| DistroWatch Weekly
|DistroWatch Weekly, Issue 424, 26 September 2011
Welcome to this year's 39th issue of DistroWatch Weekly! Chakra GNU/Linux is a rapidly evolving distribution, especially after leaving its Arch roots behind and taking the destiny into its own hands. Jesse Smith takes a look at the project's current stable release to find out whether the developers' recent effort resulted in a better and more bug-free KDE distribution than the previous Chakra releases. In the news section, Debian announces an upcoming point release with a new Linux kernel and added functionality, Fedora and openSUSE delay their beta releases due to unsatisfactory states of their respective development trees, and Gentoo's Donnie Berkholz summarises the current state of the distribution before offering a few glimpses into the future. Also in this issue, a security-related story that wonders about the surprising absence of TLS 1.1 and 1.2 support in Chrome and Firefox, an interview with the maintainer of the relaunched LinuxCounter.net, and a brief look at the state of Wayland integration in Ubuntu. All this and more in this week's issue of DistroWatch Weekly - happy reading!
Join us at irc.freenode.net #distrowatch
|Feature Story (by Jesse Smith)
Hello again, Chakra|
Regular readers of DistroWatch Weekly may recall I reviewed the Chakra GNU/Linux distribution at the beginning of the year. At the time the project was still young and in its early stages -- the website was a bit sparse, the distribution refused to run on my desktop machine and I couldn't get the installer to work. Obviously it was not a good experience, but the developers had clearly labelled the project as being alpha quality software so rough patches were to be expected. Recently I've been hearing that Chakra has evolved and moved beyond alpha status and that the developers have been doing a really good job of putting together a KDE-centric Linux distribution. With praise for the project ringing in my ears I decided to give Chakra, now at version 2011.09, a second try.
Before we get into my latest experience with Chakra I'd like to take a few seconds to explain why I find this project interesting. Part of it is the exclusive focus on KDE, which isn't a particularly common trait in the Linux community, but mostly it's the approach to package management. Chakra is a semi-rolling release distro. Basically this means the base system stays stable for the duration of a release's life cycle, but the end-user applications are continually updated. So, for instance, the kernel and X packages will probably remain frozen and receive only security updates while programs like web browsers will be kept up to date with the latest releases from the upstream project. That's the theory at any rate and it's a concept which has worked well for the BSD community. Chakra was originally derived from Arch Linux, though the Chakra website repeatedly warns against mixing packages from both projects' repositories. The two projects have similarities, but are not designed to be compatible.
When I tried the alpha release of Chakra I found it would work passably well on my laptop (dual-core 2 GHz CPU, 3 GB of RAM, Intel video card), but it refused to run for any significant length of time on my desktop machine (2.5 GHz CPU, 2 GB of RAM, NVIDIA video card). This is still true of the current release, 2011.09. The live disc refused to boot on the desktop machine, but ran flawlessly on my laptop. For the rest of this review my observations will be from running Chakra on the laptop machine.
Booting from the Chakra disc brings up a screen asking us to pick our preferred language from a menu. Then the system brings up a KDE 4.7 environment. On the desktop we find icons for opening a text file containing default passwords, the project's licenses and the system installer. We also have access to icons for pointing the web browser to various parts of the Chakra website, specifically: documentation, bug reports, a donations page and the forum. There's not much software to explore on the live CD so I quickly moved on to the installer.
Chakra GNU/Linux 2011.09 - desktop settings
(full image size: 549kB, screen resolution 1366x768 pixels)
The graphical installer begins by giving us a warning that the software we're using is in development and showing us the release notes. The installer mentions a license agreement screen, but that page isn't actually shown to us. Instead we're asked to pick our time zone from a map of the world and the system tries to guess our preferred language. (If the guess is wrong, we can over-ride the language setting.) We're then given the chance to create user accounts, several if we like, and set login and root password options. The partitioning section of the installer is a bit strange and I found it unintuitive. To divide the disk and assign mount points we are asked to use the KDE Partition Manager. Unfortunately, my first time through, the KDE Partition Manager crashed while I was using it, returning me back to the installer, which refused to proceed. I restarted from the beginning, made it through the partitioning section and, with some trial and error, got the installer to accept my choices. Once we make it through the partitioning screen we can install a boot loader and then we are done. My experience this time was a marked improvement over my previous experiment with the Chakra installer. It's still not what I would call a smooth process, but after a little fumbling around trying to find the right partitioning and mount point options I made it through.
Once I got my local copy of Chakra up and running the first thing I noticed was the desktop was a bit sluggish. I found this was due to desktop search and indexing and, once these features were disabled, performance was noticeably improved. The KDE 4.7 desktop wasn't what I would call light on its feet, but it kept up well enough. What impressed me about Chakra's desktop wasn't the speed, but rather the flexibility. This year we've seen a shift (some might say a split) in desktop styles. On the one side we have the traditional desktop layout as presented by Xfce, GNOME 2 and LXDE. On the other side we're seeing a new look as presented by Unity and GNOME 3. These new styles, which resemble smart phone interfaces, have caused a lot of heat in the open source community. People who like the new interfaces say they're intuitive and attractive to new comers, people who prefer the classic style say the new interfaces require more steps to perform tasks and get in the way. The KDE desktop which ships with Chakra takes the approach of letting the user decide which style they prefer by way of activities.
