| DistroWatch Weekly
|DistroWatch Weekly, Issue 144, 27 March 2006
Welcome to this year's 13th issue of DistroWatch Weekly. Following last week's Fedora 5 release, the next few days will be equally exciting: we are expecting KDE 3.5.2, DesktopBSD 1.0. Frugalware 0.4 and the first release candidate of SUSE Linux 10.1. Before that happens, we'll bring you news about MEPIS switching allegiance, Slackware preparing version 11.0, and Debian compiling with GCC 4.1. Also in this week's issue: Ulteo, a new distribution developed by the founder of Mandrake Linux is nearing release, while the user community of PCLinuxOS gets a new community resource. In the review section we'll take a brief look at an intriguing book entitled Mastering FreeBSD and OpenBSD Security. Happy reading!
Listen to the Podcast edition of this week's DistroWatch Weekly in ogg (5.52MB) or mp3 (6.64MB) format (courtesy of Shawn Milo).
Join us at irc.freenode.net #distrowatch
Miscellaneous news: MEPIS switches allegiance, Slackware 11.0 pre-orders, compiling Debian with GCC 4.1, Ulteo, My.PCLinuxOS
As hinted previously, the developers of MEPIS Linux, an easy-to-use distribution for Linux beginners, have switched their base system from Debian to Ubuntu Linux. If the initial tests prove successful, we are likely to see all future releases of SimplyMEPIS based on the distribution which, although derived from Debian, has a more predictable release cycle and an enviable momentum that has already pushed it to the top of many popularity charts. Designed for experienced beta testers, the first experimental release of the Ubuntu-based SimplyMEPIS 6.0 is only available from the project's premium server (starting at US$14.99), although subsequent betas and the final release should be distributed publicly.
Good news for all fans of the oldest surviving Linux distribution: Version 11.0 of Slackware Linux is now available for pre-order from the distribution's online store. Although there is no word on when the new version will be formally released, the store now offers the usual 4-CD set for US$39.95 as well as a single-DVD edition for US$59.95 and a "Slack Pack" edition containing the DVD with the Slackware Essential book (2nd edition) for US$69.95. The current Slackware development tree is based on Linux kernel 2.4.32 (with version 188.8.131.52 in the testing directory), X.Org 6.9.0, KDE 3.5.1, Apache 1.3.34, PHP 4.4.2, MySQL 5.0.18 and the usual range of popular open source software. If you enjoy Slackware, don't miss this major new update!
Over the last two weeks, Debian developer and former Debian Project Leader Martin Michlmayr compiled the whole Debian archive on a quad-core MIPS machine donated by Broadcom using GCC 4.1. The aim was to find problems in GCC 4.1 itself and bugs in free software projects exhibited by GCC's increased standards conformance (in particular regarding C++ code). By compiling about 6200 packages, over 500 new bugs have been discovered and submitted, 280 of which are specific to the increased strictness of GCC 4.1. In a posting to the Debian development list, Martin classified the bugs he found and offered some useful links to programmers of C++ code. In a posting to the GCC list, he proposed that GCC should only produce new errors after warnings have been shown for at least one release, giving programmers more time to fix their code. This work is part of his research on quality in free software carried out at the University of Cambridge and sponsored by Google.
Last week's news about Ulteo, a new distribution being developed by the freshly unemployed Gaël Duval, has piqued the curiosity of many Linux users. As a result of the buzz, a French web site called NetEconomie expanded on the story by interviewing Monsieur Duval (the link is in French). Although the well-known founder of Mandrake Linux does not seem quite ready to reveal the finer details of the new product just yet, he does disclose that it will focus on ease of use throughout all the facets of the distribution, not just the user interface and that it will be designed for Internet-connected computers in the home and in small offices. Despite the "dot-com" nature of the distribution's domain, Gaël Duval promises that Ulteo will remain a free project, with the business model based on selling associated services rather than the distribution itself. The first beta of Ulteo is expected to be released in May 2006.
