DistroWatch Weekly |
DistroWatch Weekly, Issue 830, 2 September 2019 |
Welcome to this year's 35th issue of DistroWatch Weekly!
Some Linux distributions are primarily collections of software developed by other parties. These distributions assemble, organize and configure components without developing new software themselves. Other distributions make their own tools and applications to enhance the user experience. This week we begin with one of the latter distributions: deepin. The deepin project makes its own desktop, software centre, and multimedia applications. Robert Rijkhoff took deepin 15.11 for a test drive and reports on his experiences in our Feature Story. In our News section we discuss elementary OS getting a new greeter and the Endless team partnering with GNOME in improving coding education. We also link to a story about exFAT support coming to Linux. Then we turn our attention towards security and discuss how to set up AppArmor profiles to isolate processes. In our Opinion Poll we would like to find out if our readers use tools like AppArmor and SELinux to better secure the system against rogue applications. Plus we are pleased to share the releases of the past week and list the torrents we are seeding. We wish you all a fantastic week and happy reading!
Content:
- Review: deepin 15.11
- News: Endless partners with GNOME in coding competition, elementary OS gets a new greeter, exFAT support coming to Linux
- Questions and answers: Working with AppArmor to protect the operating system
- Released last week: Bedrock Linux 0.7.7, Proxmox 6.0 "Mail Gateway", BlackArch Linux 2019.09.1
- Torrent corner: 4MLinux, BlackArch, Clonezilla, Container, ExTiX, Hanthana, Lite, KDE neon, Scientific, SmartOS, Sparky, Super Grub2
- Upcoming releases: Tails 3.16
- Opinion poll: SELinux and AppArmor
- Website news: Persian language update
- Reader comments
Listen to the Podcast edition of this week's DistroWatch Weekly in OGG (19MB) and MP3 (13MB) formats.
|
Feature Story (by Robert Rijkhoff) |
deepin 15.11
deepin is a Debian-based distribution developed in China. The distro ships with its own desktop environment, also called Deepin, and a dozen or so applications that are developed in-house. To avoid confusion, the distribution is called "deepin" (in all lower case) while the desktop environment's name is "Deepin" (with a capital "D").
The latest version of deepin was released in July and mainly features bug fixes. The most notable new feature is "Cloud Sync", which is an option to store various system settings (everything from the wallpaper to the power settings) in the "cloud". This is an interesting option but it is currently only available for users in mainland China. In other words, there aren't a whole lot of new and exciting features in deepin 15.11. However, as deepin is one of those distros about which there is a lot to say, it is worth having a look at the latest release.
deepin 15.11 -- The Deepin Desktop Environment, with the new Cloud Sync feature
(full image size: 1.5MB, resolution: 1366x768 pixels)
Installation
The deepin website gives you half a dozen options for downloading an ISO image. The option that is listed first uses the mirror cdimage.deepin.com. That mirror is hosted in China and turned out to be painfully slow. The ISO is about 2.3GB in size but after 20 minutes only 64MB of data had been downloaded, so I decided it was best to try a different mirror. The second link, to Baidu Cloud, greeted me with the message in Chinese that translated as: "Ah, you are late, the files you have shared have been deleted." Among the other available options is Google Drive, which I had not seen used as a mirror before but which worked just fine.
The ISO does not include a live environment. There is a separate image for a live environment but that appears to only be available from the cdimage.deepin.com mirror. I tried downloading it a few times but I didn't have the patience - the estimated download time was measured in days rather than minutes.
The installer is one of the applications that is developed in-house and it certainly lives up to deepin's aim to make a "beautiful" and "easy-to-use" operating system. The installer uses the full size of the screen and looks gorgeous. Power users may miss some advanced options, in particular when it comes to partitioning, but for the average user the installer will do the job.
While the system is being installed deepin displays the text 'You can experience the incredible pleasure of deepin after the time for just a cup of coffee [sic]" above a series of slides with equally overblown advertising slogans. Apparently, the Deepin Movie player provides a 'visual and auditory feast" while the Screenshot tool lets you 'share and deliver happiness to more people". If you write code, rest assured that deepin's terminal emulator enables you to 'let each string of code present your mind".
First impressions
I usually start a review by giving my first impressions, and in the case of deepin that was quite an impression indeed. When you first log in to the desktop environment you are presented with a video that gives you an overview of the Deepin desktop, complete with what I can only describe as "doof doof" music sprinkled with lots of sound effects. The video is quite useful though; it covers everything from launching applications and changing system settings to customising Deepin's look and feel.
deepin 15.11 -- The introduction video
(full image size: 1.4kB, resolution: 1366x768 pixels)
The Deepin desktop uses a dock for access to commonly used applications and a system tray. Thanks to the introduction video I learned that you can right-click on the dock to switch between the default OSX-style "fashion mode" and a Windows-style "efficiency mode" (the latter uses a traditional application menu rather than a full-screen applications overview). If you use the default dock then you can also switch to "efficiency mode" by clicking on a button in the top-right corner of the applications overview. A second button, in the top-left corner, sorts applications in the overview by category.
deepin 15.11 -- The fashion mode applications overview
(full image size: 482kB, resolution: 1366x768 pixels)
There are many other small touches that demonstrate that deepin has put a quite a bit of thought in to how users interact with a desktop environment. To give another example, the first thing I wanted to do is change the wallpaper, which to my mind looks like a landscape painting that has been rotated 90 degrees clock-wise. You can select a different wallpaper from a panel that appears at the bottom of the screen, and when you select a wallpaper the thumbnail is replaced with buttons that give you the option to only use the wallpaper on the desktop or the lock screen. Displaying available wallpapers in a panel makes sense as you can clearly see wallpapers you select (they are not hidden behind a large window in the centre of the display) and revealing more options after you select an image is a smart way of keeping the interface clean and intuitive.
deepin 15.11 -- Changing the wallpaper
(full image size: 1.7MB, resolution: 1366x768 pixels)
In general, the desktop environment feels like a mix of KDE, GNOME and Budgie. deepin uses the Qt framework and dde-kwin as the window manager (which I think is a fork of KWin) but the interface is pleasantly simple and uncluttered. For instance, native applications typically feature a title bar with a search field, hamburger menu and window controls, just like they do in GNOME. The default applications overview has been inspired by GNOME as well. However, the settings menu, which appears on the right-hand side of the screen, has been borrowed from Budgie.
