DistroWatch Weekly |
DistroWatch Weekly, Issue 321, 21 September 2009 |
Welcome to this year's 38th issue of DistroWatch Weekly! Computer security has been a hot topic of discussion on these pages in recent weeks. As a result, Caitlyn Martin has embarked upon writing a series of articles covering the basics of computer and Internet security, starting today with part one - user authentication. In the news section, the openSUSE user community launches an initiative to build an enterprise-level distribution with long-term security support, Mark Shuttleworth announces the code name for Ubuntu 10.04, Clement Lefebvre reveals some early information about the improvements in Linux Mint 8 "Helena", and OpenBSD delays the planned October release by a month over a CD manufacturing error. Finally, don't miss the New Distributions section which includes some interesting new additions to the waiting list, including a new Slackware-based desktop distribution called Salix OS. Happy reading!
Content:
Listen to the Podcast edition of this week's DistroWatch Weekly in OGG (40MB) and MP3 (38MB) formats
Join us at irc.freenode.net #distrowatch
|
Feature Story (by Caitlyn Martin) |
Linux Security Basics, Part 1: Authentication
There have been a number of discussions, some of them fairly heated, about system security in the comments section of DistroWatch Weekly (DWW) over the last couple of months. Some have even argued against what most would consider basic Linux security. As a result I received a number of requests to write an article covering Linux security basics, complete with references. There are, of course, entire books written on Linux security and as I began writing, it became clear that one article just wouldn't do the subject justice. Consider this week's feature to be a starting point for a small, intermittent series of articles about Linux security.
I have limited the scope of this article and any future DistroWatch features on security to what makes sense to the home or small office user or, in other words, environments with just a handful of systems and users. Most of what follows can be applied to BSD, OpenSolaris, or indeed any UNIX or UNIX-like operating system, though the file names, specific commands and syntax may be somewhat different. To keep things simple I'm going to stick with Linux systems.
Before I get into describing basic Linux authentication, the recent discussions made it abundantly clear that I need to first define what I mean by security. I also have to answer the most basic question which is why we need to bother with security at all. Some DWW readers claim to have all but ignored security without a single problem for many years. Those claims are undoubtedly true. That doesn't mean the potential for real problems isn't present. Kurt Seifried, in his Linux Administrator's Security Guide, writes: "You only need to make one mistake or leave one flaw available for an attacker to get in. This, of course, means that most sites will eventually be broken into." He adds: "All technical security measures will eventually fail or be vulnerable to an attacker. This is why you must have multiple layers of protection."
The book, Practical UNIX and Internet Security, gives a very simple, straightforward definition of security: "A computer is secure if you can depend on it and its software to behave as you expect." There are many more technical and detailed definitions out there but that one line really does sum it up. If someone makes uninvited use of your system(s) for their own purposes without your consent, that definition is no longer met. Uninvited use can be by a friend or family member who means no harm, a co-worker, or a stranger halfway around the world.
When I talk about security, one of the questions I am frequently asked is why anyone would want to target a home or small business system. Last week Linux Pro Magazine Online published a report describing some 100 poorly secured Linux servers in Russia used as part of a botnet to distribute malware to Windows systems. Keep in mind that many home desktop systems are more powerful than servers of just a few years ago. When you combine the horsepower in today's hardware with the persistent high speed broadband connections many of us now enjoy and you can see how almost any system can be an inviting target.
Accounts and passwords
The first and simplest line of defense is a password. In his book, Securing & Optimizing Linux: The Ultimate Solution, Gerhard Mourani writes: "Many people keep their valuable information and files on a computer, and the only thing preventing others from seeing it is the eight-character string called a password. An unbreakable password, contrary to popular belief, does not exist. Given time and resources all passwords can be guessed either by social engineering or brute force." Some Linux users go even farther, running distributions which have either no password or a well-known and published password on a privileged or root account. This is tantamount to putting out a welcome mat for anyone and everyone who wishes to access your system provided they have physical access. A vulnerability in a service which communicates across the Internet can effectively leave such a system open to literally anyone who is aware of both the flaw and the password. Kurt Seifried, writing about insecure defaults of all sorts, not just passwords, states: "This is one of the problems that have caused no end of security problems since day one."
Mourani lists four basic rules for a good password. Three of them do apply even to home and SOHO systems:
- They should be at least six characters in length, preferably eight characters, with at least one numeral and one special character.
