| DistroWatch Weekly
|DistroWatch Weekly, Issue 583, 3 November 2014
Welcome to this year's 44th issue of DistroWatch Weekly! The Ubuntu operating system is a fast moving, experimental Linux distribution that, for the past ten years, has been one of the world's most commonly used GNU/Linux distributions. Ubuntu packages also form the foundation of many community re-spins and so a new Ubuntu release always draws attention as changes appearing in Ubuntu often cause ripples which are felt across much of the open source community. This week Jesse Smith takes the latest release of Ubuntu for a test drive to see how the most recent version of the popular desktop distribution performs. In the news section this week we discuss openSUSE's plans to merge the distribution's Tumbleweed and Factory repositories. We talk about Firefox OS coming to the Raspberry Pi hobbyist computer, link to an interview with an Ubuntu Kylin developer and celebrate FreeBSD's 21st birthday. Plus we share news of OpenBSD dropping dynamically loaded kernel modules. This week we also have a review of a text called "The Book of PF" which explains how to set up firewalls in many different networking configurations. Plus we continue our rolling-release trial and talk about the commercial Elive distribution. Finally, we are pleased to announce that the recipient of the September 2014 DistroWatch.com donation is the KDE project. We wish you all a wonderful week and happy reading!
- Feature: Taking Ubuntu 14.10 for a ride
- News: openSUSE explains Tumbleweed and Factory merger, Firefox OS on Raspberry Pi, Ubuntu Kylin interview, PelicanHPC update, OpenBSD drops dynamically loaded kernel modules, FreeBSD's 21st
- Book review: The Book of PF
- Opinion: On commercial aspect of Elive
- Rolling-release testing: Week four
- Released last week: SUSE Linux Enterprise 12, CentOS 6.6, OpenBSD 5.6
- Upcoming releases: openSUSE 13.2, Fedora 21 Beta
- Donations: KDE receives €300.00
- New distributions: eZeY, Nard GNU/Linux, SEANux
- Reader comments
|Feature Story (by Jesse Smith)
Taking Ubuntu 14.10 for a ride
Ubuntu is one of the more widely used GNU/Linux distributions in the world with the project's parent company, Canonical, reporting around 30 million computers shipping with Ubuntu pre-installed in the past two years. Ubuntu, along with its many community editions, continues to be used by millions around the world and the decisions made by Ubuntu developers have an direct impact on many computer users.
The latest release of Ubuntu, version 14.10, arrived on October 23rd and the release notes painted a picture of a tame release with minor changes from Ubuntu's previous version. Most components, including the Linux kernel and Firefox, received minor updates. Ubuntu 14.10 features a short, nine month life cycle, and the release notes warn us changes have been made which make it less likely we can use the USB Creator utility to write certain USB images to thumb drives. "Due to changes in syslinux, it is not currently possible to use usb-creator from 14.04 and earlier releases to write USB images for 14.10." Ubuntu is available in several flavours, including Desktop, Server and net-install editions. There are also countless community variations of Ubuntu. The distribution is available in 32-bit and 64-bit builds for the x86 hardware architecture. The ISO image for the Desktop edition is 1.1GB in size and this is the image I downloaded.
I feel it is worth pointing out that Ubuntu recommends most users stick with long term support (LTS) releases, which are released every two years and are supported for five years. Non-LTS releases, such as this one, are provided more for the benefit of developers and people who like to have access to the latest features and hardware support.
Ubuntu 14.10 - Unity desktop with default theme
(full image size: 1,001kB, screen resolution 1280x1024 pixels)
Booting from the Ubuntu live media brings up a graphical page where we are asked to select our preferred language from a list. We are also given the choice to either try working with the live Unity desktop or launching straight into the project's system installer. I decided to play with the live desktop environment first. When Unity loads we are shown a screen with a list of keyboard short-cuts. These short-cuts give us access to various Unity features and assist us in manipulating application windows. When this page of short-cuts is dismissed we see a quick-launch bar (that doubles as a task switcher) on the left side of the screen. The system tray and a button for accessing the settings panel sit in the upper-right corner and the Unity Dash, a location for finding files and launching applications, is located in the upper-left corner.
Launching Ubuntu's graphical system installer brings up a screen where we are asked to select our preferred language and, optionally, we can click a link to view the project's release notes in our web browser. The next screen of the installer asks if we would like to download software updates during the install process. We can also choose to install third-party multimedia support during the install process. The next page covers partitioning. The Ubuntu installer offers to partition our hard drive for us, optionally using LVM volumes and encryption. Alternatively, we can manually partition the drive and this is the option I chose.
Ubuntu has a very straight forward approach to partitioning and I find the installer's method of getting us to select file systems and mount points easy to navigate. I decided to set up my copy of the operating system on the Btr file system with a small swap partition. Once we have partitioned the hard drive the Ubuntu system installer begins to copy its files to our disk while we are asked some more questions. We are asked to confirm our time zone or select a new time zone from a map of the world. We are asked to confirm our computer's keyboard layout and we are asked to create a user account for ourselves. We can choose at this time to encrypt our home directory. Then we wait a few minutes for the installer to finish its work. When the installer is done we are asked to reboot the computer.
Ubuntu 14.10 - the System Settings panel
(full image size: 947kB, screen resolution 1280x1024 pixels)
Booting into our locally installed copy of Ubuntu brings us to a graphical login screen where we can sign in as the user we created minutes before or we can login as a guest. The operating system's guest account is not protected by a password and is wiped clean after every use. A few things I noticed upon logging in were that, first, Unity feels a big more responsive now than it has in the past. Second, the Dash still includes on-line search results when we type search terms. On-line search can be disabled through the distribution's System Settings panel.