Also, there are quite a few GTK applications pre-installed, including GParted, Simple Scan and GNOME's Archive Manager. I like how deepin simply uses whatever it feels is the best tool for the job, even though the mix-n-match approach does mean that different types of applications have a slightly different look and feel.
deepin 15.11 -- Google Chrome, the GNOME Archive Manager and the Deepin Calculator
(full image size: 648kB, resolution: 1366x768 pixels)
The only real issue I noticed early on was that the 'Templates' directory in my home directory had a Chinese name (and the six template files inside the directory had Chinese names as well). Fortunately, I didn't encounter any other localisation issues during my trial.
Settings, the user manual and user management
The settings panel, or the Control Center, features the current date and time, a notifications icon, update notifications and 14 settings menus. Although there is no option to search for specific settings I was able to quickly find whatever option I was looking for. For instance, if you don't want the system to play sounds during the boot and shutdown process (which is the default) then you can disable those sounds via the Sound menu, and you can change the time after which the screen locks via the Power Manager section.
deepin 15.11 -- The Deepin settings
(full image size: 1.6MB, resolution: 1366x768 pixels)
I like that all the settings are in one place and, as with other elements of the Deepin desktop, I found the settings panel delightfully intuitive. There was one exception: although deepin uses NetworkManager I was unable to import VPN configuration files. I was simply overwhelmed by the amount of information that needed to be entered manually. My work-around was to instead use an application provided by my VPN provider but this made using a VPN unnecessarily complicated.
The issue with VPNs was also one of only a few times that I didn't find any relevant information in deepin's manual. The manual includes basic information about using the desktop environment and the most common deepin applications. By and large the manual is really useful to get an idea of what different applications are capable of and to quickly learn what keyboard shortcuts are available.
deepin 15.11 -- Exploring the Deepin Terminal
(full image size: 959kB, resolution: 1366x768 pixels)
The manual does contain a fair bit of marketing lingo - even a fairly basic application such as Deepin Screenshot is described as 'exquisite" and 'wonderful". Also, the English translations aren't that great. The following sentence, for instance, is a little unfortunate: "The screensaver was used to protect the monitor before, now it is mainly for protecting personal privacy from peeing."
To be fair, though, in many reviews I have commented on the lack of documentation provided by distros. The deepin team has made a huge effort when it comes to documentation and they have translated it to English fairly well. I would have preferred for the manual to be a little more dry but deepin deserves kudos for including proper documentation.
That said, deepin's relentless use of marketing terms did get on my nerves. That is partly because advertising is one of my pet hates and partly because it illustrates that deepin is not aiming to please freedom-loving greybeards. Instead, deepin makes using a Linux operating system as hassle-free as possible. That is particularly true for things like user accounts. Users are automatically added to the sudo group, which means that every user on the system has administrator privileges. There is no option in the control panel to disable this behaviour; if you don't like this set-up you will need to use the deluser utility to remove users that shouldn't have administrative privileges from the sudo group (run "sudo deluser [user-name] sudo").
Applications and software management
deepin is based on Debian Stretch (you can compare the packages) but ships with its own kernel (version 4.15). Interestingly, nothing is downloaded from Debian's mirrors: deepin uses its own "deepin lion" repository. In addition, there are a handful of proprietary applications in the /opt directory. Patent-encumbered multimedia codecs are installed by default, including the Flash plugin for Chrome.
deepin 15.11 -- Exploring deepin's repositories
(full image size: 850kB, resolution: 1366x768 pixels)
Debian Stretch is of course an old version of Debian - the project released Buster two weeks before deepin 15.11 came out. As a result, applications you install from the repository may be a little dated. Most of the graphical applications that are pre-installed, however, are developed by deepin - at the time of writing there are 208 repositories in deepin's Github account. Everything from the installer and the desktop environment to the file manager and terminal emulator are made by deepin.
The software centre, called the Deepin Store, is also developed by deepin. The application looks much like GNOME Software but there are a few differences. One of the smaller differences is that each application has its own custom thumbnail image and a custom description. The descriptions are often cut off (because there is not enough room underneath the thumbnail) and range from being helpful to outright marketing nonsense. For instance, GIMP is described as "I'm your free Photoshop" while Shotwell's description is "Share photos, enjoy happiness".
deepin 15.11 -- The Deepin Store
(full image size: 610kB, resolution: 1366x768 pixels)
A more annoying difference is that the search functionality is broken. Whatever search term I used, I would always get a "No results found" page. I was also missing an option to uninstall software. I learned that it is possible to uninstall software without using a terminal window but the process is counter-intuitive: you need to right-click on an application's icon in the application menu and then select "Uninstall". This made it difficult to for instance uninstall Flash - the Flash plugin for Chrome is listed in the software center but as it is not showing in the applications menu it can't be removed via a graphical interface ("sudo apt purge libflashplugin-pepper" did the trick).
Another feature - some might say bug - is that you are not prompted for your user password when you install or uninstall an application. That might be convenient but, as with adding all users to the sudo group, it also has security implications. I personally have concerns about deepin's tendency to prioritise convenience over security but at the same time I realise that for many people convenience is the top priority.
The application I was most impressed with is deepin's terminal emulator. The default colour scheme (green text on a dark, semi-transparent background) is very pretty and the application has some nice features, including splitting terminal windows horizontally and vertically. Similarly, although the above-mentioned Screenshot application didn't have any noticeable effect on my well-being, it is a very capable tool. It is not as advanced as Shutter but it does have options that I am missing in GNOME's screenshot tool.
