DistroWatch Weekly |
DistroWatch Weekly, Issue 649, 22 February 2016 |
Welcome to this year's 8th issue of DistroWatch Weekly!
One of the tallest hurdles new Linux users face when switching from other operating systems is that their computer looks and acts differently when running a Linux distribution. New Linux users not only need to deal with new ways of installing software and a different file system layout, but the interface looks alien too. The Zorin OS project strives to make new Linux users feel at home by providing a desktop environment that should feel pleasantly familiar to former Windows and OS X users. Joshua Allen Holm explores the latest release of Zorin OS and reports on his experience. In this issue we also discuss how to quickly and easily sandbox applications for enhanced security using Firejail. Sandboxing isolates programs and protects the rest of the operating system from misbehaving software and we explore the many ways in which Firejail can protect us. In our News section we discuss openSUSE's Tumbleweed and delays the project faces in making new snapshots. Plus, we share two new editions of openSUSE specifically designed with KDE users in mind. We also talk about new features coming to Ubuntu 16.04, the Antergos distribution's updated installer and plans to change the name of Debian's Iceweasel package. We also share a report about a link to a compromised Linux Mint ISO image being planted on the Mint distribution's web server. Then we share the torrents we are seeding and cover last week's releases. In our Opinion Poll we ask which package manager our readers are using. We wish you all a pleasant week and happy reading!
Content:
|
Feature Story (by Joshua Allen Holm) |
A review of Zorin OS 11 Core
Zorin OS is an Ubuntu-based distribution designed to provide a familiar desktop experience to Windows users. Normally, there are four different versions of Zorin OS for each release: Core, Lite, Business, and Ultimate. The Core and Lite versions are free, while the Business and Ultimate versions cost €8.99 and €9.99 respectively. The paid versions come with support and a few extra features. For Zorin OS 11, only Core and Ultimate are available at I write this. For this review, I will be looking at the Core release, but I will touch upon some of the extra features available in the paid versions.
Zorin OS 11 is based on Ubuntu 15.10 and uses version 4.2 of the Linux kernel. Zorin OS 11 Core and Zorin OS 11 Ultimate are both available in 32-bit and 64-bit versions. The 64-bit Zorin OS 11 Core ISO I downloaded for this review was 1.6GB. Version 11 will be supported until July 2016. Users interested in what Zorin OS offers, but in need of a distribution with a longer support period can use Zorin OS 9, which is based on Ubuntu 14.04 LTS and is supported until April 2019. In addition, the LTS release also has free Educational and Educational Lite versions along with the four editions listed above.
Because Zorin OS 11 is Ubuntu 15.10 with added packages, the installation experience will seem familiar to anyone who has ever used Ubuntu or one of its other derivatives. Create a bootable flash drive using the ISO, boot computer using the flash drive, and Zorin OS starts up. Very quickly, the user is presented with the option to try Zorin OS or install Zorin OS. The Try option loads the desktop environment and lets the user play around with a fully functional system, and the Install option runs a slightly customized version of Ubuntu's familiar Ubiquity installer.
Being based on Ubuntu does provides Zorin OS with the benefits of a familiar installer and a large selection of software packages, but it is what Zorin OS adds and changes that makes it stand apart. Instead of using Ubuntu's Unity desktop and changing the window decorations and other artwork, or doing the same with some other desktop environment, Zorin OS uses a combination of components in a unique desktop experience. Most of the applications used are from GNOME 3.16, but instead of GNOME Shell, Avant Window Navigator, Compiz, and a custom Zorin Start menu/launcher create a desktop experience that behaves a lot like Windows.
Zorin OS 11 -- The default desktop environment
(full image size: 894kB, resolution: 1366x768 pixels)
The default desktop is designed to work like Windows 7. It is not a perfect clone, but it does behave similarly enough that it should provide a comfortable experience for users who only have experience with using Windows. What is really nice about this Windows 7 clone is that it behaves like Windows 7, but it does have its own unique look. Zorin OS's look and feel is visually distinct and provides an attractive and consistent user experience. At least among the bundled applications, nothing ever looked out of place.
Zorin OS 11 -- Custom Firefox start page
(full image size: 154kB, resolution: 1366x768 pixels)
For users that want something a little different, two other desktop styles are available in Zorin OS Core. The desktop can work like Windows XP or GNOME 2. Switching to Windows XP mode changes the layout of the application menu to one that closely matches the Windows XP Start menu and makes other changes to make the system behave more like Windows XP. Switching to GNOME 2 mode uses the traditional, two-panel GNOME layout. Users of the paid versions also have the option of using Mac OS X, Unity, and Windows 2000 layouts. In addition to being able to change the behaviour of the desktop, Zorin OS comes with three color themes (White, Black, and Dark), each of which can be customized with five different highlight colours (Blue, Green, Orange, Red, and Grey).
Zorin OS 11 -- Look and theme changers
(full image size: 720kB, resolution: 1366x768 pixels)
Of the three desktop layouts available in Zorin OS 11 Core, I much prefer the Windows 7 mode. It seems to be the most polished of the three. When I tried to use Windows XP mode on my test machine, I found the right-click menu for items in the application menu to be completely unusable; it required me to hold down the right click button to keep the menu open, making it impossible to left-click on the items in the menu with my laptop's touchpad. I had no problem right-clicking in other places in Windows XP mode, only the Zorin application menu had problems. If my touchpad had two physical mouse buttons, it would probably work better. When I tried out Zorin OS in a virtual machine, the differences in how mouse/touchpad events were handled were enough for me to be able to use the right-click menus like I should be able to. GNOME 2 mode was nice, but oddly used monochrome icons in the application menu, which looked strange because only some of the applications had monochrome icons available, making the menu look very inconsistent.
Truthfully, I do not understand the logic behind making only half of the desktop layouts available to users of the free versions of the distribution. I can understand having a paid version, and I can understand having premium features. I just do not understand the reasoning behind the premium features the Zorin OS developers have selected. In addition to the three extra desktop layouts mentioned above, the paid versions also come with a utility to change the splash screen displayed during the boot process and a utility for using video as the desktop wallpaper. None of the premium features are ones that would entice me to move up to the paid versions.
Aside from the work done creating the multiple desktop layouts, the distribution is not much different than any other Debian style Linux running the GNOME desktop environment. The core bundled applications are largely what one would expect: Firefox, LibreOffice, and the usual GNOME applications and utilities. However there are some notable differences. The default e-mail client is Geary and the OpenShot video editor is installed by default. Even though Firefox is the default browser, a utility is included to help the user install Google Chrome, GNOME Web, and Midori, should they wish to use one of those browsers instead. Zorin OS also includes WINE, WineTricks and PlayOnLinux by default, making it easier for Windows users to make the transition to Linux. Like Ubuntu, Zorin OS does come with "restricted extras" like mp3 support and Adobe's Flash Player.
Zorin OS 11 -- Installing alternative web browsers
(full image size: 1.0MB, resolution: 1366x768 pixels)
If the bundled applications are not enough, Software Centre and Synaptic Package Manager are available for users to add whatever software they want. Everything that is available in the Ubuntu 15.10 repositories is there, so there is plenty of software to choose from. For hardware support, Zorin OS can install proprietary drivers just like Ubuntu and it even includes a graphical tool for using ndiswrapper to install Windows wireless networking card drivers.
On my test machine, Zorin OS 11 Core performed nicely. With no applications running, the system used approximately 950MB of RAM and switching between the different desktop layouts did not seem to alter the memory usage. Minor issues with the Windows XP and GNOME 2 desktop modes aside, Zorin OS 11 Core is a very solid release. It makes good use of its Ubuntu core while developing its own identity. It just is not a very exciting release.
My experience with Zorin OS 11 Core was positive. I liked it well enough, I am just not sure I would recommend this particular release of Zorin OS to Windows users looking to make the switch to Linux. The current Long Term Support release, sure. A future version based on Ubuntu 16.04 LTS, almost certainly. Do not get me wrong, Zorin OS 11 is very good, but it will only be supported for six months, making it a hard sell to Windows users used to longer time periods between releases. That said, I do encourage Linux users with an interest in user interface design to give Zorin OS a test drive. A user interface that can transition between three different desktop styles (six in the paid versions) on the fly is worth exploring if only just to learn from it.
* * * * *
Hardware used in this review
My physical test equipment for this review was an Acer TravelMate X483 laptop with the following specifications:
- Processor: Quad-core 1.5GHz Intel Core i3-2375M CPU
- Storage: Seagate 500GB 5400 RPM hard drive
- Memory: 4GB of RAM
- Networking: Qualcomm Atheros AR9462 Wireless Network Adapter
- Display: Intel HD Graphics 3000
|
Miscellaneous News (by Jesse Smith) |
Tumbleweed hits a speed bump, openSUSE launches two new editions, Ubuntu 16.04 to ship with ZFS support and GNOME Software, Antergos gains ZFS support, Debian's Iceweasel might be renamed to Firefox, Linux Mint's web server compromised
Tumbleweed is the openSUSE project's rolling release edition. Tumbleweed receives regular updates and snapshots which showcase the latest versions of open source packages. Last week the openSUSE project announced Tumbleweed has hit a speed bump as their testing systems (called workers) are overloaded. "The automated testing of openQA is currently running with only two workers left instead of the usual ten. The remaining workers are largely overloaded and can't cope with the workload to produce new snapshots. Various solutions are being evaluated to get new workers for openQA, which includes borrowing machines from other SUSE owned instances. Thank you SUSE! The team has opted to hold back creating new snapshots until more workers for openQA become available." This blog post provides a list of pending updates to Tumbleweed.
In other openSUSE news, the project has announced two new editions for people who want to experience the latest software coming out of the KDE project. "The release of Argon, which is a live installable image based on openSUSE Leap, and Krypton, which is a live installable image based on openSUSE Tumbleweed, offer packages built for KDE Git using stable and tested openSUSE technologies to track the latest development state of KDE software. Users have a choice on how they get up-to-date packages of Qt and other additional cutting-edge offerings from KDE through the Argon and Krypton live installable images, built directly from the latest sources in KDE Git through the Open Build Service." More information on the Argon and Krypton editions can be found on the project's news page.
* * * * *
Last week Dustin Kirkland, a member of the Ubuntu Product and Strategy Team, reported that Ubuntu 16.04 will be shipping with support for ZFS, an advanced storage pool and file system technology. ZFS has been popular in the Solaris and FreeBSD communities and provides such useful features as file system snapshots, copy-on-write and automatic repair. "What does `support' mean? You'll find [the] zfs.ko [kernel module] automatically built and installed on your Ubuntu systems. No more DKMS-built modules! The user space zfsutils-linux package will be included in Ubuntu Main, with security updates provided by Canonical (as soon as this MIR is completed). As always, industry leading, enterprise class technical support is available from Canonical with Ubuntu Advantage services." This news follows Debian's announcement stating ZFS will soon be an optional add-on through Debian's software repositories. Documentation for using ZFS storage pools on Ubuntu can be found on the distribution's wiki.
In related news, Ubuntu 16.04 is expected to drop the Ubuntu Software Centre as the primary package manager. In its place, the distribution will ship with GNOME Software, a more streamlined package manager. Iain Lane posted to the Ubuntu developer mailing list: "We're switching from Ubuntu Software Center to GNOME Software, and many packages need fixing in order to show up there. As you might know, we will be moving to GNOME Software for our default software management application for the 16.04 release."