Shortly after logging in I was notified there were software updates available. The Ubuntu update manager is a compact utility which displays a brief summary of available updates. We can check boxes to indicate which items we wish to download. We can also click on an update's entry to get more detailed information about the new software. On the day I installed Ubuntu there was just one update available and it was less than 1MB in size.
I tried running Ubuntu 14.10 in two environments, a physical desktop machine and a VirtualBox virtual machine. When running on physical hardware, Ubuntu performed well. The desktop was responsive, sound worked out of the box and my screen was set to its maximum resolution. Unity operated smoothly and I encountered no problems. In the VirtualBox environment Ubuntu worked properly, but there were two small problems. The first was Ubuntu's screen resolution was very low (about 800x600, I think) in VirtualBox until VirtualBox guest add-ons were installed. The second issue I found was that the Unity desktop, especially the Dash, was sluggish in the virtual machine until 3-D acceleration was enabled. Once 3-D video acceleration was enabled Unity performed well. In both environments Ubuntu required approximately 480MB of RAM when logged into the Unity desktop.
Ubuntu ships with several useful and popular open source applications. We are given the Firefox web browser and, assuming we enabled third-party multimedia support during the installation of the distribution, Flash is also included. The LibreOffice productivity suite is provided for us along with the Thunderbird e-mail client and a document viewer. The Totem video player, the Rhythmbox audio player and the Brasero disc burner are installed by default. With third-party multimedia codecs enabled these players can handle popular media formats. I found an archive manager, a text editor, a calculator and a backup utility installed. There are also a few small games, the Orca screen reader application and the Transmission bittorrent software. Network Manager is available to help us get on-line. I didn't find Java installed, but I did find the GNU Compiler Collection installed along with the usual command line utilities, manual pages and the Linux kernel, version 3.16.
Earlier in the year, the Ubuntu team announced they would be following Debian's example and adopting systemd in the future. I was curious, going into this trial, whether Ubuntu would ship with the Upstart init software or if the distribution had switched over to systemd. A quick check showed systemd processes to be running on the system and running "man init" on the command line brought up the manual page for systemd. However, looking at the init process itself revealed Upstart is still responsible for bringing the operating system on-line. It appears as though Ubuntu is adopting pieces of systemd, using it to maintain compatibility with some software while relying on the older Upstart software to act as init.
Ubuntu 14.10 - finding packages through Software Centre
(full image size: 709kB, screen resolution 1280x1024 pixels)
Managing software on Ubuntu is handled through the Software Centre. This application allows us to search through categories of software and locate packages by name or by function. We can click on a package's entry to bring up detailed information about our selection, complete with user reviews and screen shots. We can add or remove software from the system with the click of a button. Actions performed on packages happen in the background while we continue to browse through the Software Centre. One aspect of the Software Centre I like is that it will make recommendations to us based on popular downloads. This makes the Software Centre more attractive to newcomers who might not be sure what works best. The Software Centre, in its current form, worked well for me and I found it to be both responsive and easy to use. I feel it noteworthy that we can also install new software through the Unity Dash. When searching for programs in the Dash we are shown both installed applications and applications available in the repositories that match our search. Clicking on an application that has not yet been installed brings up the option to add the application to our system.
On the subject of Dash, I feel it has evolved well in these past few releases of Ubuntu. The Dash makes it fairly easy to find documents and software by name. We can also filter items, showing only specific categories of software, for example. I think the Dash performs a little faster now than it did in previous releases (though I have not performed strict tests) and I find it useful when I want to access a program, but I'm not sure if that program is installed locally yet. I also feel the HUD is worth mentioning. When operating in the Unity environment tapping the ALT key brings up a search box, called the HUD. Typing in the name of a command or feature causes the HUD to display a list of matching features the currently active application supports. For example, if we are running LibreOffice and type "export" the option to export the current document to PDF format appears. Tapping ALT and typing "spell" brings up the option to run LibreOffice's spell checker. The HUD is useful when we know what we want to do, but not where to find the desired feature in an application's menu tree.
Ubuntu 14.10 - browsing applications with Unity Dash
(full image size: 821kB, screen resolution 1280x1024 pixels)
I also want to mention the backup utility, available through the Dash or System Settings panel. The backup application is designed to be very easy to use and it guides us through setting up scheduled backups with a few mouse clicks. We can choose which directories to save and how often to perform backups (daily or weekly). Archives we create can be saved to a local directory on our computer, to a network share or to another computer running the OpenSSH secure shell service. I found the backup utility worked well and was easy to use. My only complaint was that when we attempt to restore a file, we need to unpack the entire archive (either to its original location or to a directory we have set aside). There does not appear to be any way to extract a single, specific file out of an archive using the backup utility. That being said, the archives created appear to be regular tar archives and we can extract single files from the archives using an alternative utility.
After using Ubuntu 14.10 for a few days it occurred to me that this release is unusual in that it seems as though very little has changed since the previous release. The Ubuntu distribution is infamous for its little changes and tweaks. Fans and critics typically have something to talk about, whether it is a different scroll bar style or window control buttons moving from right to left or a change in the way the Dash functions. This release of Ubuntu is uncharacteristically tame with just subtle differences in the version numbers of some key applications and the Linux kernel. Big changes, like the shift to Mir and the Unity 8 desktop, are being held off until October of 2015 and it seems, for now, the developers have decided to focus on minor bug fixes.
I think this tame release of Ubuntu is a good sign. Instead of talking about a new desktop layout or getting distracted by cosmetic changes, two of the few things which attracted my attention while using Ubuntu 14.10 were that it appears to be slightly faster than Ubuntu 14.04 and Unity is more stable on my test machine. When Ubuntu 14.04 came out, I felt it was a solid release and I had a very positive experience with it. One of my few complaints with Ubuntu 14.04 was the appearance of the occasional error message telling me some part of Unity had crashed and would I like to send a bug report? So far, while using Ubuntu 14.10, I have not seen a single crash notification. Nothing has glitched, nothing has crashed. The operating system has performed smoothly and quickly.