The only application I didn't get on with is Deepin Music. The application is fairly minimal; it finds music files in directories you specify and then displays all the files in a (very long) list. For each song the title, artist, album and song duration is listed. As I mostly listen to classical music I would have liked to also list the composer, but the default columns can't be changed.
deepin 15.11 -- Ravel, Debussy or Fauré?
(full image size: 815kB, resolution: 1366x768 pixels)
A more annoying issue was that the Music application also refused to play Ogg files (VLC could handle them) and that it struggled to keep track of files in my Music directory. At some point the application seemed to have noticed files I had added but a few days later it showed only the files I had synced to my laptop after installing deepin. The manual for Music mentions a "scan" option but it seems this option is only available when you first launch the application.
There are two other applications that are worth mentioning. The default web browser is Google Chrome and for your office needs you get WPS Office 2019. Both are proprietary applications for which there are libre alternatives, which makes the choices a little curious. I guess the applications are shipped by default because they are considered to be superiour. In the case of Chrome I can understand that choice; the browser has an overwhelmingly large market share and new users might be surprised to get, say, Firefox as the default browser.
I feel that the choice for WPS Office is more questionable. The office suite comes with a word processor, spreadsheet application, presentation maker and a PDF viewer. I had hoped to give WPS Office a fair try, if only to get with the times and try to embrace the ribbon. However, I quickly found that I would not be able to use the office suite: WPS doesn't handle OpenDocument Format files at all, which means that it is completely incompatible with LibreOffice. I don't mind trying a proprietary office suite but to not support an open ISO standard is rather aggressively anti-open source.
LibreOffice is of course available in the deepin repository. This was, however, the one application that looked like a Windows 95 application.
deepin 15.11 -- WPS Office and LibreOffice displaying the same ODT file
(full image size: 332kB, resolution: 1366x768 pixels)
There were a few other minor issue I noticed while using deepin. To give some random examples, when I first launched LibreOffice (via the software centre) it opened the database application. The file manager always showed my /boot partition as a mounted drive, in the same way it would show an external USB drive. And it is not possible to adjust the volume and screen brightness on the lock screen, which is rather awkward when, say, you are listening to some music with the screen brightness set to zero. None of these are major issues but I do feel the desktop environment needs a little more polish.
Finally, I got only about five updates during my trial. I didn't get any notifications when updates were available but new updates are prominently shown in the Control Center. The updates were downloaded and installed quickly, and the system would tell me when a reboot was required.
Conclusions
Using deepin slowly turned me into a grumpy greybeard. deepin pre-installs proprietary software and codecs but there was no obvious way to uninstall Flash and the default applications struggled with ODF and Ogg files. New users are automatically granted administrative privileges and software can be installed or removed without authorisation. Security tools such as AppArmor and SELinux are nowhere to be seen. And then there was the constant talk about how "exciting" it is to "explore" all those "wonderful" tools that will bring "incredible pleasure". After using deepin for nearly two weeks I should have been beyond ecstatic but quite the opposite was true.
At the same time I do appreciate what deepin is trying to achieve. A lot of thought has gone into the user experience and deepin develops an impressive amount of free software applications. Plus, it is one of very few distros that ship with a proper manual. I do feel that the desktop is not quite as mature as the likes of GNOME - there were too many minor bugs - but it has the potential to deliver a superb user experience.
deepin 15.11 -- The Deepin System Monitor
(full image size: 796kB, resolution: 1366x768 pixels)
My main conclusion is that I am glad we have got a distro like deepin. It brings many new ideas to the table which other projects can benefit from. The "Cloud Sync" feature (which is spelled "Could Sync" in the release notes) is a good example. Personally, I would very much like to see that feature in other distros; being able to easily sync settings between multiple devices would be rather nice. I am not quite sure why the settings would need to be stored on a third-party server but hopefully other distros would simply provide a text file that can be stored anywhere. In short, although deepin isn't for me, I do like the project's innovation.
* * * * *
Hardware used for this review
My physical test equipment for this review was a Lenovo Z570 laptop with the following specifications:
- Processor: Intel Core i3-2350M, 2.3GHz
- Memory: 4GB of RAM
- Wireless network adaptor: Qualcomm Atheros AR9285
- Wired network adaptor: Realtek RTL8101/2/6E 05)
* * * * *
Visitor supplied rating
deepin has a visitor supplied average rating of: 8.2/10 from 125 review(s).
Have you used deepin? You can leave your own review of the project on our ratings page.
|
Miscellaneous News (by Jesse Smith) |
Endless partners with GNOME in coding competition, elementary OS gets a new greeter, exFAT support coming to Linux
Endless and the GNOME Foundation have joined forces to encourage educators and students to work on coding challenges using free and open source software. The organizations have put together a $500,000 fund which will go toward prizes for participants who perform well during the challenges. "The GNOME Foundation, with support from Endless, has announced the Coding Education Challenge, a competition aimed to attract projects that offer educators and students new and innovative ideas to teach coding with free and open source software. The $500,000 in funding will support the prizes, which will be awarded to the teams who advance through the three stages of the competition. Both the GNOME Foundation and Endless share a deep commitment to a vibrant free and open source software ecosystem." Additional information about the competition can be found on the GNOME website.
* * * * *
The elementary OS development team has unveiled a new greeter, also known as the login screen. The new greeter addresses a number of issues with the previous greeter. Some of these include caps lock and number lock indicators, clear separation between the guest account and regular user accounts and multi-display issues. The problems the team faced and their solutions are covered in a blog post that includes several screenshots: "There were a laundry list of motivations for rethinking the greeter and we approached the design from a lot of angles. Firstly, we had technical motivations. GTK has improved greatly over the last few years and Clutter has become abandoned. The old code base was a bit of a mess and made it difficult to fix issues or add new features. Clutter made it difficult to address issues that were trivial to solve in GTK, like making sure the clock doesn't overlap with the username and password. We also wanted to make sure that the new design ensured high contrast between text on the screen and the background; The old design didn't work well in situations where a user wanted to have a particularly bright wallpaper. Localization was a concern as well: users frequently told us they wanted to be able to select their own individual clock format. We also had loads of reported usability issues like the Guest session not being obviously differentiated from normal users, no indication of num or caps lock, cursor focus issues, multi-display issues, HiDPI issues, difficulty with identifying users who didn't set an avatar, and more."
