DistroWatch Weekly |
Tip Jar |
If you've enjoyed this week's issue of DistroWatch Weekly, please consider sending us a tip. (Tips this week: 0, value: US$0.00) |
|
|
|
bc1qxes3k2wq3uqzr074tkwwjmwfe63z70gwzfu4lx lnurl1dp68gurn8ghj7ampd3kx2ar0veekzar0wd5xjtnrdakj7tnhv4kxctttdehhwm30d3h82unvwqhhxarpw3jkc7tzw4ex6cfexyfua2nr 86fA3qPTeQtNb2k1vLwEQaAp3XxkvvvXt69gSG5LGunXXikK9koPWZaRQgfFPBPWhMgXjPjccy9LA9xRFchPWQAnPvxh5Le paypal.me/distrowatchweekly • patreon.com/distrowatch |
|
Extended Lifecycle Support by TuxCare |
|
Reader Comments • Jump to last comment |
1 • weekly poll and https (by pcninja on 2016-01-04 00:32:42 GMT from North America)
I update software as soon as it is convenient to do so, but I prefer to do so right away.
As for the https version, the only sensitive information here is the email addresses of people commenting here but it won't be really useful to anybody else.
2 • Updates (by MC on 2016-01-04 01:47:56 GMT from North America)
I voted "Other". Each time I fire up my computer (for the day) I open the terminal and run "update / dist-upgrade". Then install if updates are available.
3 • your HTTPS connection (by John on 2016-01-04 01:51:39 GMT from North America)
Hi - using Opera browser on Elementary OS. Get a warning about certain content being blocked because it's "insecure". Perhaps not all elements on your site are being funnelled through the new certificate?
4 • Installing Programs From Trusted Sources (by Serge on 2016-01-04 03:20:57 GMT from North America)
A typical GNU/Linux-based desktop or server focused operating system usually has a package management system that is preconfigured to install programs that are signed, in a cryptographically secure method, by trusted contributors to the initiative that develops or oversees development of the operating system in question.
In order to verify the signature, we must have a key that can decipher that signature. Usually the scheme that is used resembles a model where the program or other data is "signed" using a special series of digits called a cryptographic key. In the most common model, this "signature" can then only be deciphered using another cryptographic key that is mathematically related to, but not identical to, the first key. Usually, the key that is used to create the signature is held in strict confidence, and is called the private-key, while the key that is used to decipher the signature is called the public-key, and is distributed openly with no fear of what may happen if it may fall into the wrong hands (since, really, nothing bad can happen if it does). This is really a simplification of how the scheme looks, andthere are also other cryptographic schemes that are used for similar purposes, but the general idea and the problems it entails is pretty consistent.
Specifically, there is always a sort of "bootstrap" problem: how do you know that the public-key half of these split assymetric keys is indeed the public-key that corresponds to the private-key of the developers that you trust? How do you know that the public-key(s) that your system uses to verify signatures is not, instead, the public-key half of a split key pair that is actually controlled by some adversary seeking to compromise your system? Typically, your assurance in the integrity of these keys comes from the fact that the keys came pre-installed with your operating system, and if the keys are ever updated as part of normal system update, these keys are only updated in a cryptographically verified manner using the very same scheme already described above.
What's the problem in that? Well, when you first downloaded the installation image for the operating system in question, how did you know that you were downloading a legit installation image, and not, instead, something that looked and functioned like a legit installation image but was instead a specially crafted compromised system under the control of adversaries? TLS (https) helps, but is not a panacea. It also does not avoid the bootstrap problem entirely: you still need public-keys in TLS. It's just that, typically, if you get started with Linux by downloading an installation image on a Windows system, then your TLS session is verified through public-keys that came pre-installed by Windows itself. Of course, the recent Lenovo Superfish scandal and Dell root CA key scandal have shown that these pre-installed public-key stores aren't always worthy of trust, either.
However, the bottom line is that if you only install programs using your operating system's provided package management tools, heed integrity verification warnings, and do not install new public-key halves into your package management tools unless you are absolutely sure of their provenance, then you are really only ever taking this leap of faith once: when you first download the installation image for your operating system. If, on the other hand, you frequently download programs via web browsing, or frequently add third party repositories and third party public-key halves, then you are taking this leap of faith every single time you install or upgrade a program.
5 • HTTPS (by Somewhat Reticent on 2016-01-04 07:06:15 GMT from North America)
Did you also update http://distrowatch.gds.tuwien.ac.at/ ? (sorry if dup :P ) .org and .ch seem OK. "Encrypted web page, but not the connection thereto" Posted comment chains back to http ... small steps.
6 • Tragic loss of Ian Murdock (by cele_reloaded on 2016-01-04 07:52:56 GMT from Europe)
This is a tragic loss for linux community. We WILL REMEMBER you with the apt-get. you're still with us. RIP
7 • Software Security (by Andy Mender on 2016-01-04 08:08:28 GMT from Europe)
It's nice that the matter of software security is discussed from time to time :). It shows we [the open-source community] do actually care about what ends up on our computers.
I think lack of software repositories was for a very long time a losing point for Windows. From today's perspective I am honestly baffled that I myself used to just go online and download from the Internet whatever app I needed, completely oblivious to the multitude of possible threats. Obviously, the antivirus software and firewall would sort of protect me, but as we all know - prevention is better than cure.
I'm also happy to hear APT is running faster now. It made me feel sorry for it every time I was comparing it to Arch's pacman :P.
Finally, RIP for Mr Murdock. You will live on in our memories...