Ubuntu is, in my opinion, one of the easier Linux distributions to install and use. The Unity desktop, while some people don't care for its approach to doing things, has proven to be easy for people to learn when I've introduced non-Linux users to it. The system comes with a good collection of default software, the settings panel is easy to navigate and the Unity desktop has become more configurable in recent releases. There are some aspects of Ubuntu I don't like. I'm not a fan of on-line search being enabled by default. While it's possible to opt-out of on-line searches I would prefer not having data transmitted to Canonical (and third-parties) by default. I am not a fan of the unified menu bar at the top of the screen, but this too can be configured, restoring menu bars back to their traditional location inside application windows. I guess what I'm coming to is Ubuntu may do some things I don't like, but I have to admit those features I don't like are easily configurable.
On the whole, I think Ubuntu 14.10 is a good release, it adds a touch of polish on top of the already solid 14.04 version. This is one of the more newcomer friendly distributions I have used this year and I am happy with what the Ubuntu team has done, specifically focusing on minor improvements and bug fixes.
* * * * *
Hardware used in this review
My physical test equipment for this review was a desktop HP Pavilon p6 Series with the following specifications:
- Processor: Dual-core 2.8GHz AMD A4-3420 APU
- Storage: 500GB Hitachi hard drive
- Memory: 6GB of RAM
- Networking: Realtek RTL8111 wired network card
- Display: AMD Radeon HD 6410D video card
* * * * *
Ubuntu and ownCloud security
At this time I would like to take a moment to discuss something which involves Ubuntu, but is not strictly about the distribution. Rather this is more about ownCloud. The ownCloud project creates server and client software for synchronizing files between multiple computers. The ownCloud software works a lot like Dropbox or iCloud or the now discontinued Ubuntu One service. People can install ownCloud on a computer (a desktop or a server) and then use client-side software to synchronize directories of files between computers. For people who like to create their own solutions rather than rely on third-party vendors (like Dropbox or Google) ownCloud provides an easy way to set up self-managed file synchronization. I use ownCloud and I'm a fan of the software.
A few weeks ago ownCloud developer Lukas Reschke contacted the Ubuntu team and requested the ownCloud server software be removed from the Ubuntu repositories: "On behalf of the ownCloud project (www.owncloud.org) I'm requesting that 'ownCloud server' is removed from the Ubuntu packages (including all versions). Let's hope that this is finally the right mailing list for this kind of request. These packaged versions are all vulnerable to multiple critical security bugs and no security fixes have been backported."
Marc Deslauriers, a Canonical developer, responded, saying software could not be removed from versions of Ubuntu already released, but suggested the ownCloud team could work with Ubuntu on a solution. Potential solutions included helping to back-port fixes from newer versions of ownCloud into Ubuntu's packages or possibly helping the Ubuntu team to package a new version of ownCloud. Either solution would allow Ubuntu users to continue using ownCloud and protect them from vulnerabilities.
Reschke declined to work with the Ubuntu developers, replying: "From my side, my work is done here, I have informed the responsible persons via multiple channels and if they have no intentions to fix the problems on their own we can very well life [sic] with that and will just add a big security warning to our installation guide. That will take much less time to do and has the same result for us." He also stated the Debian developers had cooperated with the take-down notice, posting: "I want to use this opportunity and state that with different distributions (such as Debian) it was absolutely not a problem to get the freezed packages removed." As it turns out, Debian still packages ownCloud and the server software is still available in all branches of Debian.
In the end, a bug report was filed, requesting the ownCloud server software be removed from Ubuntu 14.10 (prior to release) and it appears ownCloud is no longer offered in the latest version of Ubuntu. People who run Ubuntu can still download ownCloud via packages the ownCloud project maintains.
There are a few key points to this story I find disturbing, both as a developer and as an end user. Perhaps the primary issue here is the idea an upstream developer feels it is appropriate to request (legally packaged and distributed) software be removed from distribution archives, even from archives of distributions that have already been released. With a relatively niche software package like ownCloud people might not notice, but imagine the turmoil that would erupt if GNU requested Debian and Ubuntu drop the bash shell interpreter in the wake of the Shell Shock bug. Or imagine if Mozilla insisted distributions remove old versions of Firefox from their frozen repositories. Most users would be very upset with the upstream developers and any distribution that complied with the request. Yet a single ownCloud developer can request (and succeed) in having software pulled from Ubuntu.
I also think it is a shame the ownCloud project doesn't mind putting the work into maintaining packages for seven different distributions, but they apparently refuse to work with downstream projects to keep packages up to date. I think (speaking from experience) working with those seven distributions to help keep packages maintained would not only be less work in the long run, but it would also likely result in more bug fixes and faster deployments downstream. As it stands, ownCloud's approach of doing all the work themselves, while refusing to cooperate with downstream projects, seems like more effort for the ownCloud developers and more work for people deploying ownCloud.
Above I mentioned I run an installation of ownCloud and it happens to reside on a server running Ubuntu. Following the removal of ownCloud from Ubuntu I decided to upgrade to a newer version, using a package provided by the ownCloud team. I installed the package provided by upstream and discovered a few things. One is that the upstream ownCloud package over-wrote my configuration. This meant that the new ownCloud installation did not recognize my existing files, declared my account "empty" and caused the ownCloud clients on each of my computers to erase my synchronized directories. A second thing I noticed, when I tried to rollback my ownCloud installation, is that major versions are not backward compatible. For example, trying to run ownCloud 7 with a copy of my ownCloud 6 database/configuration did not work.
