DistroWatch Weekly |
Tip Jar |
If you've enjoyed this week's issue of DistroWatch Weekly, please consider sending us a tip. (Tips this week: 0, value: US$0.00) |
|
|
|
 bc1qxes3k2wq3uqzr074tkwwjmwfe63z70gwzfu4lx  lnurl1dp68gurn8ghj7ampd3kx2ar0veekzar0wd5xjtnrdakj7tnhv4kxctttdehhwm30d3h82unvwqhhxarpw3jkc7tzw4ex6cfexyfua2nr  86fA3qPTeQtNb2k1vLwEQaAp3XxkvvvXt69gSG5LGunXXikK9koPWZaRQgfFPBPWhMgXjPjccy9LA9xRFchPWQAnPvxh5Le paypal.me/distrowatchweekly • patreon.com/distrowatch |
|
Extended Lifecycle Support by TuxCare |
|
Reader Comments • Jump to last comment |
1 • No subject (by forest on 2009-09-21 08:03:52 GMT from United Kingdom)
Probably one of many but thanks very, very much, CM, for the starter article on security...no doubt I will have to re-read a few times before it sinks in tho'. And thanks also for the pointers to the books.
2 • Single Sign On authentication with Windows (by Folle on 2009-09-21 08:31:05 GMT from Philippines)
One thing I'd love to see tackled (and created as a distribution?) is Single Sign On, perhaps based on OpenLDAP, and where the entire distribution bases its authentication against it. Something that's easy to setup and that could maybe be integrated with Windows as well (using pGina).
Single Sign On is one of the pleasures of Active Directory, and one I'd love to see replaced by a Linux solution.
3 • No subject (by Felix Pleşoianu on 2009-09-21 08:38:06 GMT from Romania)
Always nice to read something different on Distrowatch Weekly. Good issue! Can't wait to read more articles on security.
4 • Linux Security Basics (by AU on 2009-09-21 08:46:47 GMT from Germany)
Good to see an article about basic security. Security is important.
Unfortunatly this article is not very accurate. I would not trust the information in it, but only use it as a starting point for further reading.
Some examples:
"A computer is secure if you can depend on it and its software to behave as you expect." That definition is ridiculous. A rootkit or keylogger do not make a computer or its software behave any different than expected. "If someone makes uninvited use of your system(s) for their own purposes without your consent, that definition is no longer met." This makes no sense at all.
"The most common are su, short for superuser," As far as I know su is short for 'substitute user ID', not 'superuser'. Su can be used to change to other users than root.
"In the dim and distant past the /etc/passwd file also contained the users' passwords in plain text. [...] Shadow passwords have been included in Linux since 1992 and the suite has grown to 30 commands." I don't know if this is true, but there were password hashes in /etc/passwd before they were moved to /etc/shadow. Maybe you should distinguish between the two concepts (using hashes and restricting access to the passwords/hashes).
"Over time the computing power grew and it became easier to crack even hashed passwords so Linux and other UNIX systems moved to stronger encryption systems, most commonly MD5." MD5 is not an encryption system. It is a cryptographic hash function.
Anyway, I am looking forward to the next security acticle.
5 • ChromeOS (by afonic on 2009-09-21 09:01:41 GMT from Greece)
I think it should be noted that Chrome OS mentioned in DWW has nothing to do with the upcoming Google's operating system and violates Google's copyrights pretty badly.
6 • No subject (by forest on 2009-09-21 09:23:35 GMT from United Kingdom)
Ref #4
...I'm confused already...LOL. Ok AU, perhaps YOU might care to shed some light on security issues...what text books would YOU suggest? This is not a dig btw, I find there are so many tomes on Linux it's tricky to know which is worth buying/reading.
[Thinking aloud...I sincerely hope we are not going to get a he said/she said argument going...]
7 • Re #2: Single Sign On (by vincent on 2009-09-21 09:26:46 GMT from Belgium)
Agree fullheartedly. It is rather difficult to setup, not because of the lack of documentation, but because of the level of expertise one has to have before it can be set up and then you still have to configure it... If a distribution would focus on SSO, than I think it would be interesting for home networks also, and not only for corporate networks.
8 • Security (by AU on 2009-09-21 10:18:31 GMT from Germany)
@forest (#6): Oh, I am not a security expert. I did not read the linked books and guides, so I don't know if they are good or bad.
You do not really need to read a book, you need to know how certain things work. You can read the man pages and/or google for information if you encounter some mechanism you do not understand. The more you know about the system, the better you can judge its security.
For now you need to understand that Linux uses a system with 'users' and 'groups'. Access to files and processes is based on this. A list of users on the system is in the file /etc/passwd, a list of groups is in /etc/group and the passwords (hash values) are in /etc/shadow, which is only accessible to the root user.
If you are interested you can read about hashes here: http://en.wikipedia.org/wiki/Cryptographic_hash_function
9 • enforced password aging (by phoenix00 on 2009-09-21 10:29:06 GMT from Canada)
If you're in a multiuser environment it's usually not a good idea to make your users change passwords regularly -- they usually change it to something really "dumb" and guessable, usually out of frustration!
Best policy to follow (I know, it's hard....) is to set stringent password rules (as noted in the article), then force your users to remember it.
Been a DWW reader for a looong time. Keep up the good work!
10 • @ #4 (by Travis B. on 2009-09-21 10:35:59 GMT from United States)
#4, I thought the exact same thing (well, I just thought 'switch user', but semantics, semantics!), and went on investigating the answer. Wikipedia, giving me the disambiguation page of 'Su,' provided me with "superuser," however Su_(unix) provides substitute/switch user. I continued onto the coreutils documentation, and they list no definition for su. I guess it's up to interpretation, like the /etc directory.
@ #6 You can't be more true. I never know what is worth buying. So far I've made pretty good judgments, but I spend a few hours in a Barnes N' Nobles to be able to choose which is the best for a specific topic I'm looking for. Recommendations would be much easier. It's just too hard to tell what's going to be a good enough book for *NIX-y stuff.
11 • Thanks! (by Travis B on 2009-09-21 10:37:44 GMT from United States)
Sorry to post twice, meant to say in the first one-- thanks for a really good article! Security is always an interesting topic, albeit being important.
Great articles, I always love what you come up with each week-- it makes Mondays just a little easier to survive.
12 • No subject (by forest on 2009-09-21 11:24:46 GMT from United Kingdom)
Ref #8
Thanks for the heads up ref "hashes". I find the more you "think" you know the more you find there is rather more to learn...(in any walk of life/hobby, LOL).
Ref #10
Well, CM did a sort of micro bibliography (thanks). I have a couple of Keir Thomas's books but even tho' he is not a bad author in the least I find there is a huge amount of cross referencing to do and I find it so/too easy to get engrossed/sidetracked in some bit of arcania which had nothing to do with one's original research (blush).
Continuing with the latest Puppy offering from last week...having tried it out on my faster m/c, 3GHz, 2GB ram, performance was more than adequate, and apropos nothing at all, commercial DVDs just worked...however, I elected NOT to get online, just in case...
13 • openSLES (by AU on 2009-09-21 11:37:10 GMT from Germany)
Great to see that some people are trying to create a free SUSE enterprise OS. I really hope it will be a CentOS-equivalent for SUSE Linux Enterprise (openSLE). It certainly looks like a better idea than openSUSE LTS: less work and more stability and trust.
@Travis B (#10): Interesting. Maybe we need a historian to find out. :)
Well, after searching a bit I found that su was originally supposed to mean super-user: http://roesler-ac.de/wolfram/acro/credits.htm#2 The next question is if it was 'officially' redefined when the new functions were added.
14 • On the use of sudo for the first user (by Mandriveiro on 2009-09-21 11:50:29 GMT from Spain)
Many distros use sudo instead of setting up a password for the root account.
I agree that the even the most experienced professionals make mistakes, but the very same mistake will be done by using a root account or by granting superuser powers via sudo. Sorry, but your example to justify Ubuntu's policy is not convincing.
In my humble opinion, it is a security problem to let the first user use the command sudo to let the user grant superuser powers with the user's password, instead of using a different password (i.e. root password). For somebody at home, it won't be that dangerous, but for a server, that's another ball game!
15 • No subject (by BSD User at 2009-09-21 11:51:29 GMT from United States)
http://nmap.org/
Very helpful site IMO.
16 • RE: 14 - Right string, wrong yo-yo. (by Eddie Wilson on 2009-09-21 12:01:00 GMT from United States)
I believe that the article was focusing on home use or very small business use so there will be no problem with sudo. If a person is worried, it can be changed. I have used distros that use su and sudo. I prefer sudo. That's just my opinion tho. :)
17 • forgot (by BSD User on 2009-09-21 12:07:34 GMT from United States)
I forgot for one link:
http://onlamp.com/
18 • Re: #9 passwords (by Andy Axnot on 2009-09-21 12:48:07 GMT from United States)
The idea of passwords is a great one, but who can remember/manage them all? I have dozens of password protected accounts at home and at work. It's just too much for most people when they have to change the passwords on a regular basis.
One place I worked recently (not IT) nine out of ten computers had Post-It notes with the user's password stuck on the monitor. And we all fairly quickly figured out just how much "change" to the password was needed at the required time limit for the password. And, to human eyes, this month's password looked a lot like last month's.
Andy
19 • Security (by Jesse on 2009-09-21 12:57:08 GMT from Anonymous Proxy)
With hot topics like security, there will always be differing points of opinion and nitpicking. The little things like the exact meaning of "su" or the difference between an encrypted password and a hash, don't really mean anything to most end users. I thought the article was well done and offers some good, solid tips.
I'd like to add three things. 1. If a person have physical access to the machine, they can do just about anything. If you don't trust people who can physically touch your PC, I recommend looking at disk encryption and off-site backups.
2. Long passwords can be a pain. Some places use pass phrases to make this easier. A pass phrase is really just a long password. Something like "ILove2ResetMyPassword!" It's long, complex and easy to remember.
3. Services such as OpenSSH tend to be allow remote root login. This should be disabled. On most distros, this can be done by editting /etc/ssh/sshd_config and changing PermitRootLogin from "yes" to "no".
20 • Security definition and su (by AU on 2009-09-21 13:12:39 GMT from Germany)
Since I did not like the definition for security, maybe I should give an alternative: I would define computer security as 'making sure that an attacker cannot access stuff he is not allowed to access (think stealing information/data, using resources etc.) and making sure that an attacker cannot break what he is not allowed to break (think deleting data, DOS attack)'.
@Travis B (#10): Looks like you were right after all! The source file http://svn.debian.org/viewsvn/pkg-shadow/upstream/tags/4.1.4.2/src/su.c?revision=3046&view=markup contains the following comment:
/* * su - switch user id * * su changes the user's ids to the values for the specified user. if * no new user name is specified, "root" or UID 0 is used by default. * * Any additional arguments are passed to the user's shell. In * particular, the argument "-c" will cause the next argument to be * interpreted as a command by the common shell programs. */
So nowadays su means 'switch user id', at least for the su in the Shadow Password Suite that Caitlyn mentioned.
21 • A minor issue in Security Basics (by RealSlacker (C) on 2009-09-21 13:24:22 GMT from Russian Federation)
The article reads: " Any user can check when their password expires with the command:
chage -l "
This seems to be slightly wrong: according to `man chage', `chage' _always_ needs `user'. Thus, a proper way of running this command would be `chage -l user'. Note an ordinary user will only get a meaningful answer in case `chage' is set suid root.
22 • The reason I have not used BSD (by Eternally Noobish on 2009-09-21 13:59:56 GMT from United States)
Every time I've tried to install a BSD based distro it always requests the other disk to install the rest of the system. I then look for this mysterious disk but it doesn't seem to be available. What caused them to use a devil as a mascot anyway?
23 • Re:22 (by BSD User on 2009-09-21 14:15:37 GMT from United States)
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/
Maybe the above link will help you.
24 • Passwords (by Albert Hall on 2009-09-21 14:22:35 GMT from United States)
With the technology out now passwords will soon be a thing of the past. Biometrics has advanced to the point where fingerprint scanners are quickly becoming the norm. The password system has never been a good system. The reason for this is that the only people who care about making complex passwords and changing them on a timely basis are sys admins and half (or more) of them don't do it.
25 • Security (by Supernatendo on 2009-09-21 14:57:42 GMT from United States)
This is exactly why I switched from running puppy on my 233MHz AMD K6 with 98MB RAM and a 3GB HDD to running VectorLinux.
I mean come on! Puppy and other small distros have no excuse to be running as root IMO. This isn't win98 people, very rarely will you actually NEED root access...
26 • Security (by AU on 2009-09-21 14:58:06 GMT from Germany)
@Jesse (#19): "With hot topics like security, there will always be differing points of opinion and nitpicking. The little things like the exact meaning of "su" or the difference between an encrypted password and a hash, don't really mean anything to most end users."
If users do not care about it then the article should not mention it. If the author decides to mention it then the author should make sure the information is accurate. As it stands Caitlyn is providing misinformation.
By the way, I consider the difference between encryption and hashing quite important.
Maybe you are trying to be polite. I prefer to be honest. The article is vague, confusing and although it is limited in scope it contains a number of inaccuracies. Not a good guide to security. However, security is a good topic and the article serves its purpose as a starting point for some discussion.
@Albert Hall (#24): Fingerprints have their own problems. People tend to leave behind their fingerprints everywhere they go. This makes it possible for an attacker to use a forged fingerprint.
