DistroWatch Weekly |
DistroWatch Weekly, Issue 888, 19 October 2020 |
Welcome to this year's 42nd issue of DistroWatch Weekly!
Everything we do on-line transmits information other people can see and collect. Our browser's identification, our IP address, sometimes our location, and operating system are all bits of data that tend to leak out into the world. There are a few projects which try to block the flow of information our computers share with the world, with perhaps the most recognized being Tails. The Tails distribution provides a live desktop environment and anonymous browsing tools to help people protect their privacy while communicating and sharing files on-line. We begin this week with an overview of the Tails distribution and some of its key features. In our Questions and Answers column we continue the security-focused discussion as we talk about rootkits. What is a rootkit and how hard can they be to remove? We touch on these topics below. Do you run any software designed to detect rootkits or other forms of malware? Let us know about them in our Opinion Poll. Also on the security side of things, the IPFire project works to keep networks safe. In our News section we talk about how IPFire quickly looks up information about connecting clients. Plus we cover new features and support for new platforms coming to the UBports installer. We are also pleased to share the releases of the past week and list the torrents we are seeding. We wish you all a terrific week and happy reading!
Content:
- Review: Tails 4.11
- News: UBports improves installer, IPFire explains location lookups
- Questions and answers: Detecting and dealing with rootkits
- Released last week: Porteus Kiosk 5.1.0, Parted Magic 2020_10_12, OpenBSD 6.8
- Torrent corner: antiX, CloudReady, KDE neon, PCLinuxOS, Porteus Kiosk, Redo Rescue, Rescuezilla, Ultimate Edition, Untangle
- Upcoming releases: Ubuntu 20.10, Tails 4.12
- Opinion poll: Checking for rootkits
- New distributions: AllegianceOS
- Reader comments
Listen to the Podcast edition of this week's DistroWatch Weekly in OGG (16MB) and MP3 (12MB) formats.
|
Feature Story (by Jesse Smith) |
Tails 4.11
The Amnesic Incognito Live System (better known as Tails) is a Debian-based live DVD/USB with the goal of providing complete Internet anonymity for the user. The distribution ships with several Internet applications, including web browser, IRC client, mail client and instant messenger. The distribution transfers Internet traffic through the Tor network to hide its origin.
One of the project's latest releases was version 4.11. (At the time of writing 4.12 is about to be published, though without any significant new features.) Lately the project has mostly focused on bug fixes and minor tweaks, though Tails 4.11 introduces the option of persistent storage for some of the distribution's settings and data. Persistent storage is not enabled by default, but can be set up using tools included on the live media.
Tails is available for 64-bit (x86_64) computers and its live media is approximately 1.2GB in size. The live media can be written to a DVD or USB thumb drive. There are separate files provided depending on whether we want to write the distribution to DVD or USB media, however I tested and confirmed the DVD image can be written to, and run from, a USB thumb drive if need be.
Early impressions
Booting from the Tails media brings up a welcome screen. This graphical interface offers to either start the desktop session or shutdown the operating system. On this welcome screen we can click buttons to bring up settings options that allow us to select our keyboard layout, language, and locale formats. At the bottom of the welcome window is a button which opens additional settings. These extra settings are security related and allow us to assign a password to the administrator account, enable/disable MAC address spoofing, set whether to allow the "Unsafe Browser" to run, and how to connect to the Tor network or to disable networking entirely.
Tails 4.11 -- Running LibreOffice and checking the version of Tails
(full image size: 116kB, resolution: 1366x768 pixels)
These settings mostly default to providing more security. The administrative functions are blocked by default with the lack of a password. MAC address spoofing is turned on in an effort to make us harder to track on-line, and using the "Unsafe Browser" is blocked. Networking is enabled by default, but is set to pass information through the Tor network to hide the origin of our traffic.
Once we start the desktop session, the distribution loads the GNOME 3.30 interface. We are then automatically connected to the Tor network, assuming our computer has a working network connection. GNOME presents us with a panel across the top of the screen. This panel contains two menus, Applications and Places, in the upper-left corner. In the middle of the panel is a date and time widget which, when clicked, displays a calendar and recent notifications. Further to the right is the system tray. In the far upper-right corner we find a menu that provides access to the settings panel, network settings, and logoff/shutdown options.