- They must not be trivial; a trivial password is one that is easy to guess and is usually based on the user's name, family, occupation, or some other personal characteristic.
- They should have an aging period, requiring a new password to be chosen within a specific time frame.
Every major Linux distribution has tools to enforce strong passwords and password aging. Many users don't use them because a long, non-trivial password which changes periodically is inconvenient. Security, by nature, is inconvenient. It is up to each of us to decide how much inconvenience is worth putting up with to have a secure system.
Root account
The root account (a.k.a the superuser account) is the one account on each and every *nix system which generally has absolutely no restrictions placed on it. Root can do anything. For this reason it is generally recommended to not login and run as root unless it's absolutely necessary.
The first person not running as root protects you from is yourself. I did six weeks of work for a local bank prior to a merger. One of their professional system administrators, a man with years of experience, wrote a script to clean up old files on a server. For obvious reasons it had to run as root. He made a minor syntax error in the script which caused it to run from the root file system rather than one of the file systems where it was supposed to run. To make matters worse he ignored the proper change control procedures because he thought this was trivial maintenance. The script ran overnight and dutifully began removing large parts of the operating system that were older that the date set in his script, effectively wiping out a production server. The point of the story is that even seasoned professionals make mistakes, sometimes with disastrous consequences. If you're running as root you can easily, accidentally do damage to your system without warning. This is why some Linux distributions, e.g. Ubuntu, don't permit root logins by default.
It should go without saying that strong password rules should be applied to the root account first and foremost. If remote root access is permitted, either by design or because of a security vulnerability, a strong password may delay an intrusion long enough to be detected and prevented. There have also been a number of Internet applications, including web browsers, which have had vulnerabilities that effectively allow remote access as the user running the application. If that user is root these security flaws become far more dangerous. This is why some Linux applications have very tersely worded warnings about running them as root.
Every Linux distribution, even the most minimal, has tools to allow the temporary granting of root privileges to an ordinary user. The most common are su, short for "switch user", and sudo, short for "superuser do". The sudo command offers the ability to log what you are doing as root. It also provides the simplest means for doling out a subset of root privileges to someone who needs to do specific tasks which require root privileges but does not need full and absolute control of a system, making it ideal for small business networks. A detailed HOWTO covering both su and sudo will be coming to DWW soon.
Basic Linux authentication: how it works
On any modern Linux system there are three files that provide the most basic level of authentication for the local system:
/etc/passwd
/etc/group
/etc/shadow
Every user on the system has a unique user ID (UID), a number, associated with their username. (NOTE: It is possible to assign two usernames to a single UID, effectively creating a single account with two names which can be used to login.) Each user belongs to at least one group of users and each group has a unique group ID (GID) associated with the group name.
The /etc/passwd file is a plain text file. It can be edited with any text editor run as root. It contains seven fields for each user, separated by colons:
- the username
- a lowercase x (usually)
- the user ID (UID)
- the user's default group
- the user's full name and, optionally, additional plain text info about the user
- the user's home directory
- the user's default shell
The default shell is particularly important for system accounts. Many system tools and some applications require their own user account to run properly. However, you wouldn't want someone to actually be able to login as that task. In this case a dummy shell, typically /bin/false, is used. If there is no valid shell the user can't login.
In the dim and distant past the /etc/passwd file also contained the users' passwords in plain text. As networks grew it became clear that some sort of secure way of storing passwords that wasn't human readable was an absolute must and, as usual, it was a security incident that convinced someone of the need. In 1987 Julianne Haugh experienced a break-in and wrote the original Shadow Password Suite, which originally contained the login, passwd, and su commands. Shadow passwords have been included in Linux since 1992 and the suite has grown to 30 commands.
The basic concept of shadowing is easy to understand. I'll quote Seifried again: "For many years the solution has been quite simple and effective, simply hash the passwords, and store the hash, when a user needs to authenticate take the password they enter it, hash it, and if it matches then it was obviously the same password." Over time the computing power grew and it became easier to crack even hashed passwords so Linux and other UNIX systems moved to stronger encryption systems, most commonly MD5. In addition to the username and hashed password, /etc/shadow also contains password aging information.