27 • @4 (by Patrick on 2009-09-21 15:30:13 GMT from United States)
""" "A computer is secure if you can depend on it and its software to behave as you expect." That definition is ridiculous. A rootkit or keylogger do not make a computer or its software behave any different than expected. """
They don't? I sure don't expect my computer to be logging my key presses and send them to someone, or allow an unknown person to be able to log in to my computer. Do you?
28 • Re #4: A refutation (by Pearson on 2009-09-21 15:45:13 GMT from United States)
AU,
You claim that Ms. Martin's article is "not very accurate." And you point out inaccuracies that really have nothing to do with the intent of the article. A few minor, tangential, "inaccuracies" is not enough to title the article "not very accurate." You do her a disservice.
The definition of security that Ms. Martin uses, quoted from a technical publication, serves as a reasonable layman's definition. I don't believe she intended it to be precise, based on her mention of many more technical and detailed definitions. It becomes especially reasonable after her elaboration of "uninvited users".
Her definition of 'su' may be inaccurate (sources apparently differ), but that is really tangential to the article. To me, it's not different than mis-typing someone's name.
"Cryptographic hash system" vs. "Encryption": to me, the therms are highly related. I'm sure that there's a difference, but again, to the layman that difference is not relevant. As far as I am concerned, the "cryptographic hash" serves as a way to identify a password securely which sounds a lot like "encryption."
I won't argue the accuracy of the issues which you point out - I don't know enough to do so. I will argue against your statement that those inaccuracies make the article "not vary accurate."
Pardon me if I come across too strong, but I get upset when I see an article picked to pieces, in a non-constructive manner, over relatively minor issues.
29 • No misinformation in the article (by Caitlyn Martin on 2009-09-21 15:53:48 GMT from United States)
AU: There is no misinformation in the article. In some cases you disagree and I can accept that. However, I can provide sources to back up everything you claim is wrong.
The security definition came from one of the classic UNIX security books: Practical UNIX and Internet Security, Second Edition. By Simson Garfinkel, Gene Spafford. Publisher: O'Reilly Media, 1996. The expertise of the authors is not in question. As I noted in the article I could have provided a more detailed technical description but I believe this covers it. In the examples you give, for example a rootkit, your system is no longer providing the controls you expect and has handed control off to someone else. It's hardly behaving as expected as you contend at that point. Just because it isn't necessarily obvious to the user that the system has been compromised doesn't mean that the definition is invalid. FWIW, Kurt Seifried lists that definition second among the list of many definitions he uses.
Your second item in dispute is also incorrect. The original implementation of passwd in the 1970s was in plain text. You are correct that hashed passwords in /etc/passwd was an interim step. I could have given a more detailed history but to claim that my information in incorrect is simply false. I also felt that going on endlessly about the evolution which led to shadowing was not the best use of column space. However, you are correct that the point of the /etc/shadow file (or /etc/master.password file on a BSD system) is to place hashes in a non-world readable file.
As noted by others I can find different definitions of su (what it's called) in different sources but not different definitions of what it does. You are spillting hairs here.
The only point you make that has any validity at all is the fact that I could have and probably should have been more precise in my description of MD5. It is a stronger cryptogtaphic hash than what was previously used. Having said that, hashing is, in itself, a form of encryption. However, you are correct that it is not an encryption system in and of itself.
I agree with the characterization of your arguments as semantics. If you claim I am providing misinformation you are being neither polite nor honest.
30 • Correction (by Kenji on 2009-09-21 16:00:03 GMT from United States)
"The most common are su, short for superuser, and sudo, short for superuser do."
the 'su' command is short for 'switch user' or 'substitute user'.
'su' by itself defaults to root but you can switch users with 'su user_name'.
31 • #9, 19: Password aging, pyhsical access, remote root logins (by Caitlyn Martin on 2009-09-21 16:11:07 GMT from United States)
#9: @phoenix00: Password aging is universally considered to be best practice among security professionals. Forcing someone to change their password every 90 or 180 days does not mean people will choose "dumb" passwords. If you use CrackLib, generally implemented through PAM, as I describe in the article the system effectively prevents "dumb" passwords. Typical rules include no dictionary words, no proper common names, no reusing of recent passwords, minimum of 6 characters, must use a number and/or a special character.
FWIW, I expire passwords at 120 days on my own systems which means I am now on my third set of passwords this year. All are strong passwords, 8-10 characters long. It takes me maybe a day to memorize them.
As I said in the article security is never convenient. It is, however, necessary.
#19: @Jesse: There are steps you can take to make things difficult for someone even if they have physical access like encrypted and password protected file systems, password protecting the BIOS, password protected the boot manager. However, ultimately, you are correct that if someone can get at your system physically they can, sooner or later, do whatever they want. The main concern of the article and of future articles is security across a network. It doesn't matter if the network is a LAN, a WAN, wired, wireless, or the internet. There are steps you can take which help with all of the above.
Most distributions enable remote root logins via SSH by default. A future article will cover using SSH, including scp and sftp, in place of insecure communications protocols like telnet, ftp, and the old Berkeley r-tools. Including a basic primer on SSH configuration was already something I had in mind.
32 • #21: chage -l user (by Caitlyn Maritn on 2009-09-21 16:15:59 GMT from United States)
#21: @RealSlacker, you have found a real error in my article, one I should have caught while proofreading. Hopefully Ladislav will read this and correct the article.
Yes, indeed, the correct syntax for checking your password aging is:
chage -l user
where you substitute your actual user name for "user". Thanks for the correction.
33 • Physical access (by Jesse on 2009-09-21 16:29:15 GMT from Canada)
@31 Caitlyn: I think you and I are in agreement about things like password protecting the boot loader and BIOS, along with disk encryption, if physical access is a concern. If you have time, perhaps you could do a feature on locking down a PC to prevent a local take-over. A lot of people worry about their kids/parents/lovers getting into private documents and a quick tutorial on the subject would be helpful.
There's a good example in today's article about the danger of using the root account, even in the hands of an expert. A year or two back, I was cleaning out some old back-up files to free disk space. I was logged in as root and was in a folder named, I think, /mnt/backup/july/ I was going to remove this old backup of the home folder and mistakenly typed rm -rf /home When I should have typed rm -rf home (notice the lack fo leading slash character)
I spent the rest of the week fixing things, apologizing to people, putting together files from recent backups and generally feeling like an idiot.
34 • Security yet again (by Xtyn on 2009-09-21 16:32:43 GMT from Romania)
Incredible article, it was so entertaining, I can hardly wait until the next one... (not) Leaving the joke aside, in a world where desktops are dominated by windblows and most people are using it with administrator rights, I think you're making too much fuss about this.
What did Linus Torvalds say about security obsessed people? Oh, yeah, that they are "a bunch of masturbating monkeys".
Have a nice week. I'm still waiting to get hacked.
35 • Ref#5 Chrome OS vs Google OS (by VernDog on 2009-09-21 16:45:43 GMT from United States)
"I think it should be noted that Chrome OS mentioned in DWW has nothing to do with the upcoming Google's operating system and violates Google's copyrights pretty badly." Wow. I didn't realize that. Now that you mentioned it I will go back and re-check that web page. Thinks for the heads up. I am eagerly waiting Google's new OS.
36 • Article (by AU on 2009-09-21 17:04:22 GMT from Germany)
@Patrick (#27): Stretching words like that makes defining stuff completely useless. You can just as well write "a secure system is a system which is secure". I consider the definition bad, but I agree that this is just an opinion.
@Pearson (#28): The article covers very little:
1. Passwords 2. user/group/shadow 3. PAM
The presentation is not very structured in my opinion, and the presentation does not provide much detail. You really have to ask how useful the information is to a Linux user. On top of it it contains inaccuracies. You can call them tangential, but it is misinformation. It shows that the author did not check the facts really well.
"Pardon me if I come across too strong, but I get upset when I see an article picked to pieces, in a non-constructive manner," I point out how I see it. If you can't handle that then that is your problem.
37 • RE: 34 - Too Late! (by Eddie Wilson on 2009-09-21 17:05:17 GMT from United States)
"I'm still waiting to get hacked."
Too late. It sounds like your brain has already been affected. Really all jokes aside, I doubt if you have anything anybody would want. Stop acting like a spoiled little kid. It seems to just tear you all to pieces when someone mentions security. It sound like you're the obsessed one.
PS. Want a banana?
38 • Response (by AU on 2009-09-21 17:08:58 GMT from Germany)
@Caitlyn Martin (#29): You attack all four points I raised. I will respond.
--
"The security definition came from one of the classic UNIX security books: [...] The expertise of the authors is not in question." I don't care who came up with that definition ( http://en.wikipedia.org/wiki/Appeal_to_authority ), I consider the definition bad. Let's call it a difference of opinion. However, you write this: "If someone makes uninvited use of your system(s) for their own purposes without your consent, that definition is no longer met." If someone walks to the keyboard when I am not paying attention and starts to use the computer, then I can still 'depend on [the computer] and its software to behave as you expect'. It is absolutely ridiculous to claim that the definition is no longer met in this case.
--
"Your second item in dispute is also incorrect." You did not understand my 'second item in dispute' (you mean third). I did not claim that plain text passwords were never in /etc/passwd. My problem was that you mixed using hashes with moving the passwords/hashes to the /etc/shadow file. See this quote:
"The basic concept of shadowing is easy to understand. I'll quote Seifried again: "For many years the solution has been quite simple and effective, simply hash the passwords, and store the hash, when a user needs to authenticate take the password they enter it, hash it, and if it matches then it was obviously the same password."" I have a feeling that this (using hashes) is not called 'shadowing' as you claim.
--
"As noted by others I can find different definitions of su (what it's called) in different sources but not different definitions of what it does. You are spillting hairs here." I agree that this was not very important. However, I have spent some time on it now and I think comment 20 is pretty convincing: nowadays su means 'switch user id'.
--
"The only point you make that has any validity at all is the fact that I could have and probably should have been more precise in my description of MD5. It is a stronger cryptogtaphic hash than what was previously used. Having said that, hashing is, in itself, a form of encryption. However, you are correct that it is not an encryption system in and of itself." I disagree. Hashing is NOT a form of encryption.
From wikipedia: "In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (in cryptography, referred to as ciphertext). In many contexts, the word encryption also implicitly refers to the reverse process, decryption (e.g. “software for encryption” can typically also perform decryption), to make the encrypted information readable again (i.e. to make it unencrypted)." Hashing does not create a ciphertext and there is no way back to plaintext. There is no decryption.
To make it even clearer: with hashing information is lost, with encryption no information is lost.
--
You make this into some kind of battle. That was not my intention when I wrote my first comment. I was simply trying to warn readers that the article is not very accurate. I still think that is true.
39 • RE: Point them out. (by Eddie Wilson on 2009-09-21 17:10:44 GMT from United States)
@au, If there are inaccuracies then point them out. Not with your opinion because that means nothing. Point it out with facts. I would like to know if what you say is true.
40 • Re #36 @AU (by Pearson on 2009-09-21 17:34:06 GMT from United States)
I respectfully disagree with you opinion that the article covered very little - it covered three important topics and serves as an introduction for more articles.
Ms. Martin included a *lot* of good information - including how to use su and sudo, why password aging is important, a brief history of passwords, an overview of users/groups/passwords, and much more. You pointed out a few "inaccuracies" - and some of those are questionable - to label the article "not very accurate." Will you decide that the entire book she cited for her definition is "not very accurate" because of that one quote? How many inaccuracies are allowed for an article to be considered "accurate"?
Please, be *constructive* when you point out what you believe to be inaccuracies. It's called respect. We can use a lot more of that - here on DWW, the internet in general, and societies in general.
41 • ChromeOS is fake (by crash9 on 2009-09-21 17:40:24 GMT from United States)
This was already pointed out. But, it should be noted that the above link to ChromeOS is a google sites address, as opposed to an official Google address, with a SuseStudio build containing Chrome and Openoffice.org on an OpenSuse base. The virtual machine they offer does not conatain the new windowing system Google spoke of or any of the many Google tools that I'm sure will be on a Google OS project.
42 • Stupid Haxors Got Too Much Time (by CRAP on 2009-09-21 17:41:24 GMT from Philippines)
It's always nice to see some new distro posted here on distrowatch and predict how long it will take those haxors to realize that they've got too much time on their hands.
Yeah I like to put cowsay and fortunes in a terminal so I'll make a new distro oh and yeah I'll change the brown to green and put some codecs on it because ubuntu didn't have those. And finally I'll convince users its more stable than Ubuntu ... DUH!
Ever wonder why we have 1,000,001 distros?Geez.
43 • Props to Caitlyn Maritn (by Gnobuddy on 2009-09-21 18:01:28 GMT from United States)
Just wanted to tell Ms. Maritin thanks for a good article, and thanks for your balanced and mature response to the twit who tried to start a "mine's bigger than yours" shoving match with you. We see so much knee-jerk reactivity that it is a pleasure to see someone stay on an even keel in such a situation.
-Gnobuddy
44 • More responses (by AU on 2009-09-21 18:01:35 GMT from Germany)
@Eddie Wilson (#39): Eddie Wilson, did you read comment 38 and comment 13 and comment 20? I back up my claims. I try to provide sources. How far do I need to delve into all of this? I don't get paid for my comments.
@Pearson (#40): "it covered three important topics and serves as an introduction for more articles." I agree with that and I pointed that out in earlier comments.
"Will you decide that the entire book she cited for her definition is "not very accurate" because of that one quote?" No. I have no opinion on the book.
