| DistroWatch Weekly
|DistroWatch Weekly, Issue 321, 21 September 2009
Welcome to this year's 38th issue of DistroWatch Weekly! Computer security has been a hot topic of discussion on these pages in recent weeks. As a result, Caitlyn Martin has embarked upon writing a series of articles covering the basics of computer and Internet security, starting today with part one - user authentication. In the news section, the openSUSE user community launches an initiative to build an enterprise-level distribution with long-term security support, Mark Shuttleworth announces the code name for Ubuntu 10.04, Clement Lefebvre reveals some early information about the improvements in Linux Mint 8 "Helena", and OpenBSD delays the planned October release by a month over a CD manufacturing error. Finally, don't miss the New Distributions section which includes some interesting new additions to the waiting list, including a new Slackware-based desktop distribution called Salix OS. Happy reading!
Listen to the Podcast edition of this week's DistroWatch Weekly in OGG (40MB) and MP3 (38MB) formats
Join us at irc.freenode.net #distrowatch
|Feature Story (by Caitlyn Martin)
Linux Security Basics, Part 1: Authentication
There have been a number of discussions, some of them fairly heated, about system security in the comments section of DistroWatch Weekly (DWW) over the last couple of months. Some have even argued against what most would consider basic Linux security. As a result I received a number of requests to write an article covering Linux security basics, complete with references. There are, of course, entire books written on Linux security and as I began writing, it became clear that one article just wouldn't do the subject justice. Consider this week's feature to be a starting point for a small, intermittent series of articles about Linux security.
I have limited the scope of this article and any future DistroWatch features on security to what makes sense to the home or small office user or, in other words, environments with just a handful of systems and users. Most of what follows can be applied to BSD, OpenSolaris, or indeed any UNIX or UNIX-like operating system, though the file names, specific commands and syntax may be somewhat different. To keep things simple I'm going to stick with Linux systems.
Before I get into describing basic Linux authentication, the recent discussions made it abundantly clear that I need to first define what I mean by security. I also have to answer the most basic question which is why we need to bother with security at all. Some DWW readers claim to have all but ignored security without a single problem for many years. Those claims are undoubtedly true. That doesn't mean the potential for real problems isn't present. Kurt Seifried, in his Linux Administrator's Security Guide, writes: "You only need to make one mistake or leave one flaw available for an attacker to get in. This, of course, means that most sites will eventually be broken into." He adds: "All technical security measures will eventually fail or be vulnerable to an attacker. This is why you must have multiple layers of protection."
The book, Practical UNIX and Internet Security, gives a very simple, straightforward definition of security: "A computer is secure if you can depend on it and its software to behave as you expect." There are many more technical and detailed definitions out there but that one line really does sum it up. If someone makes uninvited use of your system(s) for their own purposes without your consent, that definition is no longer met. Uninvited use can be by a friend or family member who means no harm, a co-worker, or a stranger halfway around the world.
When I talk about security, one of the questions I am frequently asked is why anyone would want to target a home or small business system. Last week Linux Pro Magazine Online published a report describing some 100 poorly secured Linux servers in Russia used as part of a botnet to distribute malware to Windows systems. Keep in mind that many home desktop systems are more powerful than servers of just a few years ago. When you combine the horsepower in today's hardware with the persistent high speed broadband connections many of us now enjoy and you can see how almost any system can be an inviting target.
Accounts and passwords
The first and simplest line of defense is a password. In his book, Securing & Optimizing Linux: The Ultimate Solution, Gerhard Mourani writes: "Many people keep their valuable information and files on a computer, and the only thing preventing others from seeing it is the eight-character string called a password. An unbreakable password, contrary to popular belief, does not exist. Given time and resources all passwords can be guessed either by social engineering or brute force." Some Linux users go even farther, running distributions which have either no password or a well-known and published password on a privileged or root account. This is tantamount to putting out a welcome mat for anyone and everyone who wishes to access your system provided they have physical access. A vulnerability in a service which communicates across the Internet can effectively leave such a system open to literally anyone who is aware of both the flaw and the password. Kurt Seifried, writing about insecure defaults of all sorts, not just passwords, states: "This is one of the problems that have caused no end of security problems since day one."
Mourani lists four basic rules for a good password. Three of them do apply even to home and SOHO systems:
Every major Linux distribution has tools to enforce strong passwords and password aging. Many users don't use them because a long, non-trivial password which changes periodically is inconvenient. Security, by nature, is inconvenient. It is up to each of us to decide how much inconvenience is worth putting up with to have a secure system.