Using chage to setup password aging
All the major Linux distributions have graphical tools which front end the Shadow Password Suite. However, if you're running a more minimal distribution or if you'd like to manage password aging from the command line on an existing account, the easiest way to do it is with the chage command. At its simplest you can set a period of time after which the password must be changed. For example, if I want to force a user (yes, even myself) to change their password every 90 days I can do it with the command:
chage -m 90 user
where "user" is replaced with the actual user name. It's a lot friendlier to also set a warning with the -W option. Let's say I wanted a 5-day warning before the password actually expires. The command would then be:
chage -m 90 -W 5 user
Any user can check when their password expires with the command:
chage -l user
Pluggable Authentication Modules (PAM)
PAM is something that mostly applies to larger networks but since it is enabled by default as part of the authentication process on many major Linux distributions, it deserves a mention here. On larger networks there are a number of systems (NIS, NIS+ and LDAP, for example) that are used to allow a user to use one account to log onto many systems. There are also more advanced security systems which allow passwords to be changed minute by minute. In many enterprise networks someone who needs access to secure systems is issued a key fob with a small LCD or LED screen which displays the password of the moment. What PAM does is allow administrators to set up rules for how each type of authentication is handled and allows multiple authentication methods to be used and managed in one place. An example of a rule may be one which allows a class of users to only login during certain hours.
OK, so what does this have to do with a home user? Well, if you're running Debian GNU/Linux, Red Hat/Fedora, SUSE Linux Enterprise or many of the distros based on one of those three then PAM is enabled by default on your system and it certainly is possible for you to use it to setup rules for given systems in even a small network. Slackware, on the other hand, doesn't include PAM at all though some Slackware derivatives, notably Zenwalk Linux, do. A slightly dated PAM manual from Red Hat can be found here.
One good use for PAM on home or small business networks is strong password enforcement. PAM includes a module which uses CrackLib to determine if a password is "strong enough". What "strong enough" means on your system(s) is entirely configurable. Some distributions, including Red Hat Enterprise Linux and its clones, including Oracle Enterprise Linux, CentOS and Scientific Linux, enable the pam-cracklib module by default.
Future Articles
In upcoming parts of this series we'll look at basic steps you can take to keep your server secure by limiting which services are running and access to services that need to run. We'll look at network ports, how to tell which are open and which are closed, and how to close ones which aren't needed. We'll look at Linux file system security, covering everything from permissions to encryption. We'll look at the firewall included in the Linux kernel and how to use it and, as promised, we'll cover how to dole out root privileges safely. Finally, we'll end with a primer on system logs and how to determine if you've had an unwanted visitor.
|
Miscellaneous News (by Chris Smart) |
openSUSE community ponders a CentOS-like enterprise distribution, Ubuntu announces code name for 10.04, Linux Mint hints at improvements in "Helena", OpenBSD delays release over CD manufacturing fault
Leading the news this week is a story about plans among the community to create a long-term supported variant of openSUSE, specifically with servers in mind. Recently Novell announced that it has shortened the support life of the distro further from two years down to just eighteen months. This might help to ease the workload for Novell employees but it means more work for the end users who will now need to upgrade more often. Commercial offerings from the company are, on the other hand, maintained and supported for five to seven years, but will small businesses switch from the free openSUSE to costly SLES with support contracts? Boyd Lynn Gerber doesn't necessary think so and suggested a number of options to combat this problem. Two such options would be to extend support for openSUSE products, in effect creating an openSUSE LTS edition, or a new fork entirely based off the SLES source code à la, openSLES. The latter idea would be similar to CentOS, which builds a new binary distro from the source code of Red Hat Enterprise Linux. Would such a distro be of interest to the wider community and would it hurt or hinder Novell?
Elsewhere in openSUSE land, TuxRadar has published an interview with the project's Program Manager, Andreas Jaegar. The team discusses the distro's new eight month release cycle and asks Jaegar what his favourite features are in the upcoming 11.2 release. A web interface for YaST is one such feature which might see an introduction shortly. He writes: "WebYAST is AJAXy. It's still in its infancy... We might use one or two of its modules in 11.2." TuxRadar also asked whether we might see Con Kolivas' new scheduler in openSUSE, to which Jaegar replied: "Instead of a subjective feeling that it's better, get some numbers to see. And if it's good, we have the openSUSE Build Service - anyone can take our kernel and apply a patch on top of it. But at the moment it's too experimental and unknown." He also discusses the move to KDE as the default desktop, remix versions of the distro thanks to SUSE Studio, working more closely with Red Hat to create more portable RPM files, and more.