"How many inaccuracies are allowed for an article to be considered "accurate"?" When there is information in an article that I consider wrong, I begin to doubt all information in it. I think that is natural. In other words, if the inaccuracies are presented as truths and not preceded with 'I think' or 'I believe', then very, very few inaccuracies are enough to make me suspicious.
"Please, be *constructive* when you point out what you believe to be inaccuracies. It's called respect. We can use a lot more of that - here on DWW, the internet in general, and societies in general." I *am* constructive. I wrote how I felt about the article. I tried to explain why I had this opinion and I tried to remain positive. My comments were not meant to be hostile at all.
45 • Test, just a test (by XRumerTest on 2009-09-21 18:05:40 GMT from United States)
Comment deleted (off-topic).
46 • AU makes some fair points (by Anony Moss on 2009-09-21 18:09:28 GMT from India)
While the article may be good, and CM certainly does write some informative articles, why is everyone jumping on AU when he is raising some legitimate concerns with this particular one?
A few shortcomings in an article does not mean it wasn't useful. Let's not get too defensive here- criticism is healthy and should not be taken too personally. Everyone is fallible. I, for one, did not find AU's posts disrespectful or destructive.
47 • Security (by Anonymous on 2009-09-21 18:28:51 GMT from United States)
I'm having the opposite problem, general users can't get read/write access to their own windows or data partion on the same drive. Some will give read only, others flat reject without a password screen with a security violation or a "no user mountable partition" message. It is making it hard for the user to get their job done or having to resort to a floppy or a USB key drive to keep their files.
48 • RE: 38 (by Anonymous on 2009-09-21 18:46:17 GMT from United States)
The complaining over hashes vs encryption seems to be about as pointless as the battle over the "true" meaning of su. Arguments that must be qualified with things like "nowadays it means this" and with definitions from wikipedia are next to worthless without more information.
What it comes down to is that functionally the encryption process and hashing are nearly identical. What you cannot do with a hash is decrypt it, which is a separate process. Even the wikipedia definition was weak on this point stating that "In many contexts, the word encryption also implicitly refers to the reverse process, decryption", one of those contexts must refer to when you're trying to be difficult on a message board. It's not encryption, it's a related cryptographic tool....bleh. speaking of tools
49 • Good work on the article (by Ubuntu Two on 2009-09-21 18:50:07 GMT from United States)
Very nicely done. I like these informative type articles.
I have to agree with comment 9, though. Changing your password too frequently really just opens the door to users storing their passwords in an insecure manner, which has the net result of less security, rather than more.
50 • Mandriva KDE4 (by Anonymous on 2009-09-21 20:04:34 GMT from Italy)
I have found the Mandriva implementation of KDE4 the best one so far. The main reason is because it behaves a lot like KDE3 (but there are still some KDE3 features missing).
51 • #34 (by Notorik on 2009-09-21 20:23:35 GMT from United States)
I have to agree. Especially since I am using Puppy to post this. As I have stated repeatedly, (to quote me) "it's all poppycock".
We have some real confusion over enterprise administration and home user security. You should not apply the same standard to the home user as you apply to an enterprise. I don't care about running as root. In fact I get pissed off when a distro tries to restrict me from running as root. Don't you dare try to tell me what is safe or not safe on my own computer. Sure I have f'd up my system but so what? I have learned volumes by doing that. It is an entirely different matter if you are working for someone and you screw up the whole system.
There is no such thing as absolute security. You probably shouldn't ever use your credit card for anything over the internet. Online banking is probably a bad idea too but most people do it and if you have a secure encrypted connection it's reasonably safe. But the person at the bank could steal your money so this whole thing is smoke and mirrors to keep "security consultants" in business by creating paranoia among those who are less knowledgeable than themselves. Apologies to those who disagree with me (including Ladislav), this will be my only post on this topic.
Cheers,
Notorik
52 • security (by BSD User on 2009-09-21 20:29:28 GMT from United States)
Caitlyn Martin try to help users and AU too. BTW I didn't saw any attack from AU. But what is the catch? The users who like Unix and want to learn about Unix they know how to secure or they have books or find help online or... But users who think that Unix is safe by itself don't care about AU or Caitlyn Martin posts or spending time for searching on the Internet. And there are many Linux distro which security is questionable. It is my opinion.
53 • @46 (by Moose-n-bear on 2009-09-21 20:36:09 GMT from Canada)
I think there are two reasons some people didn't respond well to AU's comments. The first is probably a language/cultural thing. AU's wording might come across as strong to some people. Words like "inaccurate" "attack" and "trust" are likely to trigger a response, whether it was meant to be offensive or not. I, for one, believe AU isn't trying to be offensive, perhaps just offering some different points of view.
That being said, I think AU's complaints against the article are the second cause. Two point raised appear to be from misreading or misunderstanding the information provided in the feature. The other two are, as Caitlyn put it, hair splitting. The "su" debate is pretty silly, any UNIX admin in the past twenty-five years would recognize either "switch user" or "super user". And, for a high level over-view of security like this week's feature, encryption and hash are close enough that, again, we all know what's being talked about.
In short, there's no misinformation or obviously incorrect statements in the article and to continue to state otherwise is, I think, pretty pointless.
54 • Chrome OS (by matyas on 2009-09-21 20:37:33 GMT from Argentina)
I don't think that is the official page for Google Chrome OS.
55 • No subject (by Anonymous on 2009-09-21 21:10:35 GMT from United States)
Comment delted (off-topic).
56 • To be, or not 2 B, safe and secure. (by John Herbert Dillinger on 2009-09-21 21:15:28 GMT from United States)
I'm not obsessed with security either, but I found some interesting info in CM's article.
But this statement: "Kurt Seifried, in his Linux Administrator's Security Guide, writes: "You only need to make one mistake or leave one flaw available for an attacker to get in. This, of course, means that most sites will eventually be broken into." He adds: "All technical security measures will eventually fail or be vulnerable to an attacker. This is why you must have multiple layers of protection."
I found at best entertaining. How about this - If I make one mistake and leave my front door open, someone can come in and empty out my house.
There are those, like CM, that are paid to make clients "feel" safe. So in the end, is it any wonder that security is on her mind most of the time. I would rather learn Linux than have to always be reminded to keep my "front door locked" - God, is it lock, maybe I should check, I hope its locked, ad infinitum.
I suppose I depend to much on the devs that they keep my Linux distro secure, so I don't have to worry so much.
57 • OpenBSD is not delayed (by Pau on 2009-09-21 21:31:06 GMT from Germany)
... but follows its original schedule:
"we will go back to the standard Nov 1 schedule"
-------------------------------------------------------------------------------------- Date: Thu, 17 Sep 2009 17:41:12 -0600 From: Theo de Raadt Subject: 4.6 postponed to Nov 1 To: misc@cvs.openbsd.org
The 4.6 release will be postponed to Nov 1.
There have had serious CD production problems. Because everything in CD manufacturing is so ridiculously outsourced, all I know is that the plant which was used this time (Q Media services Corp in Vancouver) have made about 6 faulty CD pressings in a row. I will stop saying more, otherwise this will quickly turn into a rant.
We intended to release on Oct 1 because the tree was frozen earlier (as jj has described on undeadly.org, this was so that the f2k9 hackathon could occur in August, with an unlocked source).
But we will go back to the standard Nov 1 schedule. Sorry about the delay.
Thank you very much for those of you who have pre-ordered.
58 • Aha (by Nobody Important on 2009-09-21 21:42:33 GMT from United States)
I stay off the DWW for a week or two, and come back to find the usual. I'm unsurprised.
Nods to Notorik for continuing to spout his nonsense - it's entertaining as ever. It would work better as a satire.
The rest of you can keep on truckin'.
59 • Balance of main article. (by Jasperodus on 2009-09-21 22:22:10 GMT from United Kingdom)
The definition of a computer behaving as expected: Made sense to me as soon as I read it - I think it is completely valid.
Su: Again, I have only known it as superuser but, even if it was given as switch user or substitute user it would not have bothered me at all - I would have understood (which is the main thing, right?)
Problem is, it's always going to be a case of the information is too detailed or not too detailed for some. I believe that quite often the motivation for people who try to find fault, and nit-pick, is to demonstrate their 'cleverness'.
Anyway, I found the article to be a nicely weighted introduction.
Thanks.
60 • feature story - linux security (by Ken on 2009-09-21 23:11:42 GMT from Australia)
Caitlyn, Thank you for this, i look forward to the up coming additions to this feature. Most helpful, cheers.
61 • Security (by JD on 2009-09-22 00:24:57 GMT from United States)
Everything in this article is very valid and I agree completely ! I just hope my passwords are strong enough. But who in there right mind would hack someone on very slow DSL like mine? I mean come on!, it'd be torture for both of us!
And on another note: I'm very glad to see many more women contributing to Free Software World! and hope to see a continuation of the great trend because they can bring alot to it I think.
62 • ChromeOS link a fake (by alanbcohen on 2009-09-22 01:59:21 GMT from United States)
I haven't read thru the other comments here; I just got home and went to download from the 'chromeos' link you provided only to find it is a fake, linking to 'http://susestudio.com/'. That is sufficient reason to me to avoid Suse with a passion and make me question how well you researched this item before passing it on.
63 • RE: 62 ChromeOS link a fake (by ladislav on 2009-09-22 02:08:52 GMT from Taiwan)
What's with all this "fake Chrome OS" comments? It's a real distribution based on openSUSE. What's "fake" about it?
The only problem is that the download link no longer works (it worked last week). If they don't fix the link soon, I might be persuaded to remove the entry from this week's DWW, but I still don't understand why so many people think it's "fake".
64 • Ubuntu Karmic Installs (by Chris H on 2009-09-22 04:13:26 GMT from United States)
Pardon the new thread, but...
I've installed the karmic alpha 6 on several machines. I'm using the 'alt', 'debian installer' version to prevent install failures even if the graphics card that I'm using isn't supported yet. My computer with an ATI Radeon HD 4550 card had that problem, but booting into the 'recovery' mode allowed me to update the system, and karmic is working just fine on that system in addition to several other systems.
There are lots of updates to download. I like that.
The weird thing about karmic is that it only uses 'grub-pc', aka 'grub2'. If you want boot karmic from another distro's partition, you have to manually insert a grub stanza that you've created with information from karmic's /boot/grub/grub.cfg file into the 'menu.lst' file on that other disto's partition.
If you do a Ubuntu 904 install after the karmic install, Ubuntu 904 will create the required karmic 'menu.lst' stanza for you.
Chris H
65 • Good article (by Joe on 2009-09-22 05:42:31 GMT from United States)
Caitlyn, good article on Linux Security Basics. I found the article to be an interesting read and I look forward to the rest of the series. As always, I enjoy reading the articles on this site and the content rarely disappoints.
For years, whether working with Linux or Unix, I've seen su described as switch user and superuser. It temporarily substitutes another user ID for your own, with root (superuser access) as the default. I have numerous books in my library that provide both terms (usually in the same sentence) for the command su. Either term should be acceptable, although IMHO superuser is more widely used.
Reading the comments section can be very rewarding as well, since many of our fellow Linux enthusiasts provide good advice, often accompanied by links to additional related information that helps round out the topic. Occasionally, someone makes a point of contention, and we all learn from the ensuing discussion. DWW is a much better read when the comments are constructive.
66 • Ref - 63 • 62 ChromeOS link a fake (by Anonymous on 2009-09-22 06:14:22 GMT from United States)
I think confusion is the word to use. GoogleOS vs ChromeOS. There's a difference.
67 • Simple security check (by John Richards on 2009-09-22 06:41:08 GMT from United Kingdom)
I know this is very untechnical and quite insufficient by itself, but I always find it very reassuring when the WLAN or LAN contact light for my machine on the router/modem stays continuously steady for long periods of time, when I am doing non-linking activities on the machine - except of course when it is checking for updates. If it started flickering regularly I would suspect intrusion, and perhaps even a botnet. But of course I also apply the more technical anti-intrusion techniques.
68 • No subject (by Pingus on 2009-09-22 06:58:50 GMT from United States)
Maybe fake is not the proper term. Misleading would be more accurate as people are making the assumption the ChromeOS is the distribution from Google.
69 • @ 63 re: "Fake Chrome OS" (by Anonymous on 2009-09-22 07:19:54 GMT from United States)
It's based on Suse, you'll find certain individuals that can't resist spreading Fud about it. Some people seem to have made a full time job complaining about them.
70 • FreeBSD+Gnome (by Equimanthorn on 2009-09-22 07:21:52 GMT from Italy)
I find some freebsd distro using gnome as the default wm:
http://www.truebsd.org/ (live dvd+install)
http://www.ghostbsd.org/ (live dvd + install in the nexts version)
http://freebsd-custom.wikidot.com/start (custom iso using xfce or gnome)
Goodbye
Paolo Equimanthorn
71 • Kahel OS (by jdetras on 2009-09-22 08:12:01 GMT from Philippines)
I thought I am mistaken when I read about Kahel OS. I know for sure that it is a Filipino word but I did not bother to look into it earlier when I read Distrowatch. It is just now that I re-read about the new distros that I found out, Kahel OS is really a Filipino distribution. I am surprised about it. BTW, "Kahel" = "Orange". Glad to hear that there are other Filipinos working on a developing Linux distribution.
72 • No subject (by Anonymous on 2009-09-22 08:40:18 GMT from United States)
The most common are su, short for superuser, and sudo, short for superuser do.
Should be "Switch User" instead of superuser.
73 • Re: SU (by Anonymous on 2009-09-22 09:19:39 GMT from Canada)
I'm a newb, but man su:
"su - change user ID or become superuser"
If true, in context the article would be best to say, "The most common are su, short for [become] superuser."
