 DistroWatch Weekly |
| DistroWatch Weekly, Issue 888, 19 October 2020 |
Welcome to this year's 42nd issue of DistroWatch Weekly!
Everything we do on-line transmits information other people can see and collect. Our browser's identification, our IP address, sometimes our location, and operating system are all bits of data that tend to leak out into the world. There are a few projects which try to block the flow of information our computers share with the world, with perhaps the most recognized being Tails. The Tails distribution provides a live desktop environment and anonymous browsing tools to help people protect their privacy while communicating and sharing files on-line. We begin this week with an overview of the Tails distribution and some of its key features. In our Questions and Answers column we continue the security-focused discussion as we talk about rootkits. What is a rootkit and how hard can they be to remove? We touch on these topics below. Do you run any software designed to detect rootkits or other forms of malware? Let us know about them in our Opinion Poll. Also on the security side of things, the IPFire project works to keep networks safe. In our News section we talk about how IPFire quickly looks up information about connecting clients. Plus we cover new features and support for new platforms coming to the UBports installer. We are also pleased to share the releases of the past week and list the torrents we are seeding. We wish you all a terrific week and happy reading!
Content:
- Review: Tails 4.11
- News: UBports improves installer, IPFire explains location lookups
- Questions and answers: Detecting and dealing with rootkits
- Released last week: Porteus Kiosk 5.1.0, Parted Magic 2020_10_12, OpenBSD 6.8
- Torrent corner: antiX, CloudReady, KDE neon, PCLinuxOS, Porteus Kiosk, Redo Rescue, Rescuezilla, Ultimate Edition, Untangle
- Upcoming releases: Ubuntu 20.10, Tails 4.12
- Opinion poll: Checking for rootkits
- New distributions: AllegianceOS
- Reader comments
Listen to the Podcast edition of this week's DistroWatch Weekly in OGG (16MB) and MP3 (12MB) formats.
|
| Feature Story (by Jesse Smith) |
Tails 4.11
The Amnesic Incognito Live System (better known as Tails) is a Debian-based live DVD/USB with the goal of providing complete Internet anonymity for the user. The distribution ships with several Internet applications, including web browser, IRC client, mail client and instant messenger. The distribution transfers Internet traffic through the Tor network to hide its origin.
One of the project's latest releases was version 4.11. (At the time of writing 4.12 is about to be published, though without any significant new features.) Lately the project has mostly focused on bug fixes and minor tweaks, though Tails 4.11 introduces the option of persistent storage for some of the distribution's settings and data. Persistent storage is not enabled by default, but can be set up using tools included on the live media.
Tails is available for 64-bit (x86_64) computers and its live media is approximately 1.2GB in size. The live media can be written to a DVD or USB thumb drive. There are separate files provided depending on whether we want to write the distribution to DVD or USB media, however I tested and confirmed the DVD image can be written to, and run from, a USB thumb drive if need be.
Early impressions
Booting from the Tails media brings up a welcome screen. This graphical interface offers to either start the desktop session or shutdown the operating system. On this welcome screen we can click buttons to bring up settings options that allow us to select our keyboard layout, language, and locale formats. At the bottom of the welcome window is a button which opens additional settings. These extra settings are security related and allow us to assign a password to the administrator account, enable/disable MAC address spoofing, set whether to allow the "Unsafe Browser" to run, and how to connect to the Tor network or to disable networking entirely.
Tails 4.11 -- Running LibreOffice and checking the version of Tails
(full image size: 116kB, resolution: 1366x768 pixels)
These settings mostly default to providing more security. The administrative functions are blocked by default with the lack of a password. MAC address spoofing is turned on in an effort to make us harder to track on-line, and using the "Unsafe Browser" is blocked. Networking is enabled by default, but is set to pass information through the Tor network to hide the origin of our traffic.
Once we start the desktop session, the distribution loads the GNOME 3.30 interface. We are then automatically connected to the Tor network, assuming our computer has a working network connection. GNOME presents us with a panel across the top of the screen. This panel contains two menus, Applications and Places, in the upper-left corner. In the middle of the panel is a date and time widget which, when clicked, displays a calendar and recent notifications. Further to the right is the system tray. In the far upper-right corner we find a menu that provides access to the settings panel, network settings, and logoff/shutdown options.
Tails 4.11 -- Connecting to the Tor network
(full image size: 88kB, resolution: 1366x768 pixels)
On the desktop we can find icons for accessing the Trash (ie the file manager) along with two icons labelled "Documentation" and "Report an error". The latter two icons open the Tor Browser, which is an altered version of Firefox ESR, and displays tips on getting support and using the distribution. The documentation section of the Tails website is a good read and I recommend browsing it. The distribution's documentation provides information on system requirements, key features, and tips on staying anonymous. Not only that, it also talks about the limitations Tails has. We are warned the distribution cannot protect us against hardware-related attacks and that people monitoring the network can see that we are accessing the Tor network, which may raise flags at work, for example.
Hardware
I started out by testing Tails in a VirtualBox environment. Tails performed well in the virtual machine. The desktop dynamically resized with the VirtualBox window and desktop performance was, while slightly below average, still good enough to be practical. I like that Tails warns us when it detects it is running in a virtual machine as it helps us avoid eavesdropping from administrators.