- They should be at least six characters in length, preferably eight characters, with at least one numeral and one special character.
- They must not be trivial; a trivial password is one that is easy to guess and is usually based on the user's name, family, occupation, or some other personal characteristic.
- They should have an aging period, requiring a new password to be chosen within a specific time frame.
The root account (a.k.a the superuser account) is the one account on each and every *nix system which generally has absolutely no restrictions placed on it. Root can do anything. For this reason it is generally recommended to not login and run as root unless it's absolutely necessary.
The first person not running as root protects you from is yourself. I did six weeks of work for a local bank prior to a merger. One of their professional system administrators, a man with years of experience, wrote a script to clean up old files on a server. For obvious reasons it had to run as root. He made a minor syntax error in the script which caused it to run from the root file system rather than one of the file systems where it was supposed to run. To make matters worse he ignored the proper change control procedures because he thought this was trivial maintenance. The script ran overnight and dutifully began removing large parts of the operating system that were older that the date set in his script, effectively wiping out a production server. The point of the story is that even seasoned professionals make mistakes, sometimes with disastrous consequences. If you're running as root you can easily, accidentally do damage to your system without warning. This is why some Linux distributions, e.g. Ubuntu, don't permit root logins by default.
It should go without saying that strong password rules should be applied to the root account first and foremost. If remote root access is permitted, either by design or because of a security vulnerability, a strong password may delay an intrusion long enough to be detected and prevented. There have also been a number of Internet applications, including web browsers, which have had vulnerabilities that effectively allow remote access as the user running the application. If that user is root these security flaws become far more dangerous. This is why some Linux applications have very tersely worded warnings about running them as root.
Every Linux distribution, even the most minimal, has tools to allow the temporary granting of root privileges to an ordinary user. The most common are su, short for "switch user", and sudo, short for "superuser do". The sudo command offers the ability to log what you are doing as root. It also provides the simplest means for doling out a subset of root privileges to someone who needs to do specific tasks which require root privileges but does not need full and absolute control of a system, making it ideal for small business networks. A detailed HOWTO covering both su and sudo will be coming to DWW soon.
Basic Linux authentication: how it works
On any modern Linux system there are three files that provide the most basic level of authentication for the local system:
Every user on the system has a unique user ID (UID), a number, associated with their username. (NOTE: It is possible to assign two usernames to a single UID, effectively creating a single account with two names which can be used to login.) Each user belongs to at least one group of users and each group has a unique group ID (GID) associated with the group name.
The /etc/passwd file is a plain text file. It can be edited with any text editor run as root. It contains seven fields for each user, separated by colons:
The default shell is particularly important for system accounts. Many system tools and some applications require their own user account to run properly. However, you wouldn't want someone to actually be able to login as that task. In this case a dummy shell, typically /bin/false, is used. If there is no valid shell the user can't login.
- the username
- a lowercase x (usually)
- the user ID (UID)
- the user's default group
- the user's full name and, optionally, additional plain text info about the user
- the user's home directory
- the user's default shell
In the dim and distant past the /etc/passwd file also contained the users' passwords in plain text. As networks grew it became clear that some sort of secure way of storing passwords that wasn't human readable was an absolute must and, as usual, it was a security incident that convinced someone of the need. In 1987 Julianne Haugh experienced a break-in and wrote the original Shadow Password Suite, which originally contained the login, passwd, and su commands. Shadow passwords have been included in Linux since 1992 and the suite has grown to 30 commands.
The basic concept of shadowing is easy to understand. I'll quote Seifried again: "For many years the solution has been quite simple and effective, simply hash the passwords, and store the hash, when a user needs to authenticate take the password they enter it, hash it, and if it matches then it was obviously the same password." Over time the computing power grew and it became easier to crack even hashed passwords so Linux and other UNIX systems moved to stronger encryption systems, most commonly MD5. In addition to the username and hashed password, /etc/shadow also contains password aging information.