74 • RE: 63 "RE: 62 ChromeOS link a fake" (by Julian Andres Klode on 2009-09-22 13:12:17 GMT from Germany)
Google announced at http://googleblog.blogspot.com/2009/07/introducing-google-chrome-os.html an operating system called "Google Chrome OS". The ChromeOS listed here is not this OS, and is not supported by Google in anyway. It will just cause confusion to include this OS in the list.
75 • Excellent Article (by Jason on 2009-09-22 13:43:46 GMT from United States)
Caitlyn, thanks for the wonderful article/intro on linux security. While most of this information is already stuff that I know, it's always nice to go back over the basics and see things laid out in a format that is accessible to newer users and aspiring system administrators. I look forward to the next installment. Keep up the good work!
Once again Distrowatch proves itself to be an invaluable resource to the *.nix community.
76 • Re:63 & 62 & "Chrome OS" (by Sam on 2009-09-22 14:05:25 GMT from United States)
Agreed. Even if the distro is legit (and the developer gets the website working again), it takes the name of Google's forthcoming operating system. Would Distrowatch provide a link to an OpenSuSE respin I'm planning to make called "Windows 7" ?
77 • RE: 74, 76 (by ladislav on 2009-09-22 14:13:26 GMT from Taiwan)
OK, fine. Since you guys don't want to see it here and since the download doesn't work any more, I've removed it from the list. But as for the "Windows 7" analogy, you know the answer already - the name wouldn't last very long irrespective of whether I'd link to it or not.
78 • Thanks..... (by Jasperodus on 2009-09-22 14:22:06 GMT from United Kingdom)
.....to all who must have spotted the 'howler' in my earlier post (59), but did not feel the need to cause me a little embarrassment:
"......or not too detailed for some"
Yoikes!, didn't think about the wording very well did I? Now, where did I put that embarrassed emoticon?
Anyway, as far as I am concerned, the article was nicely balanced :)
79 • #58 (by Notorik on 2009-09-22 15:19:21 GMT from United States)
Nothing to say so you take a "swipe" at me? Don't be hatin'. Thanks for the "nods":)
80 • Thanks, Caitlyn and Ladislav (by Michael Raugh on 2009-09-22 16:40:18 GMT from United States)
Greetings, all! A few thoughts, in no particular order:
Loved the security article by Caitlyn and I'm very excited to see the future installments. Reading security manuals is often a chore; by putting essential information in this short, accessible format Caitlyn and DWW are doing a great service to the home and SOHO Linux user. That, if you ask me, is extremely cool and while it's always possible to nitpick or call oversimplification the message is sound and easy for the target audience to follow. That, ultimately, trumps pedantry.
@14: Sudo isn't there to protect people from making mistakes as root, Mandiveiro; it's there to make it more convenient to use root power when it's needed, and under reasonable controls (such as a limited set of commands, requiring the user to re-enter their password first, etc.). I started out on Fedora and SUSE, without sudo, and then added Ubuntu which uses sudo by default. After a little while I came to prefer sudo even to "su -" because of the logging. I use it in my work environment so that multiple admins can work on a box and keep a decent audit trail of who's doing what.
@33: Jesse, it's a point of consensus among the security folk that I hang out with that if you have physical access to a system you own it. You really can't lock down a system to prevent a local take-over, though you can (through disk encryption, for example) take steps to make it extremely difficult for anyone to read your data after they do.
@62 (and others who noted the "Chrome OS" thing): Bear in mind that SuSE Build Studio is a tool; anyone can use it to create an OpenSUSE respin and name it anything they like. Clearly this points out a need for a little more supervision of the site by OpenSUSE but I wouldn't call it a reason to disown the whole organization. Your mileage may vary, as always.
Just as an aside, I'd like to see a new principle take hold akin to Godwin's Law but stating that the moment anyone cites Wikipedia as an accurate or authoritative source on *anything* they automatically lose the argument. ;^)
-mr
81 • Re: 80 (by Mandriveiro on 2009-09-22 17:14:50 GMT from Spain)
I know that sudo can be configured to let different users use only certain specific commands, and that's very useful and much more secure.
What I don't see is the reason to remove a security layer by using sudo+first user's password, instead of a different password (say root if you want to) for _full_ access to the system. I'm afraid that many people running servers just have one user and one password for everything.
And of course, a system with a root password can also be broken into...
82 • @80 (by Sean on 2009-09-22 18:10:24 GMT from United States)
Michael Raugh said, "You really can't lock down a system to prevent a local take-over, though you can (through disk encryption, for example) take steps to make it extremely difficult for anyone to read your data after they do."
That is an excellent point.
At our facility we've started a tiered password behavior for all users on all 17 machines. Since its inception, still in experimental stages and it is at a school so we are wary, we've had zero intrusions **that we know of**.
Multiple user computers need this system in our opinion, if it is feasible in a given environment (we got it from the computer gurus at SAC).
83 • BS (by RollMeAway on 2009-09-22 20:18:26 GMT from United States)
I come here, to Distrowatch, to find the latest information about linux distributions. While security is certainly important to any distro, and I did find the article interesting, to devote all comments to it is a waste. There are countless websites and books devoted to security. Go there, read them!
Everyones time is wasted with "he said", "she said", misspelled words!, didn't dot that i, forgot to cross this t.
Please? Could we discuss distributions?
84 • Inaccuracies in Article (by Anonymous on 2009-09-22 21:12:06 GMT from Australia)
There have been comments about inaccuracies in the article, and discussion about whether these comments are positive or negative.
It may be a good idea to have two different ways of submitting comments. One as is, to be posted on the forum, and another to send a private message.
If someone notices an inaccuracy, they can send a private message, and the article can be corrected.
85 • #83 (by Elder V. LaCoste on 2009-09-22 22:57:25 GMT from United States)
First thanks to Caitlyn for an interesting and informative article. My personal preference would also be to focus on distros but it is refreshing to read something a little different once in a while. DWW is read by a diverse group of individuals with many different thoughts and concerns so I don't have a problem with an occasional discussion about something other than distros. Security is an important issue to most of us (Notorik is the obvious and puzzling exception) so a week devoted to it is a week well spent IMHO. I am however still waiting for Caitlyn's review of Dragon Fly BSD which I believe she stated was "definitely on her radar" ....
86 • No subject (by forest on 2009-09-23 00:19:46 GMT from United Kingdom)
Ref #83
Ok, point taken, RMA. I have just tried out the latest offering of Berry (v 0.98), it did not find the wifi so it died for me right there (I only have wifi connection). the screen res did not seem quite right...unless the cat had already lost a number of its 9 lives or, was an entirely new breed unknown to anyone else outside Japan.
Then tried the Easy Peasy on the same machine, Opti 280, 3GHz, 2GB ram, but copied onto a usb stick (using the U9.04 usb writer) and that connected as fast as via wifi, (although in the interests of top security I broke the connection straight away...).
Interesting, if that is correct term, desktop and proved to be a pleasant diversion for an hour or so.
I had tried, prior to this p.m., the latest Puppy (4.3) and that again was stuck onto a usb stick and was fairly fast in the 2GB ram of the m/c. I was particularly pleased with being able to play commercial DVDs without any nonsense and with all the on-screen menu fully functional.
Ref your comment about discussing distros...never forget the old saying...one man's meat etc, etc. (and woman lest I'm accused of being sexist.).
Apologies if you have latched onto this wheeze already...but have you set up "your" google alerts for anything GNULinux? Believe me you will find more to read that you bargained for...mind you it is worth it for the pro MS rantings of some "pocket" hacks/journos.
87 • Password (by Anonymous on 2009-09-23 00:34:23 GMT from United States)
Are we still limited to only eight character passwords? What is the current true password length limit? What happens if you use more than eight?
88 • re #86 - berry berry sad (by gnomic on 2009-09-23 04:12:48 GMT from New Zealand)
Thanks for reminding me I vowed never to try Berry again after the last version. OpenOffice wouldn't run on several machines, and left the gui disabled, the only escape was the reset button. Shame in a way, Berry has a nice look and some nice features, but I have the feeling it is a one man band, and testing is done after it has run on the machine it's made on. I stand to be corrected, but the dev is an invisible man, no response to emails. Maybe it works well in Japan? The trend seems to be downhill, it did seem to mainly work back at Fedora 8 or so, but the plot seems to have been lost since then.
89 • #83 SecurityWatch (by Xtyn on 2009-09-23 06:48:46 GMT from Romania)
Yep, someone forgot to tell her that this site is called distrowatch, not securitywatch. Ever since she came here security has become a prime issue.
All this is just FUD. Be afraid, be very afraid, your Linux distro is not secure.
90 • Password lengths (@87) (by Michael Raugh on 2009-09-23 11:59:21 GMT from United States)
The old 8-character limit on passwords was a limitation of the old crypt hashing method used in years past. Any reasonably modern distro will readily accept passwords longer than that with no issues at all.
Exactly how long a password can be is a function of the hashing algorithm and how a given distro implements it. In practice most distros that use MD5 hashing can accept a password of 70-plus characters for local authentication, which is way more than anyone would be willing to type.
Mind you, in a networked environment there are other factors that can limit password length. If you use LDAP authentication, NIS, or Samba (Windows) for network authentication that external directory may have a lower limit than Linux itself does. Some LDAP directories stop at 16 characters, and I *think* the maximum for Windows NT/Samba 3 is 31 (but don't quote me on that).
-mr
91 • Security in Linux Distributions (by Sean on 2009-09-23 12:13:43 GMT from United States)
How is discussion of security in distros not discussion of distros?
92 • Security - Password aging (by VernDog on 2009-09-23 14:13:41 GMT from United States)
Someone already mentioned it, but what's the theory behind changing passwords every short period of time. If they meet the requirements. Without giving a knee-jerk reply, what's the purpose? If your thinking someone is approaching your password by some cracking means then they would due it anyway whether you change it or not.
Also as I stated, when you have to keep changing passwords all the time you fall into the habit of posting it under the keyboard or under your coffee cup because you can't remember the new one. You get lacks. I have a complicated password and I have NO intention of changing it. I have it posted deep within my brain :)
93 • #92 (by Notorik on 2009-09-23 14:51:02 GMT from United States)
What is it?
94 • @92: Changing passwords (by Jesse on 2009-09-23 14:54:54 GMT from Canada)
Changing a password every so often is good for a couple of reasons. In an office environment, it means that any shared accounts are protected when an employee leaves. Lots of IT departments have multiple admins and you wouldn't want a former employee using the root password.
At home there's a bit less obvious use. Though if someone does guess your password, changing it on a regular basis mean someone who has managed to guess/crack your password needs to do so over again.
Rotating passwords also means there is a time limit on cracking your login. Let's say someone tries to ssh into your machine and they're trying to brute force your password. If your password is static, eventually the attack will work. It might take a long time, but it'll work. If your password is changing, you're a moving target. Using long, complex passwords and changing them often means brute force attacks have very little chance of success because the attacker isn't going to keep repeating combinations already tried.
If you have trouble remembering a password, try to come up with a theme or formula. It can be a lot easier than remembering the exact combination.
95 • No subject (by forest on 2009-09-23 16:28:42 GMT from United Kingdom)
Ref #93
A brain is the organ employed, by most people it would seem, to prevent their skull from imploding Notorik...
Ref changing PWs on a regular basis, the ex once worked for an American company with offices in UK. Their business was in top grade adhesives, and, consequently tney employed top grade IT folk.
The IT director took the entire issue of security so seriously he would know, obviously, if a PW had not been changed as per mandatory staff instructions.
If said PW was not changed the culprit was summoned to their line manager to give an account of themselves. If it was suspected a person had divulged their terminal's PW to a third party, or even if they went for a wee and left their terminal open unattended they got their ears bent, hard.
This practice meant security was on the forefront of everyone's mind and went partway to preventing the above mentioned lax behaviour.
Which just goes to show there's not really crap security...just crap staff and their crap practices.
96 • Some responses (by Caitlyn Martin on 2009-09-23 18:52:09 GMT from United States)
#85: @Elder: There will be no review of DragonFly BSD from me. It doesn't work on my hardware. I was ready with a review of PC-BSD 7.1.1 but since we had a review of 7.1 Ladislav nixed it. Either FreeBSD 8.0 or PC-BSD 8.0 will be the next BSD review.
#87: Michael did a good job of explaining the history of the old eight character password limit (see #90). The main reason to stay with eight characters today would be if you have a legacy system on your network and want to create a single sign-in. Most of my current passwords have 10 characters.
#92: @VernDog: I think Jesse gave an excellent answer to your question in #94, one I can't improve on :)
#56: It's not about making my clients "feel safe". I've done a lot of work recovering from security incidents after that fact. That's lucrative work since it's always time consuming. Customers generally want to know why and how it happened, meaning lots of billable hours doing forensics on top of restoring things and securing them. It's still a pain, both for myself and my customers. My security award, the one from Lockheed-Martin that hangs on my wall, isn't for preventative measures. It's for recovery after the fact.
The reason security is important to me and to every professional systems administrator and network administrator I know is precisely because we all know and have dealt with the consequences of lax security too many times.
Regarding sudo: The value and wisdom of the Ubuntu implementation of sudo is certainly open to legitimate debate. I think the folks at Canonical are striving for a balance betwee ease of use and security. Their way is certainly not optimal in terms of security.
Having said that, there is no doubt that using sudo as Ubuntu uses it is far superior to just running as root. You're only acting as root for limited times and limited actions. You can also enable logging using sudo.