When running Tails on my laptop the distribution performed very well. Desktop performance was quite good, all of my hardware was properly detected, wireless networking functioned out of the box, and the system was stable.
The distribution's memory usage fluctuated quite a bit once the GNOME desktop finished loading. The Tails website mentions the distribution checks for security updates automatically and I think this, and perhaps connecting to the Tor network, causes a memory spike. When GNOME first loads the system uses about 590MB of RAM. This rises to just over 700MB after a minute. Generally, RAM usage settled down to about 600MB after a few minutes.
Applications
Scanning through the Tails application menu we find the Tor Browser, which is a modified version of Firefox. There is also an application called Unsafe Browser. This is also basically Firefox, but while Tor Browser connects to the Internet through the Tor network, hiding our location, Unsafe Browser accesses the web directly. Using Unsafe Browser basically removes any protection we had from using the Tor network while providing a faster browsing experience as traffic is not rerouted through proxies.
Tails 4.11 -- Tor Browser ships with privacy extensions
(full image size: 110kB, resolution: 1366x768 pixels)
The application menu includes the Thunderbird e-mail client, the Pidgin messaging software, and Electrum Bitcoin Wallet. OnionShare is included and I will talk about it in detail later. Tails ships with LibreOffice, the GNU Image Manipulation Program, and Inkscape. The Audacity audio editor and Brasero disc burning software are available, along with the Videos (Totem) application which is included for playing media files. Tails ships with media codecs already installed for us.
There are tools available for setting up persistent volume storage, formatting disk partitions, and editing text files. There is a tool called GtkHash for getting file checksums, particularly in MD5, SHA1, and SHA256 hashes. There is a simple image viewer, the KeePassXC password manager, and a tool for unlocking VeraCrypt storage volumes. There is a tool for installing Tails, though I suspect most people will stick to using the distribution in its live desktop form. In the background Tails uses the systemd init software and runs on version 5.7 of the Linux kernel.
OnionShare
One of the interesting features Tails includes is OnionShare. This desktop application helps us share files over the Tor network. OnionShare begins by allowing us to browse our system for a file (or files) we wish to share. Then we click a button to start sharing the file. OnionShare will set up a unique address on the Tor network and allow computers using Tor to access our computer to grab the file. The unique address for this file is displayed in the OnionShare window and we can copy it to other applications to share it with people. Basically, OnionShare makes it possible to semi-anonymously share a file with other people through the Tor network.
Tails 4.11 -- Transferring a file over OnionShare
(full image size: 89kB, resolution: 1366x768 pixels)
One interesting characteristic of OnionShare is it stops making the file we are sharing available after it has been downloaded. This means once our contact has retrieved the file it is no longer available to anyone else; the service shuts down automatically. This is usually a good thing. Though it may be frustrating if the person retrieving the file needs to cancel and resume the download, or if their connection times out. In these situations they need to contact us and ask us to share the file again, which requires setting up the service and getting a new unique URL.
I had used OnionShare a few years ago and, at the time, could not get it to work. The setup process where a file was assigned a unique identifier never completed successfully at the time. This week I tried using OnionShare repeatedly and it worked each time. There is a bit of a delay before the shared files become available on the Tor network (about 30 seconds in my case) but it always worked.
Other observations
I tried setting up persistent storage media in a few environments. This seems like a good tool, though it does have some limitations at the moment. For example, it requires Tails to run from a USB drive and saves data to the same thumb drive. When we run Tails from another type of media, such as a DVD, we cannot use a hard drive or thumb drive as the storage device. This is probably for the best as most people are unlikely to want to split their data files and the Tails operating system between separate devices they need to manage.
As I mentioned earlier, the Unsafe Browser is disabled by default. It can be enabled through the welcome screen when Tails first launches. As far as I can tell there is no way to enable this browser after the welcome screen has been dismissed. When we do enable and launch the Unsafe Browser it displays two warnings letting us know our traffic is not being rerouted. The theme of the Unsafe Browser is bright red to further drive home the point that we should be running the regular Tor Browser for the sake of anonymity.
Tails 4.11 -- Running the Unsafe Browser
(full image size: 109kB, resolution: 1366x768 pixels)
As far as I could tell the web browser is unable to provide audio output. Even when watching videos on-line the browser would not create any audio and the Tor Browser does not show up in the distribution's audio controls or list of applications providing sound output. Other applications, such as Totem, do play audio.
By default Tails does not enable administrative functions. This means any application which requires admin access is blocked. This affects tools like the disk manager and Synaptic package manager. Administrative access can be enabled by setting an admin password in the welcome window.
The GNOME desktop locks itself after a short timeout, by default after just five minutes. If this interval is too short it can be adjusted in the GNOME settings panel.
Tails 4.11 -- The settings panel and file manager
(full image size: 90kB, resolution: 1366x768 pixels)
Software management
In case we wish to update existing software or add new programs to Tails the distribution ships with the Synaptic package manager. Synaptic provides a low-level view of packages and can download, remove, or update software on the system. Synaptic will only work if we have set an admin password from the distribution's welcome screen. Synaptic works reliably, though it is slow as its network traffic is routed through Tor. This makes for slower downloads.