In the end, I was able to get the new version of ownCloud working on my server and, thanks to my paranoid approach to backups (using rsync to copy all my documents, daily, to another server that doesn't run ownCloud), I didn't lose any of my work. Still, I'm left with a few questions. Such as why does ownCloud insist on rolling their own packages and why do they refuse to work with downstream projects to secure their software? Why does Canonical allow upstream projects to demand legally packaged software be removed from their repositories, isn't that a slippery slope? Why didn't the Ubuntu team pull in the latest packages from Debian since Debian's packages act as an upstream source for the Ubuntu distribution? I feel this situation could have been handled better by both sides and, judging by my own experience, it seems the only people who will get hurt are the people ownCloud is trying to protect.
|Miscellaneous News (by Jesse Smith and Ladislav Bodnar)
openSUSE explains Tumbleweed and Factory merger, Firefox OS on Raspberry Pi, Ubuntu Kylin interview, PelicanHPC update, OpenBSD drops dynamically loaded kernel modules, FreeBSD's 21st
Last week we shared an announcement from openSUSE in which the project reported the openSUSE Factory and Tumbleweed repositories would merge. Factory and Tumbleweed have both become rolling-release distributions and the openSUSE project will be changing the way it works with both repositories. The project has since posted a follow-up in which the future roles of Factory and Tumbleweed are clarified. The post takes a questions and answers style approach to explaining what will happen to Factory and Tumbleweed: "What does this mean for existing Factory users? Do I need to do anything? Yes and no -- When this goes live on November 4, it is our intention to 'alias' the current Factory repositories to the 'new' Tumbleweed repositories. So existing Factory users should not need to do anything. However, it will be recommended that people change their repositories to point to the new ones as we will phase out the current Factory URLs in about six months. We'll be sending out how-to guides and reminders close to the November 4th launch of the 'merged Tumbleweed' and the retirement of the 'old Factory repositories' in six months time."
* * * * *
Mozilla, the organization behind the Firefox web browser, the Thunderbird e-mail client and the Firefox OS mobile operating system, is working on a version of Firefox OS for the Raspberry Pi hobbyist computer. The new Firefox OS build should currently be able to work on Raspberry Pi computers and Mozilla is looking to refine and expand on the platform: "We are looking to demonstrate that Firefox OS can be a viable and valuable operating system for Raspberry Pi boards, and for the wide variety of use cases that are being imagined today by the Webmakers of tomorrow. Our goal is to release a downloadable or flashable version of Firefox OS for Raspberry Pi boards in conjunction with the Mozilla Festival."
* * * * *
Ubuntu Kylin, a geographically-oriented distribution designed specifically for China, is just one of the many official flavours of Ubuntu, but interestingly enough, it is the only one that gets a mention on Ubuntu's home page. Last week Ubuntu Insights published a nice interview with Dr Jonas Zhang, an operating system researcher at National University of Defence Technology in Changsha, China, who talked about Ubuntu Kylin and its role in China's operating system ecosystem: "Q: How is Ubuntu Kylin different from standard Ubuntu? A: Ubuntu Kylin is a recognised flavour of Ubuntu and it takes Ubuntu as a base and reference. On the one hand, we cooperate with Ubuntu developers to make Ubuntu better. We submit blueprints and patches on many upstream projects, such as Ubiquity, Friends, Dash, Unity, fcitx. Currently, we are working on Unity 8 and Mir as well. We also devote time and energy to make Ubuntu Kylin more suitable for Chinese users. Our work spreads over a wide range of the OS, including UI/UX, language support and system applications. We also have a series of Youker applications, such as Youker Assistant (a desktop management tool that supports English, Spanish and Chinese), Youker Weather, Youker Calendar and Youker Search. What's more, we have cooperated with several popular Chinese software providers, such as Kingsoft, Xunlei and Sougou, to develop the Linux editions of their products."
* * * * *
Good news for the fans of high-performance computing and cluster management - the PelicanHPC distribution has been revived. Michael Creel, the original maintainer of the Debian-based live CD, discontinued the project in early 2013. But last week his website announced a revival of PelicanHPC: "I'm very pleased to announce that Aissam Hidoussi has taken over development of PelicanHPC and has made a 3.0 release that is based on the current Debian stable release "Wheezy". The new web site is pelicanhpc.awict.net where you can get more information. The image is also available at this site." The distribution's new home has big plans, including a forthcoming 3.1 release, as well as a brand-new 4.0 build based on Debian GNU/Linux 8.0 "Jessie": "We're actively working on PelicanHPC 3.1, which contains fixes for PelicanHPC 3.0. It will be available after the release of stable Debian 8 (Jessie) or February 1, 2015 (whichever comes first). Also, we're working on the next release, PelicanHPC 4.0, which will be based on Debian 8 (Jessie) and live-build 4.x."
* * * * *
The OpenBSD change log contains an interesting item which caught some attention recently. According to the log, the OpenBSD kernel will no longer support dynamically loading modules. Often operating systems, such as GNU/Linux or FreeBSD, will include common functionality built straight into the kernel while optional functionality is kept separate, as a module that can be loaded as needed. The module approach is often used to keep the size of the kernel, and the amount of memory it requires, low. The OpenBSD project appears to be dropping this functionality, requiring all drivers and features to be compiled into the kernel directly. No explanation for the change is mentioned in the log, but one might assume the OpenBSD developers hope to avoid potential security issues by no longer allowing modules to be dynamically loaded into the kernel.
