| DistroWatch Weekly
|DistroWatch Weekly, Issue 713, 22 May 2017
Welcome to this year's 21st issue of DistroWatch Weekly!
It is in the nature of the open source community to create new copies (also called forks) of existing technologies and attempt to improve them. Sometimes forks are created to rescue a dying project, other times there are differences in opinion on the direction a project should go. This week we talk a bit about forks and similar, competing technologies, beginning with a look at ROSA. The ROSA distribution was originally forked from Mandriva and is now maintained independently. We talk more about ROSA and its Plasma edition in our Feature Story. Also this week we talk about SELinux and related security technologies like AppArmor and provide an overview of how these two competing features improve an operating system's security. In our Opinion Poll we ask how many of our readers are using security features such as SELinux to protect their systems. Plus we discuss new networking features coming to Fedora, FreeBSD's latest status report and the UBports project setting up an app store to replace the Ubuntu Touch store that Canonical has decided to discontinue. We are also sad to announce the Parsix project will be shutting down in the near future. In addition we share the releases of the past week and provide a list of the torrents we are seeding. We wish you all a wonderful week and happy reading!
- Review: ROSA Fresh R9
- News: Fedora plans new networking improvements, FreeBSD's Quarterly Report, UBports sets up its own app store, Parsix project to shut down
- Questions and answers: How SELinux improves security
- Released last week: Untangle 13.0.0, elementary OS 0.4.1, Parrot Security OS 3.6
- Torrent corner: elementary OS, Emmabuntüs, OBRevenge, PCLinuxOS, ReactOS, ROSA, Untangle
- Opinion poll: SELinux and AppArmor
- New additions: SharkLinux
- New distributions: NHSbuntu, Gatter Linux, All in One - System Rescue Toolkit
- Reader comments
Listen to the Podcast edition of this week's DistroWatch Weekly in OGG (54MB) and MP3 (40MB) formats.
|Feature Story (by Jesse Smith)
ROSA Fresh R9
ROSA is a desktop distribution that was originally forked from Mandriva Linux, but now is independently developed. While the company which produces ROSA is based in Russia, the distribution includes complete translations for multiple languages. The ROSA desktop distribution is designed to be easy to use and includes a range of popular applications and multimedia support. ROSA R9 is available in two editions, one featuring the KDE 4 desktop and the second featuring the KDE Plasma 5 desktop. These editions are scheduled to receive four years of support and security updates.
I decided to download the Plasma edition of ROSA R9 and found the installation media to be approximately 2GB in size. Booting from the ROSA disc brings up a menu asking if we would like to load the distribution's live desktop environment or begin the installation process. Taking the live option brings up a graphical wizard that asks us a few questions. We are asked to select our preferred language from a list and accept the project's warranty and license. We are then asked to select our time zone and keyboard layout from lists. With these steps completed, the wizard disappears and the Plasma 5.9 desktop loads.
ROSA R9 -- The application menu
(full image size: 208kB, resolution: 1280x1024 pixels)
ROSA's desktop features a soft, blue background. On the desktop we find an icon for launching the project's system installer. An application menu, task switcher and system tray are placed on a panel at the bottom of the screen. The application menu, I was surprised to note, uses the classic tree style menu rather than one of the more common split-pane or application grid layouts. Personally, I found the tree style menu with a search field a welcome change. While exploring the live desktop environment, I found opening the Firefox web browser would display release notes for the ROSA distribution.
ROSA features a graphical system installer which should feel familiar to anyone who has used other members of the Mandriva family of Linux distributions. The installer begins by asking if we would like to manually partition our hard drive or automatically use the available space. Manual partitioning is fairly straight forward and the partition manager provides a nice, visual representation of the disk. I feel it is worth mentioning that taking the automated partitioning option immediately causes the hard drive to be formatted and the operating system to be installed, there is no confirmation screen or further configuration checks. Once the operating system has been installed we are asked where to install the project's boot loader. This option can be skipped if we already have a boot loader installed. The system installer then gets us to create a password for the administrator's account and we are asked to provide a name and password for our regular user account. The following screen asks us to select which services (CUPS, Samba and OpenSSH) should be run in the background. With these steps completed, the installer exits, returning us to the live desktop environment.