Back in my openSUSE review I mentioned the activities concept was starting to show promise in KDE 4.6; it has been improved upon. Next to Chakra's application menu there's a button for bringing up the activities menu. There are a few predefined for us and we can switch between these pre-created activities with a single click. One activity gives us the standard KDE desktop with icons in a widget. A second activity gives us the classic look where icons are placed directly on the desktop and there aren't any widgets. A third activity gives us the smart phone treatment, showing a quick-launch bar at the top of the screen with commonly used applications, a search bar where we can bring up programs by name or description and the rest of the desktop is turned into an area for software categories and program icons. In essence this gives each user the ability to have the desktop perform the way they want without need for compatibility modes, logging out or installing multiple GUI environments. I think it's promising that KDE is putting the choice in the user's hands and making it easy for them, all without requiring 3-D support from the video card.
Chakra GNU/Linux 2011.09 - the Search and Launch desktop style
(full image size: 636kB, screen resolution 1366x768 pixels)
There aren't many applications included on the Chakra disc. Mostly we're given standard KDE applications, such as text editors, archive managers, an IRC client and the Konqueror web browser. The KDE System Settings application is included, which allows for a good deal of fine tuning of the interface. The Bangarang media player is included, as are a user account manager, the KGpg privacy & encryption app and the Marble Desktop map viewer. We're given codecs for listening to MP3 files, but I couldn't get common video formats to play. There's no Java available in the default install, but the GNU Compiler Collection is included. The distro does not include a Flash player by default, though such extras are available in the repositories. In the background Chakra includes the 3.0 version of the Linux kernel.
Package management on Chakra is a bit unusual. The distro attempts to remain a pure KDE operating system and, as a result, there are two different types of software management: one for most packages, which works much the same way as package management on other Linux systems; and another for dealing with GTK software, which comes in "bundles". Let's look at the regular package manager first. Chakra provides its own package manager and the application has a busy interface composed of three tabs. The first tab shows us project-related news and some statistics on software packages, such as how many items are currently installed and how many more packages are available in the repositories. At the time of writing the repository lists 2,651 available packages.
The second tab handles adding, removing and upgrading packages and allows us to view software (listed in alphabetical order), search for items by name or filter software by categories. We're also able to filter packages by status (available, installed, upgradeable). This second tab is full of lots of buttons and options, which can take some getting used to. Fortunately the buttons are well labelled so new comers can get an idea of what each control does. The third tab is, I believe, for community contributed content, but during my trial nothing was displayed in the third tab and attempting to refresh the display caused the package manager to crash. The application also allows us to make changes to our repositories. By default Chakra pulls from the project's stable (or stable-ish) repository, but we can enable the Testing repo with a single click if we're feeling brave.
Chakra GNU/Linux 2011.09 - the package manager
(full image size: 269kB, screen resolution 1366x768 pixels)
The bundle manager is more simplistic. We're shown a small window with a list of available bundles (Firefox, Chromium, XChat, Eclipse, etc) in alphabetical order. Next to each item is a download button and one click causes the bundle to download and install. Once a new bundle is added to the system the bundle appears at the top of the window and we can either launch the item or remove it with a click of the mouse. The only issue I ran into with the bundle manager is that clicking the Remove button next to an item doesn't appear to do anything. As it turns out, if we wait long enough, the bundle does get removed, but there's no feedback, confirmation or progress report. Once installed, bundles appear on the application menu and, to the end-user, work the same way as applications installed using the main package manager.
Given the short time that has gone by since I last tried Chakra, I'm impressed with its progress. Almost everything about the distribution has taken several steps forward. The installer, though still a little picky, worked for me. All of my laptop's hardware worked out of the box, though I'm disappointed to note my desktop machine still doesn't get along with Chakra. Personally, I found the package manager and news app to be a bit intense, the developers seem to be trying to squeeze a lot of functionality into one application. It worked for me, but I suspect the busy interface will give novice users pause. The new KDE environment and its flexibility were highlights of this release and I generally like what the developers (of both KDE and Chakra) are doing with the user interface. Letting end-users pick their preferred desktop style is a good move in my opinion.
I only had a week to experiment with this distribution so I can't comment on how well the semi-rolling release style works for balancing stability with cutting-edge software, but I like the concept. All in all Chakra has advanced quite nicely over the last seven months. I do have a few items on my wish list for future releases. I'd like to see the KDE settings default to trimmer, more responsive configuration, rather than have everything enabled out of the box. I think it would also be nice to see a DVD edition with more software, perhaps with VLC, LibreOffice, Firefox and other common apps included. The CD doesn't have much end-user software on it, which is okay, but a "Full" edition would be handy as it would save people from downloading a lot of software post-install. After this trial I feel if the developers continue to iron out the few remaining bugs Chakra is going to be a hard distribution to beat in 2012.