There is a tool in the application menu called Additional Software. This tool assists us in adding software from persistent media, if persistent storage has been enabled. This should make it easier to run extra applications from local media rather than downloading them each time we boot Tails.
Conclusions
Tails fills an important, though rarely explored, niche in the computing ecosystem. Tails attempts to provide not just secure, but also anonymous on-line communication. Tails is quite focused. It's not trying to be a general purpose operating system, rather it is dedicated to providing a simple interface and a fairly locked down environment in which people can get on-line, look up information, share files, and exchange messages. The Debian base proves to be quite stable and the current GNOME desktop offers good performance.
One thing I like about Tails is it automates the software we need for on-line communication and file sharing. The distribution automatically connects to the Tor network and the initial setup process is streamlined. There are not many extra features offered outside of the distribution's core purpose. In fact, most unnecessary features, like the admin password, are disabled to avoid potential security issues.
Something else I like about the project is the documentation. Partly for what it explains and that it tells us how to perform tasks. However, it also describes the distribution's limitations and things Tails cannot do to protect us. This is a good, transparent approach to keeping people safe as it should avoid false senses of security. On a similar note, I like that Tails often tries to warn us against doing something foolish, but does not prevent us from engaging in ill-advised activities. We can run a web browser and connect it directly to the Internet, though Tails will tell us it is a bad idea. The distribution defaults to blocking admin access, though we can override this setting too. In short, Tails tries its best to protect the user, but does not stop the user from forging ahead if they deem it necessary.
Tails is very focused on its niche and performs its tasks well using appropriate tools. There are not many distributions dedicated to keeping users anonymous on-line and Tails does an excellent job of automating the process and making it friendly for people who need private communication, but may not be technical experts.
* * * * *
Hardware used in this review
My physical test equipment for this review was a de-branded HP laptop with the following
specifications:
- Processor: Intel i3 2.5GHz CPU
- Display: Intel integrated video
- Storage: Western Digital 700GB hard drive
- Memory: 6GB of RAM
- Wired network device: Realtek RTL8101E/RTL8102E PCI Express Fast
- Wireless network device: Realtek RTL8188EE Wireless network card
* * * * *
Visitor supplied rating
Tails has a visitor supplied average rating of: 5/10 from 17 review(s).
Have you used Tails? You can leave your own review of the project on our ratings page.
|
| Miscellaneous News (by Jesse Smith) |
UBports improves installer, IPFire explains location lookups
The UBports team has published a news update which provides an overview of what the project is currently working on. The system installer is receiving a lot of attention at the moment with work going into supporting multiple operating systems and some new devices. "Jan reported that UBports installer 0.5.2-beta has been released. Heimdal support is now included, which enables Samsung support; it can be used to install other operating systems - great for Volla for example; there are some bug fixes and you can now use the installer behind a proxy. It can also now download archive files, which will assist those on poor connections. Finally there is a new supported device - the Nexus 6P. Unfortunately there is also a new bug in the Windows version of the beta. The installer fails at the last step. Use an older version for now but the next release will provide a fix. We still need testers for that fix, so volunteers please! The next release will also have support for Electron 10, rather than the Electron 5 we were stuck with before. Beyond that, we are working on some modifications which will aid installs on the Raspberry Pi and the Pinebook Pro." Additional information can be found in the project's blog post.
* * * * *
Being able to look up information on an IP address, such as the physical location where it originated, is a common practise which can help developers determine which version of a website to show. It can also help security software determine whether to block or flag unexpected access attempts. The IPFire team has put together a set of tools to help deal with IP location lookups and they have published a blog post about their solution: "Many target applications for our library need to be fast. Nobody likes to wait for a website to load, but more importantly, applications like an Intrusion Prevention System need to be able to handle a large number of packets a second. If a source IP address needs to be classified by using libloc, this can only take a couple of nanoseconds. A millisecond would already cause a performance impact and connections would take too long to establish. That is why the goal was that the database needed to be searchable in O(1) - or for those who are not familiar with Landau symbols: every search should take the same time, no matter where in the database the object is stored." The blog goes on to outline the problems and solutions the IPFire developers explored.
* * * * *
These and other news stories can be found on our Headlines page.
|
| Questions and Answers (by Jesse Smith) |
Detecting and dealing with rootkits
Ghosts-in-the-machine asks: Linux has few problems with malware, by and large, but there is a serious threat posed by rootkits. Evil hackers have cunning tricks up their sleeves to get a rootkit installed on an unsuspecting user's computer. If the rootkit takes control of the BIOS, the hackers obtain full control of the machine. What can be done then to fix this problem? Will replacing the BIOS firmware get the user his machine back?
DistroWatch answers: First, let's talk a little bit about what a rootkit is. In a broad sense a rootkit is a program (or collection of programs) which grant an unauthorized user access to a computer. Typically a rootkit provides remote access over the network and, usually, the rootkit will strive to provide elevated privileges to the unauthorized user. As the name suggests, a rootkit will typically try to provide access to the root user account, or higher access such as at the kernel-level.