* * * * *
It's time again to find out what release of Ubuntu +1 (version 10.04), will be called. According to this blog post by Lisa Hoover, Ubuntu founder Mark Shuttleworth made the announcement at the Atlanta Linux Fest, revealing that the code name of Ubuntu 10.04 will be "Lucid Lynx" (here is the video announcing the new name). The upcoming 9.10 release will be, of course, "Karmic Koala", which builds further on the distro's technology, especially in the cloud. The first version for 2010 will be a long-term support (LTS) release, which are generally less cutting-edge. It's good timing because what Ubuntu needs now is more polish. The One Hundred Paper Cuts project is doing a great job sorting out these small niggling issues, but to compete with Apple's OS X for consumer's money (one of Mark Shuttleworth's primary goals for the distro) still needs work. The release therefore, is aptly named, as it will hopefully indeed be lucid - easily understood and completely intelligible. If Canonical can get it right, it might be the final push companies need to ditch Windows and put Ubuntu on their mainstream consumer products.
* * * * *
The founder of Linux Mint, Clement Lefebvre, has posted an update on what he's been working on recently. He walks through some changes for the upcoming "Helena release", including the renaming of various Mint tools to more useful names, such as "Software Manager" over "mintInstall." He also cites improvements to the installation and removing of packages: "When an application is listed, mintInstall now queries APT to find out whether it's installed on the system and what versions are installed and/or available. This process is almost immediate and doesn't impact the responsiveness. This basically means that, looking at an application, you'll be able to see if it's already installed or not, you'll be able to see its version and you'll be able to install it but also to remove it from mintInstall." The refresh button is also being removed in order to ease the load on Linux Mint servers and some improvements to the interface are coming, including optimisation for the smaller screen size on netbooks.
* * * * *
Finally, it looks like the next release of OpenBSD will be delayed by one month. Theo de Raadt, the project's founder and lead developer, says that the reason for the delay is a problem with CD manufacturing at a third-party manufacturing facility: "They have had serious CD production problems. Because everything in CD manufacturing is so ridiculously outsourced, all I know is that the plant which was used this time (Q Media Services Corporation in Vancouver) has made about six faulty CD pressings in a row." Hopefully there will not be any further delays as the tree was frozen rather early and large numbers of OpenBSD fans have pre-ordered discs. It can be painful waiting for the new version of your favourite operating system to arrive, but no doubt it is better to receive belated media which work, rather than some which are timely but faulty!
|
Released Last Week |
SystemRescueCd 1.3.0
François Dupoux has released SystemRescueCd 1.3.0, a Gentoo-based live CD designed for administering or repairing an operating system and data after a crash. What's new in version 1.3.0? "Updated the standard kernels to Linux kernel 2.6.31; updated FSArchiver to 0.5.9 (better NTFS support); updated NTFS-3G to version 2009.4.4 AR17 (NTFS-3G advanced release); updated e2fsprogs to 1.41.9 (ext2, ext3, ext4 file system tools); Linux kernel 2.6.31 and btrfs-progs 0.19 are using a new btrfs format; added gdisk 0.3.1 (gdisk is a GPT partition table manipulator); updated the Xfce desktop environment to version 4.6.1; updated Python to version 2.6.2; updated Mozilla Firefox to version 3.5.2." Read the complete changelog for further details.
Oracle Enterprise Linux 5 Update 4
Oracle has announced the release of Oracle Enterprise Linux 5 Update 4, an enterprise-level distribution based on Red Hat Enterprise Linux 5.4: "Oracle is pleased to announce the general availability of Enterprise Linux Release 5 Update 4 for x86 (32-bit) and x86_64 (64-bit) architectures. This update includes the following kernel/driver changes: bug fixes added by Oracle - check to see if hypervisor supports memory reservation change, add Entropy support to IGB, add Xen pv/bonding netconsole support, shrink zone patch, fix aacraid not to reset during kexec, fix failure of file creation from hpux client; fixes and additions from the upstream distribution provider - a new tunable parameter has been added to the kernel, allowing system administrators to change the maximum number of modified pages kupdate writes to disk...." Read the rest of the release announcement for a complete technical changelog.