Tails 4.11 -- Connecting to the Tor network
(full image size: 88kB, resolution: 1366x768 pixels)
On the desktop we can find icons for accessing the Trash (ie the file manager) along with two icons labelled "Documentation" and "Report an error". The latter two icons open the Tor Browser, which is an altered version of Firefox ESR, and displays tips on getting support and using the distribution. The documentation section of the Tails website is a good read and I recommend browsing it. The distribution's documentation provides information on system requirements, key features, and tips on staying anonymous. Not only that, it also talks about the limitations Tails has. We are warned the distribution cannot protect us against hardware-related attacks and that people monitoring the network can see that we are accessing the Tor network, which may raise flags at work, for example.
Hardware
I started out by testing Tails in a VirtualBox environment. Tails performed well in the virtual machine. The desktop dynamically resized with the VirtualBox window and desktop performance was, while slightly below average, still good enough to be practical. I like that Tails warns us when it detects it is running in a virtual machine as it helps us avoid eavesdropping from administrators.
When running Tails on my laptop the distribution performed very well. Desktop performance was quite good, all of my hardware was properly detected, wireless networking functioned out of the box, and the system was stable.
The distribution's memory usage fluctuated quite a bit once the GNOME desktop finished loading. The Tails website mentions the distribution checks for security updates automatically and I think this, and perhaps connecting to the Tor network, causes a memory spike. When GNOME first loads the system uses about 590MB of RAM. This rises to just over 700MB after a minute. Generally, RAM usage settled down to about 600MB after a few minutes.
Applications
Scanning through the Tails application menu we find the Tor Browser, which is a modified version of Firefox. There is also an application called Unsafe Browser. This is also basically Firefox, but while Tor Browser connects to the Internet through the Tor network, hiding our location, Unsafe Browser accesses the web directly. Using Unsafe Browser basically removes any protection we had from using the Tor network while providing a faster browsing experience as traffic is not rerouted through proxies.
Tails 4.11 -- Tor Browser ships with privacy extensions
(full image size: 110kB, resolution: 1366x768 pixels)
The application menu includes the Thunderbird e-mail client, the Pidgin messaging software, and Electrum Bitcoin Wallet. OnionShare is included and I will talk about it in detail later. Tails ships with LibreOffice, the GNU Image Manipulation Program, and Inkscape. The Audacity audio editor and Brasero disc burning software are available, along with the Videos (Totem) application which is included for playing media files. Tails ships with media codecs already installed for us.
There are tools available for setting up persistent volume storage, formatting disk partitions, and editing text files. There is a tool called GtkHash for getting file checksums, particularly in MD5, SHA1, and SHA256 hashes. There is a simple image viewer, the KeePassXC password manager, and a tool for unlocking VeraCrypt storage volumes. There is a tool for installing Tails, though I suspect most people will stick to using the distribution in its live desktop form. In the background Tails uses the systemd init software and runs on version 5.7 of the Linux kernel.
OnionShare
One of the interesting features Tails includes is OnionShare. This desktop application helps us share files over the Tor network. OnionShare begins by allowing us to browse our system for a file (or files) we wish to share. Then we click a button to start sharing the file. OnionShare will set up a unique address on the Tor network and allow computers using Tor to access our computer to grab the file. The unique address for this file is displayed in the OnionShare window and we can copy it to other applications to share it with people. Basically, OnionShare makes it possible to semi-anonymously share a file with other people through the Tor network.
Tails 4.11 -- Transferring a file over OnionShare
(full image size: 89kB, resolution: 1366x768 pixels)
One interesting characteristic of OnionShare is it stops making the file we are sharing available after it has been downloaded. This means once our contact has retrieved the file it is no longer available to anyone else; the service shuts down automatically. This is usually a good thing. Though it may be frustrating if the person retrieving the file needs to cancel and resume the download, or if their connection times out. In these situations they need to contact us and ask us to share the file again, which requires setting up the service and getting a new unique URL.
I had used OnionShare a few years ago and, at the time, could not get it to work. The setup process where a file was assigned a unique identifier never completed successfully at the time. This week I tried using OnionShare repeatedly and it worked each time. There is a bit of a delay before the shared files become available on the Tor network (about 30 seconds in my case) but it always worked.