* * * * *
It was on 1 November 1993, exactly 21 years ago last Saturday, that the FreeBSD project announced their first ever stable release - version 1.0. Among many other (at the time) modern features, it came on "updated floppies" and had support for XFree86 2.0: "The first 'official' release of FreeBSD 1.0 is now available, no more greek letters - this is the 'production' release. While a fair number of bugs were also whacked between EPSILON and RELEASE, the following additional features deserve special mention: a dynamic buffer cache mechanism that automagically grows and shrinks as you use the memory for other things, this should speed up disk operations significantly; the Linux sound driver for Gravis UltraSound, SoundBlaster, etc. cards; Mitsumi CD-ROM interface and drive; updated install floppies; more fail-safe probing of devices on the ISA bus, this makes it much harder for devices to conflict with each other; advance syscons support for XFree86 2.0." Happy 21st, FreeBSD!
|Book Review (by Jesse Smith)
Book review: The Book of PF (Third Edition)
A packet filter, sometimes referred to by the generic name "firewall", is a piece of technology which blocks, forwards or re-routes network traffic. Packet filters come in a wide variety of styles and can be found running on most computers, from laptops to workstations to servers. One of the more powerful and flexible packet filters available today is PF, a technology which first appeared in the OpenBSD operating system. The OpenBSD website describes PF as follows:
Packet Filter (from here on referred to as PF) is OpenBSD's system for filtering TCP/IP traffic and doing Network Address Translation. PF is also capable of normalizing and conditioning TCP/IP traffic and providing bandwidth control and packet prioritization.
Using any packet filter and using it well takes practise and the PF software is especially complex and flexible. This flexibility, combined with some impressive features, makes PF one of the more respected packet filters, especially in the BSD community. People who are serious about network performance and security should know how to configure at least one packet filter and, if you only have time to learn one, it should probably be PF.
Enter the The Book of PF, written by Peter N. M. Hansteen. Mr Hansteen is a network administrator, an OpenBSD user and a fan of PF. In his book he sets out to explain what a packet filter is, why they are important and how to make use of the many features of PF. Though Hansteen mostly talks about working with PF on the OpenBSD operating system, he also takes time to talk about small differences which exist in the FreeBSD and NetBSD implementations of PF. (PF does not, at the time of writing, have a workable implementation on Linux distributions.)
After giving us a little background on PF, Hansteen begins showing us examples of PF configurations. PF is mostly managed using plain text files with lists of rules. Each rule is typically made up of a few parts, namely characteristics of network traffic to look for and what to do if a matching network packet is found. Hansteen begins with the most simple possible configurations (either allowing all traffic or blocking all traffic) and then quickly builds from there. Once the author explains how to create some very basic rules he goes on to talk about checking to make sure rule syntax is valid and testing existing rules. Then we get thrown head first into approaching network security from a variety of angles.
A packet filter can be used in several different ways. It can block network traffic, throttle connections for smoother network performance, route incoming traffic to the proper locations and stop attacks in progress. Hansteen tackles each of these scenarios, starting with some simple examples and building on them until we have some quite detailed solutions. We then move on to the next topic and start a new configuration from scratch.
I feel it is worth pointing out The Book of PF expects the reader to have a passing familiarity with working from the command line. It would also be helpful to know a little about network technologies and the differences between terms such as TCP and UDP, for example. We need not be experts in these fields, but knowing a little about how computer networks behave is a requirement for following the examples laid out in this book. It might also help to have experience using one of the BSD operating systems prior to cracking open this text.
While I was reading The Book of PF, a few things stood out. One is that the sub-title, "A No-Nonsense Guide..." seems appropriate. Most of the technical books I read on working with operating systems or networks contain funny asides or stories about gaining hard won wisdom. The Book of PF is more terse, dealing strictly with the subject at hand without wandering. In some ways the text acts more as reference material than a personal guide. Another thing which stood out was that there were a lot of practical examples. PF is a complex piece of technology which allows for all sorts of useful tools, including macros, variables, logging and prioritizing traffic. It is one thing to know PF can do these things, but it is great to see functional examples presented for us. Working with network packets can feel abstract and complex and seeing complete examples, not just snippets, is very helpful.
Something that came to mind while reading this book is that PF appears to be much more flexible and extendable than, for example, most Linux packet filters. However, the trade off is PF also has a more complex syntax to learn. While reading some early examples of PF in action I couldn't help but feel using Linux-based tools would be much faster and easier to understand. (The section on setting up FTP connections, for instance, describes a very complex solution using PF that would be trivial on a Linux server.) However, by the end of the book I had to acknowledge PF appears to be able to do things Linux firewalls either cannot do, or cannot do without a great deal more work. My point is that, for people coming from Linux land, PF may seem strange and overly complex, but there is a great deal we can accomplish with PF. The technology shines when facing difficult problems which its many features make relatively easy.
Hansteen has a straight-to-the-point writing style, he explains tough networking situations clearly and he dives deep into the capabilities of PF. If you need to set up a network gateway or want to learn firewalls inside and out, then The Book of PF is a very helpful resource. It sticks to the topic, covers a wide range of use cases and provides detailed examples.
* * * * *
- Title: The Book of PF (Third Edition)
- Authors: Peter N. M. Hansteen
- Published by: No Starch Press
- Pages: 248
- ISBN-10: 1-59327-589-7
- ISBN-13: 978-1-59327-589-1
- Available from: No Starch Press, Amazon and other bookstores
|Opinion (by Jesse Smith)
On commercial aspect of Elive
It is not often I browse the comments left at the bottom of DistroWatch Weekly, but the last few times I have there have been posts commenting on the Elive distribution. There seems to be a strong level of mistrust directed at this project and posts have called for DistroWatch to either remove the distribution or post warnings next to the project's release notices. So let's talk about Elive and why a vocal few are concerned about this particular distribution.