Using chage to setup password aging
All the major Linux distributions have graphical tools which front end the Shadow Password Suite. However, if you're running a more minimal distribution or if you'd like to manage password aging from the command line on an existing account, the easiest way to do it is with the chage command. At its simplest you can set a period of time after which the password must be changed. For example, if I want to force a user (yes, even myself) to change their password every 90 days I can do it with the command:
chage -m 90 user
where "user" is replaced with the actual user name. It's a lot friendlier to also set a warning with the -W option. Let's say I wanted a 5-day warning before the password actually expires. The command would then be:
chage -m 90 -W 5 user
Any user can check when their password expires with the command:
chage -l user
Pluggable Authentication Modules (PAM)
PAM is something that mostly applies to larger networks but since it is enabled by default as part of the authentication process on many major Linux distributions, it deserves a mention here. On larger networks there are a number of systems (NIS, NIS+ and LDAP, for example) that are used to allow a user to use one account to log onto many systems. There are also more advanced security systems which allow passwords to be changed minute by minute. In many enterprise networks someone who needs access to secure systems is issued a key fob with a small LCD or LED screen which displays the password of the moment. What PAM does is allow administrators to set up rules for how each type of authentication is handled and allows multiple authentication methods to be used and managed in one place. An example of a rule may be one which allows a class of users to only login during certain hours.
OK, so what does this have to do with a home user? Well, if you're running Debian GNU/Linux, Red Hat/Fedora, SUSE Linux Enterprise or many of the distros based on one of those three then PAM is enabled by default on your system and it certainly is possible for you to use it to setup rules for given systems in even a small network. Slackware, on the other hand, doesn't include PAM at all though some Slackware derivatives, notably Zenwalk Linux, do. A slightly dated PAM manual from Red Hat can be found here.
One good use for PAM on home or small business networks is strong password enforcement. PAM includes a module which uses CrackLib to determine if a password is "strong enough". What "strong enough" means on your system(s) is entirely configurable. Some distributions, including Red Hat Enterprise Linux and its clones, including Oracle Enterprise Linux, CentOS and Scientific Linux, enable the pam-cracklib module by default.
In upcoming parts of this series we'll look at basic steps you can take to keep your server secure by limiting which services are running and access to services that need to run. We'll look at network ports, how to tell which are open and which are closed, and how to close ones which aren't needed. We'll look at Linux file system security, covering everything from permissions to encryption. We'll look at the firewall included in the Linux kernel and how to use it and, as promised, we'll cover how to dole out root privileges safely. Finally, we'll end with a primer on system logs and how to determine if you've had an unwanted visitor.
|Miscellaneous News (by Chris Smart)
openSUSE community ponders a CentOS-like enterprise distribution, Ubuntu announces code name for 10.04, Linux Mint hints at improvements in "Helena", OpenBSD delays release over CD manufacturing fault
Leading the news this week is a story about plans among the community to create a long-term supported variant of openSUSE, specifically with servers in mind. Recently Novell announced that it has shortened the support life of the distro further from two years down to just eighteen months. This might help to ease the workload for Novell employees but it means more work for the end users who will now need to upgrade more often. Commercial offerings from the company are, on the other hand, maintained and supported for five to seven years, but will small businesses switch from the free openSUSE to costly SLES with support contracts? Boyd Lynn Gerber doesn't necessary think so and suggested a number of options to combat this problem. Two such options would be to extend support for openSUSE products, in effect creating an openSUSE LTS edition, or a new fork entirely based off the SLES source code à la, openSLES. The latter idea would be similar to CentOS, which builds a new binary distro from the source code of Red Hat Enterprise Linux. Would such a distro be of interest to the wider community and would it hurt or hinder Novell?
Elsewhere in openSUSE land, TuxRadar has published an interview with the project's Program Manager, Andreas Jaegar. The team discusses the distro's new eight month release cycle and asks Jaegar what his favourite features are in the upcoming 11.2 release. A web interface for YaST is one such feature which might see an introduction shortly. He writes: "WebYAST is AJAXy. It's still in its infancy... We might use one or two of its modules in 11.2." TuxRadar also asked whether we might see Con Kolivas' new scheduler in openSUSE, to which Jaegar replied: "Instead of a subjective feeling that it's better, get some numbers to see. And if it's good, we have the openSUSE Build Service - anyone can take our kernel and apply a patch on top of it. But at the moment it's too experimental and unknown." He also discusses the move to KDE as the default desktop, remix versions of the distro thanks to SUSE Studio, working more closely with Red Hat to create more portable RPM files, and more.
