone and everyone who wishes to access your system provided they have physical access. A vulnerability in a service which communicates across the Internet can effectively leave such a system open to literally anyone who is aware of both the flaw and the password. Kurt Seifried, writing about insecure defaults of all sorts, not just passwords, states: "This is one of the problems that have caused no end of security problems since day one."
Mourani lists four basic rules for a good password. Three of them do apply even to home and SOHO systems:
Every major Linux distribution has tools to enforce strong passwords and password aging. Many users don't use them because a long, non-trivial password which changes periodically is inconvenient. Security, by nature, is inconvenient. It is up to each of us to decide how much inconvenience is worth putting up with to have a secure system.
- They should be at least six characters in length, preferably eight characters, with at least one numeral and one special character.
- They must not be trivial; a trivial password is one that is easy to guess and is usually based on the user's name, family, occupation, or some other personal characteristic.
- They should have an aging period, requiring a new password to be chosen within a specific time frame.
The root account (a.k.a the superuser account) is the one account on each and every *nix system which generally has absolutely no restrictions placed on it. Root can do anything. For this reason it is generally recommended to not login and run as root unless it's absolutely necessary.
The first person not running as root protects you from is yourself. I did six weeks of work for a local bank prior to a merger. One of their professional system administrators, a man with years of experience, wrote a script to clean up old files on a server. For obvious reasons it had to run as root. He made a minor syntax error in the script which caused it to run from the root file system rather than one of the file systems where it was supposed to run. To make matters worse he ignored the proper change control procedures because he thought this was trivial maintenance. The script ran overnight and dutifully began removing large parts of the operating system that were older that the date set in his script, effectively wiping out a production server. The point of the story is that even seasoned professionals make mistakes, sometimes with disastrous consequences. If you're running as root you can easily, accidentally do damage to your system without warning. This is why some Linux distributions, e.g. Ubuntu, don't permit root logins by default.
It should go without saying that strong password rules should be applied to the root account first and foremost. If remote root access is permitted, either by design or because of a security vulnerability, a strong password may delay an intrusion long enough to be detected and prevented. There have also been a number of Internet applications, including web browsers, which have had vulnerabilities that effectively allow remote access as the user running the application. If that user is root these security flaws become far more dangerous. This is why some Linux applications have very tersely worded warnings about running them as root.
Every Linux distribution, even the most minimal, has tools to allow the temporary granting of root privileges to an ordinary user. The most common are su, short for "switch user", and sudo, short for "superuser do". The sudo command offers the ability to log what you are doing as root. It also provides the simplest means for doling out a subset of root privileges to someone who needs to do specific tasks which require root privileges but does not need full and absolute control of a system, making it ideal for small business networks. A detailed HOWTO covering both su and sudo will be coming to DWW soon.
Basic Linux authentication: how it works
On any modern Linux system there are three files that provide the most basic level of authentication for the local system:
Every user on the system has a unique user ID (UID), a number, associated with their username. (NOTE: It is possible to assign two usernames to a single UID, effectively creating a single account with two names which can be used to login.) Each user belongs to at least one group of users and each group has a unique group ID (GID) associated with the group name.
The /etc/passwd file is a plain text file. It can be edited with any text editor run as root. It contains seven fields for each user, separated by colons:
The default shell is particularly important for system accounts. Many system tools and some applications require their own user account to run properly. However, you wouldn't want someone to actually be able to login as that task. In this case a dummy shell, typically /bin/false, is used. If there is no valid shell the user can't login.
- the username
- a lowercase x (usually)
- the user ID (UID)
- the user's default group
- the user's full name and, optionally, additional plain text info about the user
- the user's home directory
- the user's default shell
In the dim and distant past the /etc/passwd file also contained the users' passwords in plain text. As networks grew it became clear that some sort of secure way of storing passwords that wasn't human readable was an absolute must and, as usual, it was a security incident that convinced someone of the need. In 1987 Julianne Haugh experienced a break-in and wrote the original Shadow Password Suite, which originally contained the login, passwd, and su commands. Shadow passwords have been included in Linux since 1992 and the suite has grown to 30 commands.
The basic concept of shadowing is easy to understand. I'll quote Seifried again: "For many years the solution has been quite simple and effective, simply hash the passwords, and store the hash, when a user needs to authenticate take the password they enter it, hash it, and if it matches then it was obviously the same password." Over time the computing power grew and it became easier to crack even hashed passwords so Linux and other UNIX systems moved to stronger encryption systems, most commonly MD5. In addition to the username and hashed password, /etc/shadow also contains password aging information.