8 • Ian_Murdock_no_longer_a_you_or_victim_of_Manichaean_ego_mind (by k on 2016-01-04 09:24:54 GMT from Europe)
It seems, like Aaron Swartz, it was this burden of certain minds that Ian Murdock freed "true self" from. If living really cherish this/their essence and achievement(s), we really MUST VALUE and SECURE FREEDOM MUCH MORE ACTIVELY.
9 • Security of repos (by MarkW on 2016-01-04 10:27:19 GMT from Europe)
"Based on these observations I can say, from second-hand experience, that searching the web for programs can certainly lead to an infected operating system.
While that is true, there is another aspect; if you use repositories and a package manager you get notifications when a new version of the software is available which fixes security issues (and, an easy way of getting it installed). With the 'ad hoc'/'there is a website on the internet' method, less so.
10 • About Ian Murdock (by César on 2016-01-04 11:11:17 GMT from South America)
Hi!
It's a very sad the pass away of Mr. Murdock, the "IAN" of Debian, i don't believe when a read the news days back in time, terrible lost.
Changin', i run "aptitude update && aptitude safe-upgrade" every day when i turn on the PC, that's my frecuency for install updates.
Greetings from Chile and happy new year!!!
11 • Grub vs Grub2 (by Creek on 2016-01-04 13:19:50 GMT from North America)
Like Jessie in his review of Paldo, I always found it refreshing to see legacy grub as the bootloader. (Though this is a very rare occurance today.) Grub2 has always seemed to me to be a bloated answer to a problem seen by only a very few people. Not having done any kind of survey, I must just assume that legacy Grub (and MSDOS partitioning) can work just fine for 95% or more of us. I have always had up to 10 partions on my computers, and since ever needing a bootloader (LILO then Grub), I can't recall ever having my bootlader fail me. And to configure it - a breeze. Just my 2 cents (about what I find durign each morning's walk).
12 • HTTPS in RSS feed (by a on 2016-01-04 13:38:32 GMT from Europe)
Hi, the Distrowatch weekly RSS feed still points to the http version of Distrowatch, even when subscribed from the https version of the site.
13 • Manjaro OpenRC (by a on 2016-01-04 14:07:52 GMT from Europe)
Glad to see that Manjaro now officially supports OpenRC! Even if it requires a few manual steps that are explained in their wiki.
14 • Poll: Weekly updates (by a on 2016-01-04 14:26:43 GMT from Europe)
I update my Gentoo systems weekly, more or less (this is also what I did when I was using Arch.)
It seems like a good compromise to me: - updates take a limited amount of time and effort. - I’m still quite up to date.
15 • HTTPS in RSS feed (by Jesse on 2016-01-04 16:05:27 GMT from North America)
@12: Thank you, I will look at getting the RSS feeds updated.
16 • paldo (by Poet Nohit on 2016-01-04 16:16:59 GMT from North America)
As a developer, I just can't take Gnome Shell seriously. It seems to be a desktop aimed at non-developers (which might explain the lack of developers for paldo).
17 • What a year! (by Tran Older on 2016-01-04 17:41:33 GMT from Asia)
Riddell Resigned Murdoch Dead Linux Improved Debian Spread
18 • @17 (by Tran Older on 2016-01-04 18:15:22 GMT from Asia)
Very Sorry. I meant Ian Murdock, not another person. RIP. We prefer sudo apt-gt to Software Centers.
19 • @11 (by pivoron@yahoo.com on 2016-01-04 19:49:26 GMT from North America)
I have been using Grub2 since it first came upon us and have not had any problems. However, I much preferred Grub.
Why would the developers spread Grub2 all over the file system in multi directories? I mean, if I had some loose change, would I put pennys in left front pocket, nickels in rear right pocket, quarters in shirt top pocket? What gives here?
Ron
20 • Unattended upgrades on Debian (by Jack on 2016-01-04 20:27:40 GMT from North America)
I used to be addicted to running apt-get update && apt-get dist-upgrade every morning. In my quest to minimize my daily admin tasks, I finally configured unattended-upgrades. It took an hour or so to understand and comfigre all of the appropriate options. But it was well worth it. I haven't done any manual updates in a year and my systems are always up to date.
21 • Launchpad bug #1190696 (by Robert Thompson on 2016-01-04 21:47:00 GMT from North America)
I'm already looking forward to migrating from Xubuntu to Ubuntu MATE when the LTS release becomes available. I was curious to know whether Ubuntu MATE disables the updatedb.mlocate cron or if bug #1190696 still affects all Ubuntu flavors. I thought here or Phoronix would be the best places to ask. Thanks in advance for any insights.
22 • Updates etc (by Scuttlebuck on 2016-01-04 22:44:46 GMT from North America)
I update my arch and Gentoo machines approx every week to 10 days.. I used to try every day but have grown out of that, and being that bleeding edge isnt so important.. Its also useful to have a little buffer to check on any bugs that come up from time to time, and a week is very often plenty of time for them to be found and fixed.
Paldo apart from Gnome desktop would be an interesting distro to play with.. I was investigating its Upkg in the wiki and found a lot of the documentation is written by Philip Muller the Lead developer of Manjaro..though this is back from 2007...
23 • Updates (by Addleboro on 2016-01-04 22:50:59 GMT from North America)
On my Mint computer, I update when the icon tells me there's updates. On my PCLinuxOS computer, I don't have any scheduled time. I just check when I think I haven't done so in a while, but I don't wait too long.
24 • Update what, exactly? (by Kragle von Schnitzelbank on 2016-01-05 00:48:40 GMT from North America)
Any update can break part or all of an operating system; clearly restoration should be built-into any update process. Thus backup-copy should be built-in. Operating systems should be robust; apps should be properly contained.
Some apps may be updated quickly to minimize malware, but this puts them at greatest risk of breakage.