Other observations
I tried setting up persistent storage media in a few environments. This seems like a good tool, though it does have some limitations at the moment. For example, it requires Tails to run from a USB drive and saves data to the same thumb drive. When we run Tails from another type of media, such as a DVD, we cannot use a hard drive or thumb drive as the storage device. This is probably for the best as most people are unlikely to want to split their data files and the Tails operating system between separate devices they need to manage.
As I mentioned earlier, the Unsafe Browser is disabled by default. It can be enabled through the welcome screen when Tails first launches. As far as I can tell there is no way to enable this browser after the welcome screen has been dismissed. When we do enable and launch the Unsafe Browser it displays two warnings letting us know our traffic is not being rerouted. The theme of the Unsafe Browser is bright red to further drive home the point that we should be running the regular Tor Browser for the sake of anonymity.
Tails 4.11 -- Running the Unsafe Browser
(full image size: 109kB, resolution: 1366x768 pixels)
As far as I could tell the web browser is unable to provide audio output. Even when watching videos on-line the browser would not create any audio and the Tor Browser does not show up in the distribution's audio controls or list of applications providing sound output. Other applications, such as Totem, do play audio.
By default Tails does not enable administrative functions. This means any application which requires admin access is blocked. This affects tools like the disk manager and Synaptic package manager. Administrative access can be enabled by setting an admin password in the welcome window.
The GNOME desktop locks itself after a short timeout, by default after just five minutes. If this interval is too short it can be adjusted in the GNOME settings panel.
Tails 4.11 -- The settings panel and file manager
(full image size: 90kB, resolution: 1366x768 pixels)
Software management
In case we wish to update existing software or add new programs to Tails the distribution ships with the Synaptic package manager. Synaptic provides a low-level view of packages and can download, remove, or update software on the system. Synaptic will only work if we have set an admin password from the distribution's welcome screen. Synaptic works reliably, though it is slow as its network traffic is routed through Tor. This makes for slower downloads.
There is a tool in the application menu called Additional Software. This tool assists us in adding software from persistent media, if persistent storage has been enabled. This should make it easier to run extra applications from local media rather than downloading them each time we boot Tails.
Conclusions
Tails fills an important, though rarely explored, niche in the computing ecosystem. Tails attempts to provide not just secure, but also anonymous on-line communication. Tails is quite focused. It's not trying to be a general purpose operating system, rather it is dedicated to providing a simple interface and a fairly locked down environment in which people can get on-line, look up information, share files, and exchange messages. The Debian base proves to be quite stable and the current GNOME desktop offers good performance.
One thing I like about Tails is it automates the software we need for on-line communication and file sharing. The distribution automatically connects to the Tor network and the initial setup process is streamlined. There are not many extra features offered outside of the distribution's core purpose. In fact, most unnecessary features, like the admin password, are disabled to avoid potential security issues.
Something else I like about the project is the documentation. Partly for what it explains and that it tells us how to perform tasks. However, it also describes the distribution's limitations and things Tails cannot do to protect us. This is a good, transparent approach to keeping people safe as it should avoid false senses of security. On a similar note, I like that Tails often tries to warn us against doing something foolish, but does not prevent us from engaging in ill-advised activities. We can run a web browser and connect it directly to the Internet, though Tails will tell us it is a bad idea. The distribution defaults to blocking admin access, though we can override this setting too. In short, Tails tries its best to protect the user, but does not stop the user from forging ahead if they deem it necessary.
Tails is very focused on its niche and performs its tasks well using appropriate tools. There are not many distributions dedicated to keeping users anonymous on-line and Tails does an excellent job of automating the process and making it friendly for people who need private communication, but may not be technical experts.
* * * * *
Hardware used in this review
My physical test equipment for this review was a de-branded HP laptop with the following
specifications:
- Processor: Intel i3 2.5GHz CPU
- Display: Intel integrated video
- Storage: Western Digital 700GB hard drive
- Memory: 6GB of RAM
- Wired network device: Realtek RTL8101E/RTL8102E PCI Express Fast
- Wireless network device: Realtek RTL8188EE Wireless network card
* * * * *
Visitor supplied rating
Tails has a visitor supplied average rating of: 5.4/10 from 21 review(s).