|Miscellaneous News (by Ladislav Bodnar)
Debian readies point release, Fedora and openSUSE beta delays, Ubuntu's Wayland progress, the state of Gentoo
Stable releases of Debian GNU/Linux don't come very often - usually only once every two or three years. Naturally, the developers do keep a watchful eye on any security issues and major bugs in between these major releases and, from time to time, issue a so-called "point" release. In the past these point releases lacked any new features, but the wind of change is blowing strongly across the Debian community and the upcoming point release, version 6.0.3, will have an updated kernel and even new functionality in the form of updated hardware drivers. From the "Upcoming point releases and call for test": "The Debian Project is pleased to announce that the upcoming point releases for Debian 5 'Lenny' and Debian 6 'Squeeze' are scheduled for October 1 and October 8 respectively. Debian 'Squeeze' 6.0.3 will ship updated Linux kernel packages, including bug fixes from the Linux 'longterm' series up to 18.104.22.168, plus updated drivers supporting new Gigabit Ethernet chips from Broadcom, Intel and Realtek. New packages for 32-bit PC, 64-bit PC and PowerPC are already available for installation from the 'stable-proposed-updates' suite. The Debian project invites interested users to test these packages before their release, especially on systems that use the updated drivers."
* * * * *
The much-awaited beta release of Fedora 16, scheduled for later this week, has been delayed by a week - due to "numerous unresolved blockers". Robyn Bergeron announced the disappointing fact on the project's "devel-announce" mailing list: "Late yesterday at the go/no-go meeting it was decided to slip the beta release of Fedora 16 by one week. There are numerous unresolved blockers at this time, resulting in the inability to compose a viable release candidate. As a result, all major milestones, and their dependent tasks, will be pushed out by one week. We will proceed with having the Fedora 16 beta readiness meeting today, 2011-09-22, as previously announced on the Logistics mailing list. We will have another Fedora 16 beta blocker bug meeting this Friday. The adjustments to the Fedora 16 schedule will be done as soon as humanly possible, and published to the wiki page. Thanks for your patience. We will be meeting again next Wednesday for another go/no-go meeting." The final release of Fedora 16 is now scheduled for 8 November 2011, subject to further schedule updates.
* * * * *
Fedora is not the only project that delayed a major milestone release last week. openSUSE too announced a delay in the beta release of version 12.1, with the biggest culprit being Systemd: "Last Friday Stephan Kulow, our openSUSE release manager, started a discussion on the Factory mailing list about show stoppers for the 12.1 beta release scheduled for 2011-09-22. It became clear that Factory still needs some polishing to become a useful beta for large numbers of testers to try out. Particularly, one of the reasons is the challenge relating to the switch to use Systemd by default, which means that it is also the man in construction hat working on pipes used during install and first boot (which have special configuration stuff). And between the timing of last week's openSUSE Conference and next week's planned Hackweek, the Factory team agreed that it was better to take the time to ensure a release that meets the level of quality that our openSUSE distro is known for." Despite the postponement, the final release of openSUSE 12.1 has not been revised, with the target date still 10 November 2011.
* * * * *
Almost a year has gone since Mark Shuttleworth's blog post suggesting a future switch of Ubuntu's Unity desktop to Wayland. Has there been any progress in integrating the OpenGL-based display management system into the distribution or is it just another idea that will be slowly forgotten? The VAR Guy investigates: "Since the Ubuntu Wayland buzz last year, the project has been steadily progressing, and its slow integration into the Ubuntu world has begun. Packages for it exist in Ubuntu 11.04 and 11.10, and a Launchpad PPA (which is currently not public) has been created. So far, though, Wayland currently can't do much. Nonetheless, these proof-of-concept demonstrations show Wayland works, and Canonical seems to remain firmly committed to its adoption when it's mature. It's uncertain when that may be, but it's clear at this point it will not happen in time for the next long-term support (LTS) version of Ubuntu, 12.04. When Wayland finally does arrive, though, it will mean important changes for both users and developers. On the surface, Ubuntu running Wayland won't look very different, as the changes are all on the back end. But the system should feel different -- and, hopefully, faster -- since Wayland's minimalist design promises much greater efficiency than megalithic X, which was not written with the needs of modern desktop computers and mobile devices."
* * * * *
Finally, a link to an excellent article written by Donnie Berkholz, a Gentoo Linux developer and a member of the Gentoo Council. The feature, entitled "The state of Gentoo", touches on many of the current issues the distribution faces, including statistics on developer activity, recently-introduced features, security updates and release strategy: "Gentoo follows a rolling-release model, with constant updates to individual packages showing up hourly, 24 hours a day. Previously, it made releases semi-annually by taking snapshots of its package database, performing lots of QA on them, and creating live CDs — a process that required intensive manual effort. Gentoo then moved to a "rolling release" strategy for its releases by creating weekly automatic builds rather than formal releases. This was a big win in terms of reducing developer effort but came with an unexpected loss of PR for Gentoo. When coupled with the current lack of a weekly or monthly newsletter, Gentoo has nearly disappeared from news sites. It turns out that official releases drive news articles; without a major reason to write about an open-source project, like a release announcement, news sites often ignore it. For that reason, as well as users clamoring for full-featured live DVDs with pretty artwork, Gentoo again started producing DVD releases, with the most recent being 11.2 in August. "
|Security (by Robert Storey)
Beauty and the BEAST: Is TLS 1.0 compromised?