* * * * *
The Antergos developers have updated their distribution's system installer, Cnchi. Among the changes and bug fixes, one feature in particular stands out: "The most notable change in Cnchi 0.14 is beta support for ZFS (in Automatic Installation Mode). It is now possible to install Antergos with ZFS as your chosen file system. You simply tell Cnchi which drive to use and it will take care of formatting the drive and configuring ZFS for you." Further details on Cnchi's ZFS support and other changes can be found in the project's announcement.
* * * * *
Years ago the Debian project renamed their Firefox package to Iceweasel. This change in brand was brought about due to a complex situation where Debian was patching the Firefox software and therefore running into conflict with Mozilla's trademark agreement. In short, Debian's copy of Firefox was different from Mozilla's version of Firefox and therefore Debian could no longer call their web browser Firefox. The Debian project named their patched version of Mozilla's web browser Iceweasel. Times change and it looks as though there may no longer be a conflict between Mozilla and the Debian project, meaning Debian may be able to call their copy of the Mozilla browser Firefox again. Sylvestre Ledru has suggested Debian resume using the name Firefox in order to avoid confusion and reduce the effort to maintain the web browser package. "Mozilla & Debian both acknowledge that the branding issue mentioned in bug 354622 is no longer relevant. The Firefox logo was released under a free copyright license which matches the DFSG. To simplify the maintenance of the current stable Debian release, the name Iceweasel will remain. Debian Stretch, the next release, will have Firefox as package name."
* * * * *
Linux Mint's lead developer, Clement Lefebvre, announced over the weekend that an attacker had broken into one of the project's servers and replaced a link to an ISO file with a link to a compromised version of the distribution. "What happened? Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it. Does this affect you? As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition. If you downloaded another release or another edition, this does not affect you. If you downloaded via torrents or via a direct HTTP link, this doesn't affect you either. Finally, the situation happened today, so it should only impact people who downloaded this edition on February 20th." The Linux Mint blog has additional details and checksums for the project's media so Mint users can verify the status of their installation media. Since the original post, the Linux Mint team has asked members of their support forum to change their passwords on other websites if people have been using the same password for multiple accounts.
|
Tips and Tricks (by Jesse Smith) |
The Firejail security sandbox
Sandboxing is a term which describes isolating programs from each other (or from specific system resources) by limiting their scope or access to parts of the operating system. There are many forms sandboxing can take, from virtual machines to Docker containers. Other mechanisms we can use to isolate processes from resources include SELinux, AppArmor and control groups. These tools are lightweight and powerful, but they can be quite tricky to set up, especially for inexperienced users. SELinux in particular uses a cryptic syntax which people find difficult to master.
Luckily, for those of us who want lightweight, powerful security that is easy to use there is Firejail. The Firejail project describes its software as follows:
Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccomp-bpf and Linux capabilities. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table. Firejail can work in a SELinux or AppArmor environment, and it is integrated with Linux control groups.
Firejail allows us to quickly and easily prevent a process from accessing certain files or directories, disable a process's ability to gain access to the root account, block or limit networking access and set up temporary file systems for an application to use which will later be discarded. We will get to Firejail's long list of powerful features in a moment. First, we need to actually download and install Firejail.
The Firejail software is available in the repositories of Debian, Ubuntu and their derivative distributions. The Firejail project also maintains packages and installation instructions for a variety of Linux distributions, including Fedora, CentOS, openSUSE, Gentoo and Arch Linux. Apart from the Firejail command line software, the project also maintains a desktop application which can be used to sandbox some popular applications with a base level of security. I will come back to the desktop application later, first I would like to start with the command line program.
Before getting into my hands-on experiences with Firejail, I want to acknowledge Firejail has excellent documentation. The Firejail manual page clearly explains what Firejail does, covers the available options and provides a lot of practical examples we can try. It is not often I encounter a piece of software with such clear documentation and it really gave me a good first impression of Firejail.
Typically, when we want to run an application inside a Firejail sandbox, we can simply run the firejail command and pass it the name of the program we want to run. For example, we can launch Firefox using
firejail firefox
The above command sets up a sandbox and launches Firefox. The web browser will have limited access to our file system and only be able to save files in a few locations, such as our Downloads directory. This means that if a website hijacks our web browser, it will only be able to save files to designated places, like Downloads, but will not be able to over-write files in our Documents folder, protecting us from threats like randsomware.
When we run Firejail, the sandboxing software looks at the name of the application we want to run in the sandbox -- Firefox in the above example. Firejail then looks through a list of known profiles which are stored in the /etc/firejail/ directory. When a matching profile is found, that profile's rules are loaded and enforced. Firejail ships with a default set of profiles for around 50 applications, including Chrome, Firefox, Opera, Thunderbird, the VLC media player, XChat, Filezilla and Transmission. If we try to run an application inside a sandbox and Firejail has no existing profile for the application, a generic profile will be used. The generic profile blocks access to most sensitive files, including common virtual machine locations. Much of our home directory becomes read-only as do important configuration files. Access to the root user account is also blocked to prevent programs run with a generic profile from causing too much trouble on our operating system.
The profiles Firejail uses are written in a clear syntax with one rule on each line of the file. This makes it quite straight forward to modify existing rules or to create new ones. For instance, to block access to the /etc/ directory we could use the line
blacklist /etc
To grant read-only access to our personal collection of programs, stored in the bin directory of our home, we can use the rule
read-only ${HOME}/bin
To make sure our sandboxed program will always have access to our Downloads directory so it can save files, we can use the instruction
whitelist ${DOWNLOADS}
What I like about this fairly simple style of syntax is that it tends to be easier to read than AppArmor's profile files. Plus, it is much more clear what Firejail's instructions are doing when we compare them against SELinux's often cryptic rules.
Firejail does not just allow or block access to specific files and directories, the sandboxing software provides a number of other useful features. One of the options I explored was limiting upload and download bandwidth. Many programs include this feature built in, but bandwidth is usually a set-and-forget setting, meaning we cannot change it later. Firejail allows us to dynamically adjust bandwidth usage. This means we could start downloading a file at full speed, then limit its bandwidth with Firejail later, perhaps to allow us to stream a video. Then we can resume the download at full speed later on.
The Firejail software allows us to turn off some features. For example, we can disable sound using the "--nosound" command line parameter. Let's say we want to run a game with the sound disabled, we can use Firejail like this:
firejail --nosound supertuxkart
Another feature of Firejail I liked was the ability to disable access to the root account. Firejail can block access to the root user's account, preventing many types of local exploits. Access to networking features that require root access (like the ping command) is then unavailable. Sandboxes also disable access to tools used to become root, such as sudo and the su command.
Yet another aspect of Firejail I like is if we run the sandbox without any application specified, Firejail runs a command line shell in its sandbox. This allows us to run most command line programs is a very clean environment (there are just two processes visible to the sandboxed shell: Firejail and the shell itself). With access to most commands and features, but with access to root blocked and other users' processes rendered invisible, this gives us a relatively safe environment in which to experiment. (Though, by default, we can still delete many of our own files, so care should still be taken.)
We can use Firejail to open a command line shell that runs in a sandbox we have already opened. This means we can manipulate the process we are running in the sandbox via the command line shell after the sandbox has been created. This can be accomplished by listing the sandboxes we are currently running and then running Firejail with the "--join" flag. For example:
firejail vlc &
firejail --list
12733:jesse:firejail vlc
firejail --join=12733
In the above example, we launch a sandbox with the VLC multimedia player. The next command lists all running sandboxes with their identification numbers in the first field. We can then open a shell in the existing sandbox using the "firejail --join" command. When we are done exploring the sandbox, typing "exit" returns us to the normal, non-sandboxed environment while VLC continues to run in its sandbox.
One last feature of Firejail that I enjoyed was the ability to create a file system over top of the existing file system. This basically gives us an empty file system in which to work. Any files we create or destroy are temporary as the sandboxed file system is destroyed when our application is closed. This is a useful feature to have when we are dealing with a potentially destructive program or we need to set up a very specific test environment. The only downside I found to this feature is it requires relatively modern kernels, the system needs to be running Linux 3.18 (or newer) for the temporary file system to work.
Firetools 0.9.30 -- Running Firefox in a sandbox
(full image size: 383kB, resolution: 1280x1024 pixels)
Most of the powerful features of Firejail are accessible through its command line program, but the project does offer a desktop front-end that will provide the necessary features most people will want. The desktop sandbox launcher is called Firetools. The Firetools program displays a red launch bar on our desktop with a list of popular program icons. Double-clicking on a program's icon launches the selected application in a sandbox. Right-clicking on an icon gives us the option of changing the parameters the application runs with. There is an empty section of the Firetools launcher and right-clicking on it gives us the chance to add a new program to the launch bar. Right-clicking on the launcher and selecting "Tools" brings up an information screen where we can see a list of running applications and resource statistics. Clicking a button labelled "Join" opens a terminal window inside the selected sandbox. This is about the extent to which we can use Firetools, but it is what I think most people will find useful. People who want to run Firefox or Thunderbird without digging down to the command line will benefit from this point-n-click interface that requires no configuration on their part.
Firetools 0.9.30 -- Monitoring a sandbox
(full image size: 365kB, resolution: 1280x1024 pixels)
I am far from the first person to review Firejail and I peeked at some of the comments other people have made about the Firejail software. I was a bit disappointed to see many have a lukewarm opinion of the sandboxing software. Not because it lacks features or fails to produce the desired results: everyone seems to agree Firejail works as advertised. But some other reviewers have suggested that Linux is secure enough on its own. They seem to feel we have sane file permissions, SELinux, AppArmor and Docker containers, why do we need a new security tool? Open source software usually behaves itself so why do we even need to sandbox it?
I have a few thoughts to share on the nature of Firejail and its usefulness, some of which are in response to these sceptics. One point I would like to make is that SELinux and AppArmor are relatively cryptic to work with. SELinux in particular has a reputation for being hard to troubleshoot. Docker, while relatively easy to set up, still takes some command line know-how to get working properly and is not designed with end-users in mind. These tools are intended to be used by developers and system administrators. An end user will rarely fiddle with their features or even be aware if these technologies are working. In comparison, Firejail is end-user friendly. It has a nice graphical interface, so one need not drop to a command line shell. Even if we do end up exploring the command line options, Firejail has a simple, clear syntax and the documentation provides practical examples to follow.
Firejail may not be the best technical solution, but it is much more likely to be used by a wide audience because Firejail provides good security with virtually no effort on the part of the user. Firejail also makes it easier to set up profiles for new applications so the list of programs Firejail can work with can be expanded quickly.
On Linux our software is usually open source and comes from vetted repositories so there is less chance we will be hit by malware or misbehaving software. However, there are unknown bugs and exceptions to be considered. Many Linux users install non-open applications such as Steam or the Chrome web browser. Some of us might have other non-open programs on our systems and it is nice to have these locked down to prevent any unexpected behaviour. Firejail does this in a simple manner. All programs, even audited open source applications, can have exploitable bugs and Firejail limits the damage an attacker can do by hijacking our web browser or media player.