* * * * *
For over a decade people using Microsoft Windows have been able to use a minimal filesystem called exFAT, which is usually used on SD cards and other portable storage media. While it has been possible to access exFAT filesystems on other platforms, doing so usually involves third-party tools and/or userspace filesystem (FUSE) utilities. Linux users should soon be able to use the once-proprietary filesystem as Microsoft has published specifications for exFAT and agreed to not use its patents against Linux if the exFAT code is adopted. TechCrunch reports: "In addition to wanting it to become part of the Linux kernel, Microsoft also says that it hopes that the exFAT specs will become part of the Open Invention Network's Linux definition. Once accepted, the code would benefit 'from the defensive patent commitments of OIN's 3040+ members and licensees,' the company notes." While this is good news for Linux users who may wish to access exFAT storage, it is unclear whether Microsoft will be cooperative with other open source operating systems that also wish to support reading and writing to exFAT-formatted devices.
* * * * *
These and other news stories can be found on our Headlines page.
|
Questions and Answers (by Jesse Smith) |
Working with AppArmor to protect the operating system
Protected-by-armor asks: Please explain how to work with AppArmor (for example in Debian 10). I thought that AppArmor is MAC, similar to SELinux. For me, SELinux is a very complex, hard to manage and troubleshoot implementation of MAC. Therefore, I often simply disable SELinux in CentOS.
DistroWatch answers: As you correctly pointed out, AppArmor is a form of MAC (mandatory access control). Both SELinux and AppArmor are security modules which control what resources an application or background service can access, regardless of filesystem permissions or who runs the program. This is especially useful for preventing a program from causing damage if it is hijacked or tricked into acting abnormally.
For instance, when we run a web browser, the browser has access to all of our user's files because we launched it. A web browser normally only needs access to its own settings directory, our Downloads folder, and the network. But if someone hacks our browser, they potentially get access to read (or even delete) all of our files. Mandatory access controls, like AppArmor, place extra restrictions on applications to prevent them from being able to access files and resources they do not need.
AppArmor is especially useful when it comes to containing services that must be run as the root user, potentially giving them access to the entire operating system. AppArmor can be used to block access to everything on the system, except for the few specific resources a service needs. This way if an attacker takes control of a service running as root, they have only a minimal impact on the system as a whole.
While SELinux is sometimes criticised for having complex syntax and uses some abstract concepts such as labelling files, AppArmor works primarily with filesystem paths. In essence, we provide a list of resources we want a program to be able to use and AppArmor blocks the program from being able to access anything else.
The list of resources we want to provide to a program are listed in a plain text file called a profile. These profiles are typically kept in the /etc/apparmor.d/ directory and have names matching the executable file they guard. For instance, the profile which contains rules governing /usr/sbin/ntpd is saved in /etc/apparmor.d/usr.sbin.ntpd. (Notice the slashes in the target's path have been replaced by periods in the profile name.) We can see which profiles are currently loaded and in effect by viewing the contents of the /sys/kernel/security/apparmor/profiles file, as shown here:
cat /sys/kernel/security/apparmor/profiles
/usr/sbin/cupsd (enforce)
/usr/lib/cups/backend/cups-pdf (enforce)
/usr/sbin/ntpd (enforce)
This lets us know which profiles are in use, but what does a profile look like? Each profile will look a little different, but in general a profile begins with the name of the executable program to be governed, followed by a line or two which pulls in commonly used rules, and then a list of resources the program is allowed to access. A very minimal profile might look like this:
/usr/bin/foobar {
#include <abstractions/base>
/etc/foobar.conf r,
/etc/foobar/** r,
/var/log/foobar w,
owner @{HOME}/Downloads/** rw,
}
Let's break down these lines one at a time to explore what each one does. The first line, "/usr/bin/foobar {" indicates which executable file is being governed and then uses the "{" symbol to indicate rules are being created for this program. The closing "}" at the end indicates we are done making rules for the foobar program.
The next line, "#include <abstractions/base>", tells AppArmor we want to pull in commonly used rules from the file located at /etc/apparmor.d/abstractions/base. (Include statements use relative paths, starting from /etc/apparmor.d/.) If we look inside the abstractions/base file we will see a list of rules that are applicable to many programs, most of them blocking access to edit key parts of the operating system. Rather than list them all specifically in every profile, the "#include" statement allows someone to write these rules once and then pull them into any future profile.
Up to this point, we have just indicated which program the profile will control and done some boilerplate work. From here on we are writing custom rules for this specific program, starting with "/etc/foobar.conf r,". This line tells AppArmor that the foobar program may read ("r,") the contents of the file /etc/foobar.conf. This allows the program to read its own configuration file. It is worth noting that while foobar can now read its configuration file, it cannot write to it, changing the contents.
The fourth line, "/etc/foobar/** r," is very similar, with one important change. The "**" means our program can read ("r,") the contents of the /etc/foobar/ directory and any files or directories beneath it. This type of rule is used when there might be multiple files in a directory (/etc/foobar/ in this case) where it is safe for our program to read data.
In situations where we want a program to be able to write data, but not read it back, we can end a line with "w,". The fifth line in our example grants foobar the ability to write to its log file located at /var/log/foobar.
In some cases we may wish for a program to be able to read and write to a location, in which case we can specify "rw," at the end of a line. For instance, we might give a web browser the ability to read data from, and write data to, our Downloads folder. The last rule shows us how to do this:
owner @{HOME}/Downloads/** rw,
This line grants the program access to the Downloads folder in the user's home folder. Using the "owner @{HOME}" short-cut saves us from adding a new line for every user's home directory on the system. The "rw," at the end of the line provides both read and write access.