From what I have read there are two main concerns with regards to Elive. The first is that Elive is a commercial distribution. Some people, usually due to a misunderstanding of what "free and open source software" means, believe open source software should not be sold. I find this a curious complaint as several popular Linux distributions are commercial in nature, including such heavyweights as Red Hat Enterprise Linux, SUSE Linux Enterprise and Mandriva Linux.
The second, and more common, concern appears to be that Elive is not up front about the fact it is a commercial distribution. People can download and use the project's media to experiment with the live desktop without making a payment. The request for payment, US$15, only comes into play when the user attempts to install the distribution. Further, there does not appear to be any mention of Elive's commercial nature on the project's website. (Or if the website mentions this aspect of the distribution, I have been unable to find it.) The only place I could find mention of users paying for Elive was on the project's forum, under the Suggestions section. Some people feel Elive should be more upfront about the fact the distribution charges for installations.
Personally, I'm a bit indifferent to whether distributions charge for their use or how much they advertise that fact. There are plenty of distributions and many of them are supported by funds in one form or another. It might be a slight surprise to potential users when they go to install Elive when they discover the project charges for installations. However, Elive is a Debian-based distribution and there are dozens of those available. People who do not want to pay for Elive can download any number of other distributions based on Debian GNU/Linux.
Prior to writing this commentary I downloaded the latest beta of Elive to see just how the payment system was implemented. The live disc brought up a boot menu with several options, offering various approaches to either experimenting with the live Enlightenment interface or launching the installer directly. All options caused the distribution to bring up the desktop interface, the options to launch the installer directly did not work. When Elive boots we are shown the Enlightenment desktop and we can play with this interface and a handful of popular open source applications.
Elive 2.3.9 - attempting to run the system installer
(full image size: 276kB, screen resolution 1280x1024 pixels)
When I attempted to launch the distribution's system installer a voice came out of my speakers welcoming me to this "futuristic" operating system. The system paused to connect to the Internet (I was already connected) and then asked me to confirm that I was on-line. When I clicked the button confirming I was on-line the installer reported it could not find an Internet connection and closed. I attempted several times to run the installer, each time confirming I was on-line and able to browse the web. Each time the installer reported it was off-line and refused to continue. It never reached a point where I had to make choices or offer payment. Presumably this issue will be fixed before the upcoming stable release.
As to whether DistroWatch should let people know that Elive is a commercial distribution or not, well, DistroWatch does. In each announcement regarding Elive that appears on the front page there is a link to the Elive description page which includes the comment: "Elive is a commercial distribution; while the live CD is available as a free download, those wishing to install it to a hard disk are asked to pay US$15 for an installation module." Anyone who takes even a brief few seconds to learn about the distribution they are about to download will be aware of the project's commercial nature.
|Rolling-release trial (by Jesse Smith)
Rolling-release trial - week 4
The fourth week of my rolling-release trial was a fairly calm affair, with one exception. Last week I mentioned my copy of openSUSE did not include the ability to boot into old Btrfs snapshots of the file system from the boot menu. At the time this feature was missing from my copy of openSUSE and I thought it might have been a configuration problem. However, this week, after installing the available updates from openSUSE's repositories, the option to boot read-only Btrfs snapshots appeared in my boot menu. It seems as though this feature has been added recently and I now benefit from being able to boot into older copies of my operating system. If openSUSE Factory breaks during my trial I can now revert to an older version of the operating system simply by rebooting. This is a feature I greatly appreciated having on PC-BSD and I am very pleased to see this new feature on openSUSE.
Since all of my updates went smoothly (including one large update to LibreOffice on PCLinuxOS) I am simply going to supply the statistics of my updates below. Here are the number of updated packages provided by each project and the amount of bandwidth required to download them. The chart below does not include the LibreOffice update I applied to PCLinuxOS as the LibreOffice suite is updated by a separate utility from the distribution's package manager.
Here is a list of key packages on each operating system and the version numbers of key packages following the updates.
|Released Last Week
MakuluLinux 1.0 "Cinnamon"
Jacque Raymer has announced the release of MakuluLinux 1.0 "Cinnamon" edition, a Debian-based distribution featuring the Cinnamon desktop environment: "It has been a dream of mine to build a Debian-based OS with Cinnamon for well over a year now, and on a few occasions I managed to actually get it to compile and boot, it proved to be highly unstable after a few patches. Each time I found myself disappointed, putting the idea on the back burner. You can imagine my delight when I heard that Cinnamon has a new team of guys porting it to Debian and thus once again I made the effort. To my great delight it seemed a bit smoother and more stable. A few months ago I got to work on this baby and although I was limited with my schedule I managed to make great progress in a very short amount of time. Today I am releasing the result to the world." Read the release announcement and release notes for further information.
SUSE Linux Enterprise 12
SUSE has announced the availability of SUSE Linux Enterprise 12 "Desktop" and "Server" products, commercial distributions built primarily for deployment as enterprise desktops or servers: "SUSE today announced the general availability of SUSE Linux Enterprise 12, the newest version of its reliable, scalable and secure platform for efficiently deploying and managing highly available enterprise-class IT services in physical, virtual or cloud infrastructure. New products based on SUSE Linux Enterprise 12 feature enhancements that more readily enable system uptime, improve operational efficiency and accelerate innovation. The foundation for all SUSE data center operating systems and extensions, SUSE Linux Enterprise meets the performance requirements of data centers with mixed IT environments, while reducing the risk of technological obsolescence and vendor lock-in." Read the press release and browse the detailed released notes (desktop, server) for further information.