A new web site for the PCLinuxOS user community has been launched. Called My.PCLinuxOS, it promises to deliver an organised platform for the development of sub-projects that fall within the PCLinuxOS umbrella, and provide a unified system for creating user manuals, documentation and other relevant material: "We would like to help foster positive involvement within PCLinuxOS for users of all experience levels. We have areas for distributing user contributed software packages, submitting news and HOWTO articles, project newsletters, and areas for project development. No project is too small or large…." While still in its infancy, the new web site is already functional, with forums now ready for your input and the FAQs also starting to take shape. For more information please read the initial announcement and visit MyPCLinuxOS.com.
Following all the excitement surrounding the announcement of Fedora Core 5 last Monday, this week promises to continue the trend of new, interesting software releases. An update to the popular KDE desktop, version 3.5.2, is now available for Kubuntu (Breezy Badger and Dapper Drake), so the official release announcement can't be too far away now. A major milestone in the development of SUSE Linux 10.1 is expected on Thursday when the first release candidate should give us a good indication about the quality and stability of the new version. Looking through some of the mirror sites earlier today, we also spotted a couple of "wget-watering" and (as yet) unannounced distribution releases: after several release candidates, the CD and DVD images of DesktopBSD 1.0 are now available from a number of FTP and HTTP servers, while those of Frugalware Linux 0.4, officially scheduled for release later this week, have now also started appearing on the project's download sites. Expect the official release announcements of both later in the week.
DesktopBSD 1.0 - although not yet announced, the ISO images of the project's first stable release started appearing on mirrors on Sunday.
(full image size: 722kB, resolution: 1280x1024 pixels)
Finally, a handful of links for those moments when you just want to sit back, relax, and have a good laugh. The first one is meant to dispel the myth that software bug reports provide only boring, highly technical information completely detached of any human emotions. As proven by Bug #330884, the developers and users of Firefox are far from that; in fact some of them are trying to save a 5-year old relationship wrecked by a bug in Firefox that gave away a partner's dark secret - some frequently visited password-protected sites, some of which were a little, er, embarrassing, to say the least. The Register caries a similar story. In the meanwhile, here is a hilarious email exchange between the lead developer of CentOS and the City Manager of Tuttle, Oklahoma, USA, who mistook the default Apache welcome page for an attempt by CentOS to hack the city's web site, even threatening to hand the matter over to the FBI! Last but not least, don't miss the Guy's Guide to Geek Girls, a step-by-step HOWTO explaining the art of attracting, dating and "maintaining" geek girls. Enjoy!
|Book review: Mastering FreeBSD and OpenBSD Security
Book review: Mastering FreeBSD and OpenBSD Security
I have to admit that one of my biggest Internet-related fears is that I wake up one morning to find this site's web server security mechanism cracked and its web pages defaced. This paranoia further accelerates every time I dare to open the auth.log file and start wading through the ever increasing lines indicating that someone somewhere, at this very moment, is attempting a dictionary attack on the SSH server, or when I browse through the tcpdump output providing information about the number of times somebody tried to force their way in through a presumably water-tight port. As a result of this anxiety -- and also to improve my sleep -- I decided to do something: I invested in a copy of O'Reilly's Mastering FreeBSD and OpenBSD Security by Yanek Korff, Paco Hope and Bruce Potter.
Published in March 2005, this 450-page book is divided into three main sections: Security Foundation, Deployment Situations, and Auditing and Incident Response. While some security experts would be able to use the publication as a reference book, the majority of readers targeted by the authors will be wise to read it from the beginning, at least the chapters that are devoted to general security concepts. As the early chapters explain, system security is not a goal, but a journey; it's not something that you attain and forget about - instead, it's a never-ending state of alertness that may at times require fast reaction, lateral thinking and even calculated risks. That's because every security measure implemented on a computer system brings a trade-off. Devising an air-tight security system may indeed give the administrator fewer sleepless nights, but it can also reduce productivity of those users who have legitimate reasons to access the system.
But let's get back to the book. After going through the eye-opening early chapters, it covers the basic building blocks of a BSD system, such as security aspects of sysctl, chroot and jail (the two words that have become synonyms in Linux, but which mean two very different things in FreeBSD), inherent security mechanisms, cryptography and OS tuning. Chapter 3 then goes beyond these elementary concepts by introducing hardening techniques (e.g. sudo, turning off services, and system updates). The first section of the book is then concluded by discussing secure administration techniques, such as access control, network services and system health monitoring. This I found to be perhaps the most valuable chapter of the entire book - not only it covers excellent techniques for organising users, limiting access and dealing with passwords, it also gives many useful tips and warnings over potential pitfalls of granting users seemingly innocent privileges.