In brief, Firejail provides a useful layer of protection, is easy to set up and requires virtually no knowledge to use. This means Firejail can be used with very little effort and no understanding of the underlying technologies being leveraged. At first I was a little worried Firejail might gobble up resources or result in poor performance. However, I found Firejail had no visible impact on the performance of applications like Firefox, VLC and Steam. There was no increase in CPU usage when using Firejail. Running the Firefox web browser inside a sandbox used less than 50MB more memory than running Firefox without the sandbox. The Firejail software isolates processes, increases our security, uses very few resources and requires almost no effort to use. In today's world of security breaches and privacy concerns, my opinion is: Why wouldn't someone use Firejail?
|
Torrent Corner |
Weekly Torrents
Bittorrent is a great way to transfer large files, particularly open source operating system images, from one place to another. Most bittorrent clients recover from dropped connections automatically, check the integrity of files and can re-download corrupted bits of data without starting a download over from scratch. These characteristics make bittorrent well suited for distributing open source operating systems, particularly to regions where Internet connections are slow or unstable.
Many Linux and BSD projects offer bittorrent as a download option, partly for the reasons listed above and partly because bittorrent's peer-to-peer nature takes some of the strain off the project's servers. However, some projects do not offer bittorrent as a download option. There can be several reasons for excluding bittorrent as an option. Some projects do not have enough time or volunteers, some may be restricted by their web host provider's terms of service. Whatever the reason, the lack of a bittorrent option puts more strain on a distribution's bandwidth and may prevent some people from downloading their preferred open source operating system.
With this in mind, DistroWatch plans to give back to the open source community by hosting and seeding bittorrent files. For now, we are hosting a small number of distribution torrents, listed below. The list of torrents offered will be updated each week and we invite readers to e-mail us with suggestions as to which distributions we should be hosting. When you message us, please place the word "Torrent" in the subject line, make sure to include a link to the ISO file you want us to seed. To help us maintain and grow this free service, please consider making a donation.
The table below provides a list of torrents we currently host. If you do not currently have a bittorrent client capable of handling the linked files, we suggest installing either the Transmission or KTorrent bittorrent clients.
Archives of our previously seeded torrents may be found here. All torrents we make available here are also listed on the very useful Linux Tracker website. Thanks to Linux Tracker we are able to share the following torrent statistics.
Torrent Corner statistics:
- Total torrents seeded: 165
- Total data uploaded: 29.4TB
|
Released Last Week |
Univention Corporate Server 4.1-1
Univention Corporate Server (UCS) is a Debian-based distribution for businesses that features Active Directory compatible domain services. The latest version of UCS, 4.1-1, offers a minor update to the project's 4.1 series and presents users with updated hardware support, improved Active Directory compatibility and improvements to the distribution's App Center. "We are pleased to announce the availability of UCS 4.1-1 for download, the first point release of Univention Corporate Server (UCS) 4.1. It includes all errata updates issued for UCS 4.0-0 and provides various improvements and bug fixes especially in the following areas: The Linux kernel has been updated to 4.1.16. This includes several security updates as well as new and updated drivers for better hardware support. The compatibility to Active Directory has been improved with the Samba update to 4.3.3...." Further details can be found in the project's release announcement and in the release notes.
ReactOS 0.4.0
Ziliang Guo has announced the release of ReactOS 0.4.0, a major new update of the built-from-scratch operating system that attempts to clone the design of the Microsoft Windows NT architecture. This release brings many dramatic improvements, including USB and wireless networking support: "Nearly ten years ago the ReactOS project released version 0.3.0. Today we are proud to announce the formal release of version 0.4.0. A great deal of work has gone into making this release happen and, as we look back, it is remarkable to consider how far the project has come since that release a decade ago. Here we document some of the highlights that separate 0.4.0 from not just the 0.3.17 release but also the cumulative achievements that the 0.3.x series achieved. User-centric improvements: ext2 read/write and NTFS read support; new explorer shell and theme support; SerialATA support; sound support; USB support; VirtualBox and VirtualPC support; wireless networking." Read the rest of the release announcement for detailed information and a screenshot.
ReactOS 0.4.0 -- The default desktop environment
(full image size: 24kB, resolution: 1280x1024 pixels)
Ubuntu 14.04.4
Adam Conrad has announced the availability of Ubuntu 14.04.4. This release represents an set of fresh and up-to-date installation media for Ubuntu 14.04 and does not represent a new version of the Ubuntu distribution. The release announcement mentions new installation media is available for the Ubuntu community editions: Edubuntu, Kubuntu, Lubuntu, Ubuntu Studio, Ubuntu GNOME, Ubuntu Kylin, Xubuntu and Mythbuntu. "The Ubuntu team is pleased to announce the release of Ubuntu 14.04.4 LTS (Long-Term Support) for its Desktop, Server, Cloud, and Core products, as well as other flavours of Ubuntu with long-term support. We have expanded our hardware enablement offering since 12.04, and with 14.04.4, this point release contains an updated kernel and X stack for new installations to support new hardware across all our supported architectures, not just x86." Download links and further information can be found in the release notes.
Webconverger 34.0
Kai Hendry has announced the release of Webconverger 34.0, the latest stable release of the specialist Linux distribution designed for web kiosks and featuring the latest Firefox web browser: "Webconverger 34 release. With the arrival of free SSL certificates from Let's Encrypt, together with a kind offer from Fastly CDN to help distribute Webconverger since we are an open-source project, we are now serving our ISO images over SSL. Serving over SSL greatly reduces the chance of some malicious actor intercepting your connection to our server and giving you a corrupt version of our ISO image. That has never happened to our knowledge, though why not make it even less likely going into the future? Updates include: Firefox 44; ongoing security updates including the recent CVE-2015-7547 which we patched quickly thanks to the fantastic work of the Debian security team; added Cambodian (Khmer) fonts via Google's fonts-noto package." Read the rest of the release announcement for more details and some hints concerning the project's future plans.
* * * * *
Development, unannounced and minor bug-fix releases
|
Upcoming Releases and Announcements |
Summary of expected upcoming releases
|
Opinion Poll |
Package managers
The open source ecosystem is home to many different package managers. Some of the more popular methods for working with software packages include the APT utilities on Debian-based distributions and YUM/DNF in the Red Hat family of distributions.
Of course, there are many other package managers and this week we would like to know which one you use. If your package manager is not on our list, please let us know which one you use in the comments.
You can see the results of our previous poll on customizing desktop environments here. All previous poll results can be found in our poll archives.
|
Package manager
APT: | 1460 (56%) |
DNF/YUM: | 198 (8%) |
Nix: | 18 (1%) |
Pacman: | 556 (21%) |
Portage: | 80 (3%) |
Urpmi: | 39 (1%) |
Zypper: | 113 (4%) |
Other: | 156 (6%) |
|
|
DistroWatch.com News |
DistroWatch database summary
* * * * *
This concludes this week's issue of DistroWatch Weekly. The next instalment will be published on Monday, 29 February 2016. To contact the authors please send e-mail to:
- Jesse Smith (feedback, questions and suggestions: distribution reviews/submissions, questions and answers, tips and tricks)
- Ladislav Bodnar (feedback, questions, donations, comments)
- Joshua Allen Holm (feature review)
|
|
Tip Jar |
If you've enjoyed this week's issue of DistroWatch Weekly, please consider sending us a tip. (Tips this week: 0, value: US$0.00) |
|
|
|
bc1qxes3k2wq3uqzr074tkwwjmwfe63z70gwzfu4lx lnurl1dp68gurn8ghj7ampd3kx2ar0veekzar0wd5xjtnrdakj7tnhv4kxctttdehhwm30d3h82unvwqhhxarpw3jkc7tzw4ex6cfexyfua2nr 86fA3qPTeQtNb2k1vLwEQaAp3XxkvvvXt69gSG5LGunXXikK9koPWZaRQgfFPBPWhMgXjPjccy9LA9xRFchPWQAnPvxh5Le paypal.me/distrowatchweekly • patreon.com/distrowatch |
|
Extended Lifecycle Support by TuxCare |
|
Reader Comments • Jump to last comment |
1 • asking confirmation: zorin (by crin on 2016-02-22 00:52:08 GMT from North America)
"Zorin OS 11 Core performed nicely. With no applications running, the system used approximately 950MB of RAM"
That seems like a LOT of overhead. How does that compare to stock gnome ubuntu?
2 • re Firejail (by EarlyBird on 2016-02-22 00:55:01 GMT from North America)
Think the tips and tricks portion of the reviews has become my favourite part of the site. I knew about AppArmour and SELinux, but had never come across Firejail. Really appreciate the tips section. As much as I know about linux, the more I find here that I didn't know!
3 • Firejail (by hotdiggettydog on 2016-02-22 01:12:30 GMT from North America)
Nice to see Firejail getting some publicity. I've been using it from it's early days. An extra layer of security does not hurt. Great for browsers and I find it particularly nice for sandboxing Transmission. Another unknown little tool I find handy is VpnDemon. Let's give it some love too!
4 • Firejail (by Fernando Santucci on 2016-02-22 01:21:11 GMT from South America)
It seems to me that the Snappy package manager at Canonical will sandboxing management capabilities. I do not know what the scope of their approach compared to Firejail.
I agree with your opinion to discriminate the use of sandboxing only for third-party repositories applications, other than the manufacturer distro's repository.
5 • Package manager & security (by M.Z. on 2016-02-22 01:51:42 GMT from North America)
I use APT based stuff on both Mint & PCLinuxOS & I use Urpmi on Mageia, though I don't use the actual command line programs very often. On the rare occasion I do feel the need to manage via the command line I usually double check a bookmarked site for the correct syntax, especially for the few times I've used Urpmi.
-------------------------
On the security issues with the Mint website, I'm surprised & saddend on some levels, but it seems like FreeBSD & other big projects have been hit too, so it shouldn't be a huge surprise that a big name community project would be hit. I just hope there is significant improvements in security on the way for both the upstream project & the things it hosts like download mirrors & forums & for the Mint desktop & the end users directly.
After the Mint team handles the attacks & begins to start hardening their websites & servers I hope they use this as an excuse to try & create some easy to use tools to help improve desktop security. I would really love to see Mint try to do something that deals directly with desktop security in the way their other Mint tools deal so simply & effectively with other issues. Perhaps it could be something like the MSEC tool in Mageia & PCLOS, or perhaps it could do something with app armor or SELinux. Either way security is one of the few areas where the Mint touch could do a lot of good.
I dig through the MSEC tool a little bit on my Mageia & PCLOS systems & turn off some stuff, but man are there a lot of technical options too look through to try and make your system more secure. I don't know anything about the public key based remote root login that is allowed by default in MSEC, but I don't want it & there are a lot of other options to look through & try to understand that could be intimidating for a new user. I also don't know much of anything about the system logs the tool keeps or what to do with them, but I certainly like the idea of the MSEC tool acting as a watchdog on my PCLOS & Mageia systems. I just wish there were simple & more inviting tools that were more focused on people who want a simple way to ensure a secure desktop OS.
6 • Package management (by Will B on 2016-02-22 03:02:39 GMT from North America)
I use apt on Debian and pkg on FreeBSD.
7 • Usability (by Kragle von Schnitzelbank on 2016-02-22 03:24:09 GMT from North America)
"People who want to run Firefox or Thunderbird without digging down to the command line will benefit from this point-n-click interface that requires no configuration on their part." - other than the configuration presets provided via GUI, that is, right? Advanced options are still available if needed.
Can the same be said for "Gnome Software"?
It is good practice to provide GUI option presets for similarity (but never exact matching) to common OSs.