What if the breakage or malware comes from the packager/source?
Hardware is rarely updated; why should the base operating system be updated more frequently? Wasn't it built right to start with?
25 • @24 (by spacex on 2016-01-05 02:40:09 GMT from Europe)
Whether there is a reason to update frequently or not, depends on the distro you are running. For example, there is no reason to update Debian Stable frequently, but you definitely should with testing/unstable. The more cutting egde a system/OS is, the more the need of frequent updates. So there is no real answer to this question. It depends what you are running.
Also, you have to remember that you don't only update the base system, but everything else you have installed also.
26 • Software Updates Frequently (by Andy Figueroa on 2016-01-05 04:54:38 GMT from North America)
I update several times a week, because I don't want to take the time to update daily, but by updating frequently, I can do it in smaller bites, which makes debugging easier in case there are problems. I have been almost exclusively a Gentoo user for about 12 years.
27 • Ian Murdoch (by Buntunub on 2016-01-05 05:45:11 GMT from North America)
Tragic loss for Debian and the Linux world leaving a void that can never be filled. You will be missed Ian.
28 • Frequency of software updates - poll (by Hoos on 2016-01-05 09:08:35 GMT from Asia)
I have various distros which I take turns to use, so my updating of a particular distro tends to be done as and when I boot into it.
For the rolling distros (Manjaro, Semplice, Sabayon), I take more care to make sure I don't go more than 7-14 days without updating them.
However, I don't have any compunction to update them more frequently than once a week. I know some users enjoy updating every day or the minute the notifier informs them of updates, but not me. I agree with poster @22 that it is useful to have a buffer.
29 • Software updates (by Frosch on 2016-01-05 12:44:09 GMT from Europe)
I don't have a fixed schedule for software updates, sometimes I run "zypper dist-upgrade" twice a day, sometimes once a week, but I never wait more than two weeks without upgrading.
30 • update frequency (by Jordan on 2016-01-05 13:47:00 GMT from North America)
Don't you guys get a pop-up or other prompt notifying of available updates for your system? Don't you invoke the update process then?
31 • update frequency (by Frosch on 2016-01-05 15:04:59 GMT from Europe)
In theory, I should get such notifications, but most of the time I have upgraded before GNOME has noticed that updates were available :) I don't know how often GNOME is supposed to check for updates, but probably not so often (once a week or something like that). Since I use a rolling distribution, updates are frequent, so I like to install them manually (which is easy : open a terminal --> su --> zypper dup).
32 • @30 updates notifications (by a on 2016-01-05 15:34:56 GMT from Europe)
"Don't you guys get a pop-up or other prompt notifying of available updates for your system?"
Not as standard in Gentoo or Arch, no.
33 • update notifications (@32) (by Jordan on 2016-01-05 16:30:03 GMT from North America)
Oh. Never ran pure Arch or Gentoo. Manjaro and Sabayon, yeah.
Thanx for the reply.
34 • STUFF. (by Jessey Lawson on 2016-01-05 20:40:45 GMT from North America)
@Updates. I use my PC as a Gameing machine. I use Mint 17 and sevral PPA's. This has tought me that upgradeing is bad. I don't know how many times updateing breaks games on Mint, simply alot. Update muppen oh great it crashes now, update VBAM auido no longer works, update pulse-audio, boom auido broken (ubuntu's fault for removeing it in the first place in 14.04, ass hats!). I tried to update clemintime, boom the update breaks mono runtime. Wine is aweways borken.Upgrade to mint 17.3 (just don't) your intel wifi drivers fail. Yes I know it is not the kernal just the intel kernal drivers, still screw you clem! Update steam, then you have to deal with gigabites of updates and their goes your afternoon. Update love or renpy and you lose your love games because they need an older version and they don't work, same with renpy update came out boom can play my vissule noves. But the things that break most are the emmulators and my set up is mosty for emmualtion and steam games and as of Now Play Linux is not much better, send me hate mail I don't care.
@Ubuntu 16.04: I hope that 16.o4 has more updated community packages, I dought it, but I hope so.
35 • Packaging That Works (by Arch Watcher 402563 on 2016-01-05 22:33:12 GMT from North America)
@Kragle #24 An update will fix a bug far more often than cause one. You suffer software terror. I run auto updates with reboot every 24h. Contrary to Arch Canon Law it works fine thank you. And if I had official help from Arch (a package for the task) I might never need intervention. The Arch Gestapo won't let you believe it's even possible. Gentoo might be more tricky for all the compilation errors. Anyway google my handle to find tips on how to run a rolling distro with throttle if you want. As for rollback there's Arch Build System or NixOS. If NixOS weren't systemd, I'd try it myself. Nice concept.
@Jordan #30 Too few distros do pop-ups properly, particularly given security implications. I trace the issue to the attitude I just discussed. None really do, but a good package manager should emit notifications up the chain to some XDG or DBUS channel. Desktops should not have to poll it. Bigger apps should have update checks built-in (LibreOffice, Firefox).
@Serge #4 Any good package manager should manage keys by itself. Pacman does OK, if AUR helpers fail. Even pacman fails to prompt for key downloads on demand.
Yes there's trust bootstrap, but it's easy to verify key fingerprints for an ISO file check. And I like to see keyrings from one distro housed in another's to cross-install things. Arch has some Debian keyrings in its repos.
The real security threat is twofold, (1) RedHat's involvement with lettered agencies and military as the huge force in Linux it is, and (2) general mass stupidity of devs. Behold webmail firms doing PGP in JavaScript just because browsers haven't yet dropped PGP source code into their tree.