Using chage to setup password aging
All the major Linux distributions have graphical tools which front end the Shadow Password Suite. However, if you're running a more minimal distribution or if you'd like to manage password aging from the command line on an existing account, the easiest way to do it is with the chage command. At its simplest you can set a period of time after which the password must be changed. For example, if I want to force a user (yes, even myself) to change their password every 90 days I can do it with the command:
chage -m 90 user
where "user" is replaced with the actual user name. It's a lot friendlier to also set a warning with the -W option. Let's say I wanted a 5-day warning before the password actually expires. The command would then be:
chage -m 90 -W 5 user
Any user can check when their password expires with the command:
chage -l user
Pluggable Authentication Modules (PAM)
PAM is something that mostly applies to larger networks but since it is enabled by default as part of the authentication process on many major Linux distributions, it deserves a mention here. On larger networks there are a number of systems (NIS, NIS+ and LDAP, for example) that are used to allow a user to use one account to log onto many systems. There are also more advanced security systems which allow passwords to be changed minute by minute. In many enterprise networks someone who needs access to secure systems is issued a key fob with a small LCD or LED screen which displays the password of the moment. What PAM does is allow administrators to set up rules for how each type of authentication is handled and allows multiple authentication methods to be used and managed in one place. An example of a rule may be one which allows a class of users to only login during certain hours.
OK, so what does this have to do with a home user? Well, if you're running Debian GNU/Linux, Red Hat/Fedora, SUSE Linux Enterprise or many of the distros based on one of those three then PAM is enabled by default on your system and it certainly is possible for you to use it to setup rules for given systems in even a small network. Slackware, on the other hand, doesn't include PAM at all though some Slackware derivatives, notably Zenwalk Linux, do. A slightly dated PAM manual from Red Hat can be found here.
One good use for PAM on home or small business networks is strong password enforcement. PAM includes a module which uses CrackLib to determine if a password is "strong enough". What "strong enough" means on your system(s) is entirely configurable. Some distributions, including Red Hat Enterprise Linux and its clones, including Oracle Enterprise Linux, CentOS and Scientific Linux, enable the pam-cracklib module by default.
In upcoming parts of this series we'll look at basic steps you can take to keep your server secure by limiting which services are running and access to services that need to run. We'll look at network ports, how to tell which are open and which are closed, and how to close ones which aren't needed. We'll look at Linux file system security, covering everything from permissions to encryption. We'll look at the firewall included in the Linux kernel and how to use it and, as promised, we'll cover how to dole out root privileges safely. Finally, we'll end with a primer on system logs and how to determine if you've had an unwanted visitor.
|Miscellaneous News (by Chris Smart)
openSUSE community ponders a CentOS-like enterprise distribution, Ubuntu announces code name for 10.04, Linux Mint hints at improvements in "Helena", OpenBSD delays release over CD manufacturing fault
Leading the news this week is a story about plans among the community to create a long-term supported variant of openSUSE, specifically with servers in mind. Recently Novell announced that it has shortened the support life of the distro further from two years down to just eighteen months. This might help to ease the workload for Novell employees but it means more work for the end users who will now need to upgrade more often. Commercial offerings from the company are, on the other hand, maintained and supported for five to seven years, but will small businesses switch from the free openSUSE to costly SLES with support contracts? Boyd Lynn Gerber doesn't necessary think so and suggested a number of options to combat this problem. Two such options would be to extend support for openSUSE products, in effect creating an openSUSE LTS edition, or a new fork entirely based off the SLES source code à la, openSLES. The latter idea would be similar to CentOS, which builds a new binary distro from the source code of Red Hat Enterprise Linux. Would such a distro be of interest to the wider community and would it hurt or hinder Novell?
Elsewhere in openSUSE land, TuxRadar has published an interview with the project's Program Manager, Andreas Jaegar. The team discusses the distro's new eight month release cycle and asks Jaegar what his favourite features are in the upcoming 11.2 release. A web interface for YaST is one such feature which might see an introduction shortly. He writes: "WebYAST is AJAXy. It's still in its infancy... We might use one or two of its modules in 11.2." TuxRadar also asked whether we might see Con Kolivas' new scheduler in openSUSE, to which Jaegar replied: "Instead of a subjective feeling that it's better, get some numbers to see. And if it's good, we have the openSUSE Build Service - anyone can take our kernel and apply a patch on top of it. But at the moment it's too experimental and unknown." He also discusses the move to KDE as the default desktop, remix versions of the distro thanks to SUSE Studio, working more closely with Red Hat to create more portable RPM files, and more.