(Why wasn't 0install listed in this week's survey?)
8 • Zorin OS 11 Review (by JB on 2016-02-22 03:51:10 GMT from North America)
"One of the tallest hurdles new Linux users face when switching from other operating systems is that their computer looks and acts differently when running a Linux distribution."
Seriously?! As a very-new-newbie, I would've thought the biggest adjustment/challenge was getting your hardware to work! Or how about the confusing array of vernacular? Package Manager? Repository? What works w/ what, and will this "break" my system?
I think many of you are so far removed from being a newbie that you should ask a real one what they think for a refreshing (and perhaps surprising) point of view. Just my $0.02.
9 • Firejail is ideal (by M.Z. on 2016-02-22 04:32:08 GMT from North America)
I guess I didn't read enough of DW before posting my initial comment (#5). Perhaps a disto like Mint could do something like integrate Firejail into their default install & have it set so start all heavily targeted programs like web browsers in a sandbox by default? If you want to change it perhaps there could be a way to do so in the system settings by changing some default profile. It seems like an absolutely ideal solution. I'd really love to see a disto pick this software up & run with it as an easy to use solution that is on by default. I'm definitely going to try it out, though I hope distro makes try to integrate tools as good & simple as this one sounds.
10 • Zorin Core - ok. (by Greg Zeng on 2016-02-22 09:49:33 GMT from Oceania)
Zorin developers have realized some of the deficiencies, but not all the the usual Ubuntu-based spins. They removed games, Braille, and most of the ethnic languages (Japanese, Korean excepted).
The DE is Lubuntu, with some XFCE extras. There is no mention in the core version of the extra goodies available for the commercial versions of Zorin. The extra repositories usually provided by non-official Ubuntu-respins is quite poor. Missing are gparted & unetbootin. Synaptic Package Manager is added, but not modified. There is no universal font size changer, which is featured on the good Ubuntu respins.
Installing the Core version (32 bit only) will only use one GB of memory, even if more is available. So install the 64 bit CPU. Otherwise installation time will be very slow. When I first install Zorin 11 Core, the 64bit version was unavailable. The available mirror download sites are very slow for Australia.
On memory use, all good distributions will try to speed user-happiness by avoiding continual memory access of writing, deleting, and re-writing. Using these extra "luxury" cache and read-ahead memories might think that the operating system s memory-hungry. It is not - "ureadahead" is installed, as is usually the case with Linux operating systems.
Will I continue with it? No. Peppermint and WattOS have better overall eye-candy integration. Like all Ubuntu-based distributions, they can almost instantly be customized, upgraded or downloaded into any Linux kernel. No need to use CLI anywhere. Intelligent use of Grub-Customizer allows easy selection of any Linux operating system, with any of my installed Linux kernels.
11 • Package managers (by Thomas Mueller on 2016-02-22 07:19:15 GMT from North America)
I am not ready to vote for portage because of insufficient familiarity, though I look to build a Gentoo system using portage. Currently I use NetBSD with pkgsrc and FreeBSD with ports; like FreeBSD ports better.
12 • Good Bye openSUSE (by denk_mal on 2016-02-22 07:25:11 GMT from Europe)
I have worked with SuSE for more than 15 years but nearly 2 years it would be harder and harder. The Core OS is getting older (parts of 42 have lower versions than 13.2) the quality is rising down and the interaction between the company and the community seems IMHO nearly low bandwidth as possible. For me and my coworkers here is the trouble with Tumbleweed not surprising; Suse ist just another product that changed it's state from "Made in Germany" to "formaly made in Germany". SO 13.2 is the last SuSE for us. And our only comment to 42 is (sorry) "Thank you for the fish"
13 • GNOME Software package manager; other package managers (by Hoos on 2016-02-22 08:30:26 GMT from Asia)
I don't know whether it will work the same way on Ubuntu, but I tried Software on OzonOS beta (Fedora derivative with modified Gnome Shell - I've now switched to Korora). It was very inconvenient.
When you're notified of updates, you click on the appropriate button to download the updates. However, the installation was not carried out until you rebooted the machine, and then the updates were installed during the bootup process. IIRC, if updates included things like kernel updates, the machine would reboot yet again after the updates were installed.
If you multiboot like me and another distro controls grub, you have to stick around for most of the update process because the auto bootups will bring you to your main grub menu and after the countdown, the machine will boot into the default boot option, which may not be the distro using GNOME Software.
===========================
My package managers for my various distros:
Debian and Ubuntu-based distros -- apt
PCLinuxOS -- this sets up Synaptic and apt for its rpm packages but I use Synaptic rather than command line.
Manjao -- pacman
Opensuse -- generally use YAST. I'm not familiar with zypper commands
Korora (Fedora spin) -- generally use Yum extender. Not really familiar with dnf commands
Solus OS -- pisi/eopkg commands
14 • Firejail, Mint and @12 (by Stan on 2016-02-22 08:32:44 GMT from Europe)
Firejail: It is an interesting tool, its usefulness may not be clear at the begging but I think the technology in itself is a great add-on for the FOSS world. I believe this tool should not be a standalone, instead it should be integrated in sensitive software. For example sandboxes web browsers by default implemented directly from upstream.
Mint: I like the project, but I have my suspicion that they got their own philosophy backfire at them on their webserver: "If it ain't broke, don't fix it" [And swallow all vulnerabilities and exploits]
@12: I think they discusses that aspect of shipping downgraded versions compared to 13.2 because they are now using SLES as base. I do agree that OpenSuse quality is very low (at least for my taste), but maybe we need to wait sometime until they settle down the new change.
15 • newbie (by rwest6 on 2016-02-22 10:36:37 GMT from North America)
JB you are exactly right!!!! It's the terminology/buzzwords that is the difficulty.
16 • Package managers: pkgtool + slackpkg (by Microlinux on 2016-02-22 11:20:32 GMT from Europe)
I know the common myth says that "Slackware doesn't have a package manager", but my favourite package managers are pkgtool and slackpkg in combination with slackpkg+ for third-party repositories. Keep It Simple Stupid.
17 • Iceweasel -> Firefox (by Tom on 2016-02-22 11:32:09 GMT from Europe)
I think it would be better to keep "Iceweasel" to indicate it's a patched version of Firefox. Anyway, I never quite understood why they're taking the time and ordeal of patching in the first place, instead of just providing the latest upstream version like Ubuntu etc. Would that really jeopardise the stability of Debian Stable?
18 • Packages managers (by Didier Spaier on 2016-02-22 12:50:53 GMT from Europe)
I fail to see the purpose of this poll.
However I will list a few more tools, all targeted to *.t?z packages found in Slackware and derivatives and/or uses to build packages from SlackBuilds (scripts to build packages installable on Slackware and derivatives). In addition to those listed in post #16: slapt-get with its gui gslapt (and Sourcery, a gdtk front-end found in Salix) are in wide use among Slackware derivatives, with features similar to those of apt. usm, used by Porteus netpkg, used by Zenwalk
Not to forget the many dependencies finders that bloom in all seasons, see these links: http://idlemoor.github.io/slackrepo/links.html
19 • How Many Actually Know Enough to Pick Favorite Package Manager? (by joncr on 2016-02-22 12:55:09 GMT from North America)
I wonder how many people concurrently use RPM and DEB system enough to allow them to have an informed opinion about their "favorite" packaging manager?
I use Fedora and Ubuntu. The functionality of the two systems overlaps in almost all cases, with both providing a bit of unique functionality outside the margins.
Performance and behavior difference do exist among the various tools used in either system, but that's a different kind of issue.
Many comments I've seen online about deb vs rpm have been from users who trash one or the other manager based on a single bad experience, or who simply know too little to use it correctly.
20 • It's all about preference (by newbie32 on 2016-02-22 13:21:02 GMT from North America)
@19 I used to use Redhat/Fedora pretty much exclusively, small excursions into Slackware because it's awesome, until it became more about "developing Fedora" vs "developing Linux" so about v18 or so. Now I'm pretty much running Debian whenever I need something from the Linux world as I try to stick to the FreeBSD camp. Moving between the three has been something of an adventure but installing software has always been a breeze after reading the respective platform's man page. In the end, I've found it no harder to use yum vs apt vs pkgng. The differences I've found are: apt is easier to search with, delta RPMs seem to install faster and pkgng tends to install the kitchen sink to ensure stability. All said IMHO and YMMV.
21 • terminology (by Tim Dowd on 2016-02-22 13:57:13 GMT from North America)
@ 8, @15
First of all, welcome to Linux/BSD. I think you'll like it.
Terminology can be confusing at first, but once you learn the pieces of the operating system you'll find that it becomes straightforward very quickly.
The terms you highlighted are confusing because until recently, Windows didn't have a package manager and a repository. But they're one of the great features of Linux and BSD.
When I needed software with Windows, I had to go find the website that had it, hope that it was actually the real website and not some hackers, download the software, try and install it, get told that I needed some other software first, repeat the process until hopefully my software was installed and some guy in Pakistan had all my credit card info.
In Linux/BSD you go your package manager, which has been set up to download only from a trusted repository chosen by your version of Linux and you say something like " hey package manager, go get me shotwell" (on Debian it would be "apt-get install shotwell") and a couple of minutes later it's completely configured, with all the required extra software installed, obtained from a trusted source (the distro's repository), and ready to click on in your applications menu. On some distros you just browse through menus in the package manager until you find what you want. It's very much like the app stores on Windows or Android or Apple, but Linux had it first, and most of our good stuff is entirely free in all senses of the word.
I think you'll find that Distrowatch isn't very far removed from newbies at all, actually. Jessie's reviews heavily focus on "how easy is it to get this distro working." Most people who comment have installed Linux on many friends' computers and know very well what's hard and what isn't. It's a pleasant corner of the internet.
22 • @12 @14 openSUSE (by vw72 on 2016-02-22 14:04:06 GMT from North America)
Not sure of what is meant by low quality? Their latest release had a buggy KDE, but that was the case for every distro shipping the latest Plasma. Gnome has been rock solid on both Leap and Tumbleweed.
As for downgraded packages in Leap, yes, that's true for some underlying infrastructure packages so as to be able to use the SLES packages/work. Of course Leap would be the equivalent to a LTS release, so one would expect packages to be more stable. Actually, Leap is supposed to be a core base taken from SLES with the higher parts selected from Tumbleweed. The good news is that if you needed one of the core libraries to be later than what Leap had and Tumbleweed wasn't an option, 13.2 is still supported. When the next SLES service pack is released, Leap will have more current packages than 13.2.
For many people, openSUSE is just the right combination of new technologies on a stable base. For the most part, with the KDE Plasma exception, it just works. All of that said, openSUSE does have room for improvement, but the only way that happens is if people are involved and let the developers know.
23 • Revealing users by package managers (by vw72 on 2016-02-22 14:16:28 GMT from North America)
It is no surprise that apt has such a high percentage of use, particularly when you look at the distro rankings. What is unusual is that pacman is second for package manager while distros that use it are further down the rankings.
Logic would dictate that package manager use would follow distro use. Based on the rankings on the front page, one would expect APT to be the largest, DNF (based on the combination of Fedora, and Centos) to be second, Zypper to be third and Pacman fourth.