Maybe the name RedHat is a war declaration hidden in plain sight. You know all the terms: white hat, black hat, blue team, red team. Mash them to get 'RedHat.' Are we being war-gamed? I'm awaiting the Linux security apocalypse, when RedHat's system-d-minus announces a "firmware edition" running atop Intel's ring-minus-one blackblob CPU rootkit, while Intel increases firmware flash capacity to 1 GB.
36 • @16 paldo and gnome shell (by subg on 2016-01-06 07:02:59 GMT from North America)
paldo's maintainer is one of the original two developers who later authored Vala, so the Gnome desktop association for the 10+ years paldo has been around is no surprise, really.
It's possible that the use of Mono to power paldo's unique package manager, Upkg, may have been off-putting to some developers.
37 • paldo #36 (by 4tux on 2016-01-06 12:25:23 GMT from Europe)
That may well be true. Also, the first Paldo release was just 2 months after the first of Ubunto and we know about the massive migration of developers both into house or by developing derivative Distros. One thing about Paldo I think it's fantastic and unique: no other distro have so many packages in its stable releases that are the latest versions, as Paldo does. And still ..rock solid!
38 • HTTPS loads insecure content (by Satish on 2016-01-06 22:54:14 GMT from Europe)
I've "HTTPS Everywhere" extension installed, Chrome complains that "This page is trying to load scripts from unauthenticated sources". There is no green lock in the address bar.
39 • Chrome and unauthenticated sources (by Jesse on 2016-01-06 23:05:08 GMT from North America)
@38: Thanks for the heads up. We are still in the process of moving some items over to fully secure connections. The RSS feeds for example. We're trying to arrange it so that people who have a reason to stay on plain HTTP, for whatever reason, can still access everything while me transition to HTTPS. The warning messages you are seeing should be gone within a week.
40 • fedora + wayland (by jon hurt on 2016-01-06 23:22:29 GMT from Oceania)
fedora workstation's move to wayland will probably take some time to become bug free. rebecca black OS with wayland looks good but suffers from both system and application freezes.
41 • updates (by Jeffry Allred on 2016-01-06 23:37:50 GMT from North America)
I update my Linux OSes the same way I update OSX. When there is an update I update. Right? Wrong? I don't know. I tend to run Debian testing/unstable distros like Tanglu and I also can't resist that Icon on the task bar that says "update available". If it breaks then I just fix it. I keep redundant backups of all my important data so I don't worry (too much) about losing stuff.
42 • Deepin has official torrents (by Explorer09 on 2016-01-07 02:47:38 GMT from Asia)
At least for deepin 15, they have official torrent files in their cdimage server. There's no need for DistroWatch team to make one for them (well, expect for joining their list of trackers). Look here for official torrents: http://cdimage.linuxdeepin.com/releases/15/final/
43 • Ian Murdock (by firesheep angrylamb on 2016-01-07 07:45:49 GMT from Oceania)
Having created Debian free for the public, Ian Murdock was one of the better tech people. It looks like an internet bully got inside his head at the last moment. I hope they find him and give him some time in an orange jumpsuit.
44 • @35 / Software Updates (by Serge on 2016-01-07 09:34:16 GMT from North America)
"Any good package manager should manage keys by itself. Pacman does OK, if AUR helpers fail. Even pacman fails to prompt for key downloads on demand."
I meant about what happens when the user would like to install a program from outside the official repositories or mirrors of those official repositories, but would still prefer to have their package management system be aware of this program - in other words, download an unofficial package, install from an unofficial repository, or build the package themselves. I have a suspicion that too often users simply skip key checks in that case.
"Yes there's trust bootstrap, but it's easy to verify key fingerprints for an ISO file check. And I like to see keyrings from one distro housed in another's to cross-install things. Arch has some Debian keyrings in its repos."
This is a good point. If the files you are downloading also have corresponding hash files and corresponding signature files for those hash files, and you can verify that signature using a trusted public-key, then yeah, you've avoided having nothing but a CA cert store to keep you safe. The bootstrap problem is still there (how do you know that when you downloaded the installation image for your current operating system, the operating system you used to download that installation image wasn't compromised, or that that system wasn't downloaded on a compromised system, or or or?), but it's rather academic at that point.
Those who are aware of such things can insist on only downloading via web stuff that we know we can verify with a public-key that we trust. But what about for the average user? When the average user follows step-by-step instructions from a website for how to install a program he or she is downloading from that website, Is the average user going to have some means of trusting the public-key he or she is importing for verifying the signature of the hash? Is the average user even going to bother with: A) import key; B) verify the signature of the hash; and C) verify the hash, all just so that they can install some program? The package management system provides two things here: first, the public-keys it uses for the verifications are trustworthy; and second, all of those verifications are done automatically, without making the user jump through hoops. For those reasons, I still believe that using the operating system's package manager and getting programs from official repositories provides a substantial security benefit.
45 • Upgrades? (by Williamp on 2016-01-07 10:42:21 GMT from Europe)
Have PClinuxOS given up, there is never any news, not even in their excellent magazine. The last solid distribution was December 2014, and it was fine, but it can no longer be used for new installations. It's own help page suggests that upgrades should be made before 60 days are up, and that was the end of February last. Any attempt to install from this iso and then upgrade (now over 1G and it wont let you do things [locale, LibreOffice] unless you do) causes the restart to stall (sign in). Nowhere is there any help to overcome this barrier: it says something about the 'X server' but it is completely outside of my ability to understand, I'm not a geek, just a user. I have been looking for an alternative but found nothing, so much for 'choice' (perhaps Mageia), but what I would really like is my old Pclos back.