When we reboot the computer and launch our new copy of ROSA the distribution brings us to a graphical login screen. From the login screen we can sign into the KDE Plasma desktop. On the desktop the system installer icon has been swapped out for an icon which opens the Dolphin file manager. The ROSA desktop is fairly uncluttered and I rarely saw any notifications or distractions. One of the few exceptions was, a few minutes after logging in, sometimes a notification would appear to let me know software updates were available. Clicking the update icon in the system tray would launch a graphical update manager. During my trial there were not many new security updates, just six which totalled about 1MB in size. These updates installed quickly and without any problems.
I tried running ROSA in two test environments, a VirtualBox virtual machine and a desktop computer. In both environments, ROSA detected and used all of my hardware. In the VirtualBox environment, ROSA automatically enabled VirtualBox guest module support, allowing me to make use of my computer's full screen resolution. My desktop computer's audio and networking worked out of the box and I was able to set up my HP printer with a few mouse clicks in the settings panel. In either test environment, ROSA used about 420MB of memory when logged into the Plasma desktop.
My one issue with regards to hardware was that ROSA's Plasma desktop was sluggish, both on the desktop computer and in the virtual machine. There always seemed to be a brief pause between my input and elements on the screen responding. This appeared to be an issue with the Kwin window manager as it was regularly using more of my CPU than most of the other processes on the system. I found disabling visual desktop effects in the Plasma settings panel did not improve this poor performance. The settings panel has a lot of options and, after a bit of digging, I found one for disabling desktop compositing. With compositing turned off, the Plasma environment became much more responsive in both test environments and improved my estimation of the desktop experience.
ROSA R9 -- Creating backup archives
(full image size: 299kB, resolution: 1280x1024 pixels)
The distribution ships with a fairly standard set of popular open source applications, though there is a slight preference for Qt/KDE applications. Looking through the application menu we find both the Firefox and Chromium web browsers, featuring Flash support. The LibreOffice productivity suite is included along with the Okular document viewer. ROSA provides us with the KTorrent bittorrent client and the KPPP dial-up software to help us get on-line in environments that use modems or mobile networks. ROSA includes the GNU Image Manipulation Program, the KolourPaint drawing program, the Gwenview image viewer and a simple scanning tool. We can listen to music using Clementine, watch videos in the ROSA Media Player and activate our web cam using Kamoso. For editing media files we are given copies of the Audacity audio editor and the Kdenlive video editor. The distribution features a wide range of media codecs, allowing us to play and edit most media formats.
Digging further through the application menu we find an archive manager, text editor and calculator. The K3b disc burning software is included along with a number of system configuration tools. I will come back to these configuration tools again in a bit. ROSA features a few small games and programs for viewing system and hardware information. The distribution includes the GNU Compiler Collection, the systemd init software and version 4.9.20 of the Linux kernel.
ROSA uses a graphical package manager called Rpmdrake. The Rpmdrake application is divided into two panes. On the left we are shown a list of available software categories. On the right side of the window we see a list of packages in the selected category, sorted alphabetically. We can click a box next to each package's name to mark it for installation or removal. Packages are downloaded or removed in batches and the Rpmdrake interface locks while it is working.
ROSA R9 -- The Rpmdrake software manager
(full image size: 237kB, resolution: 1280x1024 pixels)
One feature of Rpmdrake I enjoy is the application's filter. There is drop-down menu on the left size of the window where we can select whether the software manager should show us all packages in a category, security updates, all updates, desktop applications or meta packages. This gives us some flexibility and greatly narrows down the package options we are shown. The default filter option is to show just desktop software, which is probably what most people will want.