Ojuba 3
Muayyad Al-Sadi has announced the release of Ojuba 3, a Fedora-based distribution with Islamic utilities and support for Arabic: "We are proud to announce the release of Ojuba 3. This release comes in two forms: a live DVD/USB and an installation DVD which can be used to upgrade from a previous release. The installation DVD contains packages and serves as a repository for offline installation of packages. It includes GNOME 2.26, KDE 4.3.1, Xfce 4.6.1, LXDE. Features: Ojuba control center, original artwork, Quran browser and Thwab library, many Arabic and Islamic books like Sunan and classical dictionaries, prayer time reminder, Monajat supplications, Hijri calendar, Sun JRE, multimedia support, mlterm with support for Arabic. This release is based on Fedora 11 and it includes fast boot, ext4 support, fingerprint login...." Here is the full release announcement with several screenshots.
Ojuba 3 - a Fedora-based distribution with complete support for Arabic (full image size: 708kB, screen resolution 1280x800 pixels)
DragonFly BSD 2.4
Matthew Dillon has announced the release of DragonFly BSD 2.4, a general-purpose operating system originally forked from FreeBSD 4.x: "The DragonFly 2.4 release is here! Three release options are now available: a bare-bones CD image, a DVD image which includes a fully operational X environment, and a bare-bones bootable USB disk-key image. In addition we will for the first time be shipping a 64-bit ISO image. 64-bit support is stable but there will only be limited 'pkgsrc' support in this release. DragonFly BSD 2.4 is a bigger release than normal. The single most invasive change is the introduction of DEVFS. The /dev file system is now mounted by the kernel after it mounts the root file system. All major and minor numbers have changed and the old /dev is no longer meaningful." Read the detailed release announcement for a complete list of changes and upgrade notes.
Puppy Linux 4.3
Barry Kauler has announced the release of Puppy Linux 4.3: "Puppy Linux version 4.3 released. Highlights: Linux kernel 2.6.30.5 configured for SMP (multi-processor) systems, with support for the ext4 file system and patched for Aufs2; Internet by dial-up - the kernel has drivers for many modems, including Agere, ESS, Lucent, Conexant, SmartLink, PCTEL and Intel chipsets; Pstreamvid - a great GUI for playing Internet TV; JWM theme maker; Psync - synchronises the clock to an Internet time server; SQLiteManager - a front-end for SQLite and an add-on to SeaMonkey; Hiawatha - a very small and extremely secure web server to serve CUPS, PPLOG and QUISP pages; a screenshot utility based on mtPaint, but with a very basic GUI; Pmirrorget for downloading a complete web site...." Read the detailed release announcement for a complete list of changes and new features.
Puppy Linux 4.3 - a major update of the popular mini-distribution (full image size: 680kB, screen resolution 1280x1024 pixels)
Parted Magic 4.5
Patrick Verner has released Parted Magic 4.5, a small Linux live CD designed primarily as a hard disk partitioning utility: "This new version of Parted Magic updates the graphical server X.Org, expands networking, improves RAM usage, and fixes some bugs. To combat some of the problems associated with the newer versions of X.Org and Intel chipsets, Parted Magic offers driver versions intel-2.4.1, intel-2.5.1, intel-2.6.3, intel-2.7.1 as boot options. There is a new PPPoE option added to the 'Start Network' program. RAM usage has been significantly reduced for the 'Default settings (Runs from RAM)' and 'Live with low RAM settings' boot options. The default option only requires 192 MB, from 256 MB in version 4.4, to completely run Parted Magic from RAM. The biggest gain was with the low RAM option because that now only requires 48 MB to run." Visit the project's home page to read the release announcement.
* * * * *
Development, unannounced and minor bug-fix releases
|
Upcoming Releases and Announcements |
Summary of expected upcoming releases
|
DistroWatch.com News |
New distributions added to database
- eBox Platform. eBox Platform is a unified network server that offers easy and efficient computer network administration for small and medium-size businesses. It can act as a gateway, an infrastructure manager, a unified threat manager, an office server, a unified communication server or a combination of them. These functionalities are tightly integrated, automating most tasks, avoiding mistakes and saving time for system administrators. eBox Platform is released under the GNU General Public License (GPL) and runs on top of Ubuntu.
* * * * *
New distributions added to waiting list
* * * * *
DistroWatch database summary
* * * * *
And this concludes the latest issue of DistroWatch Weekly. The next instalment will be published on Monday, 28 September 2009.