I generally prefer to prefix commands with sudo rather than just using sudo to open a root shell. Yes, it's five extra keystrokes per line but that way each step can be logged. In my professional work being able to backtrack what was done has made it much, much easier to track down and correct mistakes. Of course, launching some scripts and GUI apps from the command line as root often does require doing so from a root shell.
Finally, I just hope nobody takes the advice of those who call concerns about security "poppycock" or "FUD" or "paranoid". They will come around after they have lived through the consequences of a really nasty security incident. The old expression "ignorance is bliss" applies perfectly.
Next week's article will be a distro review. The next security article will be next month sometime.
97 • passwords (by glasid on 2009-09-23 23:11:35 GMT from United Kingdom)
I have lots of accounts that require user names and passwords so how do I remember them all? I write them all down in .doc format and them upload them to an email account so I can access them anywhere anytime.
This probably isn't the most secure method to store passwords but there is no way I could remember so 30+ user name and password combinations.
Does anyone else have a better suggestion?
BTW, su must stand "super user", not "substitute user" or "switch user". If it was the latter bash would ask you 'which user'?, not 'password'?
Also, IMHO, most Linux OS's are still in the multiuser workplace mentality and haven't actually shifted to the single home computer user - which is probably 95%+ of all users these days. Do you think there many families left that all share one computer?
98 • @97 (by stuckinoregon on 2009-09-23 23:23:53 GMT from United States)
Why not use a cross platform solution such as keepassx for storing your passwords in an encrypted database? Then just take that with you on a usb keyfob.
99 • RE: 97 *.doc format? (by ladislav on 2009-09-23 23:33:49 GMT from Taiwan)
I write them all down in .doc format and them upload them to an email account so I can access them anywhere anytime.
Well, if I want something to be accessible anywhere anytime, then the *.doc format is the very last on my list.
Why are there are so many people who seem completely obsessed with the *.doc format? Isn't plain text (*.txt) infinitely more portable? Sometimes I go crazy when people send me email with an attachment in a *.doc or *.pdf format containing nothing more than a few lines of ordinary text. Crazy!
100 • Security (by Joe on 2009-09-24 00:51:12 GMT from United States)
In my experience, too many computer users think of IT security as an "inconvenience". It'll never happen to me! That is, until their data or computer gets hacked or compromised. Cleanup can be very time consuming and expensive. And, there are no guarantees that all of your data can be recovered.
If you're one of the ones who think security is overblown, it's likely you haven't been hacked, or had to "clean up" after someone who let their guard down. I hope you never fall prey to any of the methods that hackers and criminals use to spread malware or to create botnets. And, there are always the script kiddies armed with the latest exploits. If you're lucky, your system may never get compromised. But, why take the chance?
Basic security doesn't take much work. Create a user account. Use good passwords. Keep your system updated. Most basic security measures only take a few minutes to implement and, in most cases, can be implemented regardless of distro choice. Or, take it a step further and change the default username and password for your router. If you use wireless, set up security (WPA2 would be my choice -- hardware permitting); and don't use a SSID name that lets everyone know who you are, or entices someone to try to log onto your wireless network. At a minimum, like a lock on a door, your measures will keep honest people honest and may very well persuade a determined hacker to pass you by as they look for easier prey.
@93. Nice try Notorik ;-) @95 Funny response Forest.
101 • re: AU (by nix on 2009-09-24 02:17:44 GMT from United States)
As far as I know su is short for 'substitute user ID', not 'superuser'. Su can be used to change to other users than root.
Actual; I have heard su stand for: Switch User Substitutitue user (rare)
Checking the man page: su - change user ID or become superuser
Well, based on the name description; you can see where the "superuser" phrase may be implied / applied.
102 • Berry-0.98 (by RollMeAway on 2009-09-24 03:06:30 GMT from United States)
I have tried Berry in years past and it worked reasonably well. My last try was last December, the 0.94 version. Had numerous problems, and no place to find resolutions. Gave it up, moved on.
0.98 failed to run for me. All my computers use IDE drives (even those with SATA capability). Fail message said it could not load "/modules/ide-cd" . It couldn't find the CD it booted from.
103 • No subject (by Anonymous on 2009-09-24 03:58:12 GMT from United States)
Can we give up on the "su" name already. It's been thrown around like a hot potato.
All you need to know is how and when to use it. Nickpicking, that's all it is.
I use a zip file to store my passworks in and then pawword protect that file. The file inside is a TEXT file. And I agree ladislav.
104 • Su again (by AU on 2009-09-24 06:08:14 GMT from Germany)
I see there are still readers interested in the meaning of su.
I think that my previous comments (13 and 20) uncovered nicely what the situation is. I will sum it up once more, because there is still discussion going on:
Originally, the su program was a very simple program which had only one function: to make the user superuser. The programmer added the following comment to the source: /* su -- become super-user */ This shows that the programmer meant su to be short for super-user.
Later, more functionality was added to su. The programmers who created the current implementation of su have placed the following comment in the source code: * su - switch user id This shows that they intend su to mean 'switch user id'.
These are the facts. You can choose what you want to make of it yourself.
105 • No subject (by forest on 2009-09-24 09:27:00 GMT from United Kingdom)
Ref # 102
RMA, never had any real success with the Berry collection. I begin to wonder if some of these one man and his chow distros are really worth the effort of trying...I speak personally here btw.
If, as has been suggested, they are supported as and when, through no fault of the developer I hasten to add...(s)he has to eat and earn a crust sometime, LOL...it stands to reason they cannot really offer the same support as Canonical say.
This is NOT to say these ventures are a waste of time universally, but a distrohopper has only so much time to devote to a hobby and there are so many choices around.
I for one prefer to try out a "sure thing" which does not need hours of trawling thru' help forums only to discover "your" particular hardware is not supported either because it is too ancient or too cutting edge.
[Case in point for me is that I have yet to find a distro which supports 802 draft n devices. I'm not saying there is no support out there...just that I have not found it.]
That said some of the bigger, better supported distros do not always come up with "universal" wifi support either...and I include a, b/g let alone n.
Just tried the Triquel and that did not find the wifi. Parsix on the other hand was another one of those Uxx based distros that performed very well and needless to say found the wifi and connected without fuss.
And, whilst on the subject of distros worldwide, I too would like to read more views/comments on "national" distros. Like most people I suspect we have all had our fill of the "su" debate, LOL, there is after all only so much you can say on the definition without repeating, in slightly different terms, earlier posts.
106 • No subject (by forest on 2009-09-24 09:42:44 GMT from United Kingdom)
Still on the wifi theme...you may have read of the fears that some folk have about the RF radiation. Very fortunately a UK estate agent (realtor in US speak?) has found the solution:
http://www.webuser.co.uk/news/blog/cammjones/398068/estate-agent-designs-protective-wi-fi-hat
Thank goodness we take these things seriously in UK...
107 • @97 (by Michael Raugh on 2009-09-24 11:56:24 GMT from United States)
I'm fond of Password Gorilla (http://www.fpx.de/fp/Software/Gorilla/) myself. It's cross-platform, simple to use, and keeps the passwords in a standard format readable by PasswordSafe and compatible apps.
-mr
108 • Re: #97 - passwords and su (by Pearson on 2009-09-24 16:19:34 GMT from United States)
One approach to maintaining passwords is to use a "password algorithm" that you can remember. Maybe something using the first letter of the site, incorporated into a "passphrase" (or the first letters of each word in the phrase) easily remembered.
For instance, you can make the password simple like "DontCare" if it's for something trivial like reading a newspaper.
For the bank, I definitely recommend an obfuscated passphrase. Take some quote that you can easily recall, use the last letter of each word, capitalizing the nouns, and use numbers as you can (if the word is "great" then use 8).
109 • No subject (by forest on 2009-09-24 17:51:08 GMT from United Kingdom)
PWs.
On the topic of passphrases why not simply invent something so unlikely it could never be guessed easily, (if you know a quote so will some computer...) eg:
ShakespearesurvivedsolelyinashackinStratford, or, SantaClaussteadilysipssangriainsunsaturatedSahara.
Numeralise (sic) the letters where possible...uppercase the nouns or pronouns or verbs or prepositions wotever and use alliteration, as above, to help you remember. Or put in spaces every so many characters, actual words not withstanding.
Anyone trying to unravel that lot would think you demented and probably give up.
110 • RE:47 Security (by Anonymous on 2009-09-24 17:53:00 GMT from United States)
There needs to be a way for a user to log into another partition with read/write access without SUDO or giving root access. Some are booting puppy to get around this.
111 • Storing passwords (by Jesse on 2009-09-24 18:26:10 GMT from Anonymous Proxy)
My rule of thumb is that you shouldn't write down passwords at all. And they should never be stored some place like a .doc file or .zip file. Both are trivially easy to get into, whether those files are also password protected or not.
If you really have too many passwords to remember, and you must write them down, put the passwords on a piece of paper in your wallet. You are must more likely to notice if your wallet is missing than if someone has broken into your e-mail or taken your USB key. Some times the most simple solution is best.
Word, text or zip files are very easy to copy or sniff over the network.
112 • No subject (by forest on 2009-09-24 18:31:38 GMT from United Kingdom)
Rerf #110
Do I take this to mean that if an attacker has physical access to a machine, they need only start up the machine with a "recovery" disk, do the thing with the BIOS boot up selection and...recover your data?
I can understand why some organisations have staff machines with no physical "ports" at all.
Perhaps CM might touch on the notion of encrypting folders and files as well?
The more you learn the more you find you did not even suspect...I can forsee another google session.
113 • Boot multiple distros over the internet (by RollMeAway on 2009-09-24 19:57:57 GMT from United States)
If you have high speed internet, this may be of interest to you. I just burned a 576 Kb (not Mb) iso to a CD (floppy and usb images available). Booted the CD, and selected "Debian Live LXDE" from a large selection of distros. Although it took several minutes due to my network, it really worked! I did have to create /etc/resolv.conf in order for firefox to access the internet.
Perhaps after you get your passwords all copied to yellow stickies, and tucked in your shoes, OH and look up the latest definition of 'su', your might want to look into an interesting approach to accessing linux and BSD distributions. You can select an installation or live version of several distros to boot. http://boot.kernel.org/#download or http://www.netboot.me/
Better unplug your hard drives first, so no bad guy can access your data!
114 • #113 (by Notorik on 2009-09-24 23:13:47 GMT from United States)
...and remember to always wear your foil hat.
115 • Stupefied (by Landor on 2009-09-24 23:20:56 GMT from Canada)
I saw an analogy between your door locked and repeatedly checking it. I found such a thing completely and utterly absurd to say the least.
When a person leaves their home they leave it with the sense that it's as secure as they can possibly make it. When you buy a lock (of any sort) you buy one that fits the needs of being "properly" secured. You don't buy something that could be twisted off, easily worked around.
From the dawn of time people have had to deal with other people taking things that belonged to others. In that time we've dealt with the issues as they arose. Go to any mall and listen in the parking lot to the people setting their "built-in" alarms on their vehicles to prevent them from being stolen. If you found out your alarm system was easily compromised you'd most assuredly rectify the matter so your vehicle wouldn't be easily stolen. You can say that your vehicle is worth X-amount of dollars, but in all truth, how much is your identity worth? Credit information?
In the sad state of the world that we live in, where so many are out to take from you by any possible means I find anyone disregarding it simply stupid, nothing more.
The next time you lock your door on your house, set your car alarm, or even see a police officer, remember, anyone who protects their computer as seriously is a paranoid idiot, then call yourself a hypocrite, as well as clueless.
Keep your stick on the ice...
Landor
116 • Gnome 3 (by RollMeAway on 2009-09-25 05:12:31 GMT from United States)
Looks like it won't be long before the gnome users get their cart turned over, like kde users did. http://d0od.blogspot.com/2009/09/gnome-3-quick-visual-tour.html http://live.gnome.org/ThreePointZero/Plan
117 • Re:@99 (by BSD USer on 2009-09-25 12:35:30 GMT from United States)
99 • RE: 97 *.doc format? (by ladislav on 2009-09-23 23:33:49 GMT from Taiwan) I write them all down in .doc format and them upload them to an email account so I can access them anywhere anytime.
And distrowatch shoul be about Unix. Looks like that that readers are Windows users.
118 • @114 (by Nobody Important on 2009-09-25 16:33:13 GMT from United States)
Ah, but I'd gladly trade my headspace for a piece of mind about my debit card number. Better to look an idiot than be one, as you so thoughtfully proved today.
Landor, you deserve a high five.
119 • Data Security (by Joe on 2009-09-25 23:09:41 GMT from United States)
@115. Landor.
I would think that repeatedly checking locked doors might be interpreted as OCD. :-)
Encrypting the data partition may very well be the best security option for homes and small offices. Forest dropped a hint to CM about touching on encrypting folders and files. But, if I remember correctly, you mentioned you have some experience encrypting partitions on your systems. People respect your opinion. Maybe it's time to pen an article for DWW?
120 • No subject (by Lock Me Away on 2009-09-26 01:33:14 GMT from United States)
There's a performance loss using LVM or encrypted files.
Just because your not hearing a lot disagreement doesn't mean this whole security issue isn't taken with just a grain of salt.
Those that work in the field or are paranoid fearful types will have more security than Fort Knox. The rest of us will just take simple steps.
Your really preaching-to-the-choir with all this security stuff. Those that agree will and do use it, the rest of us just don't. Get over it!
An answer to all if takes is just once - Ok, all it takes is just once for a jet engine to fall off a wing and hit me in the head .... get the idea.