Unlike most other descendants of the Mandriva family, ROSA does not ship with two separate control panels for managing the desktop environment and underlying operating system. ROSA provides users with one, unified settings panel. The top half of the control panel contains modules for working with the look and behaviour of the Plasma desktop. The bottom half provides us with controls for working with everything from backups, to network connections, to power settings. There are also modules for managing user accounts, setting up the firewall and managing printers.
ROSA R9 -- The settings panel and Dolphin file manager
(full image size: 146kB, resolution: 1280x1024 pixels)
While there are a lot of modules and Plasma has many configuration settings, the control panel features a useful search function to help us find the specific option we need. The modules are all nicely arranged and I found them easy to navigate. One of my few concerns with the control panel was simply that there are so many options and some of them overlap. New users may take a while to work out the differences between Display & Monitor and Configure Video Card, for example. The only other issue I ran into was with the Parental Controls module. One of the features we are presented with allows us to blacklist websites, but I found I was unable to block websites using the site's hostname.
My experience with ROSA got off to a pretty good start. The installer is easy to navigate (though perhaps a bit too quick to format and install when using guided partitioning). The system ships with a useful collection of open source software, media support and I like the default layout of ROSA's Plasma desktop.
I ran into a snag with Plasma's performance. The desktop effects and compositing really dragged down the performance in both of my test environments and it took me a while to find and disable all of the settings that were making the Kwin window manager work so hard. However, with performance restored, the rest of my time with ROSA went very smoothly. The distribution ships with modern software while providing a stable and polished experience.
The configuration tools ROSA inherits from Mandriva are very easy to use and I like that ROSA has unified Mandriva's two control centres into one. The software manager worked well for me, as did most of the configuration tools. I particularly liked the backup utility which makes it straight forward for each user to backup their files to a local or remote location on an automated schedule.
During my entire trial I think I also saw one application crash (Chromium locked up and had to be killed) but otherwise my week with the distribution was smooth. ROSA provides four years of software support and offers a friendly environment without much clutter or distractions. I found it to be a good desktop workstation system and one which will likely appeal to new Linux users.
* * * * *
Hardware used in this review
My physical test equipment for this review was a desktop HP Pavilon p6 Series with the following specifications:
- Processor: Dual-core 2.8GHz AMD A4-3420 APU
- Storage: 500GB Hitachi hard drive
- Memory: 6GB of RAM
- Networking: Realtek RTL8111 wired network card
- Display: AMD Radeon HD 6410D video card
* * * * *
Visitor supplied rating
ROSA has a visitor supplied average rating of: 9/10 from 53 review(s).
Have you used ROSA? You can leave your own review of the project on our ratings page.
|Miscellaneous News (by Jesse Smith)
Fedora plans new networking improvements, FreeBSD's Quarterly Report, UBports sets up its own app store, Parsix project to shut down
The Fedora distribution is a cutting edge project that often showcases new technologies. James Hogarth has a write-up of some new changes coming soon to Fedora users, specifically new functionality in NetworkManager. Hogarth's post talks about privacy features for use on wireless networks, bridging connections and what to expect from NetworkManager in the upcoming release of Fedora 26: "Just as recently as Fedora 24 (and EL7.3) NetworkManager began using a random MAC whilst scanning for access points to use. The default at present is to use whatever the MAC of the interface is (or preserve if it's been set in advance with a tool like macchanger) however similar to the IP layer it's now possible to set cloned-mac-address on a connection to RANDOM for a totally random MAC each time that connection is activated or STABLE to mimic the IPv6 behaviour of a randomly generated address that stays consistent with a connection." The post on Fedora Magazine has more details.
* * * * *
The FreeBSD project has published a new status report which covers activity in the project during the first quarter of 2017. The report covers work going into porting the Rust language to FreeBSD's multiple architectures and security updates for MySQL. The number of ports and packages FreeBSD offers has topped 27,000 and several new contributors have joined the Ports team. The report also mentions ongoing work on the 64-bit PowerPC architecture, improvements to FreeBSD's Linux compatibility layer and security enhancements: "In this quarter, we are pleased to announce two (of many) works achieved in the Linuxulator. We added a new placeholder marker UNIMPLEMENTED to accompany the previously existing DUMMY, for distinguishing syscalls that the Linux kernel itself does not implement from those that we currently do not implement. Now our linux_dummy.c is clearer for newcomers to follow, and they will quickly know which areas they can start working on. Support for two new syscalls, preadv and pwritev, was added to the Linuxulator."