Caitlyn Martin, Chris Smart and Ladislav Bodnar
|
|
Tip Jar |
If you've enjoyed this week's issue of DistroWatch Weekly, please consider sending us a tip. (Tips this week: 0, value: US$0.00) |
|
|
|
bc1qxes3k2wq3uqzr074tkwwjmwfe63z70gwzfu4lx lnurl1dp68gurn8ghj7ampd3kx2ar0veekzar0wd5xjtnrdakj7tnhv4kxctttdehhwm30d3h82unvwqhhxarpw3jkc7tzw4ex6cfexyfua2nr 86fA3qPTeQtNb2k1vLwEQaAp3XxkvvvXt69gSG5LGunXXikK9koPWZaRQgfFPBPWhMgXjPjccy9LA9xRFchPWQAnPvxh5Le paypal.me/distrowatchweekly • patreon.com/distrowatch |
|
Extended Lifecycle Support by TuxCare |
| |
TUXEDO |
TUXEDO Computers - Linux Hardware in a tailor made suite Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
|
Archives |
• Issue 1105 (2025-01-20): CentOS 10 Stream, old Flatpak bundles in software centres, Haiku ports Iceweasel, Oracle shows off debugging tools, rsync vulnerability patched |
• Issue 1104 (2025-01-13): DAT Linux 2.0, Silly things to do with a minimal computer, Budgie prepares Wayland only releases, SteamOS coming to third-party devices, Murena upgrades its base |
• Issue 1103 (2025-01-06): elementary OS 8.0, filtering ads with Pi-hole, Debian testing its installer, Pop!_OS faces delays, Ubuntu Studio upgrades not working, Absolute discontinued |
• Issue 1102 (2024-12-23): Best distros of 2024, changing a process name, Fedora to expand Btrfs support and releases Asahi Remix 41, openSUSE patches out security sandbox and donations from Bottles while ending support for Leap 15.5 |
• Issue 1101 (2024-12-16): GhostBSD 24.10.1, sending attachments from the command line, openSUSE shows off GPU assignment tool, UBports publishes security update, Murena launches its first tablet, Xfce 4.20 released |
• Issue 1100 (2024-12-09): Oreon 9.3, differences in speed, IPFire's new appliance, Fedora Asahi Remix gets new video drivers, openSUSE Leap Micro updated, Redox OS running Redox OS |
• Issue 1099 (2024-12-02): AnduinOS 1.0.1, measuring RAM usage, SUSE continues rebranding efforts, UBports prepares for next major version, Murena offering non-NFC phone |
• Issue 1098 (2024-11-25): Linux Lite 7.2, backing up specific folders, Murena and Fairphone partner in fair trade deal, Arch installer gets new text interface, Ubuntu security tool patched |
• Issue 1097 (2024-11-18): Chimera Linux vs Chimera OS, choosing between AlmaLinux and Debian, Fedora elevates KDE spin to an edition, Fedora previews new installer, KDE testing its own distro, Qubes-style isolation coming to FreeBSD |
• Issue 1096 (2024-11-11): Bazzite 40, Playtron OS Alpha 1, Tucana Linux 3.1, detecting Screen sessions, Redox imports COSMIC software centre, FreeBSD booting on the PinePhone Pro, LXQt supports Wayland window managers |
• Issue 1095 (2024-11-04): Fedora 41 Kinoite, transferring applications between computers, openSUSE Tumbleweed receives multiple upgrades, Ubuntu testing compiler optimizations, Mint partners with Framework |
• Issue 1094 (2024-10-28): DebLight OS 1, backing up crontab, AlmaLinux introduces Litten branch, openSUSE unveils refreshed look, Ubuntu turns 20 |
• Issue 1093 (2024-10-21): Kubuntu 24.10, atomic vs immutable distributions, Debian upgrading Perl packages, UBports adding VoLTE support, Android to gain native GNU/Linux application support |
• Issue 1092 (2024-10-14): FunOS 24.04.1, a home directory inside a file, work starts of openSUSE Leap 16.0, improvements in Haiku, KDE neon upgrades its base |
• Issue 1091 (2024-10-07): Redox OS 0.9.0, Unified package management vs universal package formats, Redox begins RISC-V port, Mint polishes interface, Qubes certifies new laptop |
• Issue 1090 (2024-09-30): Rhino Linux 2024.2, commercial distros with alternative desktops, Valve seeks to improve Wayland performance, HardenedBSD parterns with Protectli, Tails merges with Tor Project, Quantum Leap partners with the FreeBSD Foundation |
• Issue 1089 (2024-09-23): Expirion 6.0, openKylin 2.0, managing configuration files, the future of Linux development, fixing bugs in Haiku, Slackware packages dracut |