At this point we should be able to add our new profile to the list of rules AppArmor knows. We can do this by running the apparmor_parser command:
sudo apparmor_parser --add /etc/apparmor.d/usr.bin.foobar
We can then check to make sure our new profile is loaded into memory and active by checking the list of active profiles:
cat /sys/kernel/security/apparmor/profiles
/usr/bin/foobar (enforce)
At this point, when we run the foobar program with the above profile in place, foobar should only be able to write to its log file and our Downloads directory. It will be able to read its configuration file and a few other bits of information, but most of the rest of our operating system is off limits. This guards us against foobar reading, transmitting or deleting our other configuration files, our documents, or our web browsing history.
For further understanding of how AppArmor works and how you can write rules for it, I recommend reading the apparmor.d manual page. The apparmor_parser page is also useful and demonstrates how to load new rules and remove old rules from a running system.
* * * * *
Additional answers can be found in our Questions and Answers archive.
|
Released Last Week |
Super Grub2 Disk 2.04s1
Super Grub2 Disk is a live CD that helps the user to boot into almost any operating system even if the system cannot boot into it by normal means. This allows a user to boot into an installed operating system if their GRUB installation has been overwritten, erased or otherwise corrupted. Super Grub2 Disk can detect installed operating systems and provide a boot menu which allows the user to boot into their desired operating system. Super Grub2 Disk is not an operating system itself, but a live boot loader which can be run from a CD or USB thumb drive. The project has published a new release, Super Grub2 Disk 2.04s1, which adds new UEFI, Btrfs and F2FS filesystem support. "This new release features new upstream grub 2.04. Some of the grub 2.04 features which might be or might not be reflected on the SG2D UI are: Support for multiple early initrd images. Support for the F2FS file-system. A verifier framework. RISC-V support. UEFI Secure Boot shim support. Btrfs Zstd improvements. Btrfs RAID5/RAID6 support. Xen PVH support. UEFI TPM 1.2/2.0 support." Additional information on the live disc and screenshots demonstrating how to use the utility can be found in the project's release announcement.
Bedrock Linux 0.7.7
Bedrock Linux is a meta Linux distribution which allows users to utilize features from other, typically mutually exclusive distributions. Essentially, users can mix-and-match components and packages as desired from multiple Linux distributions and have them work seamlessly side-by-side. The project's latest release is Bedrock Linux 0.7.7 which adds support for downloading KISS Linux, adds support for more CPU architectures, and fixed DNS resolution for some distributions. "A point update has been released for 0.7. To update to it, run brl update as root. Added brl-fetch KISS Linux support. Added brl-report check for environment variables. Added brl-update support for verifying signature of offline updates. Added brl-update support scanning multiple configured mirrors. Added init message about bedrock.conf. Added installer check for corrupt embedded tarball. Added installer check for grub2-mkrelpath bug. Added installer message about bedrock.conf. Added official installer/update binaries for ppc64le. Fixed brl-fetch arch. Fixed brl-fetch fedora. Fixed brl-fetch mirrors with paths in http indexes." A full list of changes can be found on the project's news page.
Proxmox 6.0 "Mail Gateway"
Proxmox is a commercial company which offers specialized products based on Debian. The company recently launched Proxmox Mail Gateway version 6.0 which is based on Debian 10 "Buster". The release announcement covers the highlights of the new version: "Proxmox Server Solutions GmbH today has released Proxmox Mail Gateway 6.0, the latest major version of its open-source email security solution. Proxmox Mail Gateway is a complete operating system based on Debian Buster and functions as an anti-spam and anti-virus filtering solution. It is deployed between the firewall and the internal mail server working like a full featured mail proxy and protecting organizations against spam, viruses, trojans, and phishing emails. Proxmox Mail Gateway 6.0 is based on the latest stable release of Debian 10.0 (Buster) with a 5.0.21 kernel and includes the latest security fixes. Users can upgrade to version 6.0 either with a clean install or with an in-place upgrade. The developers provide a step-by-step upgrade path simplifying the latter. The new version 6.0 comes with improved support for ZFS on UEFI and on NVMe devices in the ISO installer, for example you can boot a ZFS mirror on NVMe SSDs." The company's release announcement offers further details.
BlackArch Linux 2019.09.1
BlackArch Linux is an Arch Linux-based distribution designed for penetration testers and security researchers. It is supplied as a live DVD image that comes with several lightweight window managers, including Fluxbox, Openbox, Awesome and spectrwm. It ships with over a thousand specialist tools for penetration testing and forensic analysis. The project's latest snapshot introduces over 150 new tools, provides Linux 5.2.9, and provides package upgrades across the distribution. "Today we released the new BlackArch Linux ISOs and OVA image. These are really special releases as many improvements and QA went through all packages and tools BlackArch Linux offers! Here's the ChangeLog: added more than 150 new tools; added terminus font for all WMs (thanks to psf for i3-wm bugfixes); included Linux kernel 5.2.9; new ~/.vim and ~/.vimrc (thanks to noptrix offering his config files); updated blackarch-installer to v1.1.19; various improvements and bug fixes; removed dwm window manager; replaced the default terminal xterm with rxvt-unicode." A complete list of changes can be found on the project's blog.
BlackArch 2019.09.01 -- The default, minimal desktop
(full image size: 784kB, resolution: 1920x1080 pixels)
Linux Lite 4.6
Jerry Bezencon has announced the release of Linux Lite 4.6. The project's new version is based on Ubuntu 18.04 LTS and makes it easier to switch between light and dark themes, introduces new documentation, and adds a new CPU monitor widget. "Linux Lite 4.6 Final is now available for download and install. This release has a number of changes. Changes: Lite Welcome gets a new Theme selector. Easily select either a Light or Dark Theme from the outset. There is a new Keyboard and Num Lock informational guide added to Lite Welcome too. The Help Manual gets both a Volume toggle tutorial. And we've also created a heavily requested USB persistence tutorial. Updated Lite Sources with comment about Linux Lite repos only. The CPU Performance mode plugin xfce4-cpufreq-plugin has been added as an option to the tray. Select it by right clicking on the Taskbar, Panel, Add new items, CPU Frequency Monitor. Right click on it and move it to where you want it." This release also comes with Timeshift installed for taking snapshots of the operating system and rolling back changes that negatively affect the system. Further details and screenshots can be found in the distribution's release announcement.