That reasoning fails, however. Based on the survey, most people use a debian/ubuntu based distribution. That's not a surprise. What is a surprise is that for every 100 debian/ubuntu based users there are 40 Arch based users! Fedora users are 13 for every 100 debian/ubuntu based and there are 7 openSUSE users for every 100 debian/ubuntu based.
24 • @23 revealing users (by vw72 on 2016-02-22 14:25:34 GMT from North America)
As a followup to @23, as of today's six month page hits, in the top ten distros listed, there are 14,091 page hits recorded. The breakout by package manager based on those numbers would be:
APT = 49% DNF = 14% Packman = 13% Zypper = 11% URPMI = 7% Other = 6%
25 • newbies and terminology/buzzwords (by Harold on 2016-02-22 15:46:42 GMT from North America)
Dave's Computer tips does a good job of explaining terminology and buzzwords.
https://davescomputertips.com/
26 • Zorin OS 11 Core (by Roy Davies on 2016-02-22 15:51:57 GMT from Europe)
Jesse. I agree with your closing comment 100%. I see no point in releasing a distro that will only have 6 months support, good as it is. I have tried it, but will wait to install the 16.04 LTS edition in the summer. Many thanks for your honest assessments of new distros, they are greatly appreciated. RD
27 • firejail (by tycho on 2016-02-22 16:39:22 GMT from Europe)
I don't know this software , y install it in manjaro , and run all my web browser with it . Is quickly and fast , thank you for tell us about it.
28 • Mint attack (by mrdata@gmx.com on 2016-02-22 17:05:57 GMT from North America)
The forum seems to have been attacked much earlier than the ISO compromise: https://twitter.com/ChunkrGames/status/ ... 0622081024 More details on the matter: http://arstechnica.com/security/2016/02/linux-mint-hit-by-malware-infection-on-its-website-and-forum-after-hack-attack/
29 • Package Managers (by Skaendo on 2016-02-22 17:28:19 GMT from North America)
Why is there no option to vote for no package manager?
I do use one that is not listed there, but not often enough to say that I actually use it, and I don't use it to install packages or updates.
30 • Package Managers (by Barroomhero on 2016-02-22 17:30:00 GMT from North America)
First let me say that I love portage, I switched to gentoo in 2007 because of the huge amount of options for building you get with it. The only shortcoming of this package manager is that there are a lot of enterprise packages missing that are only supported on say DEB or YUM e.g. chef, hadoop etc. Because of this, I might have to switch off of my favorite distro.
31 • Maybe there is a distorsion between favorite package manager and distribution (by dbrion on 2016-02-22 17:49:02 GMT from Europe)
Ex : many GNUlinux dedicated journals/blogs explain how to install some software using apt-get; it is not very complicated to convert it into , say, urpmi orders...
I use on my PC Mageia, with urpmi; on my Rapsberry, I use apt-get ; the difficulty is, IMO, not in adapting a given distribution 's package manager, but in understanding what dependencies are...
32 • @1, @26, @14, @8 (by jaygl on 2016-02-22 18:37:00 GMT from North America)
@1, @26: It seems Zorin provides the full Windows experience: it uses lots of memory, and you're forced to upgrade to the next version! ;)
@14: I wish they would take security more seriously, too, considering their popularity. So much else is right about that distro (including, I hope, adding firejail at some point). Especially with tools like Let's Encrypt, they could really benefit with some more focus on this topic.
@8: I agree with terms being a problem, and in the older days when I first used Linux, things like mounting filesystems ("I have to do what to get a C: drive?"). Nowadays, I think hardware isn't such a huge concern unless you're running on a laptop or a proprietary graphics card. I know it depends on the distribution, but a lot of that stuff seems to have been solved.
The ironic thing I find is that the more time I spend away from Windows, the more trouble I have going back to it because it develops its own set of quirks that people forget it has.
33 • Pkg managers (by bonky on 2016-02-22 19:21:39 GMT from North America)
I mainly use Portage ..ok its a bit slow at times..but does a good job...
Otherwise i think Pacman is probably the best other I have tried and thats most....
I always prefer to use the terminal for updates and installing stuff , whatever the distro
34 • Newbie perspective redux (by JB on 2016-02-22 20:17:34 GMT from North America)
@21 Tim, thank you for your welcome.
You mention that it becomes rather straightforward "once you learn the pieces of the operating system". What ARE the pieces, and where does one go to find out about them? Are they distribution specific? And then there is the confusing array of distributions. Now, multiply that confusion on distro's by an additional layer of confusion on Desktop Environments. Can I choose any DE to use w/ any distribution? It would seem, if what I've read is correct, that there are additional incompatibilities possible if I choose unwisely here as well.
I think what I'd really find useful is a single volume, written for absolute newbies, that starts at the beginning and steps you through (think one of those "Dummies" books). I've tried several books from my local library, but invariably, they start off with "h-e-l-l-o" and then immediately start speaking Latin! Maybe suggested titles could be the subject of a future Distro Watch poll . . . ?
P.S. You also wrote: "When I needed software with Windows, I had to go find the website that had it, hope that it was actually the real website and not some hackers, . . . " Don't you think that's a bit ironic given what happened to folks who downloaded from the Linux Mint website recently? ;-)
35 • Newbie perspective (by Jesse on 2016-02-22 20:26:10 GMT from North America)
@34: Your concerns are one of the reasons we started the Glossary page (see the links at the top of this page). For specific information on a specific distro, I recommend looking at the distribution's documentation and/or wiki. Try to treat each Linux distro like its own operating system and the ecosystem starts to make a lot more sense. And, yes, you can usually use any desktop environment with any distribution, with a few rare cases.
Most of the main distros have books associated with them. Fedora and Ubuntu do, at any rate, and the material in the books tend to be transferable to other distributions. Next week we will run a poll on favourite books/resources.
36 • Come on, Mint! (by bigbenaugust on 2016-02-22 20:57:53 GMT from North America)
The Mint guys had a web infrastructure outage last month, and then this. They's asking everyone to change their forum passwords, but their site is down again. Not inspiring for one of the most popular Linux distros out there.
--Ben (I still have 2 LMDE2 machines, though)
37 • Package manager vs. distro usage (by Rich on 2016-02-22 21:10:04 GMT from North America)
Echoing vw72's comments, today's package manager poll is very interesting when cast in the light of the earlier distro usage poll.
Is it meant to be a stealth "distro usage" poll? Since it calls into question the results of that prior poll, I can imagine that there would be several people selecting a distro that was exciting and new at the time of the poll, where longer term, they find they need something more reliable.
If this was the intent, very well done. If not, I hope you benefit from the learning experience as much as I have!
38 • Firejail (by bill on 2016-02-22 21:27:34 GMT from North America)
Hi,
I tried to get Firejail in the repositories of Debian 8 and Manjaro. Seems they are not available.
Bill
39 • Firejail (by Jesse on 2016-02-22 21:37:53 GMT from North America)
@38: Firejail is in Arch's AUR if you're using Manjaro. If you're running on Debian Stable, Firejail has Debian packages on their website (link in the article). Debian has Firejail packages in their Testing and Unstable branches too, if you're running anything newer than Stable.
40 • @38, Firejail PPA (by Justin on 2016-02-22 21:38:50 GMT from North America)
Firejail is in Debian stretch/sid and Ubuntu Wily/Xenial.
There appears to be a PPA from the Debian maintainer here (I don't know for sure; please check things out yourself): https://launchpad.net/~deki/+archive/ubuntu/firejail
I haven't tried it yet, but I think you can add PPAs for different releases than your own (e.g., Trusty). It's normally dangerous because you may be missing dependencies that they expect to exist. However, from what I can tell on Debian, the only dependency is libc, so hopefully you can use this.
Alternately, you can download the deb packages from Debian's website or the website listed in the article and dpkg -i . For me, I'm more interested in the PPA so that I don't have to worry about missing updates (apparently there was an important one for the 0.9.38 release after they completed an external security audit that fixes several things from 0.9.36).
I wish this would get backported. I had no idea it existed, but as I look at it further, I like what I see.
41 • Package Manager (by gekxxx on 2016-02-22 21:42:42 GMT from Europe)
Debian is using human language. Aptitude update says more than xvz or Sy. Pacman is nice once you master it, but you first have to master it. Of course each pm has its advantages and cons,but I prefer apt.
42 • Zorin OS versions, etc. (by eco2geek on 2016-02-22 22:42:01 GMT from North America)
@10 - Sounds like you were using Zorin OS "Lite", which is based on LXDE.
Zorin OS "Core" (the version Joshua reviewed) is based on a GNOME Flashback session, with Compiz and the Avant Window Navigator, the dock-like bar at the bottom of the screen.
With Zorin OS "Lite" you can, in fact, change the system font in Preferences > Look and Feel. With Zorin OS "Core", an easy way to change the UI's font would be to install GNOME Tweak Tool.
Both versions use the large Ubuntu repositories, so you can install whatever you want, including Unetbootin and Gparted.
In any case, Zorin OS "Core" has always been fun for me to play with because its wallpaper set, light blue theme, and fast implementation of Compiz are appealing. I totally agree that a version that's only supported for 6 months doesn't make a lot of sense for people moving to Linux from Windows. But you can still download Zorin OS 9, which is based on Ubuntu 14.04 LTS.
One thing that should be noted is that there is no way to access the "Preferences" dialog from a Nautilus browser window in Zorin OS Core 11. There's no menu entry for it. This is not the fault of the Zorin developers; it's the same in any other Ubuntu 15.10-based distro running a GNOME Flashback v3.17 session.
43 • firejail from source (by nolinuxguru on 2016-02-22 23:39:51 GMT from Europe)
@40 etc. [I hope this is not a repeat.] I think the original source for Firejail is https://firejail.wordpress.com . This is where the author of Firejail explains how to use it and gives Download instructions. By opting to download and compile it from source you gain personal control over this critical piece of security software. However, the web site also points to pre-compiled editions for many distros. Have fun!
44 • @34 Mint and security (by mcellius on 2016-02-22 23:56:48 GMT from North America)
JB wrote "'When I needed software with Windows, I had to go find the website that had it, hope that it was actually the real website and not some hackers, . . . ' Don't you think that's a bit ironic given what happened to folks who downloaded from the Linux Mint website recently? ;-)"
You're exactly right! Too many people seem to find it very easy and convenient to forget that moving to the Linux world doesn't mean that all problems go away. Security problems seem worse and more frequent in the Windows world, but they aren't absent for those of us who use Linux: attention must still be paid to important details and secure practices. Perhaps Mint got a bit too lazy or careless, I don't know, but it should serve as a wakeup call to everyone using Linux (especially publicly accessible servers).
Most Linux users, regardless of which distributions they use, probably find this a bit embarrassing, yet Linux has many tools and features that can make most systems, including servers, pretty secure. It's worth remembering, though, that absolute and perfect security is more of a goal than a reality. It's a dangerous world.
45 • News on Mint Hacking (by Michael on 2016-02-23 00:12:00 GMT from North America)
A note for everyone talking about the Mint hack: If you read the post they released talking about the hacking as well as the comments (particularly the replies from Clem) you'll find that the intrusion actually has to do (at least somewhat) with WordPress, which the Linux Mint website runs on. Something to do with files being changed within the theme folder. The exact damage was that the links on the download page were changed to link to a different server that held copies of Linux Mint infected with the Tsunami trojan.