• Issue 1088 (2024-09-16): PorteuX 1.6, migrating from Windows 10 to which Linux distro, making NetBSD immutable, AlmaLinux offers hardware certification, Mint updates old APT tools |
• Issue 1087 (2024-09-09): COSMIC desktop, running cron jobs at variable times, UBports highlights new apps, HardenedBSD offers work around for FreeBSD change, Debian considers how to cull old packages, systemd ported to musl |
• Issue 1086 (2024-09-02): Vanilla OS 2, command line tips for simple tasks, FreeBSD receives investment from STF, openSUSE Tumbleweed update can break network connections, Debian refreshes media |
• Issue 1085 (2024-08-26): Nobara 40, OpenMandriva 24.07 "ROME", distros which include source code, FreeBSD publishes quarterly report, Microsoft updates breaks Linux in dual-boot environments |
• Issue 1084 (2024-08-19): Liya 2.0, dual boot with encryption, Haiku introduces performance improvements, Gentoo dropping IA-64, Redcore merges major upgrade |
• Issue 1083 (2024-08-12): TrueNAS 24.04.2 "SCALE", Linux distros for smartphones, Redox OS introduces web server, PipeWire exposes battery drain on Linux, Canonical updates kernel version policy |
• Issue 1082 (2024-08-05): Linux Mint 22, taking snapshots of UFS on FreeBSD, openSUSE updates Tumbleweed and Aeon, Debian creates Tiny QA Tasks, Manjaro testing immutable images |
• Issue 1081 (2024-07-29): SysLinuxOS 12.4, OpenBSD gain hardware acceleration, Slackware changes kernel naming, Mint publishes upgrade instructions |
• Issue 1080 (2024-07-22): Running GNU/Linux on Android with Andronix, protecting network services, Solus dropping AppArmor and Snap, openSUSE Aeon Desktop gaining full disk encryption, SUSE asks openSUSE to change its branding |
• Issue 1079 (2024-07-15): Ubuntu Core 24, hiding files on Linux, Fedora dropping X11 packages on Workstation, Red Hat phasing out GRUB, new OpenSSH vulnerability, FreeBSD speeds up release cycle, UBports testing new first-run wizard |
• Issue 1078 (2024-07-08): Changing init software, server machines running desktop environments, OpenSSH vulnerability patched, Peppermint launches new edition, HardenedBSD updates ports |
• Issue 1077 (2024-07-01): The Unity and Lomiri interfaces, different distros for different tasks, Ubuntu plans to run Wayland on NVIDIA cards, openSUSE updates Leap Micro, Debian releases refreshed media, UBports gaining contact synchronisation, FreeDOS celebrates its 30th anniversary |
• Issue 1076 (2024-06-24): openSUSE 15.6, what makes Linux unique, SUSE Liberty Linux to support CentOS Linux 7, SLE receives 19 years of support, openSUSE testing Leap Micro edition |
• Issue 1075 (2024-06-17): Redox OS, X11 and Wayland on the BSDs, AlmaLinux releases Pi build, Canonical announces RISC-V laptop with Ubuntu, key changes in systemd |
• Issue 1074 (2024-06-10): Endless OS 6.0.0, distros with init diversity, Mint to filter unverified Flatpaks, Debian adds systemd-boot options, Redox adopts COSMIC desktop, OpenSSH gains new security features |
• Issue 1073 (2024-06-03): LXQt 2.0.0, an overview of Linux desktop environments, Canonical partners with Milk-V, openSUSE introduces new features in Aeon Desktop, Fedora mirrors see rise in traffic, Wayland adds OpenBSD support |
• Issue 1072 (2024-05-27): Manjaro 24.0, comparing init software, OpenBSD ports Plasma 6, Arch community debates mirror requirements, ThinOS to upgrade its FreeBSD core |
• Issue 1071 (2024-05-20): Archcraft 2024.04.06, common command line mistakes, ReactOS imports WINE improvements, Haiku makes adjusting themes easier, NetBSD takes a stand against code generated by chatbots |
• Issue 1070 (2024-05-13): Damn Small Linux 2024, hiding kernel messages during boot, Red Hat offers AI edition, new web browser for UBports, Fedora Asahi Remix 40 released, Qubes extends support for version 4.1 |
• Issue 1069 (2024-05-06): Ubuntu 24.04, installing packages in alternative locations, systemd creates sudo alternative, Mint encourages XApps collaboration, FreeBSD publishes quarterly update |