* * * * *
It's time again to find out what release of Ubuntu +1 (version 10.04), will be called. According to this blog post by Lisa Hoover, Ubuntu founder Mark Shuttleworth made the announcement at the Atlanta Linux Fest, revealing that the code name of Ubuntu 10.04 will be "Lucid Lynx" (here is the video announcing the new name). The upcoming 9.10 release will be, of course, "Karmic Koala", which builds further on the distro's technology, especially in the cloud. The first version for 2010 will be a long-term support (LTS) release, which are generally less cutting-edge. It's good timing because what Ubuntu needs now is more polish. The One Hundred Paper Cuts project is doing a great job sorting out these small niggling issues, but to compete with Apple's OS X for consumer's money (one of Mark Shuttleworth's primary goals for the distro) still needs work. The release therefore, is aptly named, as it will hopefully indeed be lucid - easily understood and completely intelligible. If Canonical can get it right, it might be the final push companies need to ditch Windows and put Ubuntu on their mainstream consumer products.
* * * * *
The founder of Linux Mint, Clement Lefebvre, has posted an update on what he's been working on recently. He walks through some changes for the upcoming "Helena release", including the renaming of various Mint tools to more useful names, such as "Software Manager" over "mintInstall." He also cites improvements to the installation and removing of packages: "When an application is listed, mintInstall now queries APT to find out whether it's installed on the system and what versions are installed and/or available. This process is almost immediate and doesn't impact the responsiveness. This basically means that, looking at an application, you'll be able to see if it's already installed or not, you'll be able to see its version and you'll be able to install it but also to remove it from mintInstall." The refresh button is also being removed in order to ease the load on Linux Mint servers and some improvements to the interface are coming, including optimisation for the smaller screen size on netbooks.
* * * * *
Finally, it looks like the next release of OpenBSD will be delayed by one month. Theo de Raadt, the project's founder and lead developer, says that the reason for the delay is a problem with CD manufacturing at a third-party manufacturing facility: "They have had serious CD production problems. Because everything in CD manufacturing is so ridiculously outsourced, all I know is that the plant which was used this time (Q Media Services Corporation in Vancouver) has made about six faulty CD pressings in a row." Hopefully there will not be any further delays as the tree was frozen rather early and large numbers of OpenBSD fans have pre-ordered discs. It can be painful waiting for the new version of your favourite operating system to arrive, but no doubt it is better to receive belated media which work, rather than some which are timely but faulty!
|Released Last Week
François Dupoux has released SystemRescueCd 1.3.0, a Gentoo-based live CD designed for administering or repairing an operating system and data after a crash. What's new in version 1.3.0? "Updated the standard kernels to Linux kernel 2.6.31; updated FSArchiver to 0.5.9 (better NTFS support); updated NTFS-3G to version 2009.4.4 AR17 (NTFS-3G advanced release); updated e2fsprogs to 1.41.9 (ext2, ext3, ext4 file system tools); Linux kernel 2.6.31 and btrfs-progs 0.19 are using a new btrfs format; added gdisk 0.3.1 (gdisk is a GPT partition table manipulator); updated the Xfce desktop environment to version 4.6.1; updated Python to version 2.6.2; updated Mozilla Firefox to version 3.5.2." Read the complete changelog for further details.
Oracle Enterprise Linux 5 Update 4
Oracle has announced the release of Oracle Enterprise Linux 5 Update 4, an enterprise-level distribution based on Red Hat Enterprise Linux 5.4: "Oracle is pleased to announce the general availability of Enterprise Linux Release 5 Update 4 for x86 (32-bit) and x86_64 (64-bit) architectures. This update includes the following kernel/driver changes: bug fixes added by Oracle - check to see if hypervisor supports memory reservation change, add Entropy support to IGB, add Xen pv/bonding netconsole support, shrink zone patch, fix aacraid not to reset during kexec, fix failure of file creation from hpux client; fixes and additions from the upstream distribution provider - a new tunable parameter has been added to the kernel, allowing system administrators to change the maximum number of modified pages kupdate writes to disk...." Read the rest of the release announcement for a complete technical changelog.
Muayyad Al-Sadi has announced the release of Ojuba 3, a Fedora-based distribution with Islamic utilities and support for Arabic: "We are proud to announce the release of Ojuba 3. This release comes in two forms: a live DVD/USB and an installation DVD which can be used to upgrade from a previous release. The installation DVD contains packages and serves as a repository for offline installation of packages. It includes GNOME 2.26, KDE 4.3.1, Xfce 4.6.1, LXDE. Features: Ojuba control center, original artwork, Quran browser and Thwab library, many Arabic and Islamic books like Sunan and classical dictionaries, prayer time reminder, Monajat supplications, Hijri calendar, Sun JRE, multimedia support, mlterm with support for Arabic. This release is based on Fedora 11 and it includes fast boot, ext4 support, fingerprint login...." Here is the full release announcement with several screenshots.