4MLinux 30.0
4MLinux is a small Linux distribution focusing on four capabilities: maintenance (as a system rescue live CD), multimedia (for playing video DVDs and other multimedia files), miniserver (using the inetd daemon), and mystery (providing several small Linux games). The project's latest release, 4MLinux 30.0, provides OpenGL support and better sound support for older games. The release announcement reads: "The status of the 4MLinux 30.0 series has been changed to stable. Edit your documents with LibreOffice 6.2.6.2 and GNOME Office (AbiWord 3.0.2, GIMP 2.10.12, Gnumeric 1.12.44), share your files using DropBox 79.4.143, surf the Internet with Firefox 68.0.2 and Chromium 76.0.3809.100, send emails via Thunderbird 60.8.0, enjoy your music collection with Audacious 3.10.1, watch your favorite videos with VLC 3.0.7.1 and mpv 0.29.1, play games powered by Mesa 19.0.5 and WINE 4.14. You can also setup the 4MLinux LAMP Server (Linux 4.19.63, Apache 2.4.39, MariaDB 10.4.7, PHP 5.6.40 and PHP 7.3.8). Perl 5.28.1, Python 2.7.16, and Python 3.7.3 are also available. As always, the new major release has some new features. OpenGL support in games is now available out of the box (no need to install additional drivers). Additionally, 4MLinux automatically disables Pulseaudio when needed (for example, in classic games like DOOM). New multimedia applications: FlMusic (audio player), Sound Studio (sound editor), fdkaac (command line front-end for Fraunhofer FDK AAC codec library). Both Qt5 and GTK3 in 4MLinux now include full support for WebP images."
Linux From Scratch 9.0
The Linux From Scratch (LFS) project has announced the availability of a new stable release of LFS and Beyond Linux From Scratch (BLFS). LFS is a book that provides step-by-step instructions on how to build a base Linux system from scratch (using a standard Linux live system). BLFS expands on the LFS book by giving further lessons on how to compile X Window System, window managers and desktop environments, as well as a variety of popular desktop and server packages and their dependencies. The new version is 9.0 and features updates to the glibc, compiler and kernel packages. "The Linux From Scratch community announces the release of LFS Version 9.0. Major changes include toolchain updates to glibc-2.30, and gcc-9.2.0. In total, 33 packages were updated since the last release. Changes to the text have also been made throughout the book. The Linux kernel has also been updated to version 5.2.8. Note that the major version of LFS has changed to 9. This has been done to keep LFS and BLFS version numbers synchronized. The BLFS System V version has added the elogind package which now allows GNOME to be added." The project's news page offers further details. The LFS and BLFS books can be viewed on-line or downloaded in PDF format.
* * * * *
Development, unannounced and minor bug-fix releases
|
Torrent Corner |
Weekly Torrents
The table below provides a list of torrents DistroWatch is currently seeding. If you do not have a bittorrent client capable of handling the linked files, we suggest installing either the Transmission or KTorrent bittorrent clients.
Archives of our previously seeded torrents may be found in our Torrent Archive. We also maintain a Torrents RSS feed for people who wish to have open source torrents delivered to them. To share your own open source torrents of Linux and BSD projects, please visit our Upload Torrents page.
Torrent Corner statistics:
- Total torrents seeded: 1,584
- Total data uploaded: 27.7TB
|
Upcoming Releases and Announcements |
Summary of expected upcoming releases
|
Opinion Poll (by Jesse Smith) |
SELinux and AppArmor
In our Questions and Answers column we discussed SELinux and AppArmor, two mandatory access control (MAC) implementations for Linux. We would like to know which of these two kernel-level security technologies you use, or if you do not use MAC at all. Let us know your thoughts on SELinux and AppArmor in the comments.
You can see the results of our previous poll on EndeavourOS in last week's edition. All previous poll results can be found in our poll archives.
|
SELinux and AppArmor
I use SELinux: | 184 (15%) |
I use AppArmor: | 267 (22%) |
I use another MAC: | 17 (1%) |
I do not use any MAC: | 463 (39%) |
Unsure: | 236 (20%) |
I do not run Linux: | 32 (3%) |
|
|
Website News (by Jesse Smith) |
Persian language update
One of our kind reads, Yusof, generously updated our language translation of Persian so that table headers and menus will be easier to access for our readers who speak Persian/Farsi. If the language is not automatically available when visiting the site, it can be access through this link. The language bar in the upper-right corner of the site can also be used to switch between supported languages.