A rootkit can be installed in a variety of ways. Sometimes the user is tricked into installing the software, sometimes a rootkit is installed by hijacking a web browser, or brute forcing a login through a remote shell. Whatever the avenue of attack, the rootkit will typically open up remote access for the malicious user and attempt to hide itself on the system.
I feel it is worth pointing out that there is nothing special about a rootkit which makes it more likely than a virus or other form of malware to be installed by a malicious user. The same security techniques and features Linux offers which protect users against other forms of malware also work against rootkits.
How does a rootkit hide? Some of them may disguise themselves as familiar looking software, with a typo in the name. For example, a rootkit might call itself "1s" (one-s) instead of "ls" (elle-s) in order to blend in. Others will try to hide their processes in various ways, infect existing binaries, or insert themselves into the kernel.
A few rootkits will even try to embed themselves into lower level components of the computer's hardware, for example in the BIOS firmware or in the software that runs a hard drive or other piece of attached equipment. Which brings us back to the original question: If a rootkit takes control of the hardware (through the BIOS firmware) can we get the machine back into its pristine condition?
The answer is that we can usually restore the machine back to its working order. The specific steps will depend a lot on your equipment and are a bit outside the scope of this article. However, typically the steps are to:
- Unplug as many attached components and disk drives from the computer as you can. This attempts to avoid the BIOS being re-infected if other copies of the rootkit are hidden in other pieces of hardware.
- Use a boot disc, preferably a read-only CD, to launch a BIOS repair utility and reset or restore the BIOS firmware.
- Restart the computer and verify the malware is gone.
- Reattach or replace the old disk drives and other components we removed in the first step.
- Re-install the operating system.
The above process does not guarantee the computer is in a clean and rootkit-free state. However, it is about as close to certain as we can get. There is always a small chance the rootkit can launch itself from the BIOS, wait until the firmware is restored, and then re-install itself. However that is a rare and, so far as I know, unverified level of persistence from a rootkit.
Most rootkits I have encountered work at the operating system level, rather than the hardware/BIOS level, and can usually be removed by backing up one's files and re-installing the operating system from scratch. This would be my first suggestion, wiping the operating system, and then see if the rootkit has been successfully removed.
There are some common tools for checking for rootkits. You may want to investigate the chkrootkit tool, which is available in most Linux distributions. You may also be interested in looking at the Clam AV anti-virus software which can detect a variety of malware.
* * * * *
Additional answers can be found in our Questions and Answers archive.
|
| Released Last Week |
Porteus Kiosk 5.1.0
Tomasz Jokiel has announced the release of Porteus Kiosk 5.1.0, a single-purpose, Gentoo-based Linux distribution designed for web kiosks and limited to web browsing with Firefox or Google Chrome: "I am pleased to announce that Porteus Kiosk 5.1.0 is now available for download. Major software upgrades in this release include: Linux kernel 5.4.70, Google Chrome 85.1.4183.121 and Mozilla Firefox 78.3.1 ESR. Packages from the userland are upgraded to portage snapshot tagged on 20201004. Short changelog for 5.1.0 release: silent printing feature is available again for the Firefox browser after Mozilla developers fixed the bug which we have reported to them; it's possible to wipe the guest's home folder from the persistent partition using the 'persistence=wipe' parameter in remote kiosk config; enabled microphone and webcam redirection for the Citrix Workspace sessions by default; disabled 'irc://' and 'ircs://' handlers for the Firefox browser which in certain circumstances could allow an attacker to unlock default browser profile and run other applications in kiosk...." Continue to the release announcement for further details.
Parted Magic 2020_10_12
Parted Magic, a live disc utility for managing disks and partitions as well as rescuing data has released a new version which introduces two major changes. The first is the graphical interface has migrated from Openbox to Xfce and the second is Parted Magic is now a 64-bit distribution. "Desktop is now Xfce and you can configure the crap of it now with GUIs and use the save session. The NVIDIA drivers are used by default. This was a big gain moving to 64-bit. Lots of program requests that were not possible or problematic because of the 32-bit system are now included. LibreOffice, Wireshark, Keepassxc, VLC, etc. This should put a smile on a lot of faces: international language support and man pages have returned. All languages supported by Linux should be available. Not a cherry picking of a few European countries. Ibus is also included. You'll see the new entry in the boot menu to get this going. The downside: the ISO is now 1.5GB. I found some old laptops and tested the bigger Parted Magic. The one with 2GB of RAM worked just fine in live mode. Another one with 4GB ran just fine from RAM. Even the cheapest computers made in the last 10 years can still run this." Further information can be found on the project's news page.