The modern tech world is filled with acronyms: FAQ, USB, HTML, as well as less polite ones like TSHTF, FUBAR, and FOAD. Buried within this alphabet soup is the relatively obscure acronym TLS (Transport Layer Security), successor to the slightly better-known SSL (Secure Sockets Layer). TLS is a protocol that allows client-server applications to communicate over the Internet while preventing eavesdropping and tampering. TLS is built into modern browsers and websites that require encryption. Every time you log on to a site requiring a password, you're using TLS.
The predecessor of TLS, SSL, was developed in ancient times (circa 1995) by Netscape. Version 1.0 was never publicly released, version 2.0 made it into Netscape but was soon found to be flawed. Version 3.0 was considered PDG (pretty damn good), but further refinements caused it to morph into TLS 1.0 (released 1999), very similar to SSL but incompatible with it (thus, the renaming). However, this version of TLS does have the ability to downgrade the encrypted connection to SSL 3.0, a nice feature for backwards compatibility but also a potential weakness.
TLS 1.0 was considered bulletproof, but developers continued to make it bombproof with the release of version 1.1 in 2006, and nukeproof with version 1.2 in 2008. This last version of TLS cannot downgrade its connection to SSL, so backwards compatibility is thrown out the window. One would think that in 2011 we should all be using TLS 1.2 with its nukeproof security, but inertia and incompatibility issues have caused many websites (and browsers) to stick with the tried and tested TLS 1.0 or even SSL 3.0, considered to be "good enough"... until now.
Google says that their fix for Chrome does not require upgrading to TLS 1.1 or 1.2, but will work with the ancient version 1.0 protocol. The advantage of that approach is that websites will not have to upgrade either. Moving to TLS 1.2 - the most secure approach - would break many existing online vendor sites which don't support the new improved version.
There is no word yet about Firefox preparing a fix of its own. Which I find just a bit scary.
For me personally, I'm just a bit flustered to learn that neither Chrome nor Firefox supports TLS 1.1 or 1.2. That's particularly disappointing when you discover that both Internet Explorer and Opera do support these later versions, though it's not turned on by default. But at least you do have the option available. True, website owners are partly to blame for this state of affairs by sticking with TLS 1.0, but one would expect the highly competitive browser industry to be leading the way when it comes to implementing rock-solid security standards.
Since only a small percentage of my online time is spent doing financial transactions, I will probably be content to continuing using Firefox and Chrome for most of what I do. But when it comes to online shopping, I've decided that I will use Opera, with TLS 1.2 turned on. Of course, if the online vendor doesn't support that protocol, it won't really do much good other than to give me a warm, fuzzy feeling. But at least it's a good start.
You can download Opera from the Opera website. Note that this is not an open-source browser, but it is free and available in native Linux and FreeBSD variants. To turn on TLS 1.1 and 1.2, click on the upper-left "Opera" icon and navigate the menus Settings-Preferences-Advanced-Security-Security Protocols.
Theoretically, release of the BEAST should be causing panic in the online shopping and banking industries.
The good news about the BEAST is that it's just a proof-of-concept exploit, and requires considerable time and computing resources to succeed at breaking encryption. However, black hats have proven that they are nothing if not resourceful. The beauty of the BEAST is that if it causes a little bit of panic in security circles, maybe it will provide the needed impetus to make everyone move forward to ultra-secure TLS 1.2 before TSHTF. Panic - that ancient survival instinct - can sometimes be a good thing.
|Interviews (by Jesse Smith)
The new and improved Linux Counter
How many Linux users are there in the world? It's a question that has been raised countless times, yet remains difficult to answer. One of the projects trying to collect data on this subject is the Linux Counter. Though the project has been dormant for several years it is getting a second life thanks to the work of Alexander Mieland. This week Alex was kind enough to tell us a little about himself, the project and his motivation for bringing it back to life.
DW: Can you give us a little background on yourself? Where are you from and how long have you been using Linux?
My name is Alexander Mieland and I was born in Berlin in 1972. I've been using Linux since 1997 and I'm registered in the counter only since 2001. Therefore my counter number is not very low.
DW: The Linux Counter has been dormant for several years. What motivated you to re-launch the project?
I'm a great fan of the good old counter from when I took notice of it. And since I'm also a great fan of everything related to numbers and statistics and calculations, I decided to revive it.
I already tried to create a statistics page related to Gentoo
Linux some years ago (gentoo-stats.org
and the update script named "basc"), but this was not wanted by some Gentoo developers so they simply revived their own statistics project on stats.gentoo.org
that had been dead for some years - in order to just boycott my project. That was the reason why I stopped my gentoo-stats project.
Then I was on counter.li.org
again some months ago, the first time since some years and noticed that the counted number of Linux users was still the same as from my last visit. I repeated my visits and one day I decided to revive the counter. For that I've created the linuxcounter.net
domain and I also created the very basic engine with a neat design (dark, three columns). Maybe a week or two after I started this project, I got the idea to ask Harald [Tveit Alvestrand]
to take over the old project and to revive that one instead of creating a completely new and unknown project. Things came together and here we are. It is now about five weeks since I started to work on a completely new version of the good old counter.