46 • @45 PCLOS updated images (by Hoos on 2016-01-07 15:22:24 GMT from Asia)
I recall that in an edition of Distrowatch Weekly in 2015, a poster in the comments section gave a webpage link where updated images of the various versions could be found.
47 • Ian and Debian (by cykodrone on 2016-01-07 15:59:56 GMT from North America)
He lived long enough to see Debian become RH's b1+c#. Sad on both accounts, RIP Sir Murdock.
48 • PCLinuxOS updates (by Jordan on 2016-01-07 17:49:10 GMT from North America)
@45 PCLinuxOS "announcements" section of their forums contains links to updated images and a lot of info about all that.
They haven't given up.
49 • HTTPS + Chrome (by scuttlebuck on 2016-01-07 18:39:48 GMT from North America)
I have seen issues with Chrome complaining about different security type things for at least 2 yrs...even when trying to access Google owned domains etc.. and even when it got google search loaded half my pages where in Thai.. I live in a Spanish speaking country and my default languages is English... I tend to think the problem with HTTPS is with Google Chrome not with anything else as no other browsers have the same problems..
I no longer use Chrome....
50 • HTTPS + Chrome (by Jesse on 2016-01-07 18:47:56 GMT from North America)
@49: The warning Chrome displays occurs any time there are both HTTPS-protected and non-HTTPS-protected items on the same page. Which means the warning will appear on a LOT of pages because many websites only encrypt traffic that is sensitive.
For example, with webmail, often times the login credentials will be sent over an encrypted connection, but the rest of the page (news, images) will be sent in plain-text.
This means the warning Chrome displays is valid, but whether it is important or the whole page is encrypted or not is up to the user. Most of the time it is not an issue, since only sensitive items (credentials, downloads, financial data) usually need encryption while the rest of the page is not security sensitive. It's actually a useful security feature Chrome has, but one most people do not understand which is why other browsers do not implement it, it tends to confuse people.
51 • Many Product Announcements Fall Short (by Ben Myers on 2016-01-08 15:15:23 GMT from North America)
A recent product announcement spoke about a new version, and gave a laundry list of packages that changed in the distro. I won't offend the owners of the product by naming it. Keeping packages up-to-date is all well and good. Packages get updated for good reasons including security fixes, code optimization, and maybe adding features themselves.
But when I read a product announcement on a web site, I want to know what VISIBLE features are new, what is different when I try out the latest distro. So tell me what compels me to try the latest revision of your distro, rather than the previous one.
52 • 51 • Amateur Marketing (by Fossilizing Dinosaur on 2016-01-08 19:02:15 GMT from North America)
Many distro groups can't afford professional editing. Is DW is a paid subscription service? Good editing is rare; many subscribe to the "Confusion to the Enemy" school of Marketing instead of the KISS tenets of Good Communication (or journalism). Cheap copy-and-paste often loses formatting in the process (compare to linked announcements, for example) but that doesn't prevent you from sifting through the pile for nuggets. If your patience lasts, of course. (Us cranky geezers may not have much left.)
53 • Ya gotta make some effort to sell it, or nobody buys it (by Ben Myers on 2016-01-09 02:22:10 GMT from North America)
@52 - AFAIK, Distrowatch is not a paid subscription service. (Jesse can speak more authoritatively than I.) The way it seems to work is that somebody releases a version of a distro tracked by Distrowatch. In turn, Jesse and friends take whatever blurb is submitted to them for the release, and they produce a short abstract.
If the text from the custodians of a distro talks only about package updates, then that's what gets put into the announcement on this web site. After all, it is unreasonable for Jesse & Co to conjure up something out of thin air.
So the responsibility for writing a notice about a new distro release falls squarely on the distro team. If what is written is wanting, people will be less likely to use a distro. I always thought that the purpose of an announcement was to get people to go ahead and use it. Maybe the distro teams need to add people with technical/marketing (a dirty word!) writing skills. People who know what they are writing about and are capable of writing clearly and concisely.
Fortunately, there are people in the trade press who are Linux sympathizers, at minimum. And even some who use Linux. Steven J Vaughn-Nichols is one. JR Watson another. So we hear good and maybe not so good words about the distros they have time to cover. But like the rest of us, their time is at a premium, and they do not have time to sift through a web site panning for nuggets. And they only have time to cover the mainstream distros.
So if nothing compelling is written by anyone about a distro, who is to try it? Jesse also does a wonderful service to the Linux community with his reviews. And again, his time limited, like the rest of us. Honestly, I do not know how he is able to do so much.
54 • Updating frequency (by ddalley on 2016-01-09 06:55:47 GMT from North America)
I update whenever I can. Since I use multiple USB memory sticks, that frequency is random, depending upon which stick-of-the-day that I choose. Linux Mint, and a few others, make updating easy, so I do it often.
55 • @Serge #44 Roger That or Maybe Not (by Arch Watcher 402563 on 2016-01-09 08:08:36 GMT from North America)
Erm, we said the same thing? Your mention of an "unofficial repository" meets my own notice that "pacman fails to prompt for key downloads on demand." Keys are needed for nonstandard packages or repos.
What should happen:
Mr. User runs pacman -S unofficial-thingy pacman detects lack of key(s) for repo and/or thingy pacman downloads key(s) pacman computes fingerprint(s) and prompts user for validation(s) if Y, pacman installs key(s) and unofficial-thingy
What currently happens:
Pacman/pacaur says verification fails Mr. User gets lost...What's a key? Can't you just install already?
I can't follow your bootstrap circles, but for MITM attacks, use SSL Observatory in HTTPS-Everywhere or another known mitigation technique.