The next three chapters deal with practical considerations affecting the most common servers in existence - DNS, mail and web. As anybody who has run Sendmail, Postfix or qmail knows, mail server attacks have become very common in recent years and have been used as gateways to the entire system, or as mail transfer agents for delivering spam. The chapter shows how to guard against malicious mail server attacks and how to reduce the amount of spam delivered to the system's mail boxes. It deals extensively with both Sendmail and Postfix, but qmail users will find it unfair that their mail server is given no more than two paragraphs. Web server attacks are also covered in great detail, together with some advanced prevention techniques, such as the above-mentioned jails.
Next, it's all about firewalls and intrusion detection. OpenBSD's PF (which has since been ported to FreeBSD) is covered in some detail, although a better book to learn all there is about this excellent firewall is Absolute OpenBSD by Michael W Lucas. The last two chapters of the book are devoted to managing audit trails, incident response and forensics. I decided to skip these for the time being - not only I had been overwhelmed by all the new information I had to absorb in the preceding nine chapters, I haven't had a reason (knock on the wood) to learn about recovering compromised systems. But with ever increasing levels of Internet vandalism, it's great to know that a good resource is available as part of this great book.
Anything that could have been done better? Looking through some reader comments on Amazon.com and other forums discussing the book, it was generally very well received. The only aspects that were somewhat disappointing were the above-mentioned neglect of qmail, a rather superficial discussion on firewall failover techniques with CARP (Common Address Redundancy Protocol) and pfsync, and the omission of OpenBSD's systrace. But since this is the book's first edition, let's hope that the authors will expand the next one by incorporating the above topics.
So, will Mastering FreeBSD and OpenBSD Security make your server impenetrable? Of course not. But if you pay attention to some of the security concepts, implement a few security ideas specific to your situation, and understand the risk versus convenience trade-off, you will definitely sleep more soundly. You will be equipped with valuable knowledge that will give you confidence in preventing and dealing with common Internet malice. A great book indeed.
* * * * *
Title: Mastering FreeBSD and OpenBSD Security
Authors: Yanek Korff, Paco Hope and Bruce Potter
|Released Last Week
Fedora Core 5
The eagerly anticipated Fedora Core 5, code name "Bordeaux", has been released: "The Fedora Project is pleased to announce the release of Fedora Core 5. New desktop applications, advances in security, better localization tools, improved software installation and management facilities and strong Java integration help to make Fedora Core 5 the most innovative Linux distribution ever." For more details please read the release announcement, release summary and release notes.
CentOS, a community distribution built from source packages for Red Hat Enterprise Linux, has been updated to version 4.3: "The CentOS development team is pleased to announce the availability of CentOS 4.3. Major changes in this version of CentOS include: upgraded update system - this new system provides more that 100 total mirrors for updates and picks geographically close and non-stale mirrors based on our master server's content; Frysk, InfiniBand Architecture (IBA), and z/VM hypervisor issues are discussed in the upstream release notes; updated and added packages." Read the full release announcement for additional information.
AliXe is a French Canadian Linux live CD based on SLAX. The new version 0.04, released yesterday, is derived from SLAX 5.0.7b with a number of newly updated packages; these include Linux kernel 2.6.15, X.Org 6.9.0, KDE 3.5.0, OpenOffice.org 2.0.1 (replaces KOffice), GIMP 2.2.10, Firefox 184.108.40.206 and Thunderbird 1.5. Two keyboards are supported: Canadian French and Canadian multilingual. A "copy2ram" option is available on systems with the minimum of 512 MB or memory. Please refer to the release announcement and visit the project's home page (both links in French) for further details.