DW: Since you announced the new website, how many people have registered or logged in to their old accounts?
AM: Since the 12th of August (the official start of the new project), there were 5,914 new user registrations and 7,123 new machines. On the same day emails were sent to all active users of the old database (around 125,000 users). These emails were split into 2,000-user chunks. So each evening at 17:00 GMT 2,000 emails were sent to the next bunch of active users of this 125,000 users pool. At this rate the script will send the last emails somewhere around mid-October. Because I get a short notification email when a user requests a new password or when a frozen account gets reactivated, I can say that about 25% of all users that receives this email every evening, are trying to login to the new project.
DW: Are the historical statistics data from the old Linux Counter still available?
AM: Of course! I've imported the whole database of the old counter and the statistics simply continue. Every old user can log in to the new project with his old user data (counter number and password). The database was imported and migrated to the new project without problems. There were of course massive changes related to the engine (innodb instead of myisam), field types and indexes, but this was no problem to convert.
DW: Are you hoping to achieve anything from running the Linux Counter? Perhaps as a service or to demonstrate usage growth to hardware and software vendors? Or are you doing this for the fun of it?
AM: I'm hoping nothing, this is just for me, for the fun of it. Nothing more. I simply wanted to prevent a really good project from dying.
DW: Linux users are notoriously hard to count. Estimates are all over the map as to the number of users and their share of the desktop market. Do you think the Linux Counter reflects an accurate picture of the number of users out there?
AM: Yes, I do. It simply is impossible to count all users. But it is possible to get an image of how great the number is when doing statistics, calculating some factors and bringing this together. This is why people are doing statistics. An example: There are about 1,000 people and each one is asking 100 other people about their household and their family. The government or whoever then counts this together, creates statistics and factors and then they say: We actually have a population of xxx people. And everybody accepts that. Why shouldn't that work with the Linux users?
DW: Have you been receiving feature requests? Any popular ones?
Oh yes, of course. There have been many feature requests already and many of them have been developed and implemented. We have a Trac wiki with a bug tracker
. There you can see all feature requests and bugs (including closed ones). There are, of course, also normal emails directly sent to me with feature requests. I review each of them and most of them will get implemented. The most popular one was a machine-update script that doesn't rely on a local mail server.This will be done as soon as I've solved the actual performance problems.
DW: If a volunteer would like to get involved, how can they help with the project?
AM: The project just started five weeks ago and the whole engine behind it was developed from scratch. As long as the basis is not finished, there is no need for any other managers than the developer of this project (me). Actually the new project has no administration interface because until now there was no need for it. Nevertheless, I will of course need help. For example in translating the project or for reacting on support requests (later on when the number of users will grow). But this will get announced then. Actually, this project is a one-man show and I first want to finish things before thinking about volunteers or a team around me.
DW: Which distribution (or distributions) are you using now?
I've used Gentoo for a really long time. I've also used Linux From Scratch
, but since I'm getting older, I'm now thinking that there is no need for investing time in compiling things all the time. I've been using Ubuntu
for several years while on the server side I am running Debian
DW: Alex, thank you very much for your time. Best of luck with your project.
Linux users who would like to get counted can visit the new Linux Counter at LinuxCounter.net.
|Released Last Week
Nanni Bassetti has announced the release of CAINE 2.5, a specialist Ubuntu-based live CD designed for computer forensics and related tasks: "CAINE 2.5 'Supernova' is out. CAINE is GNU/Linux live distribution offering a complete forensic environment that integrates existing software tools as software modules and provides a friendly graphical interface. The main design objectives are: an interoperable environment that supports the digital investigator during the four phases of the digital investigation; a user friendly graphical interface; a semi-automated compilation of the final report." This release comes with some interesting new features, such as the new Nautilus scripts: "CAINE includes scripts activated within the Nautilus web browser designed to make examination of allocated files simple. Currently, the scripts can render many databases, Internet histories, Windows registries, deleted files, and extract EXIF data to text files for easy examination." See the release announcement for more information and screenshots.
CAINE 2.5 - an Ubuntu-based distribution for computer forensics
(full image size: 590kB, screen resolution 1280x1024 pixels)
Pardus Linux 2011.2
Gökçen Eraslan has announced the release of Pardus Linux 2011.2, an updated version of the project's desktop Linux distribution with custom package management and many user-friendly features: "Pardus Linux 2011.2 is now available. Here are the important updates shipped with Pardus 2011.2: NetworkManager is updated to 0.8.5.91, problems about adding VPN connections have been fixed, handle WLAN security passwords gracefully while upgrading distribution; ModemManager is updated to 0.5, improvements for Samsung modems, support access technology reporting for Qualcomm Gobi modems, fix communication with Nokia N900 devices; CUPS is updated to 1.4.8; LibreOffice is updated to 3.4.3, fixed crash closing document with footnotes; MPlayer - fixed crash playing subtitled videos which was triggered by FreeType 2.4.6 security update." Read the complete release announcement for a full list of bug fixes.