Ojuba 3 - a Fedora-based distribution with complete support for Arabic
(full image size: 708kB, screen resolution 1280x800 pixels)
DragonFly BSD 2.4
Matthew Dillon has announced the release of DragonFly BSD 2.4, a general-purpose operating system originally forked from FreeBSD 4.x: "The DragonFly 2.4 release is here! Three release options are now available: a bare-bones CD image, a DVD image which includes a fully operational X environment, and a bare-bones bootable USB disk-key image. In addition we will for the first time be shipping a 64-bit ISO image. 64-bit support is stable but there will only be limited 'pkgsrc' support in this release. DragonFly BSD 2.4 is a bigger release than normal. The single most invasive change is the introduction of DEVFS. The /dev file system is now mounted by the kernel after it mounts the root file system. All major and minor numbers have changed and the old /dev is no longer meaningful." Read the detailed release announcement for a complete list of changes and upgrade notes.
Puppy Linux 4.3
Barry Kauler has announced the release of Puppy Linux 4.3: "Puppy Linux version 4.3 released. Highlights: Linux kernel 184.108.40.206 configured for SMP (multi-processor) systems, with support for the ext4 file system and patched for Aufs2; Internet by dial-up - the kernel has drivers for many modems, including Agere, ESS, Lucent, Conexant, SmartLink, PCTEL and Intel chipsets; Pstreamvid - a great GUI for playing Internet TV; JWM theme maker; Psync - synchronises the clock to an Internet time server; SQLiteManager - a front-end for SQLite and an add-on to SeaMonkey; Hiawatha - a very small and extremely secure web server to serve CUPS, PPLOG and QUISP pages; a screenshot utility based on mtPaint, but with a very basic GUI; Pmirrorget for downloading a complete web site...." Read the detailed release announcement for a complete list of changes and new features.
Puppy Linux 4.3 - a major update of the popular mini-distribution
(full image size: 680kB, screen resolution 1280x1024 pixels)
Parted Magic 4.5
Patrick Verner has released Parted Magic 4.5, a small Linux live CD designed primarily as a hard disk partitioning utility: "This new version of Parted Magic updates the graphical server X.Org, expands networking, improves RAM usage, and fixes some bugs. To combat some of the problems associated with the newer versions of X.Org and Intel chipsets, Parted Magic offers driver versions intel-2.4.1, intel-2.5.1, intel-2.6.3, intel-2.7.1 as boot options. There is a new PPPoE option added to the 'Start Network' program. RAM usage has been significantly reduced for the 'Default settings (Runs from RAM)' and 'Live with low RAM settings' boot options. The default option only requires 192 MB, from 256 MB in version 4.4, to completely run Parted Magic from RAM. The biggest gain was with the low RAM option because that now only requires 48 MB to run." Visit the project's home page to read the release announcement.
* * * * *
Development, unannounced and minor bug-fix releases
|Upcoming Releases and Announcements
Summary of expected upcoming releases
New distributions added to database
- eBox Platform. eBox Platform is a unified network server that offers easy and efficient computer network administration for small and medium-size businesses. It can act as a gateway, an infrastructure manager, a unified threat manager, an office server, a unified communication server or a combination of them. These functionalities are tightly integrated, automating most tasks, avoiding mistakes and saving time for system administrators. eBox Platform is released under the GNU General Public License (GPL) and runs on top of Ubuntu.
* * * * *
New distributions added to waiting list
* * * * *
DistroWatch database summary
* * * * *
And this concludes the latest issue of DistroWatch Weekly. The next instalment will be published on Monday, 28 September 2009.
Caitlyn Martin, Chris Smart and Ladislav Bodnar
If you've enjoyed this week's issue of DistroWatch Weekly, please consider sending us a tip.