56 • mint kde (by peer on 2016-01-10 08:31:03 GMT from Europe)
just upgraded mint kde 17.2 to 17.3
57 • upgrades & Mint KDE (by M.Z. on 2016-01-10 09:33:30 GMT from North America)
@56 - Mint KDE I did the same a few days ago soon after the upgrade was announced. The new mint tools are very nice, especially the upgrades to the software sources tools. LibreOffice 5 is also a nice addition. Trouble free as always, though I did have to run Grub Customizer yet again to into the new kernel after I installed that as well. I guess that's what I get for putting Mageia in charge of GRUB.
@24 - updates Both Mint & PCLinuxOS have kernel updates that are entirely optional, while I find most others like Mageia tend to offer the old kernel as a still installed fallback option. It's also worth noting that Mint in particular puts the user very much on control & only updates 'safe' categories by default, so it is very robust by the standards you mention. Also 'stable' systems like Debian tend to not put out nearly as many updates that Mint designates as level 4 & 5, so they also provide the robustness you speak of.
"why should the base operating system be updated more frequently? Wasn't it built right to start with?"
We are talking about software programmed by human beings, so there is no way to obtain total bug free perfection, even though it might be a nice hypothetical goal. Bugs exist, period, as do design flaws with hardware that often go unnoticed by typical users. The fact is that software is fairly quick & easy to fix, so why not take advantage of that fact, especially if it is unlikely to harm system stability?
Personally I tend to update fairly frequently, usually every day or so on all my main systems & every couple of weeks or so on my secondary system. I also tend to leave most level 4 & 5 updates in Mint completely alone, which keeps everything nice & stable. They way I run my systems I get plenty of stability & robust fallback options, so what's there to complain about?
58 • Survey response (by Leo on 2016-01-10 10:52:30 GMT from North America)
I usually update weekly but put aside 30mins to an 1hr just in case something breaks :)
59 • update\\\\\\upgrade\\\\\\\bugfix\\\\\\change management (by Kragle on 2016-01-10 17:31:18 GMT from North America)
The burned: 34 • "… updating breaks games … simply a lot … oh great it crashes now … audio broken … update clementine, boom the update breaks mono runtime … Wine is always broken … PlayOnLinux is not much better … (upgrade distro version) wifi drivers fail … the things that break most are the emulators … and there goes your afternoon. … upgrading is bad…"
The casually dismissive: 35 • "… fix a bug far more often than cause one. … auto updates with reboot every 24h … works fine …" 57 • "… unlikely to harm system stability … fairly quick & easy to fix … nice hypothetical …"
Clearly, 25 • "It depends …"
… on selectable Preferences (and ratings/categories?) and other controls, and thus … on responsible communication regarding changes (and best-practice packaging, and recovery procedure documentation) … on full-system backup copies that take hours/days/drives? (But will it actually restore? Some systems restore - to day zero!) … or on "incremental" backup copies… (how many?) … on "fall-back"/revert to some prior version? (After configurations were "improved"?) … on spare parts? Spare whole systems?
… and Your_Mileage_May_Vary
60 • anything can happen (by M.Z. on 2016-01-10 19:50:27 GMT from North America)
@59 - It depends... Well it's obviously been said a million times by a huge number of experts that backups are a very smart idea to the point that it has become an obvious refrain. Then again it's also said that you can slip on a banana peel & die suddenly tomorrow. The world is full of risks computerized & otherwise, so instead of hyperventilating about it just act smartly & geo about your business. I have most if not all of my important data on a USB stick & a couple of PCs. My backup hardware is second hand & was essentially free, & with a little technical knowledge most users could easily get & set up such a system, though only the people who worry about backups are likely to do so. Some who don't use backups also walk around public streets without insurance in spite of the risk of being hit by a truck. These folks live by the old French saying 'c'est la vie', and simply pick themselves up after S#^! Happens & try to muddle through.
Personally I live in the lightning capital of the USA, but I don't have a lightning rod in my yard. I even lost at least one tree in my yard to lightning, & in spite of it I don't live in fear. I do consider myself ahead of the game in the event of a total PC failure, because instead of simply saying 'that's life' to my PC failure risks I have copies of my files & I try to administer my systems smartly. Of course it all means nothing if a big enough meteor strikes at just the right angle, or if some rocket of at the Space Center goes careening off course & lands on me because of both mechanical failure & failures in backup detonation systems. There are plenty of terrible scenarios that aren't completely impossible, but it's not worth living life in fear so buckle you seat belts & get on with life. Also in between making your occasional file backups & buckling your seat belt, remember to never start smoking, you'll probably live longer :)
Number of Comments: 60
Display mode: DWW Only • Comments Only • Both DWW and Comments
| | |
TUXEDO |
TUXEDO Computers - Linux Hardware in a tailor made suite Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
|
Archives |