Untangle NG Firewall 16.0.1
Untangle, Inc. has announced the release of Untangle NG Firewall 16.0.1, a major new update of the company's Debian-based firewall and network gateway designed for small to medium-sized enterprises. Besides an upgrade of the base system to Debian 10, the main new feature of the release is the addition of WireGuard VPN: "Untangle, Inc., today announced the latest release of its award-winning flagship product, NG Firewall. NG Firewall 16.0 includes significant updates including the addition of WireGuard VPN which allows for VPN options to fit any type of networking deployment and administrative preferences, better addressing any organization's critical VPN connectivity needs. In today's world of increased remote work, VPN technology is being heavily relied upon to help users and businesses connect safely to a network. In fact, a recent SMB security survey reveals that SMBs rank firewalls (82%) and VPN technologies (47%) as the most important features when considering which IT security solutions to purchase." See the company's full press release for further details.
Rescuezilla 2.0
Shasheen Ediriweera has announced the release of Rescuezilla 2.0, a major new version of the fork of the "Redo Backup & Restore" distribution. This is the first 64-bit only release: "Rescuezilla 2.0 is a major upgrade. Key changes: switched to creating backups in Clonezilla format for full interoperability with Clonezilla - Rescuezilla is now a drop-in replacement to Clonezilla; backups created using Clonezilla can be restored using Rescuezilla and vice versa; warning - backups created with Rescuezilla 2.0 cannot be restored using earlier versions of Rescuezilla; backups created with older versions of Rescuezilla can still of course be restored with 2.0; added ability to restore individual partitions and optionally to not overwrite partition table; rewrote the Rescuezilla frontend in the Python 3 programming language; added backup/restore confirmation and summary pages, back button; improved exit code handling and error messages, image selection; disabled Linux time sync to prevent hardware clock modification; Added the ability to backup and restore software RAID (md) devices.... Read the full changelog for further information.
Rescuezilla 2.0 -- The Rescuezilla welcome screen
(full image size: 146kB, resolution: 1920x1080 pixels)
Redo Rescue 3.0.0
Zebradots Software has announced the release of Redo Rescue 3.0.0, a major new build of the project's specialist distribution designed for bare metal backups and system restoration tasks. This version upgrades the underlying operating system to Debian 10: "This release marks a major milestone as we upgrade to the Debian 10 base system for ISO images. This means expanded hardware support, UEFI images with Secure Boot, more recent binaries for Partclone and all other included tools. Non-free linux firmware is not enabled by default, but the option to add it can be changed in the make file. Changes in this release are limited only to upgrading the base operating system. As of this release, the application itself remains identical to the 2.0.7 release. The 2.0.x series based on Debian 9 will continue to exist as a stable release, but will not receive future updates (unless a major bug is discovered). Other changes: beautiful new GRUB-based bootloader theme with dynamic screen layout; language selection menu for future multiple language support; no application changes; release is strictly to upgrade base system. Here is the complete release announcement as published on the project's GitHub page.
antiX 19.3
antiX, a lightweight, desktop Linux distribution featuring IceWM as the default window manager, has been upgraded to version 19.3. It comes in the usual range of variants (net, core, base and full), supporting both SysV and Runit init systems: "All new ISO images are bug-fix and upgrade improvements of antiX 19 SysV and Runit series. antiX 19.3 'Manolis Glezos' is based on Debian 10 'Buster' and is fully systemd-free. The 32-bit editions use a non-pae kernel. This series has put on some weight mainly due to the kernel supporting old and new hardware and the inclusion of more firmware (full, base and core editions). Changes: antiX WiFi switch - tool to choose which WiFi manager to use, default is ConnMan, Ceni available; improved and updated localisation; mps-youtube includes another fix for apt_key bug; a newer 4.9.235 Linux kernel; Firefox 78.3.0esr; LibreOffice 7.0.2; IceWM upgraded to latest upstream version (1.8.3); latest firmware backported from Debian 'sid'...." See the release announcement for further information.
antiX 19.3 -- Exploring the application menu
(full image size: 165kB, resolution: 1280x1024 pixels)
Linux Kodachi 7.3
Warith Al Maawali has announced the release of Linux Kodachi 7.3, the latest stable build of the project's privacy-focused Linux distribution (with VPN, Tor and DNSCrypt) based on Xubuntu and featuring a highly customised Xfce desktop. Besides fixing some reported bugs, this release also upgrades the Linux kernel to version 5.8, upgrades the underlying system to Xubuntu 18.04.5 and updates Tor and LibreOffice (version 7.0.2rc2). From the changelog: "Linux kernel upgrade from 5.4 to 5.8; full system update from Xubuntu 18.04 to Xubuntu 18.04.5 LTS; added Demonsaw (an encrypted communications platform for chatting, messaging and transferring files without fear of data collection or surveillance); fixed Tor browser issue; fixed SSH key generation; Conky performance fixed; menu bug fixed; VPN configuration files updated; MyMonero, Electron, Wire, Xnview, Veracrypt, Session messenger and full system update done; replaced Nano with Ublock Origin on browsers; removed online installer as it caused issues when live image is too old."