B2D Linux 20060321
Taiwan's B2D project has released a new KNOPPIX-based live CD that includes both KDE (3.5.1) and GNOME (2.12) on a single CD. Called "PureKGB", the new version combines the best software from the two major desktop environments, although due to space restrictions, some applications, notably OpenOffice.org, Nvu and Mozilla Thunderbird, had to be left out from the CD. These can be installed through the "Klik" infrastructure. Apart from this major change, the previously reported midi playback bug in Rosegarden has also been fixed. Please read the release announcement (in Chinese) for more information and screenshots.
SLAX, a popular live CD based on Slackware Linux, has been updated to version 5.0.8: "It's my pleasure to let you know that SLAX 5.0.8 has been released. All users are strongly encouraged to upgrade, because all new modules created from now are not readable in older SLAX releases. What's new? The long-awaited SLAX Server Edition is finally available; all other editions are updated too; 2.6.16 Linux kernel; fixed bug in mounting of DOS partitions (long file names work now); the 'uselivemod' and 'configsave' features work again." See the distribution's changelog for more details.
Ehad is a single-CD, Mandriva-based distribution designed for the speakers of Hebrew. A new major version was released over the weekend. What's new? "Based on Mandriva 2006.0 packages; includes all official updates released until 25-Mar-2006; OpenOffice.org 2.0 (Hebrew version from official project with hspell and Culmus); removed KOffice; the full range of desktop applications are now installed as default; Ehad desktop, boot and LILO theme; local packages: ehad-media (define software repositories with ease) , ehad-guide (a guide for Israeli Internet Connectivity), ehad-radio (Hebrew Internet Radio launcher), hocr (Hebrew OCR), hdate (Hebrew calendar), Anka (new type-1 font from 'culmus fancy' series)." Read the release announcement (in Hebrew) and release notes for more details.
Ehad 2006 - a single-CD Mandriva-based distribution with support for Hebrew
(full image size: 335kB, resolution: 1280x1024 pixels)
* * * * *
Development and unannounced releases
|Upcoming Releases and Announcements
Summary of expected upcoming releases
New distributions added to the waiting list|
- Aegean Linux. Aegean Linux is an i686-optimised Linux distribution designed for intermediate and advanced users.
- Openfiler. Openfiler is a CentOS-based network storage software distribution. It delivers file-based Network Attached Storage and block-based Storage Area Networking in a single framework.
* * * * *
DistroWatch database summary
That's all for today. The next issue of DistroWatch Weekly will be published on Monday, 3 April 2006. See you then :-)
|Linux Foundation Training
|• Issue 832 (2019-09-16): BlackWeb 1.2, checking for Wayland session and applications, Fedora to use nftables in firewalld, OpenBSD disables DoH in Firefox|
|• Issue 831 (2019-09-09): Adélie Linux 1.0 beta, using ffmpeg, awk and renice, Mint and elementary improvements, PureOS and Manjaro updates|
|• Issue 930 (2019-09-02): deepin 15.11, working with AppArmor profiles, elementary OS gets new greeter, exFAT support coming to Linux kernel|
|• Issue 829 (2019-08-26): EndeavourOS 2019.07.15, Drauger OS 7.4.1, finding the licenses of kernel modules, NetBSD gets Wayland application, GhostBSD changes base repo|
|• Issue 828 (2019-08-19): AcademiX 2.2, concerns with non-free firmware, UBports working on Unity8, Fedora unveils new EPEL channel, FreeBSD phasing out GCC|
|• Issue 827 (2019-08-12): Q4OS, finding files on the disk, Ubuntu works on ZFS, Haiku improves performance, OSDisc shutting down|
|• Issue 826 (2019-08-05): Quick looks at Resilient, PrimeOS, and BlueLight, flagship distros for desktops,Manjaro introduces new package manager|
|• Issue 825 (2019-07-29): Endless OS 3.6, UBports 16.04, gNewSense maintainer stepping down, Fedora developrs discuss optimizations, Project Trident launches stable branch|