* * * * *
Canonical may have ceased development of the Ubuntu Touch operating system, but the open source community has continued work on the GNU/Linux mobile operating system. The UBports team has reported they are working on supporting both new devices for Ubuntu Touch and taking over support for legacy Ubuntu Touch devices. The project has received some additional funding and developers are working on the platform's core apps. Perhaps the most exciting news though is the community has created their own app store where developers can upload and share their Ubuntu mobile applications. Further information on UBports can be found in the project's recent question and answers blog post. Information on enabling the new Ubuntu Touch OpenStore app repository can be found here.
* * * * *
In some sad news, the Parsix GNU/Linux distribution will be shutting down, probably before the conclusion of 2017. In a brief post on the Parsix Project News page, the team reports Parsix will be discontinued six months after the launch of Debian 9 "Stretch". "Parsix GNU/Linux project is going to shut down six months after the release of Debian GNU/Linux 9.0 a.k.a Stretch. Parsix GNU/Linux 8.15 (Nev) will be fully supported during this time and users should be able to upgrade their installations to Debian Stretch without any significant issues. We will make all necessary changes, and updates to ensure a smooth transition to Debian Stretch. We take this moment to thank all users and community members who supported this project throughout the years by using Parsix, making donations or spending their time to improve it. A more accurate time line will be announced once we have more information in regards to the official release date of Debian Stretch."
* * * * *
These and other news stories can be found on our Headlines page.
|Questions and Answers (by Jesse Smith)
How SELinux improves security
Exploring-security-options asks: I have heard that SELinux can improve security, but many people turn it off. What exactly is SELinux and how does it help me?
DistroWatch answers: SELinux is a kernel feature which, when enabled, helps to protect the operating system from misbehaving services and applications. SELinux, and similar technologies such as AppArmor, protect the system when a process tries to access or edit resources it should not. This probably sounds abstract so let's look at an example.
When you run an application, that program runs with the same access to the system you have. If you launch the Firefox web browser, the browser can access all of your files, it can edit the same files you can, it can read the same documents your user account can. Normally, this is okay, you usually want your web browser to be able to edit your bookmarks, upload photos and save items to your Downloads directory. However, if a malicious website manages to hijack Firefox and take control of the browser, the attacker will then have the same level of access to our files and we do not want that.
SELinux allows the administrator to set up rules which limit what a program can do if it misbehaves or is taken over by an attacker. For instance, we can create rules with SELinux which prevent Firefox from being able to read the system's list of user accounts. We could also block write access from applications outside of certain directories, limiting Firefox to only saving information in its own configuration directory and our Downloads directory. This greatly reduces the amount of damage a hijacked program can cause. For example, we probably want to prevent Firefox from deleting files in our Documents directory.
One way to think of SELinux is to imagine it as a supervisor which keeps an eye on the programs running on our system. When the programs are behaving themselves and acting normally, SELinux does not need to do anything. But if a program suddenly tries to change a setting it shouldn't or access sensitive information like your password manager, then SELinux gets in the way and blocks the misbehaving program's access. SELinux does not know how to do this automatically, it needs to be taught using rules that define which resources are off limits.
SELinux is especially useful on computers where background processes like web servers are running. Network services are particularly vulnerable to outside attack and often need to have special access to parts of the operating system. Using SELinux, we can create rules which block the web server from accessing account passwords, personal files or other important pieces of information.
While SELinux can be very effective, the rules which govern how it works can be cryptic and are sometimes difficult to trouble-shoot. This results in people turning off the security feature rather than getting it to work properly. A better solution is usually to put SELinux in monitoring mode, where security issues will be reported without being blocked. This will generally reveal what the problem is and tweaking a rule will generally correct the issue, at which time SELinux can be turned back on.