• Issue 1100 (2024-12-09): Oreon 9.3, differences in speed, IPFire's new appliance, Fedora Asahi Remix gets new video drivers, openSUSE Leap Micro updated, Redox OS running Redox OS |
• Issue 1099 (2024-12-02): AnduinOS 1.0.1, measuring RAM usage, SUSE continues rebranding efforts, UBports prepares for next major version, Murena offering non-NFC phone |
• Issue 1098 (2024-11-25): Linux Lite 7.2, backing up specific folders, Murena and Fairphone partner in fair trade deal, Arch installer gets new text interface, Ubuntu security tool patched |
• Issue 1097 (2024-11-18): Chimera Linux vs Chimera OS, choosing between AlmaLinux and Debian, Fedora elevates KDE spin to an edition, Fedora previews new installer, KDE testing its own distro, Qubes-style isolation coming to FreeBSD |
• Issue 1096 (2024-11-11): Bazzite 40, Playtron OS Alpha 1, Tucana Linux 3.1, detecting Screen sessions, Redox imports COSMIC software centre, FreeBSD booting on the PinePhone Pro, LXQt supports Wayland window managers |
• Issue 1095 (2024-11-04): Fedora 41 Kinoite, transferring applications between computers, openSUSE Tumbleweed receives multiple upgrades, Ubuntu testing compiler optimizations, Mint partners with Framework |
• Issue 1094 (2024-10-28): DebLight OS 1, backing up crontab, AlmaLinux introduces Litten branch, openSUSE unveils refreshed look, Ubuntu turns 20 |
• Issue 1093 (2024-10-21): Kubuntu 24.10, atomic vs immutable distributions, Debian upgrading Perl packages, UBports adding VoLTE support, Android to gain native GNU/Linux application support |
• Issue 1092 (2024-10-14): FunOS 24.04.1, a home directory inside a file, work starts of openSUSE Leap 16.0, improvements in Haiku, KDE neon upgrades its base |
• Issue 1091 (2024-10-07): Redox OS 0.9.0, Unified package management vs universal package formats, Redox begins RISC-V port, Mint polishes interface, Qubes certifies new laptop |
• Issue 1090 (2024-09-30): Rhino Linux 2024.2, commercial distros with alternative desktops, Valve seeks to improve Wayland performance, HardenedBSD parterns with Protectli, Tails merges with Tor Project, Quantum Leap partners with the FreeBSD Foundation |
• Issue 1089 (2024-09-23): Expirion 6.0, openKylin 2.0, managing configuration files, the future of Linux development, fixing bugs in Haiku, Slackware packages dracut |
• Issue 1088 (2024-09-16): PorteuX 1.6, migrating from Windows 10 to which Linux distro, making NetBSD immutable, AlmaLinux offers hardware certification, Mint updates old APT tools |
• Issue 1087 (2024-09-09): COSMIC desktop, running cron jobs at variable times, UBports highlights new apps, HardenedBSD offers work around for FreeBSD change, Debian considers how to cull old packages, systemd ported to musl |
• Issue 1086 (2024-09-02): Vanilla OS 2, command line tips for simple tasks, FreeBSD receives investment from STF, openSUSE Tumbleweed update can break network connections, Debian refreshes media |
• Issue 1085 (2024-08-26): Nobara 40, OpenMandriva 24.07 "ROME", distros which include source code, FreeBSD publishes quarterly report, Microsoft updates breaks Linux in dual-boot environments |
• Issue 1084 (2024-08-19): Liya 2.0, dual boot with encryption, Haiku introduces performance improvements, Gentoo dropping IA-64, Redcore merges major upgrade |
• Issue 1083 (2024-08-12): TrueNAS 24.04.2 "SCALE", Linux distros for smartphones, Redox OS introduces web server, PipeWire exposes battery drain on Linux, Canonical updates kernel version policy |
• Issue 1082 (2024-08-05): Linux Mint 22, taking snapshots of UFS on FreeBSD, openSUSE updates Tumbleweed and Aeon, Debian creates Tiny QA Tasks, Manjaro testing immutable images |
• Issue 1081 (2024-07-29): SysLinuxOS 12.4, OpenBSD gain hardware acceleration, Slackware changes kernel naming, Mint publishes upgrade instructions |
• Issue 1080 (2024-07-22): Running GNU/Linux on Android with Andronix, protecting network services, Solus dropping AppArmor and Snap, openSUSE Aeon Desktop gaining full disk encryption, SUSE asks openSUSE to change its branding |
• Issue 1079 (2024-07-15): Ubuntu Core 24, hiding files on Linux, Fedora dropping X11 packages on Workstation, Red Hat phasing out GRUB, new OpenSSH vulnerability, FreeBSD speeds up release cycle, UBports testing new first-run wizard |
• Issue 1078 (2024-07-08): Changing init software, server machines running desktop environments, OpenSSH vulnerability patched, Peppermint launches new edition, HardenedBSD updates ports |
• Issue 1077 (2024-07-01): The Unity and Lomiri interfaces, different distros for different tasks, Ubuntu plans to run Wayland on NVIDIA cards, openSUSE updates Leap Micro, Debian releases refreshed media, UBports gaining contact synchronisation, FreeDOS celebrates its 30th anniversary |
• Issue 1076 (2024-06-24): openSUSE 15.6, what makes Linux unique, SUSE Liberty Linux to support CentOS Linux 7, SLE receives 19 years of support, openSUSE testing Leap Micro edition |
• Issue 1075 (2024-06-17): Redox OS, X11 and Wayland on the BSDs, AlmaLinux releases Pi build, Canonical announces RISC-V laptop with Ubuntu, key changes in systemd |
• Issue 1074 (2024-06-10): Endless OS 6.0.0, distros with init diversity, Mint to filter unverified Flatpaks, Debian adds systemd-boot options, Redox adopts COSMIC desktop, OpenSSH gains new security features |
• Issue 1073 (2024-06-03): LXQt 2.0.0, an overview of Linux desktop environments, Canonical partners with Milk-V, openSUSE introduces new features in Aeon Desktop, Fedora mirrors see rise in traffic, Wayland adds OpenBSD support |
• Issue 1072 (2024-05-27): Manjaro 24.0, comparing init software, OpenBSD ports Plasma 6, Arch community debates mirror requirements, ThinOS to upgrade its FreeBSD core |