|• Issue 824 (2019-07-22): Hexagon OS 1.0, Mageia publishes updated media, Fedora unveils Fedora CoreOS, managing disk usage with quotas|
|• Issue 823 (2019-07-15): Debian 10, finding 32-bit packages on a 64-bit system, Will Cooke discusses Ubuntu's desktop, IBM finalizes purchase of Red Hat|
|• Issue 822 (2019-07-08): Mageia 7, running development branches of distros, Mint team considers Snap, UBports to address Google account access|
|• Issue 821 (2019-07-01): OpenMandriva 4.0, Ubuntu's plan for 32-bit packages, Fedora Workstation improvements, DragonFly BSD's smaller kernel memory|
|• Issue 820 (2019-06-24): Clear Linux and Guix System 1.0.1, running Android applications using Anbox, Zorin partners with Star Labs, Red Hat explains networking bug, Ubuntu considers no longer updating 32-bit packages|
|• Issue 819 (2019-06-17): OS108 and Venom, renaming multiple files, checking live USB integrity, working with Fedora's Modularity, Ubuntu replacing Chromium package with snap|
|• Issue 818 (2019-06-10): openSUSE 15.1, improving boot times, FreeBSD's status report, DragonFly BSD reduces install media size|
|• Issue 817 (2019-06-03): Manjaro 18.0.4, Ubuntu Security Podcast, new Linux laptops from Dell and System76, Entroware Apollo|
|• Issue 816 (2019-05-27): Red Hat Enterprise Linux 8.0, creating firewall rules, Antergos shuts down, Matthew Miller answers questions about Fedora|
|• Issue 815 (2019-05-20): Sabayon 19.03, Clear Linux's developer features, Red Hat explains MDS flaws, an overview of mobile distro options|
|• Issue 814 (2019-05-13): Fedora 30, distributions publish Firefox fixes, CentOS publishes roadmap to 8.0, Debian plans to use Wayland by default|
|• Issue 813 (2019-05-06): ROSA R11, MX seeks help with systemd-shim, FreeBSD tests unified package management, interview with Gael Duval|
|• Issue 812 (2019-04-29): Ubuntu MATE 19.04, setting up a SOCKS web proxy, Scientific Linux discontinued, Red Hat takes over Java LTS support|
|• Issue 811 (2019-04-22): Alpine 3.9.2, rsync examples, Ubuntu working on ZFS support, Debian elects new Project Leader, Obarun releases S6 tools|
|• Issue 810 (2019-04-15): SolydXK 201902, Bedrock Linux 0.7.2, Fedora phasing out Python 2, NetBSD gets virtual machine monitor|
|• Issue 809 (2019-04-08): PCLinuxOS 2019.02, installing Falkon and problems with portable packages, Mint offers daily build previews, Ubuntu speeds up Snap packages|
|• Issue 808 (2019-04-01): Solus 4.0, security benefits and drawbacks to using a live distro, Gentoo gets GNOME ports working without systemd, Redox OS update|
|• Issue 807 (2019-03-25): Pardus 17.5, finding out which user changed a file, new Budgie features, a tool for browsing FreeBSD's sysctl values|
|• Issue 806 (2019-03-18): Kubuntu vs KDE neon, Nitrux's znx, notes on Debian's election, SUSE becomes an independent entity|
|• Issue 805 (2019-03-11): EasyOS 1.0, managing background services, Devuan team debates machine ID file, Ubuntu Studio works to remain an Ubuntu Community Edition|
|• Issue 804 (2019-03-04): Condres OS 19.02, securely erasing hard drives, new UBports devices coming in 2019, Devuan to host first conference|
|• Issue 803 (2019-02-25): Septor 2019, preventing windows from stealing focus, NetBSD and Nitrux experiment with virtual machines, pfSense upgrading to FreeBSD 12 base|
|• Issue 802 (2019-02-18): Slontoo 18.07.1, NetBSD tests newer compiler, Fedora packaging Deepin desktop, changes in Ubuntu Studio|
|• Issue 801 (2019-02-11): Project Trident 18.12, the meaning of status symbols in top, FreeBSD Foundation lists ongoing projects, Plasma Mobile team answers questions|
|• Issue 800 (2019-02-04): FreeNAS 11.2, using Ubuntu Studio software as an add-on, Nitrux developing znx, matching operating systems to file systems|
|• Issue 799 (2019-01-28): KaOS 2018.12, Linux Basics For Hackers, Debian 10 enters freeze, Ubuntu publishes new version for IoT devices|