You can and will just preach and preach and preach, but in the end it's just you and choir singing its praises.
The rest of us are using password zip files, password that we haven't changed in 30 years. Stuff like that.
121 • Puppy 4.3 (by Notorik on 2009-09-26 05:58:27 GMT from United States)
All you security obsessed potato heads will probably hate this but Linux Magazine has a nice review of Puppy here:
http://www.linux-magazine.com/Online/Blogs/Productivity-Sauce-Dmitri-s-open-source...
122 • RE: 121 Puppy 4.3 (by ladislav on 2009-09-26 07:14:24 GMT from Taiwan)
You call that a review? To me it looks like three paragraphs of random excerpts from the official release notes the author scribbled down over a tea break.
123 • [OT] Etoile for search (by Flushy on 2009-09-26 10:42:27 GMT from Austria)
This is off-topic, but would it be possible to add the etoile package to the search engine. It's a desktop manager and it would be really nice to see, which distribution offers a recent version of it or which distribution provides it at all.
See all: http://etoileos.com/
124 • Re: #122 Puppy 4.3 (by Andy Axnot on 2009-09-26 12:36:48 GMT from United States)
It certainly is a very brief review, and just gushes over Puppy without considering any downsides. But it is still interesting and informative. It gave me some ideas of things I want to check out in Puppy.
And the comments contributed even more info.
Andy
125 • RE: 119 & 122 (by Landor on 2009-09-26 15:30:18 GMT from Canada)
#119 I had to laugh, sorry, but I think you'll find people love to hate my comments or posts more than anything else! :) People just don't like someone who doesn't follow the herd though, that's very common.
I have two reasons why I won't do one on this topic and right now. First I think you'll find CM does cover that topic and second I'm moving plus have my own side projects on the go, as I've said here.
Before I wrote one though I'd like one of the stalwart anti-security lot write one all about why people don't need security on their computers. I'm sure it would provide a great source of amusement for the Open Source Community. Maybe Ladislav would then have a regular comic section in DWW. :)
#122
I usually find that when reading a view with Puppy and totally agree with you. Whenever I go to read a Puppy review I go into it, and usually leave it, with the feeling that it's no different that multitude of PCLOS reviews people were bombarded with a couple years ago. Usually written by a fan, or worse, a fanatical, supporter of the distribution. Obviously this one was no different.
In General:
I ran Moblin 2.0 on the Acer Aspire One...I found it extremely bug ridden and a few problems with hardware. What floors me is the belief that this is production ready for an OEM? They have to be kidding. I also read that there's tons of problems across a variety of Netbooks and users also found problems on the application end of things. I really hope they don't try to put it out to the stores on systems. Not yet anyway.
Keep your stick on the ice...
Landor
126 • No subject (by forest on 2009-09-26 15:53:28 GMT from United Kingdom)
Ref CM's security article, where there is mention of PWs being changed every minute...see this:
http://www.technologyreview.com/computing/23488/
Even if a brainy bloke(ess) invents a way of changing one time PWs really quickly, it would seem even brainier blokes(ess), with a criminal bent, find a way to exploit the situation.
Who says IT education in schools is wasted?
127 • Puppy (by Notorik on 2009-09-26 16:54:58 GMT from United States)
Oh the Puppy haters are amusing! They are more rabid than the Puppy "fanboys". I actually tried Puppy because of all the negative comments here in the DW forum. Ok you don't like the review, so? I have found it to be entirely accurate IME. I just don't understand the Puppy hate. It is number 7 on the DWW charts today, Something must be terribly right with it. The more I understand about what Barry K. is doing with the "Woof" system the more I see that he is the real innovator in the Linux world. Try to get over your preconceptions, prejudices, and preposterous ego fueled rants about security. Take an unbiased look at Puppy. Let's please stop the ridiculous spy vs. spy mentality.
128 • Puppy (by Anonymous on 2009-09-26 18:51:39 GMT from United States)
Go look at the puppylinux.com home site. The Puppy FAQ has a section just about Puppy security. There it is wriiten that Puppy is not yet ready for server use. It was initially designed for client use. Read it, then comment. I use Debian Lenny, but I find other distro's interesting. Have fun....
129 • RE: 127 (by Landor on 2009-09-26 19:26:21 GMT from Canada)
First off, yes, the review is accurate. It's basically just a simple expansion (very simple) of the release notes as Ladislav stated. So as I said, yes, it's totally accurate. It was written with 0 originality by a fan.
You ASSume that I'm a puppy hater. You couldn't be further from the truth. I like BK and the work he's done, though in my opinion Puppy is/was missing a lot to make a true "complete" Linux distribution. I've been following the whole "Woof" project with an open mind and mild enthusiasm. I don't know how good it's going to be, this "distribution base build system" that he's creating, but it sure is interesting to say the least.
What I don't like is some of the community. I don't like fanboys, I don't like zealots, I don't fanatics. I don't like when they swarm in on every single review (let's say like arch recently) where they incessantly try to force feed their rhetoric.
I can't speak for Ladislav, though I highly doubt he has any hate for Puppy (how amusing indeed) but in my regard you're wrong again, as you are/were on the security topic.
You should really try to contain your comments in a more logical fashion. When I see people strongly opposing views here they always seem to "emote".
Keep your stick on the ice...
Landor
130 • #129 (by Notorik on 2009-09-26 19:55:34 GMT from United States)
I see you "assume" (capitalization corrected for politeness) my post was directed at you. I don't usually even pay any attention to your posts because I have learned that you tend to regurgitate the cliche of the day. I wasn't directly addressing you or Ladislav. I read through the comments and responded in a general way in order to avoid personal attacks.
Apparently your other point is that the release notes for Puppy are indeed accurate. Good. Point taken and I actually agree with you. I'm not a Puppy "fanboy". I like Puppy and I use it daily running as root. Oooooh scaaaary. Why don't you concentrate on "keeping your stick on the ice" and leave the comments to people who have something to say.
131 • @ 123 re:etoile (by RollMeAway on 2009-09-26 19:58:39 GMT from United States)
The only distro to host etoile, that I could find, is Frugalware. Unfortunately my attempt to install their 2009/07/16 version failed with a corrupt package, oniguruma-5.6.1-1 repeatedly had a bad md5sum. No etoile activity in frugal forums, and I am not up to starting any.
Ubuntu provides it in launchpad, but I don't believe they have the current version. This is over a year old: https://launchpad.net/ubuntu/+source/etoile
It appears the only way to check it out, for now, is the virtualbox image provided at the link you gave.http://etoileos.com/
Should anyone have other information, please post it.
132 • RE: Something to say (by Landor on 2009-09-26 20:10:28 GMT from Canada)
I've found the majority of your comments to only be opinion based. There's very little in the way of substance to substantiate even the smallest portion of them.
Since I've finally realised this, and based on your last comment. I'll do the same as you, skip over your comments readily.
I always prefer discussing things with people that are able to do the same in return, on a mutual level of intelligence and respect.
Keep your stick on the ice...
Landor
133 • 125, 129 (by Barnabyh on 2009-09-26 22:38:31 GMT from United Kingdom)
Hi Landor, I always read you going on about fanboys, zealots and 'fanatics', seems to be a real preoccupation for you. I've not come across many, if any, so-called 'fanboys'. Most people run several distros at a time, or like one, run it a while, and move on. For me it is mostly a release I particularly like, or a certain need at the time.
Simply liking a distro and making favourable comments about its virtues is not the same as being a 'fanboy'. I'ts nice for people working hard on them to find their work respected and appreciated. Other people reading favourable things about a particular version of linux (my term for trying to explain to the 'unenlightened' what a distro is) may benefit from trying it out.
I think the term/ accusation 'fanboy' is slung around too loosely. Even I got accused of being that on this very forum for merely pointing out a few months ago, shortly before the 2009.1 release of that quite popular distro, that a 2.6.22 kernel in 2007 is still fine if it supports all your hardware and serves your purpose and there's no need for the latest just for the sake of it. Although it's pretty obvious from past postings I mostly run Debian and Slackware anyway.
Oh yeah, and what's with all this hate thingy? We're talking about comps and OS's here. Hate? Bit too strong a word. "We're gonna put your head on a spike and feed the rest to the pigs if you don't start using ***linux." Don't think so.
Keep your head up your ****
Barnaby
134 • 129 (by Barnabyh on 2009-09-26 22:51:08 GMT from United Kingdom)
There were plenty of comments re. Arch because we had a review of Arch linux on DWW which obviously invites comments on the topic.
It is quite different from spamming fora, newsgroups and the like with opinions, it was a discussion about the topic of the week. What else are people supposed to post about, the weather? Or perhaps RedHat/CentOS, fedora, 'cause you happen to like that.
Cheers.
135 • 129 (by Landor on 2009-09-26 23:39:13 GMT from Canada)
Here's a fine example.
The Arch dudes posting here are either literally as dense as a rock or zealots. I came to the conclusion of the latter. There's no way in hell that many people just shot through the comments section without reading and seeing that others commented about Chakra already. If anyone tells me that every single one of them did, well, then I'll come to the conclusion that they're Zealots and stupid. If they did read it and posted anyway they're stupid and Zealots.
Keep your stick on the ice...
Landor
136 • Back on Track (by Joe on 2009-09-27 00:25:20 GMT from United States)
Has anyone tried Absolute on a system with an ATI graphics card? I installed it on one of my laptops, but it just boots to a blank screen.
Trying Berry Linux. Booted from the live CD okay, but when I install it to the hard drive, I get a blank grub file (will work on that tonight).
Also trying G:Noblin. Installed to the hard drive okay. Tried to config Wifi, but the user I created during the install wasn't a member of the right group. When I tried to modify the user/group, I found that Users and Groups wouldn't work. Tried removing and reinstalling liboobs and system-config-users, but no improvement. I ended up manually editing the /etc/groups file. Anyone else tried it?
137 • @130 (by Nobody Important on 2009-09-27 04:37:56 GMT from United States)
Why do you persist on being so rude to everyone? Don't you expect the same right back? I gave up politeness with you weeks ago; I'm surprised Landor, or everyone else here, is as cordial as they are.
It's amazing how snotty some people are, these days, over what, some advice to run a few commands and secure their computer? Goodness, kids these days. You try to suggest that they keep their data and CPU under wraps, and they just bite right back. If they don't learn, well, what can you do?
It's your choice, Notorik, for running as root. We know. Thanks for telling us the obvious. Now what have you added to the conversation other than aimless ranting and raving?
---
I haven't tried Puppy yet, I'll add. I did try MoonOS a bit ago, which looked and ran fantastic (thanks to Enlightenment). Canonical should hire that artist that runs the distro
Speaking of Ubuntu pretty, I suggest people go take a look after at Softpedia's new pictures of the new Ubuntu them. It's certainly a step in the right direction; very clean, focuses, and simple - all of which are Gnome's strong points in art design. good to see someone's thinking.
I've got a few more distros to sample, and Puppy's pretty far down the line. Never moved me much; the package selection's bare, which bugs me, and both 4.1 and 4.2 alienated me for various reasons. If Barry's Woof projects work out, I may consider moving it up on the priority list. Maybe I'll throw it in a VM for a few minutes, but I can't say I'm the target demographic anyhow.
I've been meaning to give FreeBSD a spin; I'll probably wait until the final release of 8. Looks like a good release to me; some neat tricks are going in that Linux could learn from. And it seems like a fun challenge to boot.
138 • #137 (by Notorik on 2009-09-27 09:00:48 GMT from United States)
It is pretty obvious that I am the minority voice here and I have been attacked non-stop for simply expressing a point of view that just happens to be counter to the mainstream. I have tried to avoid personal attacks as well as cruel or offensive terminology. I have not received the same consideration in return. However, I am not easily offended so please don't feel bad for me. Take your post for example, you called me "rude", "snotty", and insinuated that I am a "kid". All because I have expressed a point of view that you find untenable. It is strange to me that you attempted to turned the tables on me by accusing me of being the one who is "rude".
On another subject I would like to know what the general consensus is about the website "Shields Up". You can get your os tested for security holes there I went there running Puppy(as root with the firewall activated) and passed all the tests with the following comment:
"All attempts to get any information from your computer have FAILED.(This is very uncommon for a Windows networking-based PC.)"
"But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND(that's very cool!) "
139 • Shields Up! (by Notorik on 2009-09-27 09:07:29 GMT from United States)
Here is the link to Shields Up!: https://www.grc.com/x/ne.dll?bh0bkyd2
140 • #139 Shields up (by Glenn on 2009-09-27 13:11:55 GMT from Canada)
Hi. I've used it for years to test how porous my ports may be. I do not rely only on that tool but I find it useful as did you. Its a neat tool to test your firewall.. Gibson has a lot of other nice tools also, You should navigate thru his site a bit. It is really interesting. I have avoided this whole topic here because I have too much to say about it. Like CM, I've been in the field a long time (40 yrs for me) and like her, I am very security conscious, esp regarding my business customers. What is find most disturbing though is the phenomenal number of people who purchase wireless equipment and dont protect it from intrusion. (Read up on war driving). Businesses also are lax in this area. I just had to go and pull out virus's and spyware from a small business near me. The business was assured by his ISP that for $x extra they did the security work up front so no worry.! Anybody with a wireless nearby could ride on his signal, his systems protection from other intrusions was a joke. I also had to go pull out a pile of Viruses and spyware from his systems. Todays big worry on a personal level though is identity theft. It is far easier for the crooks to crack a home users identity than to crack a Banks system. Given a choice, what do you think they'll focus on more and more. I always remember one thing. The moment you connect to the world via any transmission medium to broadcast and receive message traffic, you are in a fish bowl. Anybody can see, hear, what you do so you do have to take precautions where warrented. Being careful of what you transmit is a good start. Some protective devices such as software firewalls etc have also been suspected of phoning home and the security guard you are relying on works fine with the exception that the provider of it excepted themself. Talk about putting a starving dog to guard a meat factory. Another thing, your web browser is also used as a source of information. Encrption is one of the best tools you can employ if you are really concerned. Not that it replaces using good shielding techniques such as AntiVirus or Firewalls, but to handle those intrusions that get past them. For those who think CM is somewhat paranoid, she has a lot of arguments to back her up. Sorry, I used your topic as a vehicle to launch a few opinions of my own. For its purpose, Shields up is ok, you can also test your own ports vulnerability also. What you do permit to get through, say on port 80, is a different matter entirely.Then you have to choose what you will allow or not.