Some technologies, like Firejail and AppArmor, offer similar safeguards against misbehaving or compromised programs accessing files they should not. These technologies are guided by rules which are easier for people to read and understand which helps a good deal with trouble-shooting issues. Further information on SELinux, AppArmor and Firejail, and how to use them, can be found on the projects' respective web pages.
* * * * *
We have more answers in our Questions and Answers archive.
|Released Last Week
Untabgle NG Firewall 13.0.0
Untangle NG Firewall is a Debian-based network gateway with pluggable modules for network applications like spam blocking, web filtering and anti-virus. The company behind this distribution, Untangle Inc., has announced the release of Untangle 13.0.0. The new version introduces MAC-based device tracking, user tracking (via multiple methods) and the ability to override Untangle's OpenVPN settings. This release also introduces two new features: Tags and Triggers. "Tagging is a new feature that allows administrators to tag a host, device or user to quickly create policies based on entities that have a specific tag associated with them. Tags can be applied manually by an administrator or automatically based on conditions. Triggers allow administrators to tag hosts, devices, and users when specific events occur. The admin can then create policies and rules to manage behaviour. Similar to alert rules, trigger rules evaluate all events and can be configured to tag or untag entities based on the rules applied. Once tags and triggers are configured, they proactively manage hosts, devices and users without intervention by the network administrator." Further information can be found in the company's release announcement and in the changelog. Download (MD5): untangle_1300_x64.iso (550MB, pkglist).
OBRevenge OS 2017.05
OBRevenge OS is an Arch Linux-based desktop distribution featuring a custom desktop environment based on the Openbox window manager and an easy-to-use system installer (Calamares). A new version 2017.05 was announced earlier today: "New release, OBRevenge OS 2017.05. Changelog: updated to newest Calamares; fixed bug with hotkeys when changing desktop settings; Bluetooth support; updated software install tool; added more support for multimedia keyboard keys; added GUI screenshot tool; added more touchscreen drivers; Linux kernel 4.10.13; updated compositing configuration for better hardware support; removed Compiz (still available in the repository)." Here is the brief release announcement as published on the distribution's news page.
elementary OS 0.4.1
Daniel Foré has announced the release of elementary OS 0.4.1, the first point update of the project's "Loki" series. The new version is based on Ubuntu 16.04.2: "We're proud to announce the release of a major update to elementary OS Loki - version 0.4.1. This release brings a new hardware enablement stack, all of the updates to Loki thus far, plus a brand new AppCenter. Thanks to the wonderful work of the folks at Canonical and Ubuntu, Loki 0.4.1 ships with a newer kernel and X.Org server as part of the Ubuntu 16.04.2 core. This means Linux 4.8 and better support for 7th generation Intel (Kaby Lake) chipsets, among other hardware compatibility and performance improvements. Notable updates include a significant upgrade to Epiphany, several fixes in Files, a redesigned metadata sidebar for Photos, new Bluetooth settings, a microphone indicator and bluetooth device controls in the sound indicator, a brightness slider in the power indicator, the ability to start an AppCenter search from the applications menu, look & feel updates, better support for CJK input methods, better translations, and more." See the release announcement for further information and screenshots.
elementary OS 0.4.1 -- Running the Pantheon desktop
(full image size: 1.0MB, resolution: 1280x1024 pixels)
ReactOS is an open source operating system which strives to be binary compatible with Microsoft Windows and features the ability to run many Windows applications. The project has released ReactOS 0.4.5 which features several improvements to the system's graphics, including better application and font rendering. The ReactOS team has also reported their operating system can run Microsoft Office 2010 and several stability improvements have been added to this release: "The ReactOS Project is pleased to release version 0.4.5 as a continuation of its three month cadence. Beyond the usual range of bug fixes and syncs with external dependencies, a fair amount of effort has gone into the graphical subsystem. Thanks to the work of Katayama Hirofumi and Mark Jansen, ReactOS now better serves requests for fonts and font metrics, leading to an improved rendering of applications and a more pleasant user experience." Further information can be found in the project's release announcement. ReactOS is available in a Live edition and an installation edition.