46 • Package Mmanager Poll (by lost on 2016-02-23 00:48:10 GMT from North America)
This package management poll is a waste of time. I like most people probably use whatever package manager that comes with the distribution that they are using, be it command line or GUI. I use Salix or Debian so I use mostly the command line tools slapt-get or apt, which are very similar.
47 • Package Manager (by FallingFistOfCrap on 2016-02-23 00:49:10 GMT from North America)
I use Pacman, since I use Arch, but in my distro hopping days I really liked apt-get, and Slackware coupled with Gslapt is a beautiful thing. I have to say, though, I've come to love Pacman. I think you get used to the package manager your distro uses, and ultimately the differences are pretty unimportant.
48 • Culturing Newbies (by Kragle on 2016-02-23 01:16:49 GMT from North America)
About people new to Linux coming from acquaintance with only one other OS/paradigm: I didn't learn the difference between a particular tool's specific "vocabulary" and the functions of the tool until I had to use a second app. Elementary (computer) schooling should include at least two operating systems, and at least two of every app used, minimum. Tolerate no lazy whining about "costs", time, etc - any less is essentially a refusal to educate. . One of the first things a neophyte needs to learn is how to recognize and diagnose a problem, and how to cope. Mistakes happen to all. . . Isn't it serendipitous that the Weekly with a survey about package managers also includes an article about jailing? . . "…the original source for …" {security tool} " is https://….wordpress.com" - hmmm…
49 • @41 Package Manager (by far2fish on 2016-02-23 09:27:50 GMT from Europe)
For exactly the same reasons you prefer apt, I prefer dnf/yum :)
But at the end of the day I guess one will always prefer the package manager one has the longest relationship with :)
I prefer dnf/yum followed by apt followed by pacman, because I was a long time Fedora user that jumped through Ubuntu before landing at Antergos and Manjaro.
50 • Package managers (by Captain Pinkeye on 2016-02-23 09:39:26 GMT from Europe)
Every time i installed the default Debian desktop (Gnome) it was like: "I don't wanna rhythmbox, let's remove it:" apt-get autoremove --purge rhythmbox "You can't, Joe. Rhythmbox is a dependency of a gnome-desktop package." "Well okay, then:" apt-get remove gnome-desktop "If you do it, Joe, you'll erase your whole GUI desktop. Do you really want to do it?" "No, i just wanna get rid of applications i don't want/need." "Well you can't, really, without gutting out the whole system. But you have the automatic dependency handling and metapackages and all that jazz. Freedom to tweak your system, y'know? Because it's freaking Linux."
Every time i installed Debian, i missed Slackware so much.
51 • Debian's default desktop (by Poet Nohit on 2016-02-23 10:56:02 GMT from North America)
It's annoying that Debian didn't go with Xfce for their default, and I wish they would update it, already. They're still using Xfce 4.10, despite the fact that 4.12 has been out for a year and works way better.
Using Gnome was kind of a poor choice, considering they're basically alienating ATI users (you HAVE to use the open source driver for Gnome to work, but that means you have to put up with very little actual hardware acceleration).
Even so, if you don't like the default apps then just don't use them. Use audacious, gmusicbrowser, deadbeef, kodi, or whatever one of a dozen other programs that suits your fancy. If you remove gnome-desktop, it makes doing a dist upgrade somewhat more hazardous in the long run (in that you won't be getting a properly updated desktop at that point).
52 • Package managers... (by claudecat on 2016-02-23 12:21:35 GMT from North America)
For those of us with several installed distros this question doesn't really have an answer, right? You use what the distro provides. Each package manager has its strengths and weaknesses, though a few stand out for me.
I love pacman for its speed and reliability. Fedora's use of deltaRPMs is great for saving bandwidth, something I wish would be adopted to a greater degree by others. Zypper is pretty versatile once you get used to its nuances. Apt certainly has its advantages and a long history of reliability, though the variety of front-ends (aptitude, apt, apt-get, synaptic, etc.) can lead to confusion if you don't stick to one consistently. I sorta like how PCLOS mixes RPM's with apt, though I wish their synaptic had the quick-search box. Mageia's urpmi seems fine, though I haven't dug too deeply into its innards. Back when I used Gentoo, portage was certainly powerful and as flexible as can be. Even Slackware's set of tools is straightforward enough despite lacking dependency checking (assuming one doesn't go the slapt-get route). I used to like using pisi on Pardus back when that was around too. I guess my least favorite would be Sabayon's bizarre and often slow equo tool and its rigo front-end, but even that works.
The point is, they all work, and work well. Better than Windows in so many ways... At least you don't have to worry about malware and yet another useless browser toolbar being surreptitiously installed whenever you install something new.
53 • Entropy Package Manager for SabayonLinux (by sabayonino on 2016-02-23 13:28:27 GMT from Europe)
Hi, you missed Entropy Package Manager for Sabayon Linux https://wiki.sabayon.org/index.php?title=En:Entropy
Entropy is fullly compatible with Portage (Gentoo p.m.)
regards :)
54 • debian desktops (by Tim Dowd on 2016-02-23 15:30:56 GMT from North America)
@ 51
I know Debian has a "default desktop," but it lets you pick basically any desktop at install. For the reason you cited (AMD graphics) I've chosen MATE, which works perfectly.
Also, they're never going to update Jessie to XFCE 4.12. That's not how Debian works. Jessie's freeze was in December 2014 and from that point forward all it gets is bugfixes to keep it stable. Some people love this about Debian, some people hate it, but's how they roll.
If you want to upgrade to testing (Stretch) it has the newest packages for both MATE and XFCE. Note that if you have AMD graphics and you want to use the proprietary driver I highly recommend not doing this right now, because the new version of xorg doesn't support the most recent version of the catalyst driver, so a dist-upgrade at the moment would break your system if you're using catalyst. Stretch has been a great choice to run for over a year if you're using things in the main distribution, but non-free can be a pain if you aren't careful about dist-upgrades.
55 • @54 debian Jessie and XFCE 4.12 (by Hoos on 2016-02-23 16:01:17 GMT from Asia)
Or, if you want to stick with Jessie instead of Stretch, you could go for a Jessie derivative that comes with XFCE 4.12 as default, e.g. MX15.
Alternatively you could try enabling MX15's repositories that contain the XFCE4.12 packages for your pure Debian Jessie installation. This is at your own risk so you should do your own web research first.
56 • Anti-virus//Rootkits on Linux (by Stan on 2016-02-23 16:11:01 GMT from Europe)
It would be nice if someone with the hijacked Linux Mint ISO make a test installation in a Virtual Machine and then install some of the Antivirus scanners for Linux.
I would love to see if such products does actually help, it is very common in Mint forums to read how they highly discourage the use of those kind of tools. However I never came across with a real Linux trojan to judge and very how useless or useful an Antivirus on Linux is.
Is anyone there with the hijacked ISO crazy enough to test this?
@Jessie: Can you test that?
57 • @56 Does one need a virtual machine to test an iso? (by dbrion on 2016-02-23 16:44:42 GMT from Europe)
I suppose that, once mounted, a *.iso is (maybe not directly) a filesystem and that each and every file it countains can be input for an antivirus.... If my bet is OK, why should one install a corrupted *.iso?
58 • @57 (by Stan on 2016-02-23 17:28:21 GMT from Europe)
I manage to get a copy of the compromised ISO, even when I boot the Image in a VM and choose Verify Integrity the builtin MD5 check fails.
When I open the ISO file itself I can see the md5sum.txt has the date of: 2016-02-19 15:37 but the MD5SUMS has a date of 2015-11-28-16:08
Also the .iso/casper/filesystem.squashfs has the same date: 2016-02-19 15:29 and some other files.
The reason to install it is because the man.cy script is not directly accessible from the ISO, I suppose is inside of the .squasfs. The ultimate goal is to test how effective is an Antivirus in Linux something that causes a very heated discussion in some places.
59 • Package Managers (by zenk on 2016-02-23 17:28:41 GMT from North America)
Using xbps(Void) and Gslapt(Salix) currently. But my favorite out of all I've tried would have to be pacman.
60 • Package Managers (by Bill on 2016-02-23 21:58:24 GMT from North America)
Installed Manjaro Xfce a few months ago that uses pamac package manager. Much prefer it to Synaptic package manage that is used in Debian. Pamac is easier to use and quick. As a longtime Debian user, I have to applaud Manjaro for it's easy install compared to Debian. Both Distro's are great for just about anything.
61 • Package managers (by Michael Uplawski on 2016-02-24 05:43:57 GMT from Europe)
On Debian, I use aptitude and apt, depending on my understanding of the sought packages or sometimes on my uneasiness.
But more and more often, and as I choose to install more and more software from source, I call porg on the command-line. Rather than creating deb-packages, I use to keep porgballs and remove packages with the graphical user-interface to porg (grop).
62 • Mint and security (by JonahsWhale on 2016-02-24 12:49:36 GMT from North America)
Seems, I remember a few years ago this similar thing happened to the Ubuntu forums and quite messy, IMO. I was, IMO still new to Linux at this time, and a lot of my so-called windows fanboys"friends" were having a good chuckle at my expense. Sarcastic remarks, "Oh yeah Linux is much safer than Windows, blah, blah, blah." and the like. But it really had to do with the type of web design for forums online, not Linux. For me at that time, it was a last straw with Ubuntu, I was already well sick of the Unity DE, not my cup of tea at all. So I moved on to other Linux distros. YMMV
For those on the Mint forums, just a thought, maybe, if you can dump your "old" forum identity and start a completely new identity, when it is all sorted and made much more secure. Of course use an extra strong new password and resetting your original email to a newer and stronger password, probably is a good idea at this point. Some good tips for checksums, if you still want to download Linux Mint ISOs after downloading, go to other sources (multiple) to get checksums to verify the ISOs. Check email for Linux Mint Forum here https://haveibeenpwned.com/ to see if it was possibly compromised. Possibly, for the future use GNUpG encryption for better security.
Stay safe and wise, everyone. Peace.
63 • Mint 17.3 hijacking (by Tom on 2016-02-25 06:20:33 GMT from North America)
Distrowatch should put a 'front page' advisory up for the problems created by the hacking of Mint 17.3; especially as it is listed as the top distro on this site, which is pretty much where every noobie is sent.
Many of those newcomers are people 'escaping' Win10, and have little idea what a checksum is or how to deal with a hidden file in an ISO. Many of them are also doing a trial with Live media, and setting up their machine as dual-boot with some version of windows. These folks were blindly following old instructions for the first time; and the MINT forum is only now back online. They can spend hours doing something that should require minutes with proper advice, and there will be a lot of needless downloading.
Somebody- please put yourself in gramma's place and write a clear step by step for those who are not linux pros..:]
64 • Much_thanks_Firejail_review_and_tips (by k on 2016-02-25 07:42:22 GMT from Europe)
Excellent and timely review and tips -- also #39 --, Jesse.
65 • @63 The Mint Forum (by imnotrich on 2016-02-26 03:55:28 GMT from North America)
The Mint Forum is back on line, but it's still under attack. When you go to log in screen, an error message says you've exceeded the number of failed log in attempts (before I even TRIED to log in) and it does not recognize my user id or password.
I should also mention the compromised 17.3 Cinnamon iso that I downloaded was actually on 2/19 in my time zone. People need to double check anything they've downloaded from Mint in the vicinity of Feb 20. It might still be sick even if it wasn't the 20th in your time zone.