(Tips this week: 0, value: US$0.00)
|Linux Foundation Training
|• Issue 777 (2018-08-20): YunoHost 220.127.116.11, limiting process resource usage, converting file systems on Fedora, Debian turns 25, Lubuntu migrating to Wayland|
|• Issue 776 (2018-08-13): NomadBSD 1.1, Maximum storage limits on Linux, openSUSE extends life for 42.3, updates to the Librem 5 phone interface|
|• Issue 775 (2018-08-06): Secure-K OS 18.5, Linux is about choice, Korora tests community spin, elementary OS hires developer, ReactOS boots on Btrfs|
|• Issue 774 (2018-07-30): Ubuntu MATE & Ubuntu Budgie 18.04, upgrading software from source, Lubuntu shifts focus, NetBSD changes support policy|
|• Issue 773 (2018-07-23): Peppermint OS 9, types of security used by different projects, Mint reacts to bugs in core packages, Slackware turns 25|
|• Issue 772 (2018-07-16): Hyperbola GNU/Linux-libre 0.2.4, UBports running desktop applications, OpenBSD auto-joins wi-fi networks, boot environments and zedenv|
|• Issue 771 (2018-07-09): Linux Lite 4.0, checking CPUs for bugs, configuring GRUB, Mint upgrade instructions, SUSE acquired by EQT|
|• Issue 770 (2018-07-02): Linux Mint 19, Solus polishes desktop experience, MintBox Mini 2, changes to Fedora's installer|
|• Issue 769 (2018-06-25): BunsenLabs Helium, counting Ubuntu users, UBports upgrading to 16.04, Fedora CoreOS, FreeBSD turns 25|
|• Issue 768 (2018-06-18): Devuan 2.0.0, using pkgsrc to manage software, the NOVA filesystem, OpenBSD handles successful cron output|
|• Issue 767 (2018-06-11): Android-x86 7.1-r1, transferring files over OpenSSH with pipes, LFS with Debian package management, Haiku ports LibreOffice|
|• Issue 766 (2018-06-04): openSUSE 15, overview of file system links, Manjaro updates Pamac, ReactOS builds itself, Bodhi closes forums|
|• Issue 765 (2018-05-28): Pop!_OS 18.04, gathering system information, Haiku unifying ARM builds, Solus resumes control of Budgie|
|• Issue 764 (2018-05-21): DragonFly BSD 5.2.0, Tails works on persistent packages, Ubuntu plans new features, finding services affected by an update|
|• Issue 763 (2018-05-14): Fedora 28, Debian compatibility coming to Chrome OS, malware found in some Snaps, Debian's many flavours|
|• Issue 762 (2018-05-07): TrueOS 18.03, live upgrading Raspbian, Mint plans future releases, HardenedBSD to switch back to OpenSSL|
|• Issue 761 (2018-04-30): Ubuntu 18.04, accessing ZFS snapshots, UBports to run on Librem 5 phones, Slackware makes PulseAudio optional|
|• Issue 760 (2018-04-23): Chakra 2017.10, using systemd to hide files, Netrunner's ARM edition, Debian 10 roadmap, Microsoft develops Linux-based OS|
|• Issue 759 (2018-04-16): Neptune 5.0, building containers with Red Hat, antiX introduces Sid edition, fixing filenames on the command line|
|• Issue 758 (2018-04-09): Sortix 1.0, openSUSE's Transactional Updates, Fedora phasing out Python 2, locating portable packages|
|• Issue 757 (2018-04-02): Gatter Linux 0.8, the UNIX and Linux System Administration Handbook, Red Hat turns 25, super long term support kernels|
|• Issue 756 (2018-03-26): NuTyX 10.0, Neptune supplies Debian users with Plasma 5.12, SolydXK on a Raspberry Pi, SysV init development|
|• Issue 755 (2018-03-19): Learning with ArchMerge and Linux Academy, Librem 5 runs Plasma Mobile, Cinnamon gets performance boost|
|• Issue 754 (2018-03-12): Reviewing Sabayon and Antergos, the growing Linux kernel, BSDs getting CPU bug fixes, Manjaro builds for ARM devices|
|• Issue 753 (2018-03-05): Enso OS 0.2, KDE Plasma 5.12 features, MX Linux prepares new features, interview with MidnightBSD's founder|
|• Issue 752 (2018-02-26): OviOS 2.31, performing off-line upgrades, elementary OS's new installer, UBports gets test devices, Redcore team improves security|
|• Issue 751 (2018-02-19): DietPi 6.1, testing KDE's Plasma Mobile, Nitrux packages AppImage in default install, Solus experiments with Wayland|