Andrew Wyatt has announced the release of Fuduntu 14.11, the latest update of the Fedora-based desktop distribution and live DVD: "The Fuduntu quarterly installation ISO image (14.11) is now available for immediate download. As with all Fuduntu releases, this release continues our tradition of small incremental improvements. It is important to note that existing Fuduntu users will roll up to this version through the normal update process, and do not need to download or install from this media to benefit from this release. This release is considered the first official Fuduntu 'rolling-release' ISO image. Major updates included in this release: Linux kernel 3.0.3, Chromium 13, Flash 10.3.183.7, VLC 1.1.11. This quarterly release also includes a roll-up of the latest patches." Here is the brief release announcement with two screenshots.
LliureX, a project of the Council of Culture, Education and Sport at the Municipality of Valencia in Spain, is an Ubuntu-based distribution with support for Valencian (a dialect of Catalan) and Spanish. A new release, version 11.09, was announced earlier today. One of the major new features of this release is the possibility to upgrade the distribution from 10.09 without re-installing, so users already running LliureX 10.09 don't need to download the DVD image. LliureX 11.09 is based on Ubuntu 10.04, which is a long-term support release and LliureX users can also benefit from extended security support. Two LliureX editions were released today - "Escriptori" (Desktop) and "Infantil" with a number of new educational programs and other features. For more information please read the complete release announcement (in Spanish).
Lliurex 11.09 - an Ubuntu-based distribution with support for Valencian
(full image size: 239kB, screen resolution 1280x1024 pixels)
Kororaa Linux 15
Chris Smart has announced the release of Kororaa Linux 15, a Fedora-based distribution with GNOME or KDE desktops and various beginner-friendly enhancements: "Kororaa 15 has been released and is available for download, in 32-bit and 64-bit variants with KDE 4.6 and GNOME 3. This release includes Ubuntu's Jockey Device Driver manager, which has replaced the Add/Remove Extras script for configuring third-party drivers. Kororaa 15 comes with an RPM meta-package to install and configure Adobe Flash. Users still on Kororaa 14 may wish to upgrade to 15 and should do so via a new install. Users who wish to stay with GNOME 2.x should not upgrade to 15, as it comes with GNOME 3. The KDE desktop has a custom layout with specific default applications, such as Firefox for the web and VLC for media." Read the rest of the release announcement for a full list of major changes and a couple of screenshots.
Kororaa Linux 15 - the KDE edition
(full image size: 2,464kB, screen resolution 1280x1024 pixels)
Incognito Live System 0.8
Incognito Live System, also known as "Tails", is a Debian-based live CD/USB with the goal of providing complete Internet anonymity for the user. A major new release, version 0.8, was announced yesterday: "The Amnesic Incognito Live System, version 0.8, is out. All users must upgrade as soon as possible. Notable user-visible changes include: Tor 0.2.2.33, I2P 0.8.8, Linux kernel 3.0.0, Iceweasel 3.5.16, Torbutton 1.4.3, HTTPS Everywhere 1.0.1; more random looking nicknames in Pidgin; replace the on-board virtual keyboard with Florence; PiTiVi non-linear audio/video editor; support for arbitrary DNS queries; use XZ compression to get much smaller ISO images and a bit faster boot. Plus the usual bunch of minor bug reports and improvements." Read the rest of the release announcement additional details and upgrade instructions.
Linux Portable Security 1.2.4
A new maintenance release of Linux Portable Security (LPS), a Linux live CD whose goal is to allow users to work on a computer without the risk of exposing their credentials and private data to malware, is ready for download. What's new in this version? "Added more support for RealTek wireless drivers; added additional broadband cellular drivers; added additional SmartCard drivers; revised About Box to show licensing info; removed GMail S/MIME add-on, which no longer works with GMail; updated Flash to 10.3.183.7; updated Firefox to 3.6.22; updated DOD Configuration add-on to 1.3.3; updated Java to 6u27; updated OpenSSH to 5.9p1; updated DOD Root CAs." See the complete changelog for further details.
Olaf Westrik has announced the release of IPCop 2.0.0, a major new release of the Linux firewall distribution geared towards home and SOHO users: "IPCop 2.0.0 is released. IPCop 2.0.0 can be installed using the installation images or as an update from version 1.9.20. For those familiar with earlier IPCop versions, IPCop 2 is different; read the installation and administration manuals to get an overview. Noteworthy: the GUI uses port 8443 instead of 445; SSH uses port 8022 instead of 222; access to IPCop and to the Internet from internal networks (aka Green, Blue, Orange) is very much different. Spend some time with the various options you will find under 'Firewall Settings' and the online administration manual. Danish, Dutch, English, French, German, Greek, Italian, Russian, Spanish and Turkish translations are complete, other languages are work in progress; backups from 1.4 series can not be used; add-ons made for the 1.4-series will not work." Here is the brief release announcement.