SUSE Linux Enterprise Desktop 12 - the default GNOME desktop
(full image size: 736kB, screen resolution 1280x1024 pixels)
Cecil Watson has announced the release of LinHES 8.2, the latest stable version of the project's specialist Arch-based distribution designed for set-top boxes and home entertainment computers: "The LinHES dev team is pleased to announce the release of LinHES 8.2. LinHES 8.2 brings updates to the kernel, system libraries, service menu options, MythTV 0.27.4, LinHES theme and many other parts of LinHES. Due to consolidating /bin, /sbin, /usr/sbin, to /usr/bin upgrading to 8.2 is more involved than the normal pacman -Syu. There are two options to update, the update81-82.sh script or upgrade from the ISO. The update81-82.sh script will assist in updating LinHES. As always, make sure you have a good backup. There is no backout plan or partial update, once started the upgrade needs to complete or the system may not boot correctly. The largest stumbling block that will cause the update to fail are non-LinHES packages that have been installed. Please uninstall the non-LinHES, update to R8.2 and then re-install the 3rd party packages." See the release announcement and release notes for more details.
Puppy Linux 6.0 "Tahrpup"
Barry Kauler has announced the release of Puppy Linux 6.0 "Tahrpup" edition, a minimalist distribution compatible with Ubuntu 14.04 binary packages: "We have another official Puppy Linux release. Since I retired from developing Puppy Linux early in 2014, keen members of the Puppy community forked my Woof Puppy builder, naming it woof-CE. Since then, 01micko has been active with a Puppy built from Slackware packages, named 'Slacko Puppy'. The guys have also been working on another pup, built from Ubuntu 'Trusty Tahr' binary packages, under the leadership of Phil Broughton and this has now reached release status. It is named 'Tahrpup' and is version 6.0. Tahrpup is an official release of Puppy Linux for those who would like the package manager to have compatibility with the large collection of packages in the Ubuntu repository." Here is the complete release announcement with relevant links.
Puppy Linux 6.0 "Tahrpup" - the default desktop
(full image size: 264kB, screen resolution 1600x1200 pixels)
Johnny Hughes has announced the release of CentOS 6.6, an updated build of the project's legacy branch, compiled from the source code for Red Hat Enterprise Linux 6.6: "We are pleased to announce the immediate availability of CentOS 6.6 install media for i386 and x86_64 architectures. CentOS 6.6 is based on source code released by Red Hat, Inc. for Red Hat Enterprise Linux. There are many fundamental changes in this release, compared with the past CentOS 6 releases, and we highly recommend everyone study the upstream release notes as well as the upstream technical notes about the changes and how they might impact your installation. All updates since the upstream 6.6 release are also on the CentOS 6.6 mirrors as zero day updates. When installing CentOS 6.6 (or any other version) from any of our media, you should always run 'yum update' after the install." See the release announcement and release notes for detailed information about this version.
Zentyal Server 4.0
José Antonio Calvo has announced the release of Zentyal Server 4.0, a new version of the project's Ubuntu-based distribution designed for small business servers: "The Zentyal development team is proud to announce Zentyal Server 4.0, a new release of the open-source Linux small business server with native Microsoft Exchange protocol implementation and Active Directory interoperability. Zentyal Server 4.0 comes with improved mail and mail-related directory features. It is based on the latest Ubuntu 14.04.1 LTS. New features and improvements include: improved provisioning of Zentyal as first Microsoft Exchange server; improved PST import; improved support for RPC over HTTP (Microsoft Outlook Anywhere); improved Autodiscover service; improved support for multiple virtual mail domains; improved support for Microsoft Outlook 2007, 2010; improved support for shared calendars and contacts; improved multi-language support for mailboxes...." Read the release announcement for further information.
Simplicity Linux 14.10
David Purse has announced the release of Simplicity Linux 14.10, a set of Puppy Linux-based distributions with LXDE as the preferred desktop (and now also an experimental edition with KDE): "Simplicity Linux 14.10 is now available for everyone to download. It uses the 3.15.4 kernel. The Netbook and Desktop editions both use LXDE as the desktop environment and the X edition uses KDE 4.12.3. As usual, Netbook is our cut-down variant, with mostly web based applications which are made easily available from the Wbar dock. Desktop is our full-featured edition which features a host of beautiful wallpaper images pre-installed, as well as a lot of local applications such as Firefox, TOR Browser, Thunderbird, LibreOffice and Dropbox. The X edition is our experimental version and, as such, not everything will work. It is intended as a glimpse into what Simplicity Linux may become in the future. As mentioned above, it uses KDE 4.12.3 as the desktop environment rather than LXDE." Here is the full release announcement.
Antoine Jacoutot has announced the release of OpenBSD 5.6, the latest version of the free, multi-platform UNIX-like operating system focusing on proactive security and integrated cryptography: "We are pleased to announce the official release of OpenBSD 5.6. This is our 36th release on CD-ROM (and 37th via FTP/HTTP). We remain proud of OpenBSD's record of more than ten years with only two remote holes in the default install. As in our previous releases, 5.6 provides significant improvements, including new features, in nearly all areas of the system. LibreSSL: this release forks OpenSSL into LibreSSL, a version of the TLS/crypto stack with goals of modernizing the codebase, improving security, and applying best practice development processes; no support for legacy MacOS, Netware, OS/2, VMS and Windows platforms, as well as antique compilers; removal of the IBM 4758, Broadcom ubsec, Sureware, Nuron, GOST...." Visit the OpenBSD 5.6 release page to read the complete list of changes and improvements.
* * * * *
Development, unannounced and minor bug-fix releases
|Upcoming Releases and Announcements
Summary of expected upcoming releases
September 2014 DistroWatch.com donation: KDE|
We are pleased to announce that the recipient of the September 2014 DistroWatch.com donation is KDE, a cross-platform graphical desktop environment. It receives €300.00 in cash.