My opinions are always subject to change without prior notice. ha ha ha Flames go here (---------------------------------------------------)
141 • #140 (by Notorik on 2009-09-27 13:46:32 GMT from United States)
Thanks for the response. Feel free to use my post to put forward whatever opinion you want. I would suggest however, that most things that you find "lurking" on a computer are a direct result of the spyware and virus ridden software the user has downloaded and installed from the internet. When I hear the great tales of rescuing virus laden networks I know that there was a lax security policy in place and the users were allowed too much latitude over what they put on their machines. It's like I have stated before, there is a difference between enterprise computing and home computing. As a network administrator you have an obligation to protect your company's network by putting in place stringent security policies and seeing that they are followed. As a home user, you should be reasonably sure that you are protected from unwanted intrusions by using a good firewall. If you choose to download and install software from the internet then you should scan it for viruses before you install it. Most of this applies to Windows users and is not really a problem with Linux(running a firewall is the exception). In a business setting you can't have all the users running as administrator. As a home user, running as root is perfectly acceptable as long as you understand and accept that you yourself may mess up your system if you don't know what you are doing. There is really no "security risk" as in outside attacker compromising your system.
I am fully aware of "war driving", "script kiddies", and most of the other threats mentioned here. I recently installed a wireless network for a client and found that he had used his street address and house number as his wireless identification. Needless to say, I changed it. I have never said that you shouldn't be prudent, I just object to paranoia mongering potato heads who come up with these endless and convoluted scenarios that could only occur if 9000 different conditions were met at the same time and you are standing on one foot with a bouquet of flowers in your mouth.
142 • Shields up (by Barnabyh on 2009-09-27 13:54:31 GMT from United Kingdom)
Gibson Research's website is great and has helped me a lot in the bad old Win98/Me days, with testing firewall and things like the 'DCOMbobulator' and getting to know about and turning off other unnecessary services. It was a treasure trove for learning about the subject.
However, I believe it's mostly geared towards Windows, not sure what the benefits are if you're running Linux or BSD, there may be other security issues the site is not testing for because it's not designed for that.. I seem to remember Gibson's field is researching Windows security, supposedly that's where the money is (and the necessity, more than anywhere else).
Anybody know more about this? Thanks.
143 • reviewing lightweight distributions (by jack on 2009-09-27 14:35:23 GMT from Canada)
Perhaps the reviewers of these distros could specify what apps are NOT included. On a "full" distro one expects everything and the kitchen sink so even if an app is not mentioned it probably is included. Given the problems that Linux seems to have with multimedia apps, these should be mentioned. thanks
144 • Security vs the paranoid (by Bender on 2009-09-27 15:01:53 GMT from Belgium)
I am kind paranoid, and after many years of computing (and i started with a zilog processor with CP/M) came to the conclusion that, for me personally, the only way to deal with that is to use 2 operating systems.
My fun OS is windows XP. I use it for only for gaming and converting media(because i don't have to read ffmpeg manuals, just point and click) and skype (yeah i know, skype is pure spyware, checked it with filemon.exe or the strace STRACE command if you are using linux), but i have nothing to hide on this XP machine, it doesn't hold any financial data, browserhistory (no real personal anyway), email or other personal data. This safes me hours of configging wine, or hunt for why this game works in this wine release, and another doesn't. And it gives me the full experience of the game. ( and please don't come up with some example where game X runs far better in linux) If i mess up this OS , i'll just replace it by cleaning the mbr, and placing a fresh imagine back (this all takes 5 minutes).
My other operating system is Puppy linux from usb stick. Yes, the little daredevil I am, i'm running this as my main operating system. I even use it for online banking, doing al my spreadsheet stuff, email, writing letters, coding in C and C++ and emailing. I THINK this is perfectly safe. But I do run my internet related programs as restricted user "spot". And my browser is not allowed to run any scripts until i allow it to. I keep this puppy install clean and simple. Just because it is my main OS.
I think that running as root is safe for me. Because i know that running as user will allow an evil script to run in your userspace, collecting and sending data from your userspace. (and guess where you as a user have your private data...., exactly, in your userspace/home folder/and folders accessible by you as user .
I have to agree with notorik here. Most security problems happen when a user installs some spyware/virus by doing a dumb thing (clicking to easy, or allowing the wrong sites to run certain scripts) .
Reading the end of comment 12 made me laugh and sorry for the guy. apparently the FUD here is working
Don't let this paranoia take of your life (it will mostly last for a week or so, and then you install skype) and try to think logical.
As for Notorik: i suggest you ignore Landor. He always thinks he is right, and rejects any opinion that differs with his.
145 • Shields Up and stuff (by Joe on 2009-09-27 15:22:28 GMT from United States)
I stumbled across Shields Up when I was looking for a newer version of Steve Gibson's Spinrite app years ago. Useful tool when scanning for open ports.
As anyone who has read my posts knows, I'm an advocate for basic security -- not a security nut. That doesn't mean I'm not open to learning more. When I help someone set up a system, we talk about firewalls, secure passwords, etc. Basic stuff. If they have wireless, I help them configure it so they are less vulnerable to intruders. I would also do exactly what Notorik, @141, did to help his client.
Several years ago, I went on a service call to an executive's residence to troubleshoot a wireless connection issue. There were 7 wireless networks in the neighborhood, his included, all wide open, and all named "linksys". I configured my client's router properly, and his connection problems were resolved. Again, just basic stuff.
146 • #141 (by Glenn on 2009-09-27 15:24:26 GMT from Canada)
Hi. No argument from me on your post. Your points are well taken, especially the self-inflicted wounds re downloads. The average HomeUser does not know a thing nor does (s)he care. To them it is power on and go. They are the most vulnurable ones. Perfect scenario for Bots. etc. Scraping from Facebook, Myspace, Twitter, etc. is another form of security exposure that is definitely self-inflicted. Same thing but different implementation of presenting your personal, and or professional data to the world at large.
I would like to remain however on record as thinking that Home use of computer systems, (and other commication media such as IPODs etc.), controlled by Linux or other software, should be considered more seriously because of identity theft. I do agree with your concern re overkill. That is where we, the purported experts, should be able to provide reasonable guidance when asked. Unfortunately we are never asked. It is a matter of degree. Because of my field of work, enterprise computing and personal computing do tend to blend at times. (I work primarily on large mainframes,, ZOS, etc. as a sysprog, system engineer). Dang.
I guess I should have been more clear but i tried to cram my thinking into too few sentences. This is a bit of a ramble also. Sorry about that.
I do not find too much problem with Linux and personally consider that it is more secure by the very nature of its design than other systems that I am familiar with. I could be corrected on that however.
GRC is primarily geared towards windows as the other poster mentioned but it is an easy test to see what ports are easily visible... I have my own sniffers to go much deeper if I feel the need to do so . I like you, run puppy as root also at times, I have applied what I consider reasonable protection. We on this comments area are aware of all this stuff cause we are interested enough to come on and talk about it... 97 percent of the user population does not. We even care enough to scrap about it.... I like that .
Have fun. Glenn
147 • No subject (by forest on 2009-09-27 16:41:16 GMT from United Kingdom)
Ref #144
Remarks apropos FUD.
Three full stops, or periods, indicate a figure of speech known as "ellipsis", which you can google if you can be arsed, but, briefly, the rest of the sentence is omitted for brevity and, more importantly, is considered understood by all and does not need further mention, explanation or qualification.
I find the most "amusing" thing about the aspect of security is how blase folk are, with an almost childlike faith in GNULinux and an unshakable belief it's going to rain on someone else...rather like the blind man crossing the road/highway with absolute and utter confidence in his white cane...'til the myopic drunk decides to drive home.
148 • #147 (by Xtyn on 2009-09-27 19:18:32 GMT from Romania)
OK, that's enough. Show me some proof that linux home users are actually getting hacked and that security on linux is a problem.
P.S. Run forest run.
149 • Heh (by Nobody Important on 2009-09-27 20:15:13 GMT from United States)
The grestest security risk by far is ignorance.
Some of my immediate family likes to do what the computer tells them. So when they download wallaper.jpg and then the program tells them to rename is as wallpaper.exe and run it, you know what you're dealing with.
Windows XP didn't do such a great job with the locked down user. It's kind of hard to keep that under wraps; a lot of common functions are locked off and you need to log out and back in to get to them.
Most Linux distros are far better at this. This is why I want to make them all run Ubuntu or some other Linux - I can make them learn this, unlike the first time! Is it a bit overstating when saying that anything that requires a password in Linux is a touchy operation? Well, yes. but it's closer to the truth than ";et's let everyone have my password willie nillie."
150 • Linux Hacking (by Glenn on 2009-09-27 20:26:15 GMT from Canada)
Hi. Google will bring up quite a few interesting ones. In fact apache.org got hacked around sept 2 it seems. http://www.darknet.org.uk/2009/09/apache-org-hacked-using-remote-ssh-key/
There is no system that cannot be hacked.
It is a matter of degree, affect on the target, purpose of hack, etc. Security on Linux is NOT a problem. It is the degree of use use or lack of use of it that is the issue in my mind. In some case I do not care if i get hacked, others I do. I apply the appropriate security depending on the situations.
To each we can let them reassure their own feelings of security and how they will implement measures. I personally think that the average user is not aware of the exposure we have these days of corporate, government, etc voyeurism. Some is for curiosity and amusement, some is malicious. As always, it is up to the user to determine the risk. I consider that in general, people do not realize. These arguments we're having are entertaining and informative. Now I will go enjoy the new Nikon I just purchased. Glenn
Flames go here (---------------------------------------------). I'll roast coffee with them. (Insert big smile here)
151 • 149 (by Glenn on 2009-09-27 20:27:31 GMT from Canada)
I like your post. Nicely put
152 • Security and Linux (by Joe on 2009-09-27 20:48:27 GMT from United States)
Just search the web. You'll find numerous instances where Linux boxes have been hacked. Although hackers typically target high profile servers, some of the same types of exploits could be targeted at home users. As the popularity of Linux increases, we may see that happen more frequently. There are a lot of teams at work behind the scenes keeping their eyes on the code, from the kernel, to Window systems like X11, to the applications themselves, tracking down possible exploits, responding to real world situations, and providing us with patches, when necessary, to keep our systems safe.
And, even if you have never been hacked, it's likely that someone is tracking what you do online, if for no other reason than to target advertising.
Sign up for a few of the security focused mailing lists and you'll see what types of exploits are found every day.
Most home users probably won't get hacked. And those that do often bring it on themselves as pointed out in @149.
Personally, as a home user, I'll use basic security precautions; if I use a home server, I'll use a little more security depending on the services that I'm running; and, if I'm working for a corporation, I'll do what I can to keep my company's data safe.
153 • No subject (by forest on 2009-09-27 22:17:46 GMT from United Kingdom)
Ref #148
Well, there you are Xytn, it seems you need only google and it shall appear, and I must say you might have thought of that yourself. LOL.
In all seriousness, Xytn, when I travel by air, I don't really expect there to be an incident given the statistics (and that's an entirely different topic), but I take out insurance.
When you see the businessmen in the City (of London) with rolled umbrellas even on a summer's day they don't really expect rain but they are covered (groan) just in case there should be summer shower.
It's all to do with being prudent...when I cross the road I look both ways...you see where I'm going on this? (more groans)
Now, CM is vastly more experienced than I am in Linuxland, and I even have a sneaking suspicion all this programming stuff really does mean something to her.
So when we hear of CM's experience of other folk's disasters, and, read of her caveats about being online, a prudent man (woman) takes the notion of security seriously.
You may heap scorn upon ridicule upon disbelief because that is your choice. I take the view that foresight is rather more useful than hindsight.
154 • The problem (by Nobody Important on 2009-09-27 22:32:48 GMT from United States)
Thank you, Glenn.
Do I worry on a regular basis about security? Not really. Linux' security is pretty dang good if you configure it properly and have a good password. I'm pretty picky about what I do with my data by nature; only a site or two get my (real) information anyway.
I think it's a good idea to keep safe because Linux IS under attack constantly, on the server front. The same exploits work on my laptop if they work on google.com, which scares me just a bit. The p[latofmr isn't nearly obscure as we think. So while I'm not constantly on alert, I'm also not running around asking to get hacked.
There's no need to go out of your way to be secure. Linux us pretty good at doing it for you, once you have the habits down (unlike Windows; Mac OS X isn't bad). It's easy for people to learn, as well.
155 • No subject (by No Clue on 2009-09-28 01:49:55 GMT from United States)
I hear the "choir" singing, fud, security, fud, security. Thank god its Sunday night and we can have something new(hopefully) tomorrow.
This security nonsense is just a waste of time. We do reasonable precaution and eat, drink and be merry.