* * * * *
Development, unannounced and minor bug-fix releases
- Ubuntu, Kubuntu, Xubuntu, Lubuntu, Edubuntu, Ubuntu Studio, Mythbuntu 11.10-beta2, the release announcement
- ClearOS 6.1-beta (Enterprise), the release announcement
- GhostBSD 2.5-beta2, the release announcement
- GParted Live 0.9.1-1
- ArchBang Linux 2011.09-rc, 2011.09-rc2
- Clonezilla Live 1.2.10-14
|Upcoming Releases and Announcements
Summary of expected upcoming releases
DistroWatch database summary|
* * * * *
This concludes this week's issue of DistroWatch Weekly. The next instalment will be published on Monday, 3 October 2011.
Jesse Smith, Ladislav Bodnar and Robert Storey
If you've enjoyed this week's issue of DistroWatch Weekly, please consider sending us a tip.
(Tips this week: 0, value: US$0.00)
|Linux Foundation Training
|• Issue 738 (2017-11-13): SparkyLinux 5.1, rumours about spyware, Slax considers init software, Arch drops 32-bit packages, overview of LineageOS|
|• Issue 737 (2017-11-06): BeeFree OS 18.1.2, quick tips to fix common problems, Slax returning, Solus plans MATE and software management improvements|
|• Issue 736 (2017-10-30): Ubuntu 17.10, "what if" security questions, Linux Mint to support Flatpak, NetBSD kernel memory protection|
|• Issue 735 (2017-10-23): ArchLabs Minimo, building software with Ravenports, WPA security patch, Parabola creates OpenRC spin|
|• Issue 734 (2017-10-16): Star 1.0.1, running the Linux-libre kernel, Ubuntu MATE experiments with snaps, Debian releases new install media, Purism reaches funding goal|
|• Issue 733 (2017-10-09): KaOS 2017.09, 32-bit prematurely obsoleted, Qubes security features, IPFire updates Apache|
|• Issue 732 (2017-10-02): ClonOS, reducing Snap package size, Ubuntu dropping 32-bit Desktop, partitioning disks for ZFS|
|• Issue 731 (2017-09-25): BackSlash Linux Olaf, W3C adding DRM to web standards, Wayland support arrives in Mir, Debian experimenting with AppArmor|
|• Issue 730 (2017-09-18): Mageia 6, running a completely free OS, HAMMER2 file system in DragonFly BSD's installer, Manjaro to ship pre-installed on laptops|
|• Issue 729 (2017-09-11): Parabola GNU/Linux-libre, running Plex Media Server on a Raspberry Pi, Tails feature roadmap, a cross-platform ports build system|
|• Issue 728 (2017-09-04): Nitrux 1.0.2, SUSE creates new community repository, remote desktop tools for GNOME on Wayland, using Void source packages|
|• Issue 727 (2017-08-28): Cucumber Linux 1.0, using Flatpak vs Snap, GNOME previews Settings panel, SUSE reaffirms commitment to Btrfs|
|• Issue 726 (2017-08-21): Redcore Linux 1706, Solus adds Snap support, KaOS getting hardened kernel, rolling releases and BSD|
|• Issue 725 (2017-08-14): openSUSE 42.3, Debian considers Flatpak for backports, changes coming to Ubuntu 17.10, the state of gaming on Linux|
|• Issue 724 (2017-08-07): SwagArch 2017.06, Myths about Unity, Mir and Ubuntu Touch, Manjaro OpenRC becomes its own distro, Debian debates future of live ISOs|
|• Issue 723 (2017-07-31): UBOS 11, transferring packages between systems, Ubuntu MATE's HUD, GNUstep releases first update in seven years|
|• Issue 722 (2017-07-24): Calculate Linux 17.6, logging sudo usage, Remix OS discontinued, interview with Chris Lamb, Debian 9.1 released|
|• Issue 721 (2017-07-17): Fedora 26, finding source based distributions, installing DragonFly BSD using Orca, Yunit packages ported to Ubuntu 16.04|
|• Issue 720 (2017-07-10): Peppermint OS 8, gathering system information with osquery, new features coming to openSUSE, Tails fixes networking bug|
|• Issue 719 (2017-07-03): Manjaro 17.0.2, tracking ISO files, Ubuntu MATE unveils new features, Qubes tests Admin API, Fedora's Atomic Host gets new life cycle|
|• Issue 718 (2017-06-26): Debian 9, support for older hardware, Debian updates live media, Ubuntu's new networking tool, openSUSE gains MP3 support|
|• Issue 717 (2017-06-19): SharkLinux, combining commands in the shell, Debian 9 flavours released, OpenBSD improving kernel security, UBports releases first OTA update|
|• Issue 716 (2017-06-12): Slackel 7.0, Ubuntu working with GNOME on HiDPI, openSUSE 42.3 using rolling development model, exploring kernel blobs|
|• Issue 715 (2017-06-05): Devuan 1.0.0, answering questions on systemd, Linux Mint plans 18.2 beta, Yunit/Unity 8 ported to Debian|
|• Issue 714 (2017-05-29): Void, enabling Wake-on-LAN, Solus packages KDE, Debian 9 release date, Ubuntu automated bug reports|
|• Issue 713 (2017-05-22): ROSA Fresh R9, Fedora's new networking features, FreeBSD's Quarterly Report, UBports opens app store, Parsix to shut down, SELinux overview|