|• Issue 750 (2018-02-12): Solus 3, getting Deb packages upstream to Debian, NetBSD security update, elementary OS explores AppCentre changes|
|• Issue 749 (2018-02-05): Freespire 3 and Linspire 7.0, misunderstandings about Wayland, Xorg and Mir, Korora slows release schedule, Red Hat purchases CoreOS|
|• Issue 748 (2018-01-29): siduction 2018.1.0, SolydXK 32-bit editions, building an Ubuntu robot, desktop-friendly Debian options|
|• Issue 747 (2018-01-22): Ubuntu MATE 17.10, recovering open files, creating a new distribution, KDE focusing on Wayland features|
|• Issue 746 (2018-01-15): deepin 15.5, openSUSE's YaST improvements, new Ubuntu 17.10 media, details on Spectre and Meltdown bugs|
|• Issue 745 (2018-01-08): GhostBSD 11.1, Linspire and Freespire return, wide-spread CPU bugs patched, adding AppImage launchers to the application menu|
|• Issue 744 (2018-01-01): MX Linux 17, Ubuntu pulls media over BIOS bug, PureOS gets endorsed by the FSF, openSUSE plays with kernel boot splash screens|
|• Issue 743 (2017-12-18): Daphile 17.09, tools for rescuing files, Fedora Modular Server delayed, Sparky adds ARM support, Slax to better support wireless networking|
|• Issue 742 (2017-12-11): heads 0.3.1, improvements coming to Tails, Void tutorials, Ubuntu phasing out Python 2, manipulating images from the command line|
|• Issue 741 (2017-12-04): Pop!_OS 17.10, openSUSE Tumbleweed snapshots, installing Q4OS on a Windows partition, using the at command|
|• Issue 740 (2017-11-27): Artix Linux, Unity spin of Ubuntu, Nitrux swaps Snaps for AppImage, getting better battery life on Linux|
|• Issue 739 (2017-11-20): Fedora 27, cross-distro software ports, Ubuntu on Samsung phones, Red Hat supports ARM, Parabola continues 32-bit support|
|• Issue 738 (2017-11-13): SparkyLinux 5.1, rumours about spyware, Slax considers init software, Arch drops 32-bit packages, overview of LineageOS|
|• Issue 737 (2017-11-06): BeeFree OS 18.1.2, quick tips to fix common problems, Slax returning, Solus plans MATE and software management improvements|
|• Issue 736 (2017-10-30): Ubuntu 17.10, "what if" security questions, Linux Mint to support Flatpak, NetBSD kernel memory protection|
|• Issue 735 (2017-10-23): ArchLabs Minimo, building software with Ravenports, WPA security patch, Parabola creates OpenRC spin|
|• Issue 734 (2017-10-16): Star 1.0.1, running the Linux-libre kernel, Ubuntu MATE experiments with snaps, Debian releases new install media, Purism reaches funding goal|
|• Issue 733 (2017-10-09): KaOS 2017.09, 32-bit prematurely obsoleted, Qubes security features, IPFire updates Apache|
|• Issue 732 (2017-10-02): ClonOS, reducing Snap package size, Ubuntu dropping 32-bit Desktop, partitioning disks for ZFS|
|• Issue 731 (2017-09-25): BackSlash Linux Olaf, W3C adding DRM to web standards, Wayland support arrives in Mir, Debian experimenting with AppArmor|
|• Issue 730 (2017-09-18): Mageia 6, running a completely free OS, HAMMER2 file system in DragonFly BSD's installer, Manjaro to ship pre-installed on laptops|
|• Issue 729 (2017-09-11): Parabola GNU/Linux-libre, running Plex Media Server on a Raspberry Pi, Tails feature roadmap, a cross-platform ports build system|
|• Issue 728 (2017-09-04): Nitrux 1.0.2, SUSE creates new community repository, remote desktop tools for GNOME on Wayland, using Void source packages|
|• Issue 727 (2017-08-28): Cucumber Linux 1.0, using Flatpak vs Snap, GNOME previews Settings panel, SUSE reaffirms commitment to Btrfs|
|• Issue 726 (2017-08-21): Redcore Linux 1706, Solus adds Snap support, KaOS getting hardened kernel, rolling releases and BSD|
|• Full list of all issues|
|Random Distribution |
Kubuntu is a free, user-friendly Linux distribution based on KDE's desktop software and on the Ubuntu operating system. It has a biannual release cycle. Besides providing an up-to-date version of the KDE desktop at the time of the release, the project also releases updated KDE packages throughout the lifetime of each release.