This weeks weak comments are a wash. Bring on Monday.
156 • #153,154 (by Mr. Safety Pants on 2009-09-28 02:59:01 GMT from United States)
Be careful not to go outside, there might be a lion in the street waiting to eat you all up! Better safe than sorry!
157 • what I ask, what they answer (by Xtyn on 2009-09-28 06:21:50 GMT from Romania)
You people didn't read what I asked, did you?
Let me repeat: Show me some proof that linux HOME USERS are actually getting hacked and that security on linux is a problem.
I ask this, you people come with servers, well, what can I expect? Servers get hacked, that's for sure. There is no 100% secure OS, whatever security precautions you take.
Does this mean we have to make a home computer as safe as a government server? NO!!!
158 • No subject (by forest on 2009-09-28 08:42:11 GMT from United Kingdom)
Xtyn, you're not really getting this are you? You are now into the hair splitting region, LOL.
Neither you, or I nor anyone else has ANY idea what some people keep on their home computers and what they might be used for, have we?
It's pretty obvious the folk who pooh poohed the security thing are just embarrassed cos they have been blissfully ignorant all these years grinning like cheshire cats in their delusion they were safe from the attentions of some bad guy.
Now, following the revelation all is not safe in the garden after all we find the post rationalisation thing emerges in the usual and all too predictable scenario of face saving etc etc.
It's OK to be wrong now and again.
Number of Comments: 158
Display mode: DWW Only • Comments Only • Both DWW and Comments
| | |
TUXEDO |

TUXEDO Computers - Linux Hardware in a tailor made suite Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
|
Archives |
• Issue 1107 (2025-02-03): siduction 2024.1.0, timing tasks, Lomiri ported to postmarketOS, Alpine joins Open Collective, a new desktop for Linux called Orbitiny |
• Issue 1106 (2025-01-27): Adelie Linux 1.0 Beta 6, Pop!_OS 24.04 Alpha 5, detecting whether a process is inside a virtual machine, drawing graphics to NetBSD terminal, Nix ported to FreeBSD, GhostBSD hosting desktop conference |
• Issue 1105 (2025-01-20): CentOS 10 Stream, old Flatpak bundles in software centres, Haiku ports Iceweasel, Oracle shows off debugging tools, rsync vulnerability patched |
• Issue 1104 (2025-01-13): DAT Linux 2.0, Silly things to do with a minimal computer, Budgie prepares Wayland only releases, SteamOS coming to third-party devices, Murena upgrades its base |
• Issue 1103 (2025-01-06): elementary OS 8.0, filtering ads with Pi-hole, Debian testing its installer, Pop!_OS faces delays, Ubuntu Studio upgrades not working, Absolute discontinued |
• Issue 1102 (2024-12-23): Best distros of 2024, changing a process name, Fedora to expand Btrfs support and releases Asahi Remix 41, openSUSE patches out security sandbox and donations from Bottles while ending support for Leap 15.5 |
• Issue 1101 (2024-12-16): GhostBSD 24.10.1, sending attachments from the command line, openSUSE shows off GPU assignment tool, UBports publishes security update, Murena launches its first tablet, Xfce 4.20 released |
• Issue 1100 (2024-12-09): Oreon 9.3, differences in speed, IPFire's new appliance, Fedora Asahi Remix gets new video drivers, openSUSE Leap Micro updated, Redox OS running Redox OS |
• Issue 1099 (2024-12-02): AnduinOS 1.0.1, measuring RAM usage, SUSE continues rebranding efforts, UBports prepares for next major version, Murena offering non-NFC phone |
• Issue 1098 (2024-11-25): Linux Lite 7.2, backing up specific folders, Murena and Fairphone partner in fair trade deal, Arch installer gets new text interface, Ubuntu security tool patched |
• Issue 1097 (2024-11-18): Chimera Linux vs Chimera OS, choosing between AlmaLinux and Debian, Fedora elevates KDE spin to an edition, Fedora previews new installer, KDE testing its own distro, Qubes-style isolation coming to FreeBSD |
• Issue 1096 (2024-11-11): Bazzite 40, Playtron OS Alpha 1, Tucana Linux 3.1, detecting Screen sessions, Redox imports COSMIC software centre, FreeBSD booting on the PinePhone Pro, LXQt supports Wayland window managers |
• Issue 1095 (2024-11-04): Fedora 41 Kinoite, transferring applications between computers, openSUSE Tumbleweed receives multiple upgrades, Ubuntu testing compiler optimizations, Mint partners with Framework |
• Issue 1094 (2024-10-28): DebLight OS 1, backing up crontab, AlmaLinux introduces Litten branch, openSUSE unveils refreshed look, Ubuntu turns 20 |
• Issue 1093 (2024-10-21): Kubuntu 24.10, atomic vs immutable distributions, Debian upgrading Perl packages, UBports adding VoLTE support, Android to gain native GNU/Linux application support |
• Issue 1092 (2024-10-14): FunOS 24.04.1, a home directory inside a file, work starts of openSUSE Leap 16.0, improvements in Haiku, KDE neon upgrades its base |
• Issue 1091 (2024-10-07): Redox OS 0.9.0, Unified package management vs universal package formats, Redox begins RISC-V port, Mint polishes interface, Qubes certifies new laptop |
• Issue 1090 (2024-09-30): Rhino Linux 2024.2, commercial distros with alternative desktops, Valve seeks to improve Wayland performance, HardenedBSD parterns with Protectli, Tails merges with Tor Project, Quantum Leap partners with the FreeBSD Foundation |
• Issue 1089 (2024-09-23): Expirion 6.0, openKylin 2.0, managing configuration files, the future of Linux development, fixing bugs in Haiku, Slackware packages dracut |
• Issue 1088 (2024-09-16): PorteuX 1.6, migrating from Windows 10 to which Linux distro, making NetBSD immutable, AlmaLinux offers hardware certification, Mint updates old APT tools |
• Issue 1087 (2024-09-09): COSMIC desktop, running cron jobs at variable times, UBports highlights new apps, HardenedBSD offers work around for FreeBSD change, Debian considers how to cull old packages, systemd ported to musl |
• Issue 1086 (2024-09-02): Vanilla OS 2, command line tips for simple tasks, FreeBSD receives investment from STF, openSUSE Tumbleweed update can break network connections, Debian refreshes media |
• Issue 1085 (2024-08-26): Nobara 40, OpenMandriva 24.07 "ROME", distros which include source code, FreeBSD publishes quarterly report, Microsoft updates breaks Linux in dual-boot environments |
• Issue 1084 (2024-08-19): Liya 2.0, dual boot with encryption, Haiku introduces performance improvements, Gentoo dropping IA-64, Redcore merges major upgrade |
• Issue 1083 (2024-08-12): TrueNAS 24.04.2 "SCALE", Linux distros for smartphones, Redox OS introduces web server, PipeWire exposes battery drain on Linux, Canonical updates kernel version policy |
• Issue 1082 (2024-08-05): Linux Mint 22, taking snapshots of UFS on FreeBSD, openSUSE updates Tumbleweed and Aeon, Debian creates Tiny QA Tasks, Manjaro testing immutable images |
• Issue 1081 (2024-07-29): SysLinuxOS 12.4, OpenBSD gain hardware acceleration, Slackware changes kernel naming, Mint publishes upgrade instructions |
• Issue 1080 (2024-07-22): Running GNU/Linux on Android with Andronix, protecting network services, Solus dropping AppArmor and Snap, openSUSE Aeon Desktop gaining full disk encryption, SUSE asks openSUSE to change its branding |
• Issue 1079 (2024-07-15): Ubuntu Core 24, hiding files on Linux, Fedora dropping X11 packages on Workstation, Red Hat phasing out GRUB, new OpenSSH vulnerability, FreeBSD speeds up release cycle, UBports testing new first-run wizard |
• Issue 1078 (2024-07-08): Changing init software, server machines running desktop environments, OpenSSH vulnerability patched, Peppermint launches new edition, HardenedBSD updates ports |
• Issue 1077 (2024-07-01): The Unity and Lomiri interfaces, different distros for different tasks, Ubuntu plans to run Wayland on NVIDIA cards, openSUSE updates Leap Micro, Debian releases refreshed media, UBports gaining contact synchronisation, FreeDOS celebrates its 30th anniversary |
• Issue 1076 (2024-06-24): openSUSE 15.6, what makes Linux unique, SUSE Liberty Linux to support CentOS Linux 7, SLE receives 19 years of support, openSUSE testing Leap Micro edition |
• Issue 1075 (2024-06-17): Redox OS, X11 and Wayland on the BSDs, AlmaLinux releases Pi build, Canonical announces RISC-V laptop with Ubuntu, key changes in systemd |
• Issue 1074 (2024-06-10): Endless OS 6.0.0, distros with init diversity, Mint to filter unverified Flatpaks, Debian adds systemd-boot options, Redox adopts COSMIC desktop, OpenSSH gains new security features |
• Issue 1073 (2024-06-03): LXQt 2.0.0, an overview of Linux desktop environments, Canonical partners with Milk-V, openSUSE introduces new features in Aeon Desktop, Fedora mirrors see rise in traffic, Wayland adds OpenBSD support |
• Issue 1072 (2024-05-27): Manjaro 24.0, comparing init software, OpenBSD ports Plasma 6, Arch community debates mirror requirements, ThinOS to upgrade its FreeBSD core |
• Issue 1071 (2024-05-20): Archcraft 2024.04.06, common command line mistakes, ReactOS imports WINE improvements, Haiku makes adjusting themes easier, NetBSD takes a stand against code generated by chatbots |
• Issue 1070 (2024-05-13): Damn Small Linux 2024, hiding kernel messages during boot, Red Hat offers AI edition, new web browser for UBports, Fedora Asahi Remix 40 released, Qubes extends support for version 4.1 |
• Issue 1069 (2024-05-06): Ubuntu 24.04, installing packages in alternative locations, systemd creates sudo alternative, Mint encourages XApps collaboration, FreeBSD publishes quarterly update |
• Issue 1068 (2024-04-29): Fedora 40, transforming one distro into another, Debian elects new Project Leader, Red Hat extends support cycle, Emmabuntus adds accessibility features, Canonical's new security features |
• Issue 1067 (2024-04-22): LocalSend for transferring files, detecting supported CPU architecure levels, new visual design for APT, Fedora and openSUSE working on reproducible builds, LXQt released, AlmaLinux re-adds hardware support |
• Issue 1066 (2024-04-15): Fun projects to do with the Raspberry Pi and PinePhone, installing new software on fixed-release distributions, improving GNOME Terminal performance, Mint testing new repository mirrors, Gentoo becomes a Software In the Public Interest project |
• Issue 1065 (2024-04-08): Dr.Parted Live 24.03, answering questions about the xz exploit, Linux Mint to ship HWE kernel, AlmaLinux patches flaw ahead of upstream Red Hat, Calculate changes release model |
• Issue 1064 (2024-04-01): NixOS 23.11, the status of Hurd, liblzma compromised upstream, FreeBSD Foundation focuses on improving wireless networking, Ubuntu Pro offers 12 years of support |
• Issue 1063 (2024-03-25): Redcore Linux 2401, how slowly can a rolling release update, Debian starts new Project Leader election, Red Hat creating new NVIDIA driver, Snap store hit with more malware |
• Issue 1062 (2024-03-18): KDE neon 20240304, changing file permissions, Canonical turns 20, Pop!_OS creates new software centre, openSUSE packages Plasma 6 |
• Issue 1061 (2024-03-11): Using a PinePhone as a workstation, restarting background services on a schedule, NixBSD ports Nix to FreeBSD, Fedora packaging COSMIC, postmarketOS to adopt systemd, Linux Mint replacing HexChat |
• Issue 1060 (2024-03-04): AV Linux MX-23.1, bootstrapping a network connection, key OpenBSD features, Qubes certifies new hardware, LXQt and Plasma migrate to Qt 6 |
• Issue 1059 (2024-02-26): Warp Terminal, navigating manual pages, malware found in the Snap store, Red Hat considering CPU requirement update, UBports organizes ongoing work |
• Issue 1058 (2024-02-19): Drauger OS 7.6, how much disk space to allocate, System76 prepares to launch COSMIC desktop, UBports changes its version scheme, TrueNAS to offer faster deduplication |
• Issue 1057 (2024-02-12): Adelie Linux 1.0 Beta, rolling release vs fixed for a smoother experience, Debian working on 2038 bug, elementary OS to split applications from base system updates, Fedora announces Atomic Desktops |
• Issue 1056 (2024-02-05): wattOS R13, the various write speeds of ISO writing tools, DSL returns, Mint faces Wayland challenges, HardenedBSD blocks foreign USB devices, Gentoo publishes new repository, Linux distros patch glibc flaw |
• Issue 1055 (2024-01-29): CNIX OS 231204, distributions patching packages the most, Gentoo team presents ongoing work, UBports introduces connectivity and battery improvements, interview with Haiku developer |
• Full list of all issues |
Star Labs |

Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.
|
Random Distribution | 
Peach OSI
Peach OSI was an Ubuntu-based Linux distribution featuring the Xfce desktop customised to resemble Apple's OS X user interface. The releases follow Ubuntu's long-term support (LTS) branches. Besides a standard desktop edition, the project also provides more specialist releases for netbooks, Raspberry Pi single-board computers, home theatre systems, as well as a customised build designed for children.
Status: Discontinued
|
TUXEDO |

TUXEDO Computers - Linux Hardware in a tailor made suite Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
|
Star Labs |

Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.
|
|