Few people in the free software communities around the world need an introduction to KDE. First launched in October 1996, the project produces, among other things, the KDE desktop (re-branded as Plasma desktop in the last couple of years). Recently the Germany-based KDE foundation launched a KDE End of Year 2014 Fundraising campaign: "As we approach the end of the year we begin the season of giving. What would suit the holiday better than giving to the entire world? Here is a unique way to give back to KDE allowing us to keep giving free software to humankind. KDE is committed to improving technology and software to make the world a better place. We produce great quality free software that everyone is free to use or modify without any cost or restriction." Please visit the above page if you are a KDE fan and wish to contribute to the project's current sprint towards the upcoming stable release of Plasma 5.
Launched in 2004, this monthly donations programme is a DistroWatch initiative to support free and open-source software projects and operating systems with cash contributions. Readers are welcome to nominate their favourite project for future donations. Those readers who wish to contribute towards these donations, please use our advertising page to make a payment (PayPal, credit cards, Yandex Money and Bitcoins are accepted). Here is the list of the projects that have received a DistroWatch donation since the launch of the programme (figures in US dollars):
Since the launch of the Donations Program in March 2004, DistroWatch has donated a total of US$41,225 to various open-source software projects.
- 2004: GnuCash ($250), Quanta Plus ($200), PCLinuxOS ($300), The GIMP ($300), Vidalinux ($200), Fluxbox ($200), K3b ($350), Arch Linux ($300), Kile KDE LaTeX Editor ($100) and UNICEF - Tsunami Relief Operation ($340)
- 2005: Vim ($250), AbiWord ($220), BitTorrent ($300), NDISwrapper ($250), Audacity ($250), Debian GNU/Linux ($420), GNOME ($425), Enlightenment ($250), MPlayer ($400), Amarok ($300), KANOTIX ($250) and Cacti ($375)
- 2006: Gambas ($250), Krusader ($250), FreeBSD Foundation ($450), GParted ($360), Doxygen ($260), LilyPond ($250), Lua ($250), Gentoo Linux ($500), Blender ($500), Puppy Linux ($350), Inkscape ($350), Cape Linux Users Group ($130), Mandriva Linux ($405, a Powerpack competition), Digikam ($408) and Sabayon Linux ($450)
- 2007: GQview ($250), Kaffeine ($250), sidux ($350), CentOS ($400), LyX ($350), VectorLinux ($350), KTorrent ($400), FreeNAS ($350), lighttpd ($400), Damn Small Linux ($350), NimbleX ($450), MEPIS Linux ($300), Zenwalk Linux ($300)
- 2008: VLC ($350), Frugalware Linux ($340), cURL ($300), GSPCA ($400), FileZilla ($400), MythDora ($500), Linux Mint ($400), Parsix GNU/Linux ($300), Miro ($300), GoblinX ($250), Dillo ($150), LXDE ($250)
- 2009: Openbox ($250), Wolvix GNU/Linux ($200), smxi ($200), Python ($300), SliTaz GNU/Linux ($200), LiVES ($300), Osmo ($300), LMMS ($250), KompoZer ($360), OpenSSH ($350), Parted Magic ($350) and Krita ($285)
- 2010: Qimo 4 Kids ($250), Squid ($250), Libre Graphics Meeting ($300), Bacula ($250), FileZilla ($300), GCompris ($352), Xiph.org ($250), Clonezilla ($250), Debian Multimedia ($280), Geany ($300), Mageia ($470), gtkpod ($300)
- 2011: CGSecurity ($300), OpenShot ($300), Imagination ($250), Calibre ($300), RIPLinuX ($300), Midori ($310), vsftpd ($300), OpenShot ($350), Trinity Desktop Environment ($300), LibreCAD ($300), LiVES ($300), Transmission ($250)
- 2012: GnuPG ($350), ImageMagick ($350), GNU ddrescue ($350), Slackware Linux ($500), MATE ($250), LibreCAD ($250), BleachBit ($350), cherrytree ($260), Zim ($335), nginx ($250), LFTP ($250), Remastersys ($300)
- 2013: MariaDB ($300), Linux From Scratch ($350), GhostBSD ($340), DHCP ($300), DOSBox ($250), awesome ($300), DVDStyler ($280), Tor ($350), Tiny Tiny RSS ($350), FreeType ($300), GNU Octave ($300), Linux Voice ($510)
- 2014: QupZilla ($250), Pitivi ($370), MediaGoblin ($350), TrueCrypt ($300), Krita ($340), SME Server ($350), OpenStreetMap ($350), iTALC ($350), KDE ($400)
* * * * *
Distributions added to waiting list
- eZeY. The main goal of eZeY is to provide IT students an easy Linux distro to learn and "play" with.
- Nard GNU/Linux. Nard GNU/Linux is a software development kit (SDK) written from scratch for the Raspberry Pi family of boards. Nard runs entirely in RAM on the Raspberry Pi board.
- SEANux. SEANux is an Ubuntu-based Linux distribution with a modified GNOME Shell interface. It ships with penetration testing tools and software developed by the Syrian Electronic Army.
* * * * *
DistroWatch database summary
* * * * *
This concludes this week's issue of DistroWatch Weekly. The next instalment will be published on Monday, 10 November 2014. To contact the authors please send email to:
- Jesse Smith (feedback, questions and suggestions: distribution reviews, questions and answers, tips and tricks)
- Ladislav Bodnar (feedback, questions, suggestions and corrections: news, donations, distribution submissions, comments)
- Bruce Patterson (feedback and suggestions: podcast edition)
If you've enjoyed this week's issue of DistroWatch Weekly, please consider sending us a tip.
(Tips this week: 0, value: US$0.00)
|Linux Foundation Training