|• Issue 712 (2017-05-15): NixOS 17.03, Alpha Litebook running elementary OS, Canonical considers going public, Solus improves Bluetooth support|
|• Issue 711 (2017-05-08): 4MLinux 21.0, checking file system fragmentation, new Mint and Haiku features, pfSense roadmap, OpenBSD offers first syspatch updates|
|• Issue 710 (2017-05-01): TrueOS 2017-02-22, Debian ported to RISC-V, Halium to unify mobile GNU/Linux, Anbox runs Android apps on GNU/Linux, using ZFS on the root file system|
|• Issue 709 (2017-04-24): Ubuntu 17.04, Korora testing new software manager, Ubuntu migrates to Wayland, running Nix package manager on alternative distributions|
|• Issue 708 (2017-04-17): Maui Linux 17.03, Snaps run on Fedora, Void adopts Flatpak, running Android apps on GNU/Linux, Debian elects Project Leader|
|• Issue 707 (2017-04-10): PCLinuxOS 2017.03, Canonical stops Unity development, OpenBSD on a Raspberry Pi, setting up a VPN for privacy|
|• Issue 706 (2017-04-03): Super Grub2 Disk, Snap packages of deepin applications, Subgraph OS routes network traffic for one application, announcements from Linux Mint|
|• Issue 705 (2017-03-27): Minimal Linux Live, sharing control of the operating system, new KaOS features, Uplos32 provides 32-bit fork of PCLinuxOS|
|• Issue 704 (2017-03-20): ToarusOS 1.0.4, Linux Mint's security record, Debian starts Project Leader election, Ubuntu 12.04 reaches end-of-life|
|• Issue 703 (2017-03-13): SolydXK 201701, CloudReady, Solus announces new features, KDE Connect sends text messages from desktop, openSUSE's YaST module for Let's Encrypt|
|• Issue 702 (2017-03-06): Fatdog64 Linux, elementary OS bundled with new netbook, Haiku announces new features, security and the size of a distro's development team|
|• Issue 701 (2017-02-27): OBRevenge 2017.02, Mageia 6 delays, NetBSD reproducible builds, questions about swap space, trying to steam video on a Raspberry Pi|
|• Issue 700 (2017-02-20): RaspBSD, Debian replaces Icedove with Thunderbird, Fedora's licensing guidlines, tips for switching shells, finding battery charge, getting IP address and killing processes|
|• Issue 699 (2017-02-13): Clear Linux, GhostBSD network utility ported to FreeBSD, Ubuntu coming to Fairphone, elementary OS crowd funding an app store|
|• Issue 698 (2017-02-06): Solus 2017.01.01, comparing containers with portable applicatins, Tails dropping 32-bit support, Debian Stretch enters freeze|
|• Issue 697 (2017-01-30): Subgraph OS 2016.12.30, running Ubuntu on an Android phone, Arch Linux phasing out 32-bit support, Linux Mint testing updated LMDE media|
|• Issue 696 (2017-01-23): GoboLinux 016, remotely running desktop applications, Solus adopting Flatpak, KDE neon using Calamares, TrueOS tests OpenRC|
|• Issue 695 (2017-01-16): Zorin OS 12, Peppermint team fixes installer bug, Debian refreshes Jessie media, Ubuntu improves low graphics mode, Exciting things coming in 2017|
|• Issue 694 (2017-01-09): MX Linux 16, Fedora considers systemd security features, DragonFly BSD to support massive swap space, Ubuntu Touch roadmap, Puppy's newsletter, sudo's password prompt|
|• Issue 693 (2017-01-02): Comparing small distros, fig language, video driver comparsion, Debian+PIXEL, Wayland on FreeBSD|
|• Issue 692 (2016-12-19): Bodhi Linux 4.0.0, Cappsule containers, Calculate's new Utilities package, Solus and Ubuntu MATE build new application menu|
|• Issue 691 (2016-12-12): SalentOS 1.0, openSUSE improves YaST, Fedora considers slower release cycle, KDE neon gets LTS branch|
|• Issue 690 (2016-12-05): Fedora 25, Ubuntu adopts rolling HWE kernel, running Android apps on GNU/Linux, Haiku working toward EFI support|
|• Issue 689 (2016-11-28): openSUSE 42.2, Fedora's upgrade path, plans for Korora 25, transitioning from PC-BSD to TrueOS, Webconverger's reproducible builds|
|• Issue 688 (2016-11-21): Endless OS 3.0.5, KDE neon fixes security hole, FreeBSD's Quarterly Status Report, Rolling release trial #2 concludes|
|• Issue 687 (2016-11-14): NAS4Free 10.3.0.3, Fedora gains MP3 playback, budgie-remix becomes Ubuntu Budgie, Ubuntu flavours compared, Rolling release trial #2|
|• Full list of all issues|
|Random Distribution |
Troppix was a stand-alone Linux live CD based on Debian GNU/Linux, aimed at security professionals, penetration testers and auditors. In particular, Troppix features support for a wide range of wireless cards, and offers several tools for detecting and penetrating wireless networks. Troppix also includes several well known security tools, such as the nmap port scanner and the metasploit framework for vulnerability exploitation.