• Issue 1068 (2024-04-29): Fedora 40, transforming one distro into another, Debian elects new Project Leader, Red Hat extends support cycle, Emmabuntus adds accessibility features, Canonical's new security features |
• Issue 1067 (2024-04-22): LocalSend for transferring files, detecting supported CPU architecure levels, new visual design for APT, Fedora and openSUSE working on reproducible builds, LXQt released, AlmaLinux re-adds hardware support |
• Issue 1066 (2024-04-15): Fun projects to do with the Raspberry Pi and PinePhone, installing new software on fixed-release distributions, improving GNOME Terminal performance, Mint testing new repository mirrors, Gentoo becomes a Software In the Public Interest project |
• Issue 1065 (2024-04-08): Dr.Parted Live 24.03, answering questions about the xz exploit, Linux Mint to ship HWE kernel, AlmaLinux patches flaw ahead of upstream Red Hat, Calculate changes release model |
• Issue 1064 (2024-04-01): NixOS 23.11, the status of Hurd, liblzma compromised upstream, FreeBSD Foundation focuses on improving wireless networking, Ubuntu Pro offers 12 years of support |
• Issue 1063 (2024-03-25): Redcore Linux 2401, how slowly can a rolling release update, Debian starts new Project Leader election, Red Hat creating new NVIDIA driver, Snap store hit with more malware |
• Issue 1062 (2024-03-18): KDE neon 20240304, changing file permissions, Canonical turns 20, Pop!_OS creates new software centre, openSUSE packages Plasma 6 |
• Issue 1061 (2024-03-11): Using a PinePhone as a workstation, restarting background services on a schedule, NixBSD ports Nix to FreeBSD, Fedora packaging COSMIC, postmarketOS to adopt systemd, Linux Mint replacing HexChat |
• Issue 1060 (2024-03-04): AV Linux MX-23.1, bootstrapping a network connection, key OpenBSD features, Qubes certifies new hardware, LXQt and Plasma migrate to Qt 6 |
• Issue 1059 (2024-02-26): Warp Terminal, navigating manual pages, malware found in the Snap store, Red Hat considering CPU requirement update, UBports organizes ongoing work |
• Issue 1058 (2024-02-19): Drauger OS 7.6, how much disk space to allocate, System76 prepares to launch COSMIC desktop, UBports changes its version scheme, TrueNAS to offer faster deduplication |
• Issue 1057 (2024-02-12): Adelie Linux 1.0 Beta, rolling release vs fixed for a smoother experience, Debian working on 2038 bug, elementary OS to split applications from base system updates, Fedora announces Atomic Desktops |
• Issue 1056 (2024-02-05): wattOS R13, the various write speeds of ISO writing tools, DSL returns, Mint faces Wayland challenges, HardenedBSD blocks foreign USB devices, Gentoo publishes new repository, Linux distros patch glibc flaw |
• Issue 1055 (2024-01-29): CNIX OS 231204, distributions patching packages the most, Gentoo team presents ongoing work, UBports introduces connectivity and battery improvements, interview with Haiku developer |
• Issue 1054 (2024-01-22): Solus 4.5, comparing dd and cp when writing ISO files, openSUSE plans new major Leap version, XeroLinux shutting down, HardenedBSD changes its build schedule |
• Issue 1053 (2024-01-15): Linux AI voice assistants, some distributions running hotter than others, UBports talks about coming changes, Qubes certifies StarBook laptops, Asahi Linux improves energy savings |
• Full list of all issues |
Star Labs |
Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.
|
Random Distribution |
Chitwanix OS
Chitwanix OS was an Ubuntu-based distribution that has been crafted to fit the needs of computer users in Nepal. It comes with the Sagarmatha desktop environment (a fork of Linux Mint's Cinnamon) and it also offers various user-friendly enhancements. The developers of Chitwanix OS are cooperating with user communities in Nepal in order to translate the operating system and applications into Nepali, as well as Tharu, Newari, Gurung and Magar languages.
Status: Discontinued
|
TUXEDO |
TUXEDO Computers - Linux Hardware in a tailor made suite Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
|
Star Labs |
Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.
|
|