• Issue 1071 (2024-05-20): Archcraft 2024.04.06, common command line mistakes, ReactOS imports WINE improvements, Haiku makes adjusting themes easier, NetBSD takes a stand against code generated by chatbots |
• Issue 1070 (2024-05-13): Damn Small Linux 2024, hiding kernel messages during boot, Red Hat offers AI edition, new web browser for UBports, Fedora Asahi Remix 40 released, Qubes extends support for version 4.1 |
• Issue 1069 (2024-05-06): Ubuntu 24.04, installing packages in alternative locations, systemd creates sudo alternative, Mint encourages XApps collaboration, FreeBSD publishes quarterly update |
• Issue 1068 (2024-04-29): Fedora 40, transforming one distro into another, Debian elects new Project Leader, Red Hat extends support cycle, Emmabuntus adds accessibility features, Canonical's new security features |
• Issue 1067 (2024-04-22): LocalSend for transferring files, detecting supported CPU architecure levels, new visual design for APT, Fedora and openSUSE working on reproducible builds, LXQt released, AlmaLinux re-adds hardware support |
• Issue 1066 (2024-04-15): Fun projects to do with the Raspberry Pi and PinePhone, installing new software on fixed-release distributions, improving GNOME Terminal performance, Mint testing new repository mirrors, Gentoo becomes a Software In the Public Interest project |
• Issue 1065 (2024-04-08): Dr.Parted Live 24.03, answering questions about the xz exploit, Linux Mint to ship HWE kernel, AlmaLinux patches flaw ahead of upstream Red Hat, Calculate changes release model |
• Issue 1064 (2024-04-01): NixOS 23.11, the status of Hurd, liblzma compromised upstream, FreeBSD Foundation focuses on improving wireless networking, Ubuntu Pro offers 12 years of support |
• Issue 1063 (2024-03-25): Redcore Linux 2401, how slowly can a rolling release update, Debian starts new Project Leader election, Red Hat creating new NVIDIA driver, Snap store hit with more malware |
• Issue 1062 (2024-03-18): KDE neon 20240304, changing file permissions, Canonical turns 20, Pop!_OS creates new software centre, openSUSE packages Plasma 6 |
• Issue 1061 (2024-03-11): Using a PinePhone as a workstation, restarting background services on a schedule, NixBSD ports Nix to FreeBSD, Fedora packaging COSMIC, postmarketOS to adopt systemd, Linux Mint replacing HexChat |
• Issue 1060 (2024-03-04): AV Linux MX-23.1, bootstrapping a network connection, key OpenBSD features, Qubes certifies new hardware, LXQt and Plasma migrate to Qt 6 |
• Issue 1059 (2024-02-26): Warp Terminal, navigating manual pages, malware found in the Snap store, Red Hat considering CPU requirement update, UBports organizes ongoing work |
• Issue 1058 (2024-02-19): Drauger OS 7.6, how much disk space to allocate, System76 prepares to launch COSMIC desktop, UBports changes its version scheme, TrueNAS to offer faster deduplication |
• Issue 1057 (2024-02-12): Adelie Linux 1.0 Beta, rolling release vs fixed for a smoother experience, Debian working on 2038 bug, elementary OS to split applications from base system updates, Fedora announces Atomic Desktops |
• Issue 1056 (2024-02-05): wattOS R13, the various write speeds of ISO writing tools, DSL returns, Mint faces Wayland challenges, HardenedBSD blocks foreign USB devices, Gentoo publishes new repository, Linux distros patch glibc flaw |
• Issue 1055 (2024-01-29): CNIX OS 231204, distributions patching packages the most, Gentoo team presents ongoing work, UBports introduces connectivity and battery improvements, interview with Haiku developer |
• Issue 1054 (2024-01-22): Solus 4.5, comparing dd and cp when writing ISO files, openSUSE plans new major Leap version, XeroLinux shutting down, HardenedBSD changes its build schedule |
• Issue 1053 (2024-01-15): Linux AI voice assistants, some distributions running hotter than others, UBports talks about coming changes, Qubes certifies StarBook laptops, Asahi Linux improves energy savings |
• Issue 1052 (2024-01-08): OpenMandriva Lx 5.0, keeping shell commands running when theterminal closes, Mint upgrades Edge kernel, Vanilla OS plans big changes, Canonical working to make Snap more cross-platform |
• Issue 1051 (2024-01-01): Favourite distros of 2023, reloading shell settings, Asahi Linux releases Fedora remix, Gentoo offers binary packages, openSUSE provides full disk encryption |
• Issue 1050 (2023-12-18): rlxos 2023.11, renaming files and opening terminal windows in specific directories, TrueNAS publishes ZFS fixes, Debian publishes delayed install media, Haiku polishes desktop experience |
• Issue 1049 (2023-12-11): Lernstick 12, alternatives to WINE, openSUSE updates its branding, Mint unveils new features, Lubuntu team plans for 24.04 |
• Issue 1048 (2023-12-04): openSUSE MicroOS, the transition from X11 to Wayland, Red Hat phasing out X11 packages, UBports making mobile development easier |
• Issue 1047 (2023-11-27): GhostBSD 23.10.1, Why Linux uses swap when memory is free, Ubuntu Budgie may benefit from Wayland work in Xfce, early issues with FreeBSD 14.0 |
• Issue 1046 (2023-11-20): Slackel 7.7 "Openbox", restricting CPU usage, Haiku improves font handling and software centre performance, Canonical launches MicroCloud |
• Full list of all issues |
Star Labs |
Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.
|
Random Distribution |
Anonym.OS LiveCD
Anonym.OS LiveCD was a bootable live CD based on OpenBSD that provides a hardened operating environment whereby all ingress traffic was denied and all egress traffic was automatically and transparently encrypted and/or anonymised.
Status: Discontinued
|
TUXEDO |
TUXEDO Computers - Linux Hardware in a tailor made suite Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
|
Star Labs |
Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.
|
|