66 • Forum, Linux_Mint (by Fossilizing Dinosaur on 2016-02-26 15:02:19 GMT from North America)
Secure your reference email _before_ adjusting forum password.
(To force password change easily, preset account to exceed login count limit. Expected after hack.)
A cheap form of additional 'are-you-human?' validation may take several attempts or refreshes to be workable, as some letters and digits are easily confused.
Secure your reference email _before_ adjusting forum password.
67 • @23: package manager use VS Distrowatch page hit ranking (by Kazlu on 2016-02-26 15:19:09 GMT from Europe)
Distrowatch's page hit ranking does not at all reflect the distro usage. It just indicates the visits on distro's pages. It woud seem logical to me that beginners are pointed here to discover Linux and look for information about the easiest distros to use (Mint, Ubuntu, etc.) and so go on those distro's pages. On the contrary, experienced users are less likely to need information given by Distrowatch, what would cause very few people to go to the Arch page... So I guess the proportion of Mint users VS Arch users is much lower that the proportion of page hits for those two distros.
Actually, I did not see the point of the poll at first, given that, like people already pointed, the vast majority of people probably just use what comes with their distro. However, I was not expecting that kind of distribution and I am particularly surprised to see that many more people use pacman over YUM... That is interesting! It leads to think that, amoug the DW readers at least, there are many more Arch/Manjaro/Antergos users than Fedora/Red Hat/CentOS users... I thought it was the other way around.
68 • @50 package managers (by Kazlu on 2016-02-26 17:11:58 GMT from Europe)
Heh, it's GNOME's fault. If Rhythmbox is a dependancy of gnome-desktop, you either keep it or break GNOME by removing it, whatever the package manager.
69 • Meta-Package or Dependency-Tentacles (by Somewhat Reticent on 2016-02-26 22:18:54 GMT from North America)
Is gnome-desktop a meta-package, simply a convenience, and thus harmless to remove (i.e. simply a list of default apps/packages)?
And perhaps "about" helps, documentation, and library - common to default apps ... ah, dependencies infiltration?
Or perhaps it's a background-switcher - depends on which distro?
Maybe a shim/stub ...
70 • @68 • @50 (by mandog on 2016-02-26 22:20:43 GMT from South America)
IT certainly IS NOT GNOMES FAULT Rhythombox is not in any way a gnome dep start using desktops that give you freedom of choice. Instead of bowing down to what the like of Debian force you to have installed. I would not use if it was the last music player on the planet. Once you install it you have to remove the desktop and reinstall it again Rbox gone.
71 • Package Management (by TheLive1 on 2016-02-27 09:44:57 GMT from Asia)
pkgtools, slackpkg, and sbopkg for Slackware is simple and just works. Though I do like to speed of pacman.
72 • Package Management (by Whattteva on 2016-02-27 17:14:08 GMT from North America)
Mine wasn't listed. So I put others for pkgng on FreeBSD.
73 • Cheese packages (by Johnny on 2016-02-27 17:34:30 GMT from Europe)
If you run Ubuntu or similar you'll notice there is 2-3 packages for a program called, "Cheese". I don't want it but no matter which Debian/Ubuntu based distro you use that has it, it can't be removed without ripping out a bunch of mandatory packages.
So my question is, has anyone on such a distro ever been able to remove Cheese? I don't need this webcam application. Thank you.
74 • cheese (by nolinuxguru on 2016-02-27 20:24:49 GMT from Europe)
@73 I don't have cheese on my system [and I don't want to install as a test], but I have a minimal DEVUAN install. There are some commands that will help show what depends on what:
apt-cache depends cheese apt-cache rdepends cheese
I always get the meaning of these muddled but I thing the first shows what packages are needed for cheese, and the second the "reverse". The latter for me lists gnome and cinnamon [neither of which I have installed]. Try it to see what your system says for these. I dread to ask, but are you running systemd [I am not]. It may just be that gnome or cinnamon has cheese as hard a dependency.
75 • Package Managers (by Tin_man on 2016-02-28 00:43:36 GMT from North America)
I use APT if I'm on a ubuntu distro, yum if i'm on a Fedora type os.
76 • Firejail_Firetools_questions (by k on 2016-02-28 08:25:41 GMT from Europe)
@Jesse
Using antiX MX-15, 32-bit version, with 4.4-1.dmz.2-liquorix-686 installed, and following your excellent tip #39, managed to download and install Firejail from testing repo, but Firetools missing(?).
Also, curious to know how user can verify/validate Firejail is effectively sandboxing(?).
Much thanks for any help, comments.
77 • Firejail_Firetools_questions_addendum... (by k on 2016-02-28 08:28:40 GMT from Europe)
... that this antiX MX-15, 32-bit version, with 4.4-1.dmz.2-liquorix-686 installation runs off flash drive.
78 • RE @66 Mint forums up but inaccessible. (by imnotrich on 2016-02-28 08:34:44 GMT from North America)
I apologize if was not clear. When Mint restored the forums, my user ID was not recognized therefore it was impossible to change my password because it did not know who I was. I retained the activation email from a few days earlier but that didn't help either. I suspect it's because my user ID (and solo forum post) was created on or about Feb 20 or 21, and when Clem restored the forums they used a pre-hack snapshot. Because not only was my user deleted, so was my post. Sorry for the confusion.
79 • firejail (by M.Z. on 2016-02-28 09:11:16 GMT from North America)
I've been playing a bit with firejail & like it a lot. It would be nice if there were some easy automated way to set all apps with profiles to automatically start in sandboxed mode by default & perhaps modify the blacklists & whitelists in a user friendly way; however, its still very simple & useful. From what I can tell a few minor mods/new user friendly config tools could easily make this a perfect security tools even for noobs. I'm definitely keeping it on my Mint systems & have already set all browsers to start sandboxed in my LMDE system; however, it a manual process that isn't noob friendly. It's still worth the added peace of mind & I think this has loads of potential for all sorts of users.
80 • using firejail (by M.Z. on 2016-02-28 09:38:00 GMT from North America)
@76 I'm not sure what would be easiest for you, but on my Mint systems I just downloaded both firejail & firetools from their website & used the GDebi graphical installer. If you want to see what's being blocked you can also start firetools & right click within the window & click on 'Tools' from the list that pops up. Then you can see all the items that have started in a firejail session in the new 'Firejail Tools and Stats' window & clicking the PID # gets you to a window where you can click next to either Secomp or Capabilities to see what blacklisted. Also my current Firefox window has a link called 'enabled' next to the Secomp item & I can't seem to save downloads anywhere besides the 'downloads folder', or even see any other folders for that matter.
81 • Tails Linux 2.2 Adds libdvdcss2 For Viewing Protected DVDs (by Bumblebee on 2016-02-28 16:36:54 GMT from North America)
Is it now ILLEGAL to use Tails in the United States?
82 • DVD software (by M.Z. on 2016-02-28 17:36:31 GMT from North America)
@81 Lots of people in the US download distros that let you view DVDs by default; however, there is some legal ambiguity there. That is why some distros like the US based PCLinuxOS make you download such software from their servers, which I believe are based in the Netherlands rather than the US. Either way you go there is still the argument that all the licensing crap was meant to prevent creation of new illegal/blackmarket DVD players, not limit the use of existing DVD players which you should hypothetically be able to use however you please so long as it was legally obtained. Of course some distros like Debian (upstream of Tails) may have a moral stance against such ambiguous software that has possible patent issues & I know Mageia has a special 'tainted' repository made mostly for patent encumbered software.
Anyway the TL:DR version is that DVD playback is a totally gray area, & I don't think anyone has ever had any legal problems despite the patent issues.
83 • Firejail (by pioruns on 2016-02-28 17:41:29 GMT from Europe)
I am using Linux Mint LMDE, based on Debian Stable. Firejail is currently not available in this distro. I can't wait for it to be available in LMDE. I may try to install it directly from Debian Testing or .deb file. I was thinking about solution like this one for a long time. I never got around using AppArmor or other difficult packages. On Windows, I was using Sandboxie (virtual writes, no permanent storage for apps). Firejail will be all-in-one solution for me, I will put browser and e-mail client in it. Anyone tried to install Firejail on LMDE?
84 • Firejail and Mint (by Jesse on 2016-02-28 18:27:08 GMT from North America)
>> "Also, curious to know how user can verify/validate Firejail is effectively sandboxing"
The easiest way is to run a program from Firejail/Firetools, like the Firefox web browser, and then try to save a file. As you can see in the screen shot of my article, when sandboxed Firefox can only save in a few select locations. Then you know it is working. You can also read the profiles for a given application, see which folders are read-only or blocked. Then try to access those places from within a sandboxed application. Then you know for sure the sandbox is functioning.
>> "Anyone tried to install Firejail on LMDE?" My review of Firejail in this week's issue was conducting on a computer running LMDE. The Debian package from the official Firejail website works on Debian and LMDE.
85 • firejail (by nolinuxguru on 2016-02-28 18:45:53 GMT from Europe)
@83 Just in case you missed my earlier reply [@43]: "the original source for Firejail is https://firejail.wordpress.com . This is where the author of Firejail explains how to use it and gives Download instructions. By opting to download and compile it from source you gain personal control over this critical piece of security software."
It is better to get the latest source from the author than whatever stale binary that some distro serves up!
86 • 65 • 78 • Linux Mint Forum (by imnotrich) (by FOSSilizing Dinosaur on 2016-02-28 21:10:39 GMT from North America)
Amnesia can be a good thing! Didn't you simply re-register and set whatever password you wish (except, of course, what was stolen in a hack, which should never be used again)?
87 • firejail on LMDE (by M.Z. on 2016-02-28 22:26:16 GMT from North America)
@83 I mentioned in post #79, I also found it works quite well in LMDE. Just download the .deb from the website, then right click on it & use GDebi to install in Cinnamon/Mate. Very quick & easy, though I didn't quite get where the file for the checksum was supposed to be. It funny, but that checksum security bit was the only thing i didn't get prior to the install. Opening the folder in command line & typing in sha256sum before the package name is easy enough, but I don't know what to check the result against given the description on the website & the files I downloaded.
Where is the firejail-X.Y.Z.asc file supposed to be anyway? Or is there an easy to checksum things that isn't explained on the firejail site? They do have a giant GnuPG key posted on their site; however, what to do with such a thing is a bit a a mystery to me & probably many of the other users who thought figuring out SELinux or AppArmor would be hard. The arcane Linux knowledge required to check the integrity of the this security tool is a bit ironic given the apparent target audience.