|• Issue 798 (2019-01-21): Sculpt OS 18.09, picking a location for swap space, Solus team plans ahead, Fedora trying to get a better user count|
|• Issue 797 (2019-01-14): Reborn OS 2018.11.28, TinyPaw-Linux 1.3, dealing with processes which make the desktop unresponsive, Debian testing Secure Boot support|
|• Issue 796 (2019-01-07): FreeBSD 12.0, Peppermint releases ISO update, picking the best distro of 2018, roundtable interview with Debian, Fedora and elementary developers|
|• Issue 795 (2018-12-24): Running a Pinebook, interview with Bedrock founder, Alpine being ported to RISC-V, Librem 5 dev-kits shipped|
|• Issue 794 (2018-12-17): Void 20181111, avoiding software bloat, improvements to HAMMER2, getting application overview in GNOME Shell|
|• Issue 793 (2018-12-10): openSUSE Tumbleweed, finding non-free packages, Debian migrates to usrmerge, Hyperbola gets FSF approval|
|• Issue 792 (2018-1203): GhostBSD 18.10, when to use swap space, DragonFly BSD's wireless support, Fedora planning to pause development schedule|
|• Issue 791 (2018-11-26): Haiku R1 Beta1, default passwords on live media, Slax and Kodachi update their media, dual booting DragonFly BSD on EFI|
|• Issue 790 (2018-11-19): NetBSD 8.0, Bash tips and short-cuts, Fedora's networking benchmarked with FreeBSD, Ubuntu 18.04 to get ten years of support|
|• Issue 789 (2018-11-12): Fedora 29 Workstation and Silverblue, Haiku recovering from server outage, Fedora turns 15, Debian publishes updated media|
|• Issue 788 (2018-11-05): Clu Linux Live 6.0, examining RAM consumpion, finding support for older CPUs, more Steam support for running Windows games on Linux, update from Solus team|
|• Issue 787 (2018-10-29): Lubuntu 18.10, limiting application access to specific users, Haiku hardware compatibility list, IBM purchasing Red Hat|
|• Issue 786 (2018-10-22): elementary OS 5.0, why init keeps running, DragonFly BSD enables virtual machine memory resizing, KDE neon plans to drop older base|
|• Issue 785 (2018-10-15): Reborn OS 2018.09, Nitrux 1.0.15, swapping hard drives between computers, feren OS tries KDE spin, power savings coming to Linux|
|• Issue 784 (2018-10-08): Hamara 2.1, improving manual pages, UBports gets VoIP app, Fedora testing power saving feature|
|• Issue 783 (2018-10-01): Quirky 8.6, setting up dual booting with Ubuntu and FreeBSD, Lubuntu switching to LXQt, Mint works on performance improvements|
|• Issue 782 (2018-09-24): Bodhi Linux 5.0.0, Elive 3.0.0, Solus publishes ISO refresh, UBports invites feedback, Linux Torvalds plans temporary vacation|
|• Issue 781 (2018-09-17): Linux Mint 3 "Debian Edition", file systems for SSDs, MX makes installing Flatpaks easier, Arch team answers questions, Mageia reaches EOL|
|• Issue 780 (2018-09-10): Netrunner 2018.08 Rolling, Fedora improves language support, how to customize Kali Linux, finding the right video drivers|
|• Full list of all issues|
Star Labs - Laptops built for Linux.
View our range including the Star Lite, Star LabTop and more. Available with a choice of Ubuntu, Linux Mint or Zorin OS pre-installed with many more distributions supported. Visit Star Labs for information, to buy and get support.
|Random Distribution |
ClearOS is a small business server operating system with server, networking, and gateway functions. It is designed primarily for homes, small, medium, and distributed environments. It is managed from a web based user interface, but can also be completely managed and tuned from the command line. ClearOS is available in a free Community Edition, which includes available open source updates and patches from its upstream sources. ClearOS is also offered in a Home and Business Edition which receives additional testing of updates and only uses tested code for updates. Professional tech-support is also available. Currently ClearOS offers around 100+ different features which can be installed through the onboard ClearOS Marketplace.