OpenBSD 6.8
The OpenBSD project produces a free, multi-platform UNIX-like operating system. Its efforts emphasize portability, standardisation, correctness, proactive security and integrated cryptography. The project's latest release, OpenBSD 6.8, introduces support for the powerpc64 CPU architecture, improves the speed of time-related operations, and offers several fixes. "New/extended platforms: New powerpc64 platform, supporting PowerNV (non-virtualized) systems with POWER8 and POWER9 CPUs, such as Raptor Computing Systems Talos II and Blackbird systems. POWER8 support has not been tested on real hardware yet. Improvements to time measurements, mostly in the kernel: Added support in the kernel and libc for timecounting in userland, eliminating the need for a context switch everytime a process requests the current time, thereby improving speed and responsiveness in programs which make many gettimeofday(2) calls, especially browsers and office software. The userland timecounters are enabled on the amd64, arm64, macppc, octeon and sparc64 architectures." Further information can be found in the project's release announcement.
* * * * *
Development, unannounced and minor bug-fix releases
|
| Torrent Corner |
Weekly Torrents
The table below provides a list of torrents DistroWatch is currently seeding. If you do not have a bittorrent client capable of handling the linked files, we suggest installing either the Transmission or KTorrent bittorrent clients.
Archives of our previously seeded torrents may be found in our Torrent Archive. We also maintain a Torrents RSS feed for people who wish to have open source torrents delivered to them. To share your own open source torrents of Linux and BSD projects, please visit our Upload Torrents page.
Torrent Corner statistics:
- Total torrents seeded: 2,178
- Total data uploaded: 34.2TB
|
| Upcoming Releases and Announcements |
|
Summary of expected upcoming releases
|
| Opinion Poll (by Jesse Smith) |
Checking for rootkits
In our Questions and Answers column we discussed rootkits, pieces of malware which provide remote access to people who wish to break into computers. There are a number of tools available which can attempt to detect common rookits and other forms of malware. We would like to hear if you run any of these security tools. Let us know which detection tools you deploy on your systems in the comments.
You can see the results of our previous poll on using zRAM to compress data in memory in last week's edition. All previous poll results can be found in our poll archives.
|
Tools for detecting rookits
| I use Clam AV: | 151 (12%) |
| I use chkrootkit: | 93 (8%) |
| I use both of the above: | 122 (10%) |
| I use another detection tool: | 64 (5%) |
| I do not use any rootkit detection tools: | 793 (65%) |
|
|
| Website News |
New distributions added to waiting list
- AllegianceOS. AllegianceOS is a lightweight distribution based on Slackware's development (-current) branch. The distribution ships with the Xfce desktop and runs on 64-bit machines only, though it includes multilib support for 32-bit programs.
* * * * *
DistroWatch database summary
* * * * *
This concludes this week's issue of DistroWatch Weekly. The next instalment will be published on Monday, 26 October 2020. Past articles and reviews can be found through our Article Search page. To contact the authors please send e-mail to:
- Jesse Smith (feedback, questions and suggestions: distribution reviews/submissions, questions and answers, tips and tricks)
- Ladislav Bodnar (feedback, questions, donations, comments)
- Bruce Patterson (podcast)
|
|
| Tip Jar |
If you've enjoyed this week's issue of DistroWatch Weekly, please consider sending us a tip.
(Tips this week: 0, value: US$0.00) |
|
|
|
 bc1qtede6f7adcce4kjpgx0e5j68wwgtdxrek2qvc4  lnurl1dp68gurn8ghj7ampd3kx2ar0veekzar0wd5xjtnrdakj7tnhv4kxctttdehhwm30d3h82unvwqhhxarpw3jkc7tzw4ex6cfexyfua2nr  86fA3qPTeQtNb2k1vLwEQaAp3XxkvvvXt69gSG5LGunXXikK9koPWZaRQgfFPBPWhMgXjPjccy9LA9xRFchPWQAnPvxh5Le paypal.me/distrowatchweekly • patreon.com/distrowatch |
|
| Linux Foundation Training |
|
|
| TUXEDO |
TUXEDO Computers - Linux Hardware in a tailor made suite
Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
|
| Archives |
| • Issue 1046 (2023-11-20): Slackel 7.7 "Openbox", restricting CPU usage, Haiku improves font handling and software centre performance, Canonical launches MicroCloud |
| • Issue 1045 (2023-11-13): Fedora 39, how to trust software packages, ReactOS booting with UEFI, elementary OS plans to default to Wayland, Mir gaining ability to split work across video cards |
| • Issue 1044 (2023-11-06): Porteus 5.01, disabling IPv6, applications unique to a Linux distro, Linux merges bcachefs, OpenELA makes source packages available |
| • Issue 1043 (2023-10-30): Murena Two with privacy switches, where old files go when packages are updated, UBports on Volla phones, Mint testing Cinnamon on Wayland, Peppermint releases ARM build |