* * * * *
It's time again to find out what release of Ubuntu +1 (version 10.04), will be called. According to this blog post by Lisa Hoover, Ubuntu founder Mark Shuttleworth made the announcement at the Atlanta Linux Fest, revealing that the code name of Ubuntu 10.04 will be "Lucid Lynx" (here is the video announcing the new name). The upcoming 9.10 release will be, of course, "Karmic Koala", which builds further on the distro's technology, especially in the cloud. The first version for 2010 will be a long-term support (LTS) release, which are generally less cutting-edge. It's good timing because what Ubuntu needs now is more polish. The One Hundred Paper Cuts project is doing a great job sorting out these small niggling issues, but to compete with Apple's OS X for consumer's money (one of Mark Shuttleworth's primary goals for the distro) still needs work. The release therefore, is aptly named, as it will hopefully indeed be lucid - easily understood and completely intelligible. If Canonical can get it right, it might be the final push companies need to ditch Windows and put Ubuntu on their mainstream consumer products.
* * * * *
The founder of Linux Mint, Clement Lefebvre, has posted an update on what he's been working on recently. He walks through some changes for the upcoming "Helena release", including the renaming of various Mint tools to more useful names, such as "Software Manager" over "mintInstall." He also cites improvements to the installation and removing of packages: "When an application is listed, mintInstall now queries APT to find out whether it's installed on the system and what versions are installed and/or available. This process is almost immediate and doesn't impact the responsiveness. This basically means that, looking at an application, you'll be able to see if it's already installed or not, you'll be able to see its version and you'll be able to install it but also to remove it from mintInstall." The refresh button is also being removed in order to ease the load on Linux Mint servers and some improvements to the interface are coming, including optimisation for the smaller screen size on netbooks.
* * * * *
Finally, it looks like the next release of OpenBSD will be delayed by one month. Theo de Raadt, the project's founder and lead developer, says that the reason for the delay is a problem with CD manufacturing at a third-party manufacturing facility: "They have had serious CD production problems. Because everything in CD manufacturing is so ridiculously outsourced, all I know is that the plant which was used this time (Q Media Services Corporation in Vancouver) has made about six faulty CD pressings in a row." Hopefully there will not be any further delays as the tree was frozen rather early and large numbers of OpenBSD fans have pre-ordered discs. It can be painful waiting for the new version of your favourite operating system to arrive, but no doubt it is better to receive belated media which work, rather than some which are timely but faulty!
|Released Last Week
François Dupoux has released SystemRescueCd 1.3.0, a Gentoo-based live CD designed for administering or repairing an operating system and data after a crash. What's new in version 1.3.0? "Updated the standard kernels to Linux kernel 2.6.31; updated FSArchiver to 0.5.9 (better NTFS support); updated NTFS-3G to version 2009.4.4 AR17 (NTFS-3G advanced release); updated e2fsprogs to 1.41.9 (ext2, ext3, ext4 file system tools); Linux kernel 2.6.31 and btrfs-progs 0.19 are using a new btrfs format; added gdisk 0.3.1 (gdisk is a GPT partition table manipulator); updated the Xfce desktop environment to version 4.6.1; updated Python to version 2.6.2; updated Mozilla Firefox to version 3.5.2." Read the complete changelog for further details.
Oracle Enterprise Linux 5 Update 4
Oracle has announced the release of Oracle Enterprise Linux 5 Update 4, an enterprise-level distribution based on Red Hat Enterprise Linux 5.4: "Oracle is pleased to announce the general availability of Enterprise Linux Release 5 Update 4 for x86 (32-bit) and x86_64 (64-bit) architectures. This update includes the following kernel/driver changes: bug fixes added by Oracle - check to see if hypervisor supports memory reservation change, add Entropy support to IGB, add Xen pv/bonding netconsole support, shrink zone patch, fix aacraid not to reset during kexec, fix failure of file creation from hpux client; fixes and additions from the upstream distribution provider - a new tunable parameter has been added to the kernel, allowing system administrators to change the maximum number of modified pages kupdate writes to disk...." Read the rest of the release announcement for a complete technical changelog.