Parrot Security OS 3.6
Lorenzo Faletra has announced the release of Parrot Security OS 3.6, an updated build of the project's Debian-based specialist distribution featuring useful tools for penetration testing, forensic analysis, hacking, privacy, anonymity and cryptography: "After some months of hard work we were finally able to release Parrot Security OS 3.6. In this new version we didn't want to introduce new features and functionalities; we have worked instead on making the existing environment better, more reliable and less memory-hungry by applying many minor fixes to our build platform and packages and by tuning our startup daemons management system (Parrot 3.6 'Lite' 32-bit can use less than 200 MB of RAM). Anonsurf was improved too, and now the section dedicated to anonymity and privacy is very reliable and well tested, and some nightmares of the previous Anonsurf versions now belong to the past. We also wanted to give more attention to our 'Lite' and 'Studio' editions." Read the rest of the release announcement for more information.
* * * * *
Development, unannounced and minor bug-fix releases
The table below provides a list of torrents DistroWatch is currently seeding. If you do not have a bittorrent client capable of handling the linked files, we suggest installing either the Transmission or KTorrent bittorrent clients.
Archives of our previously seeded torrents may be found in our Torrent Archive. We also maintain a Torrents RSS feed for people who wish to have open source torrents delivered to them. Thanks to Linux Tracker we are able to share the following torrent statistics.
Torrent Corner statistics:
- Total torrents seeded: 413
- Total data uploaded: 65.1TB
|Upcoming Releases and Announcements
Summary of expected upcoming releases
SELinux and AppArmor
In our Questions and Answers column this week we talked about SELinux and the benefits of using this technology to secure Linux-based systems. We also touched briefly on another, similar security option called AppArmor. This week we would like to find out how many of our readers run either of these two mandatory access control technologies.
You can see the results of our previous poll on buying a new computer with Linux pre-installed in last week's edition. All previous poll results can be found in our poll archives.
SELinux and AppArmor
|I use SELinux: ||181 (14%)|
| I use AppArmor: ||129 (10%)|
| I use both on different systems: ||95 (7%)|
| I use neither: ||713 (56%)|
| Unsure: ||160 (13%)|
New projects added to database
SharkLinux is an Ubuntu-based distribution featuring the MATE desktop. The distribution automatically upgrades packages on the system and offers a rolling release approach to software upgrades. The distribution also enables sudo access by default without requiring a password for user convenience.
SharkLinux -- Running the MATE desktop
(full image size: 404kB, resolution: 1280x1024 pixels)
* * * * *
Distributions added to waiting list
- NHSbuntu. NHSbuntu is a Linux distribution based on Ubuntu and developed with the needs of the British NHS agency in mind.
- Gatter Linux. Gatter Linux is a Ubuntu-based distribution featuring the Openbox window manager as its primary user environment.
- All in One - System Rescue Toolkit. The All in One distribution is an Ubuntu-based live disc for performing system rescue, data retrieval and hardware tests. It is intended to be used by computer technicians in the field.
- Minimyth2. Minimyth2 is a Linux distribution dedicated to running the MythTV software on dedicated, diskless computers.
* * * * *
DistroWatch database summary
* * * * *
This concludes this week's issue of DistroWatch Weekly. The next instalment will be published on Monday, 29 May 2017. Past articles and reviews can be found through our Article Search page. To contact the authors please send e-mail to:
- Jesse Smith (feedback, questions and suggestions: distribution reviews/submissions, questions and answers, tips and tricks)
- Ladislav Bodnar (feedback, questions, donations, comments)
- Bruce Patterson (podcast)
If you've enjoyed this week's issue of DistroWatch Weekly, please consider sending us a tip.
(Tips this week: 0, value: US$0.00)