Number of Comments: 87
Display mode: DWW Only • Comments Only • Both DWW and Comments
| | |
TUXEDO |
TUXEDO Computers - Linux Hardware in a tailor made suite Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
|
Archives |
• Issue 1090 (2024-09-30): Rhino Linux 2024.2, commercial distros with alternative desktops, Valve seeks to improve Wayland performance, HardenedBSD parterns with Protectli, Tails merges with Tor Project, Quantum Leap partners with the FreeBSD Foundation |
• Issue 1089 (2024-09-23): Expirion 6.0, openKylin 2.0, managing configuration files, the future of Linux development, fixing bugs in Haiku, Slackware packages dracut |
• Issue 1088 (2024-09-16): PorteuX 1.6, migrating from Windows 10 to which Linux distro, making NetBSD immutable, AlmaLinux offers hardware certification, Mint updates old APT tools |
• Issue 1087 (2024-09-09): COSMIC desktop, running cron jobs at variable times, UBports highlights new apps, HardenedBSD offers work around for FreeBSD change, Debian considers how to cull old packages, systemd ported to musl |
• Issue 1086 (2024-09-02): Vanilla OS 2, command line tips for simple tasks, FreeBSD receives investment from STF, openSUSE Tumbleweed update can break network connections, Debian refreshes media |
• Issue 1085 (2024-08-26): Nobara 40, OpenMandriva 24.07 "ROME", distros which include source code, FreeBSD publishes quarterly report, Microsoft updates breaks Linux in dual-boot environments |
• Issue 1084 (2024-08-19): Liya 2.0, dual boot with encryption, Haiku introduces performance improvements, Gentoo dropping IA-64, Redcore merges major upgrade |
• Issue 1083 (2024-08-12): TrueNAS 24.04.2 "SCALE", Linux distros for smartphones, Redox OS introduces web server, PipeWire exposes battery drain on Linux, Canonical updates kernel version policy |
• Issue 1082 (2024-08-05): Linux Mint 22, taking snapshots of UFS on FreeBSD, openSUSE updates Tumbleweed and Aeon, Debian creates Tiny QA Tasks, Manjaro testing immutable images |
• Issue 1081 (2024-07-29): SysLinuxOS 12.4, OpenBSD gain hardware acceleration, Slackware changes kernel naming, Mint publishes upgrade instructions |
• Issue 1080 (2024-07-22): Running GNU/Linux on Android with Andronix, protecting network services, Solus dropping AppArmor and Snap, openSUSE Aeon Desktop gaining full disk encryption, SUSE asks openSUSE to change its branding |
• Issue 1079 (2024-07-15): Ubuntu Core 24, hiding files on Linux, Fedora dropping X11 packages on Workstation, Red Hat phasing out GRUB, new OpenSSH vulnerability, FreeBSD speeds up release cycle, UBports testing new first-run wizard |
• Issue 1078 (2024-07-08): Changing init software, server machines running desktop environments, OpenSSH vulnerability patched, Peppermint launches new edition, HardenedBSD updates ports |
• Issue 1077 (2024-07-01): The Unity and Lomiri interfaces, different distros for different tasks, Ubuntu plans to run Wayland on NVIDIA cards, openSUSE updates Leap Micro, Debian releases refreshed media, UBports gaining contact synchronisation, FreeDOS celebrates its 30th anniversary |
• Issue 1076 (2024-06-24): openSUSE 15.6, what makes Linux unique, SUSE Liberty Linux to support CentOS Linux 7, SLE receives 19 years of support, openSUSE testing Leap Micro edition |
• Issue 1075 (2024-06-17): Redox OS, X11 and Wayland on the BSDs, AlmaLinux releases Pi build, Canonical announces RISC-V laptop with Ubuntu, key changes in systemd |
• Issue 1074 (2024-06-10): Endless OS 6.0.0, distros with init diversity, Mint to filter unverified Flatpaks, Debian adds systemd-boot options, Redox adopts COSMIC desktop, OpenSSH gains new security features |
• Issue 1073 (2024-06-03): LXQt 2.0.0, an overview of Linux desktop environments, Canonical partners with Milk-V, openSUSE introduces new features in Aeon Desktop, Fedora mirrors see rise in traffic, Wayland adds OpenBSD support |
• Issue 1072 (2024-05-27): Manjaro 24.0, comparing init software, OpenBSD ports Plasma 6, Arch community debates mirror requirements, ThinOS to upgrade its FreeBSD core |
• Issue 1071 (2024-05-20): Archcraft 2024.04.06, common command line mistakes, ReactOS imports WINE improvements, Haiku makes adjusting themes easier, NetBSD takes a stand against code generated by chatbots |
• Issue 1070 (2024-05-13): Damn Small Linux 2024, hiding kernel messages during boot, Red Hat offers AI edition, new web browser for UBports, Fedora Asahi Remix 40 released, Qubes extends support for version 4.1 |
• Issue 1069 (2024-05-06): Ubuntu 24.04, installing packages in alternative locations, systemd creates sudo alternative, Mint encourages XApps collaboration, FreeBSD publishes quarterly update |
• Issue 1068 (2024-04-29): Fedora 40, transforming one distro into another, Debian elects new Project Leader, Red Hat extends support cycle, Emmabuntus adds accessibility features, Canonical's new security features |
• Issue 1067 (2024-04-22): LocalSend for transferring files, detecting supported CPU architecure levels, new visual design for APT, Fedora and openSUSE working on reproducible builds, LXQt released, AlmaLinux re-adds hardware support |
• Issue 1066 (2024-04-15): Fun projects to do with the Raspberry Pi and PinePhone, installing new software on fixed-release distributions, improving GNOME Terminal performance, Mint testing new repository mirrors, Gentoo becomes a Software In the Public Interest project |
• Issue 1065 (2024-04-08): Dr.Parted Live 24.03, answering questions about the xz exploit, Linux Mint to ship HWE kernel, AlmaLinux patches flaw ahead of upstream Red Hat, Calculate changes release model |
• Issue 1064 (2024-04-01): NixOS 23.11, the status of Hurd, liblzma compromised upstream, FreeBSD Foundation focuses on improving wireless networking, Ubuntu Pro offers 12 years of support |
• Issue 1063 (2024-03-25): Redcore Linux 2401, how slowly can a rolling release update, Debian starts new Project Leader election, Red Hat creating new NVIDIA driver, Snap store hit with more malware |
• Issue 1062 (2024-03-18): KDE neon 20240304, changing file permissions, Canonical turns 20, Pop!_OS creates new software centre, openSUSE packages Plasma 6 |
• Issue 1061 (2024-03-11): Using a PinePhone as a workstation, restarting background services on a schedule, NixBSD ports Nix to FreeBSD, Fedora packaging COSMIC, postmarketOS to adopt systemd, Linux Mint replacing HexChat |
• Issue 1060 (2024-03-04): AV Linux MX-23.1, bootstrapping a network connection, key OpenBSD features, Qubes certifies new hardware, LXQt and Plasma migrate to Qt 6 |
• Issue 1059 (2024-02-26): Warp Terminal, navigating manual pages, malware found in the Snap store, Red Hat considering CPU requirement update, UBports organizes ongoing work |
• Issue 1058 (2024-02-19): Drauger OS 7.6, how much disk space to allocate, System76 prepares to launch COSMIC desktop, UBports changes its version scheme, TrueNAS to offer faster deduplication |
• Issue 1057 (2024-02-12): Adelie Linux 1.0 Beta, rolling release vs fixed for a smoother experience, Debian working on 2038 bug, elementary OS to split applications from base system updates, Fedora announces Atomic Desktops |
• Issue 1056 (2024-02-05): wattOS R13, the various write speeds of ISO writing tools, DSL returns, Mint faces Wayland challenges, HardenedBSD blocks foreign USB devices, Gentoo publishes new repository, Linux distros patch glibc flaw |
• Issue 1055 (2024-01-29): CNIX OS 231204, distributions patching packages the most, Gentoo team presents ongoing work, UBports introduces connectivity and battery improvements, interview with Haiku developer |
• Issue 1054 (2024-01-22): Solus 4.5, comparing dd and cp when writing ISO files, openSUSE plans new major Leap version, XeroLinux shutting down, HardenedBSD changes its build schedule |
• Issue 1053 (2024-01-15): Linux AI voice assistants, some distributions running hotter than others, UBports talks about coming changes, Qubes certifies StarBook laptops, Asahi Linux improves energy savings |
• Issue 1052 (2024-01-08): OpenMandriva Lx 5.0, keeping shell commands running when theterminal closes, Mint upgrades Edge kernel, Vanilla OS plans big changes, Canonical working to make Snap more cross-platform |
• Issue 1051 (2024-01-01): Favourite distros of 2023, reloading shell settings, Asahi Linux releases Fedora remix, Gentoo offers binary packages, openSUSE provides full disk encryption |
• Issue 1050 (2023-12-18): rlxos 2023.11, renaming files and opening terminal windows in specific directories, TrueNAS publishes ZFS fixes, Debian publishes delayed install media, Haiku polishes desktop experience |
• Issue 1049 (2023-12-11): Lernstick 12, alternatives to WINE, openSUSE updates its branding, Mint unveils new features, Lubuntu team plans for 24.04 |
• Issue 1048 (2023-12-04): openSUSE MicroOS, the transition from X11 to Wayland, Red Hat phasing out X11 packages, UBports making mobile development easier |
• Issue 1047 (2023-11-27): GhostBSD 23.10.1, Why Linux uses swap when memory is free, Ubuntu Budgie may benefit from Wayland work in Xfce, early issues with FreeBSD 14.0 |
• Issue 1046 (2023-11-20): Slackel 7.7 "Openbox", restricting CPU usage, Haiku improves font handling and software centre performance, Canonical launches MicroCloud |
• Issue 1045 (2023-11-13): Fedora 39, how to trust software packages, ReactOS booting with UEFI, elementary OS plans to default to Wayland, Mir gaining ability to split work across video cards |
• Issue 1044 (2023-11-06): Porteus 5.01, disabling IPv6, applications unique to a Linux distro, Linux merges bcachefs, OpenELA makes source packages available |
• Issue 1043 (2023-10-30): Murena Two with privacy switches, where old files go when packages are updated, UBports on Volla phones, Mint testing Cinnamon on Wayland, Peppermint releases ARM build |
• Issue 1042 (2023-10-23): Ubuntu Cinnamon compared with Linux Mint, extending battery life on Linux, Debian resumes /usr merge, Canonical publishes fixed install media |
• Issue 1041 (2023-10-16): FydeOS 17.0, Dr.Parted 23.09, changing UIDs, Fedora partners with Slimbook, GNOME phasing out X11 sessions, Ubuntu revokes 23.10 install media |
• Issue 1040 (2023-10-09): CROWZ 5.0, changing the location of default directories, Linux Mint updates its Edge edition, Murena crowdfunding new privacy phone, Debian publishes new install media |
• Issue 1039 (2023-10-02): Zenwalk Current, finding the duration of media files, Peppermint OS tries out new edition, COSMIC gains new features, Canonical reports on security incident in Snap store |
• Issue 1038 (2023-09-25): Mageia 9, trouble-shooting launchers, running desktop Linux in the cloud, New documentation for Nix, Linux phasing out ReiserFS, GNU celebrates 40 years |
• Issue 1037 (2023-09-18): Bodhi Linux 7.0.0, finding specific distros and unified package managemnt, Zevenet replaced by two new forks, openSUSE introduces Slowroll branch, Fedora considering dropping Plasma X11 session |
• Issue 1036 (2023-09-11): SDesk 2023.08.12, hiding command line passwords, openSUSE shares contributor survery results, Ubuntu plans seamless disk encryption, GNOME 45 to break extension compatibility |
• Full list of all issues |
Star Labs |
Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.
|
Random Distribution |
trixbox
trixbox (formerly known as Asterisk@Home) was a CentOS-based Linux distribution that enables the home user to quickly set up a VoIP Asterisk PBX. A web GUI makes configuration and operation easy. The CD also includes an xPL (home automation) interface for easy interaction with other devices in the home.
Status: Discontinued
|
TUXEDO |
TUXEDO Computers - Linux Hardware in a tailor made suite Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
|
Star Labs |
Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.
|
|