Muayyad Al-Sadi has announced the release of Ojuba 3, a Fedora-based distribution with Islamic utilities and support for Arabic: "We are proud to announce the release of Ojuba 3. This release comes in two forms: a live DVD/USB and an installation DVD which can be used to upgrade from a previous release. The installation DVD contains packages and serves as a repository for offline installation of packages. It includes GNOME 2.26, KDE 4.3.1, Xfce 4.6.1, LXDE. Features: Ojuba control center, original artwork, Quran browser and Thwab library, many Arabic and Islamic books like Sunan and classical dictionaries, prayer time reminder, Monajat supplications, Hijri calendar, Sun JRE, multimedia support, mlterm with support for Arabic. This release is based on Fedora 11 and it includes fast boot, ext4 support, fingerprint login...." Here is the full release announcement with several screenshots.
Ojuba 3 - a Fedora-based distribution with complete support for Arabic
(full image size: 708kB, screen resolution 1280x800 pixels)
DragonFly BSD 2.4
Matthew Dillon has announced the release of DragonFly BSD 2.4, a general-purpose operating system originally forked from FreeBSD 4.x: "The DragonFly 2.4 release is here! Three release options are now available: a bare-bones CD image, a DVD image which includes a fully operational X environment, and a bare-bones bootable USB disk-key image. In addition we will for the first time be shipping a 64-bit ISO image. 64-bit support is stable but there will only be limited 'pkgsrc' support in this release. DragonFly BSD 2.4 is a bigger release than normal. The single most invasive change is the introduction of DEVFS. The /dev file system is now mounted by the kernel after it mounts the root file system. All major and minor numbers have changed and the old /dev is no longer meaningful." Read the detailed release announcement for a complete list of changes and upgrade notes.
Puppy Linux 4.3
Barry Kauler has announced the release of Puppy Linux 4.3: "Puppy Linux version 4.3 released. Highlights: Linux kernel 126.96.36.199 configured for SMP (multi-processor) systems, with support for the ext4 file system and patched for Aufs2; Internet by dial-up - the kernel has drivers for many modems, including Agere, ESS, Lucent, Conexant, SmartLink, PCTEL and Intel chipsets; Pstreamvid - a great GUI for playing Internet TV; JWM theme maker; Psync - synchronises the clock to an Internet time server; SQLiteManager - a front-end for SQLite and an add-on to SeaMonkey; Hiawatha - a very small and extremely secure web server to serve CUPS, PPLOG and QUISP pages; a screenshot utility based on mtPaint, but with a very basic GUI; Pmirrorget for downloading a complete web site...." Read the detailed release announcement for a complete list of changes and new features.
Puppy Linux 4.3 - a major update of the popular mini-distribution
(full image size: 680kB, screen resolution 1280x1024 pixels)
Parted Magic 4.5
Patrick Verner has released Parted Magic 4.5, a small Linux live CD designed primarily as a hard disk partitioning utility: "This new version of Parted Magic updates the graphical server X.Org, expands networking, improves RAM usage, and fixes some bugs. To combat some of the problems associated with the newer versions of X.Org and Intel chipsets, Parted Magic offers driver versions intel-2.4.1, intel-2.5.1, intel-2.6.3, intel-2.7.1 as boot options. There is a new PPPoE option added to the 'Start Network' program. RAM usage has been significantly reduced for the 'Default settings (Runs from RAM)' and 'Live with low RAM settings' boot options. The default option only requires 192 MB, from 256 MB in version 4.4, to completely run Parted Magic from RAM. The biggest gain was with the low RAM option because that now only requires 48 MB to run." Visit the project's home page to read the release announcement.
* * * * *
Development, unannounced and minor bug-fix releases
|Upcoming Releases and Announcements
Summary of expected upcoming releases
New distributions added to database
- eBox Platform. eBox Platform is a unified network server that offers easy and efficient computer network administration for small and medium-size businesses. It can act as a gateway, an infrastructure manager, a unified threat manager, an office server, a unified communication server or a combination of them. These functionalities are tightly integrated, automating most tasks, avoiding mistakes and saving time for system administrators. eBox Platform is released under the GNU General Public License (GPL) and runs on top of Ubuntu.
* * * * *
New distributions added to waiting list
* * * * *
DistroWatch database summary
* * * * *
And this concludes the latest issue of DistroWatch Weekly. The next instalment will be published on Monday, 28 September 2009.
Caitlyn Martin, Chris Smart and Ladislav Bodnar
If you've enjoyed this week's issue of DistroWatch Weekly, please consider sending us a tip.