* * * * *
DistroWatch database summary
* * * * *
This concludes this week's issue of DistroWatch Weekly. The next instalment will be published on Monday, 9 September 2019. Past articles and reviews can be found through our Article Search page. To contact the authors please send e-mail to:
|
|
Tip Jar |
If you've enjoyed this week's issue of DistroWatch Weekly, please consider sending us a tip. (Tips this week: 2, value: US$22.50) |
|
|
|
bc1qxes3k2wq3uqzr074tkwwjmwfe63z70gwzfu4lx lnurl1dp68gurn8ghj7ampd3kx2ar0veekzar0wd5xjtnrdakj7tnhv4kxctttdehhwm30d3h82unvwqhhxarpw3jkc7tzw4ex6cfexyfua2nr 86fA3qPTeQtNb2k1vLwEQaAp3XxkvvvXt69gSG5LGunXXikK9koPWZaRQgfFPBPWhMgXjPjccy9LA9xRFchPWQAnPvxh5Le paypal.me/distrowatchweekly • patreon.com/distrowatch |
|
Extended Lifecycle Support by TuxCare |
| |
TUXEDO |
TUXEDO Computers - Linux Hardware in a tailor made suite Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
|
Archives |
• Issue 1100 (2024-12-09): Oreon 9.3, differences in speed, IPFire's new appliance, Fedora Asahi Remix gets new video drivers, openSUSE Leap Micro updated, Redox OS running Redox OS |
• Issue 1099 (2024-12-02): AnduinOS 1.0.1, measuring RAM usage, SUSE continues rebranding efforts, UBports prepares for next major version, Murena offering non-NFC phone |
• Issue 1098 (2024-11-25): Linux Lite 7.2, backing up specific folders, Murena and Fairphone partner in fair trade deal, Arch installer gets new text interface, Ubuntu security tool patched |
• Issue 1097 (2024-11-18): Chimera Linux vs Chimera OS, choosing between AlmaLinux and Debian, Fedora elevates KDE spin to an edition, Fedora previews new installer, KDE testing its own distro, Qubes-style isolation coming to FreeBSD |
• Issue 1096 (2024-11-11): Bazzite 40, Playtron OS Alpha 1, Tucana Linux 3.1, detecting Screen sessions, Redox imports COSMIC software centre, FreeBSD booting on the PinePhone Pro, LXQt supports Wayland window managers |
• Issue 1095 (2024-11-04): Fedora 41 Kinoite, transferring applications between computers, openSUSE Tumbleweed receives multiple upgrades, Ubuntu testing compiler optimizations, Mint partners with Framework |
• Issue 1094 (2024-10-28): DebLight OS 1, backing up crontab, AlmaLinux introduces Litten branch, openSUSE unveils refreshed look, Ubuntu turns 20 |
• Issue 1093 (2024-10-21): Kubuntu 24.10, atomic vs immutable distributions, Debian upgrading Perl packages, UBports adding VoLTE support, Android to gain native GNU/Linux application support |
• Issue 1092 (2024-10-14): FunOS 24.04.1, a home directory inside a file, work starts of openSUSE Leap 16.0, improvements in Haiku, KDE neon upgrades its base |
• Issue 1091 (2024-10-07): Redox OS 0.9.0, Unified package management vs universal package formats, Redox begins RISC-V port, Mint polishes interface, Qubes certifies new laptop |
• Issue 1090 (2024-09-30): Rhino Linux 2024.2, commercial distros with alternative desktops, Valve seeks to improve Wayland performance, HardenedBSD parterns with Protectli, Tails merges with Tor Project, Quantum Leap partners with the FreeBSD Foundation |
• Issue 1089 (2024-09-23): Expirion 6.0, openKylin 2.0, managing configuration files, the future of Linux development, fixing bugs in Haiku, Slackware packages dracut |
• Issue 1088 (2024-09-16): PorteuX 1.6, migrating from Windows 10 to which Linux distro, making NetBSD immutable, AlmaLinux offers hardware certification, Mint updates old APT tools |
• Issue 1087 (2024-09-09): COSMIC desktop, running cron jobs at variable times, UBports highlights new apps, HardenedBSD offers work around for FreeBSD change, Debian considers how to cull old packages, systemd ported to musl |
• Issue 1086 (2024-09-02): Vanilla OS 2, command line tips for simple tasks, FreeBSD receives investment from STF, openSUSE Tumbleweed update can break network connections, Debian refreshes media |
• Issue 1085 (2024-08-26): Nobara 40, OpenMandriva 24.07 "ROME", distros which include source code, FreeBSD publishes quarterly report, Microsoft updates breaks Linux in dual-boot environments |
• Issue 1084 (2024-08-19): Liya 2.0, dual boot with encryption, Haiku introduces performance improvements, Gentoo dropping IA-64, Redcore merges major upgrade |
• Issue 1083 (2024-08-12): TrueNAS 24.04.2 "SCALE", Linux distros for smartphones, Redox OS introduces web server, PipeWire exposes battery drain on Linux, Canonical updates kernel version policy |
• Issue 1082 (2024-08-05): Linux Mint 22, taking snapshots of UFS on FreeBSD, openSUSE updates Tumbleweed and Aeon, Debian creates Tiny QA Tasks, Manjaro testing immutable images |
• Issue 1081 (2024-07-29): SysLinuxOS 12.4, OpenBSD gain hardware acceleration, Slackware changes kernel naming, Mint publishes upgrade instructions |
• Issue 1080 (2024-07-22): Running GNU/Linux on Android with Andronix, protecting network services, Solus dropping AppArmor and Snap, openSUSE Aeon Desktop gaining full disk encryption, SUSE asks openSUSE to change its branding |
• Issue 1079 (2024-07-15): Ubuntu Core 24, hiding files on Linux, Fedora dropping X11 packages on Workstation, Red Hat phasing out GRUB, new OpenSSH vulnerability, FreeBSD speeds up release cycle, UBports testing new first-run wizard |
• Issue 1078 (2024-07-08): Changing init software, server machines running desktop environments, OpenSSH vulnerability patched, Peppermint launches new edition, HardenedBSD updates ports |
• Issue 1077 (2024-07-01): The Unity and Lomiri interfaces, different distros for different tasks, Ubuntu plans to run Wayland on NVIDIA cards, openSUSE updates Leap Micro, Debian releases refreshed media, UBports gaining contact synchronisation, FreeDOS celebrates its 30th anniversary |
• Issue 1076 (2024-06-24): openSUSE 15.6, what makes Linux unique, SUSE Liberty Linux to support CentOS Linux 7, SLE receives 19 years of support, openSUSE testing Leap Micro edition |
• Issue 1075 (2024-06-17): Redox OS, X11 and Wayland on the BSDs, AlmaLinux releases Pi build, Canonical announces RISC-V laptop with Ubuntu, key changes in systemd |