| • Issue 1042 (2023-10-23): Ubuntu Cinnamon compared with Linux Mint, extending battery life on Linux, Debian resumes /usr merge, Canonical publishes fixed install media |
| • Issue 1041 (2023-10-16): FydeOS 17.0, Dr.Parted 23.09, changing UIDs, Fedora partners with Slimbook, GNOME phasing out X11 sessions, Ubuntu revokes 23.10 install media |
| • Issue 1040 (2023-10-09): CROWZ 5.0, changing the location of default directories, Linux Mint updates its Edge edition, Murena crowdfunding new privacy phone, Debian publishes new install media |
| • Issue 1039 (2023-10-02): Zenwalk Current, finding the duration of media files, Peppermint OS tries out new edition, COSMIC gains new features, Canonical reports on security incident in Snap store |
| • Issue 1038 (2023-09-25): Mageia 9, trouble-shooting launchers, running desktop Linux in the cloud, New documentation for Nix, Linux phasing out ReiserFS, GNU celebrates 40 years |
| • Issue 1037 (2023-09-18): Bodhi Linux 7.0.0, finding specific distros and unified package managemnt, Zevenet replaced by two new forks, openSUSE introduces Slowroll branch, Fedora considering dropping Plasma X11 session |
| • Issue 1036 (2023-09-11): SDesk 2023.08.12, hiding command line passwords, openSUSE shares contributor survery results, Ubuntu plans seamless disk encryption, GNOME 45 to break extension compatibility |
| • Issue 1035 (2023-09-04): Debian GNU/Hurd 2023, PCLinuxOS 2023.07, do home users need a firewall, AlmaLinux introduces new repositories, Rocky Linux commits to RHEL compatibility, NetBSD machine runs unattended for nine years, Armbian runs wallpaper contest |
| • Issue 1034 (2023-08-28): Void 20230628, types of memory usage, FreeBSD receives port of Linux NVIDIA driver, Fedora plans improved theme handling for Qt applications, Canonical's plans for Ubuntu |
| • Issue 1033 (2023-08-21): MiniOS 20230606, system user accounts, how Red Hat clones are moving forward, Haiku improves WINE performance, Debian turns 30 |
| • Issue 1032 (2023-08-14): MX Linux 23, positioning new windows on the desktop, Linux Containers adopts LXD fork, Oracle, SUSE, and CIQ form OpenELA |
| • Issue 1031 (2023-08-07): Peppermint OS 2023-07-01, preventing a file from being changed, Asahi Linux partners with Fedora, Linux Mint plans new releases |
| • Issue 1030 (2023-07-31): Solus 4.4, Linux Mint 21.2, Debian introduces RISC-V support, Ubuntu patches custom kernel bugs, FreeBSD imports OpenSSL 3 |
| • Issue 1029 (2023-07-24): Running Murena on the Fairphone 4, Flatpak vs Snap sandboxing technologies, Redox OS plans to borrow Linux drivers to expand hardware support, Debian updates Bookworm media |
| • Issue 1028 (2023-07-17): KDE Connect; Oracle, SUSE, and AlmaLinux repsond to Red Hat's source code policy change, KaOS issues media fix, Slackware turns 30; security and immutable distributions |
| • Issue 1027 (2023-07-10): Crystal Linux 2023-03-16, StartOS (embassyOS 0.3.4.2), changing options on a mounted filesystem, Murena launches Fairphone 4 in North America, Fedora debates telemetry for desktop team |
| • Issue 1026 (2023-07-03): Kumander Linux 1.0, Red Hat changing its approach to sharing source code, TrueNAS offers SMB Multichannel, Zorin OS introduces upgrade utility |
| • Issue 1025 (2023-06-26): KaOS with Plasma 6, information which can leak from desktop environments, Red Hat closes door on sharing RHEL source code, SUSE introduces new security features |
| • Issue 1024 (2023-06-19): Debian 12, a safer way to use dd, Debian releases GNU/Hurd 2023, Ubuntu 22.10 nears its end of life, FreeBSD turns 30 |
| • Issue 1023 (2023-06-12): openSUSE 15.5 Leap, the differences between independent distributions, openSUSE lengthens Leap life, Murena offers new phone for North America |
| • Issue 1022 (2023-06-05): GetFreeOS 2023.05.01, Slint 15.0-3, Liya N4Si, cleaning up crowded directories, Ubuntu plans Snap-based variant, Red Hat dropping LireOffice RPM packages |
| • Issue 1021 (2023-05-29): rlxos GNU/Linux, colours in command line output, an overview of Void's unique features, how to use awk, Microsoft publishes a Linux distro |
| • Issue 1020 (2023-05-22): UBports 20.04, finding another machine's IP address, finding distros with a specific kernel, Debian prepares for Bookworm |
| • Issue 1019 (2023-05-15): Rhino Linux (Beta), checking which applications reply on a package, NethServer reborn, System76 improving application responsiveness |
| • Issue 1018 (2023-05-08): Fedora 38, finding relevant manual pages, merging audio files, Fedora plans new immutable edition, Mint works to fix Secure Boot issues |
| • Issue 1017 (2023-05-01): Xubuntu 23.04, Debian elects Project Leaders and updates media, systemd to speed up restarts, Guix System offering ground-up source builds, where package managers install files |
| • Issue 1016 (2023-04-24): Qubes OS 4.1.2, tracking bandwidth usage, Solus resuming development, FreeBSD publishes status report, KaOS offers preview of Plasma 6 |
| • Issue 1015 (2023-04-17): Manjaro Linux 22.0, Trisquel GNU/Linux 11.0, Arch Linux powering PINE64 tablets, Ubuntu offering live patching on HWE kernels, gaining compression on ex4 |