(Tips this week: 0, value: US$0.00)
|• Issue 684 (2016-10-24): Ubuntu 16.10, Linux popularity in different markets, Fedora runs on Raspberry Pi, Ubuntu features live kernel patching|
|• Issue 683 (2016-10-17): Refracta 8.0, making packages for distributions, Alpine switches to LibreSSL, 386BSD website publishes classic code|
|• Issue 682 (2016-10-10): KDE neon 20160915, Android-x86 6.0, Fedora warns of update bug, HandyLinux drops English translation, LXQt benchmarks|
|• Issue 681 (2016-10-03): OpenBSD 6.0, DragonFly BSD to support LibreSSL in ports, systemd denial of service bug, upgraded Mintbox Mini|
|• Issue 680 (2016-09-26): Uruk GNU/Linux 1.0, blocking applications at the firewall, Lenovo controversy, Ubuntu running on the Nextcloud Box|
|• Issue 679 (2016-09-19): OpenMandriva 3.0, 32-bit vs 64-bit performance, openSUSE updates, KaOS unveils first run wizard|
|• Issue 678 (2016-09-12): Apricity 07.2016, Mageia adopts DNF, KDE neon to use Wayland, FreeBSD updates Linux compatibility, creating cron jobs|
|• Issue 677 (2016-09-05): Peppermint OS 7, Manjaro updates leadership, TrueOS becomes rolling release, organizing files, creating torrents|
|• Issue 676 (2016-08-29): Korora 24, Fedora 25 to use Wayland by default, Linux turns 25, PC-BSD becomes TrueOS, finding software licensing information|
|• Issue 675 (2016-08-22): Gentoo LiveDVD "Choice Edition", moreutils, Ubuntu improves terminal convergence, MATE packaged for Openindiana, FreeBSD improves video support|
|• Issue 674 (2016-08-15): Zenwalk Linux 8.0, Ubuntu phone follow-up, Lubuntu transitioning to LXQt, Steam running on FreeBSD|
|• Issue 673 (2016-08-03): noop linux and EasyNAS, Debian's GnuPG switch, Fedora "Flock", using "nice"|
|• Issue 672 (2016-08-01): Ubuntu Phone 15.04, Solus embraces rolling release model, interview with Jane Silber, FreeBSD Quarterly Report|
|• Issue 671 (2016-07-25): Slackware 14.2, Point Linux 3.2, OpenBSD disables usermount, KaOS releases significant changes, Fedora 22 reaches end of life.|
|• Issue 670 (2016-07-18): Linux Lite 3.0, Bodhi team plans 4.0.0, pfSense changes licensing, running software across distributions, Linux Mint upgrade path|
|• Issue 669 (2016-07-11): Linux Mint 18, proving a system is secure, LibreSSL in FreeBSD, Ubuntu plans phasing out 32-bit, pfSense status report|
|• Issue 668 (2016-07-04): Fedora 24, Linux Mint plans for 18.1, FreeBSD and DragonFly BSD improve their file systems, comparing Flatpak, Snap and AppImage|
|• Issue 667 (2016-06-27): GeckoLinux 421, Fedora supports Flatpak, Solus unveils new features, running GNU/Linux on tablets|
|• Issue 666 (2016-06-20): Comparing more live update methods, Ubuntu's snap packages, Antergos drops 32-bit media, GeckoLinux unveils Rolling edition, learning Linux resources|
|• Issue 665 (2016-06-13): BunsenLabs Linux Hydrogen, Fedora 24 delayed, NetBSD grows in size, Clonezilla questions|
|• Issue 664 (2016-06-06): Sabayon 16.05, Debian updates install media, the cost of free software, Qubes explains secure build process|
|• Issue 663 (2016-05-30): Comparing live update methods, Ubuntu MATE's progress, distros debate systemd change, DistroWatch turns 15|
|• Issue 662 (2016-05-23): Clonezilla Live, new Fedora community repository, DragonFlyBSD runs Wayland, a live edition of Slackware and kernel components|
|• Issue 661 (2016-05-16): FreeBSD 10.3, OpenMandriva adopts Clang, Debian adds ZFS packages, PCLinuxOS drops 32-bit and comparing CentOS with RHEL|
|• Issue 660 (2016-05-09): Ubuntu MATE 16.04, Mint's xapps, FreeBSD Quarterly Report, Debian updates 32-bit support, addressing GPL violations|
|• Issue 659 (2016-05-02): Ubuntu 16.04, compiling custom kernels, Cinnamon 3.0, Sabayon launches ARM build, Devuan ships Beta release|