• Issue 1074 (2024-06-10): Endless OS 6.0.0, distros with init diversity, Mint to filter unverified Flatpaks, Debian adds systemd-boot options, Redox adopts COSMIC desktop, OpenSSH gains new security features |
• Issue 1073 (2024-06-03): LXQt 2.0.0, an overview of Linux desktop environments, Canonical partners with Milk-V, openSUSE introduces new features in Aeon Desktop, Fedora mirrors see rise in traffic, Wayland adds OpenBSD support |
• Issue 1072 (2024-05-27): Manjaro 24.0, comparing init software, OpenBSD ports Plasma 6, Arch community debates mirror requirements, ThinOS to upgrade its FreeBSD core |
• Issue 1071 (2024-05-20): Archcraft 2024.04.06, common command line mistakes, ReactOS imports WINE improvements, Haiku makes adjusting themes easier, NetBSD takes a stand against code generated by chatbots |
• Issue 1070 (2024-05-13): Damn Small Linux 2024, hiding kernel messages during boot, Red Hat offers AI edition, new web browser for UBports, Fedora Asahi Remix 40 released, Qubes extends support for version 4.1 |
• Issue 1069 (2024-05-06): Ubuntu 24.04, installing packages in alternative locations, systemd creates sudo alternative, Mint encourages XApps collaboration, FreeBSD publishes quarterly update |
• Issue 1068 (2024-04-29): Fedora 40, transforming one distro into another, Debian elects new Project Leader, Red Hat extends support cycle, Emmabuntus adds accessibility features, Canonical's new security features |
• Issue 1067 (2024-04-22): LocalSend for transferring files, detecting supported CPU architecure levels, new visual design for APT, Fedora and openSUSE working on reproducible builds, LXQt released, AlmaLinux re-adds hardware support |
• Issue 1066 (2024-04-15): Fun projects to do with the Raspberry Pi and PinePhone, installing new software on fixed-release distributions, improving GNOME Terminal performance, Mint testing new repository mirrors, Gentoo becomes a Software In the Public Interest project |
• Issue 1065 (2024-04-08): Dr.Parted Live 24.03, answering questions about the xz exploit, Linux Mint to ship HWE kernel, AlmaLinux patches flaw ahead of upstream Red Hat, Calculate changes release model |
• Issue 1064 (2024-04-01): NixOS 23.11, the status of Hurd, liblzma compromised upstream, FreeBSD Foundation focuses on improving wireless networking, Ubuntu Pro offers 12 years of support |
• Issue 1063 (2024-03-25): Redcore Linux 2401, how slowly can a rolling release update, Debian starts new Project Leader election, Red Hat creating new NVIDIA driver, Snap store hit with more malware |
• Issue 1062 (2024-03-18): KDE neon 20240304, changing file permissions, Canonical turns 20, Pop!_OS creates new software centre, openSUSE packages Plasma 6 |
• Issue 1061 (2024-03-11): Using a PinePhone as a workstation, restarting background services on a schedule, NixBSD ports Nix to FreeBSD, Fedora packaging COSMIC, postmarketOS to adopt systemd, Linux Mint replacing HexChat |
• Issue 1060 (2024-03-04): AV Linux MX-23.1, bootstrapping a network connection, key OpenBSD features, Qubes certifies new hardware, LXQt and Plasma migrate to Qt 6 |
• Issue 1059 (2024-02-26): Warp Terminal, navigating manual pages, malware found in the Snap store, Red Hat considering CPU requirement update, UBports organizes ongoing work |
• Issue 1058 (2024-02-19): Drauger OS 7.6, how much disk space to allocate, System76 prepares to launch COSMIC desktop, UBports changes its version scheme, TrueNAS to offer faster deduplication |
• Issue 1057 (2024-02-12): Adelie Linux 1.0 Beta, rolling release vs fixed for a smoother experience, Debian working on 2038 bug, elementary OS to split applications from base system updates, Fedora announces Atomic Desktops |
• Issue 1056 (2024-02-05): wattOS R13, the various write speeds of ISO writing tools, DSL returns, Mint faces Wayland challenges, HardenedBSD blocks foreign USB devices, Gentoo publishes new repository, Linux distros patch glibc flaw |
• Issue 1055 (2024-01-29): CNIX OS 231204, distributions patching packages the most, Gentoo team presents ongoing work, UBports introduces connectivity and battery improvements, interview with Haiku developer |
• Issue 1054 (2024-01-22): Solus 4.5, comparing dd and cp when writing ISO files, openSUSE plans new major Leap version, XeroLinux shutting down, HardenedBSD changes its build schedule |
• Issue 1053 (2024-01-15): Linux AI voice assistants, some distributions running hotter than others, UBports talks about coming changes, Qubes certifies StarBook laptops, Asahi Linux improves energy savings |
• Issue 1052 (2024-01-08): OpenMandriva Lx 5.0, keeping shell commands running when theterminal closes, Mint upgrades Edge kernel, Vanilla OS plans big changes, Canonical working to make Snap more cross-platform |
• Issue 1051 (2024-01-01): Favourite distros of 2023, reloading shell settings, Asahi Linux releases Fedora remix, Gentoo offers binary packages, openSUSE provides full disk encryption |
• Issue 1050 (2023-12-18): rlxos 2023.11, renaming files and opening terminal windows in specific directories, TrueNAS publishes ZFS fixes, Debian publishes delayed install media, Haiku polishes desktop experience |
• Issue 1049 (2023-12-11): Lernstick 12, alternatives to WINE, openSUSE updates its branding, Mint unveils new features, Lubuntu team plans for 24.04 |
• Issue 1048 (2023-12-04): openSUSE MicroOS, the transition from X11 to Wayland, Red Hat phasing out X11 packages, UBports making mobile development easier |
• Issue 1047 (2023-11-27): GhostBSD 23.10.1, Why Linux uses swap when memory is free, Ubuntu Budgie may benefit from Wayland work in Xfce, early issues with FreeBSD 14.0 |
• Issue 1046 (2023-11-20): Slackel 7.7 "Openbox", restricting CPU usage, Haiku improves font handling and software centre performance, Canonical launches MicroCloud |
• Full list of all issues |
Star Labs |
Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.
|
Random Distribution |
Tech Linux
Tech Linux was a RPM-based Linux distribution from Brazil.
Status: Discontinued
|
TUXEDO |
TUXEDO Computers - Linux Hardware in a tailor made suite Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
|
Star Labs |
Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.
|
|