| • Issue 1014 (2023-04-10): Quick looks at carbonOS, LibreELEC, and Kodi, Mint polishes themes, Fedora rolls out more encryption plans, elementary OS improves sideloading experience |
| • Issue 1013 (2023-04-03): Alpine Linux 3.17.2, printing manual pages, Ubuntu Cinnamon becomes official flavour, Endeavour OS plans for new installer, HardenedBSD plans for outage |
| • Issue 1012 (2023-03-27): siduction 22.1.1, protecting privacy from proprietary applications, GNOME team shares new features, Canonical updates Ubuntu 20.04, politics and the Linux kernel |
| • Issue 1011 (2023-03-20): Serpent OS, Security Onion 2.3, Gentoo Live, replacing the scp utility, openSUSE sees surge in downloads, Debian runs elction with one candidate |
| • Issue 1010 (2023-03-13): blendOS 2023.01.26, keeping track of which files a package installs, improved network widget coming to elementary OS, Vanilla OS changes its base distro |
| • Issue 1009 (2023-03-06): Nemo Mobile and the PinePhone, matching the performance of one distro on another, Linux Mint adds performance boosts and security, custom Ubuntu and Debian builds through Cubic |
| • Issue 1008 (2023-02-27): elementary OS 7.0, the benefits of boot environments, Purism offers lapdock for Librem 5, Ubuntu community flavours directed to drop Flatpak support for Snap |
| • Issue 1007 (2023-02-20): helloSystem 0.8.0, underrated distributions, Solus team working to repair their website, SUSE testing Micro edition, Canonical publishes real-time edition of Ubuntu 22.04 |
| • Issue 1006 (2023-02-13): Playing music with UBports on a PinePhone, quick command line and shell scripting questions, Fedora expands third-party software support, Vanilla OS adds Nix package support |
| • Issue 1005 (2023-02-06): NuTyX 22.12.0 running CDE, user identification numbers, Pop!_OS shares COSMIC progress, Mint makes keyboard and mouse options more accessible |
| • Issue 1004 (2023-01-30): OpenMandriva ROME, checking the health of a disk, Debian adopting OpenSnitch, FreeBSD publishes status report |
| • Issue 1003 (2023-01-23): risiOS 37, mixing package types, Fedora seeks installer feedback, Sparky offers easier persistence with USB writer |
| • Issue 1002 (2023-01-16): Vanilla OS 22.10, Nobara Project 37, verifying torrent downloads, Haiku improvements, HAMMER2 being ports to NetBSD |
| • Issue 1001 (2023-01-09): Arch Linux, Ubuntu tests new system installer, porting KDE software to OpenBSD, verifying files copied properly |
| • Issue 1000 (2023-01-02): Our favourite projects of all time, Fedora trying out unified kernel images and trying to speed up shutdowns, Slackware tests new kernel, detecting what is taking up disk space |
| • Issue 999 (2022-12-19): Favourite distributions of 2022, Fedora plans Budgie spin, UBports releasing security patches for 16.04, Haiku working on new ports |
| • Issue 998 (2022-12-12): OpenBSD 7.2, Asahi Linux enages video hardware acceleration on Apple ARM computers, Manjaro drops proprietary codecs from Mesa package |
| • Issue 997 (2022-12-05): CachyOS 221023 and AgarimOS, working with filenames which contain special characters, elementary OS team fixes delta updates, new features coming to Xfce |
| • Issue 996 (2022-11-28): Void 20221001, remotely shutting down a machine, complex aliases, Fedora tests new web-based installer, Refox OS running on real hardware |
| • Issue 995 (2022-11-21): Fedora 37, swap files vs swap partitions, Unity running on Arch, UBports seeks testers, Murena adds support for more devices |
| • Issue 994 (2022-11-14): Redcore Linux 2201, changing the terminal font size, Fedora plans Phosh spin, openSUSE publishes on-line manual pages, disabling Snap auto-updates |
| • Issue 993 (2022-11-07): Static Linux, working with just a kernel, Mint streamlines Flatpak management, updates coming to elementary OS |
| • Full list of all issues |
| Star Labs |
Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.
|
| Shells.com |
Your own personal Linux computer in the cloud, available on any device. Supported operating systems include Android, Debian, Fedora, KDE neon, Kubuntu, Linux Mint, Manjaro and Ubuntu, ready in minutes.
Starting at US$4.95 per month, 7-day money-back guarantee
|
| Random Distribution | 
Saluki Linux
Saluki Linux was an ultralight distribution with an Xfce desktop based on Puppy Linux. It was designed with newer hardware, netbooks, and modern processors in mind. The goal was a lightweight, easy-to-use, high-performance operating system that works out of the box with minimal configuration. Saluki Linux was small enough to run completely from RAM or boot from and save changes to USB sticks or rewritable CDs, but it can also be installed alongside other operating systems without partitioning the hard drive.
Status: Discontinued
|
| TUXEDO |
TUXEDO Computers - Linux Hardware in a tailor made suite
Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
|
| Star Labs |
Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.
|
|
• 
• 
• 
• 
• 
• 
• 