|• Issue 658 (2016-04-25): Kali Linux 2016.1, elementary OS 0.3.2, Debian elects Project Leader, Fedora 24 feature preview, Nard reaches 1.0|
|• Issue 657 (2016-04-18): Redox, Linux Mint improves update manager, planned Fedora 24 features, Ubuntu 16.04 getting Snappy packages|
|• Issue 656 (2016-04-11): Qubes OS 3.1, Whonix offers bug bounties, Puppy's family tree, setting up disk partitions and running bash on Windows|
|• Issue 655 (2016-04-04): Parsix 8.5, Sabayon's Community repository, Red Hat offers free subscriptions, Ubuntu tablets, command line tips|
|• Issue 654 (2016-03-28): PCLinuxOS 2016.03, Using signatures to create a web of trust, Arch Linux rolls out Pacman update, GuixSD packages GNOME|
|• Issue 653 (2016-03-21): Antergos 2016.02.21, Debian prepares for election, a Unix-like OS written in Rust, watching Netflix on FreeBSD|
|• Issue 652 (2016-03-14): ReactOS 0.4.0, Debian swaps Iceweasel for Firefox, Fedora moving forward with Wayland, Verifying ISO files|
|• Issue 651 (2016-03-07): Korora 23, Linux Mint improves security, Ubuntu MATE on Raspberry Pi 3 computers, trying different file systems|
|• Issue 650 (2016-02-29): Haiku in 2016, running Android apps on GNU/Linux, 30 years of MINIX, Fedora plans Atomic Workstation|
|• Issue 649 (2016-02-22): Zorin OS 11, openSUSE launches new editions, Linux Mint website compromised, sandboxing applications using Firejail|
|• Issue 648 (2016-02-15): XStream Desktop 153, Raspbian unveils OpenGL feature, free hardware, Ikey Doherty talks desktop design|
|• Issue 647 (2016-02-08): Tails 2.0, KDE project launches Neon, Manjaro unveils ARM support, FreeBSD's quarterly report|
|• Issue 646 (2016-02-01): deepin 15, Mint plans X-Apps, FreeBSD to support boot environments, logging into the desktop as root|
|• Issue 645 (2016-01-25): Linux Mint 17.3 "Xfce", Chromixium changes its name, Ubuntu tablets coming soon, Linux vs BSD comparision|
|• Issue 644 (2016-01-18): Kwort 4.3, Sabayon tests ARM images, Slackware adopts PulseAudio, running Linux without GNU software|
|• Issue 643 (2016-01-11): Solus 1.0, Mint provide upgrade path to 17.3, Fedora developers work on stability, running the LXQt desktop|
|• Issue 642 (2016-01-04): paldo GNU/Linux, vetting distro repositories, Fedora plans to adopt GCC 6, Ian Murdock passes|
|• Issue 641 (2015-12-21): Arch Linux, Qubes OS to ship on Librem laptops, ALT offers start kit images, the spread of systemd and launchd|
|• Issue 640 (2015-12-14): Chakra GNU/Linux 2015.11, removing meta-data from files, Ubuntu to remove on-line dash searches|
|• Issue 639 (2015-12-07): OpenBSD 5.8, openSUSE gathers Summer of Code proposals, running WINE on a live disc, Enlightenment adds Wayland support|
|• Issue 638 (2015-11-30): Qubes OS 3.0, KaOS with Plasma, NetBSD 7.0, Fedora seeks Wayland testers, scheduling tasks|
|• Issue 637 (2015-11-23): NixOS 15.09, Antergos introduces ZFS support, MINIX shares new features, copying an OS to a new computer|
|• Issue 636 (2015-11-16): openSUSE 42.1, Fedora uses Wayland by default, Debian replaces live CD project, Steam consoles launch|
|• Issue 635 (2015-11-09): Fedora 23, Cinnamon 2.8 released, a Fedora KDE packager quits, Red Hat signs deal with Microsoft|
|• Issue 634 (2015-11-02): Ubuntu 15.10, Chakra upgrades to Plasma 5, OpenMandriva plans new editions, MINIX plans conference|
|• Issue 633 (2015-10-26): GhostBSD 10.1, Bodhi Linux to get new settings panel, Fedora 23 delayed, creating live image of existing OS|
|• Issue 632 (2015-10-19): Linux Lite 2.6, 32-bit build of CentOS, OpenBSD turns 20, Bodhi Linux releases AppPack|
|• Full list of all issues|