Have you used Tails? You can leave your own review of the project on our ratings page.
|
Miscellaneous News (by Jesse Smith) |
UBports improves installer, IPFire explains location lookups
The UBports team has published a news update which provides an overview of what the project is currently working on. The system installer is receiving a lot of attention at the moment with work going into supporting multiple operating systems and some new devices. "Jan reported that UBports installer 0.5.2-beta has been released. Heimdal support is now included, which enables Samsung support; it can be used to install other operating systems - great for Volla for example; there are some bug fixes and you can now use the installer behind a proxy. It can also now download archive files, which will assist those on poor connections. Finally there is a new supported device - the Nexus 6P. Unfortunately there is also a new bug in the Windows version of the beta. The installer fails at the last step. Use an older version for now but the next release will provide a fix. We still need testers for that fix, so volunteers please! The next release will also have support for Electron 10, rather than the Electron 5 we were stuck with before. Beyond that, we are working on some modifications which will aid installs on the Raspberry Pi and the Pinebook Pro." Additional information can be found in the project's blog post.
* * * * *
Being able to look up information on an IP address, such as the physical location where it originated, is a common practise which can help developers determine which version of a website to show. It can also help security software determine whether to block or flag unexpected access attempts. The IPFire team has put together a set of tools to help deal with IP location lookups and they have published a blog post about their solution: "Many target applications for our library need to be fast. Nobody likes to wait for a website to load, but more importantly, applications like an Intrusion Prevention System need to be able to handle a large number of packets a second. If a source IP address needs to be classified by using libloc, this can only take a couple of nanoseconds. A millisecond would already cause a performance impact and connections would take too long to establish. That is why the goal was that the database needed to be searchable in O(1) - or for those who are not familiar with Landau symbols: every search should take the same time, no matter where in the database the object is stored." The blog goes on to outline the problems and solutions the IPFire developers explored.
* * * * *
These and other news stories can be found on our Headlines page.
|
Questions and Answers (by Jesse Smith) |
Detecting and dealing with rootkits
Ghosts-in-the-machine asks: Linux has few problems with malware, by and large, but there is a serious threat posed by rootkits. Evil hackers have cunning tricks up their sleeves to get a rootkit installed on an unsuspecting user's computer. If the rootkit takes control of the BIOS, the hackers obtain full control of the machine. What can be done then to fix this problem? Will replacing the BIOS firmware get the user his machine back?
DistroWatch answers: First, let's talk a little bit about what a rootkit is. In a broad sense a rootkit is a program (or collection of programs) which grant an unauthorized user access to a computer. Typically a rootkit provides remote access over the network and, usually, the rootkit will strive to provide elevated privileges to the unauthorized user. As the name suggests, a rootkit will typically try to provide access to the root user account, or higher access such as at the kernel-level.
A rootkit can be installed in a variety of ways. Sometimes the user is tricked into installing the software, sometimes a rootkit is installed by hijacking a web browser, or brute forcing a login through a remote shell. Whatever the avenue of attack, the rootkit will typically open up remote access for the malicious user and attempt to hide itself on the system.
I feel it is worth pointing out that there is nothing special about a rootkit which makes it more likely than a virus or other form of malware to be installed by a malicious user. The same security techniques and features Linux offers which protect users against other forms of malware also work against rootkits.
How does a rootkit hide? Some of them may disguise themselves as familiar looking software, with a typo in the name. For example, a rootkit might call itself "1s" (one-s) instead of "ls" (elle-s) in order to blend in. Others will try to hide their processes in various ways, infect existing binaries, or insert themselves into the kernel.
A few rootkits will even try to embed themselves into lower level components of the computer's hardware, for example in the BIOS firmware or in the software that runs a hard drive or other piece of attached equipment. Which brings us back to the original question: If a rootkit takes control of the hardware (through the BIOS firmware) can we get the machine back into its pristine condition?
The answer is that we can usually restore the machine back to its working order. The specific steps will depend a lot on your equipment and are a bit outside the scope of this article. However, typically the steps are to:
- Unplug as many attached components and disk drives from the computer as you can. This attempts to avoid the BIOS being re-infected if other copies of the rootkit are hidden in other pieces of hardware.
- Use a boot disc, preferably a read-only CD, to launch a BIOS repair utility and reset or restore the BIOS firmware.
- Restart the computer and verify the malware is gone.
- Reattach or replace the old disk drives and other components we removed in the first step.
- Re-install the operating system.
The above process does not guarantee the computer is in a clean and rootkit-free state. However, it is about as close to certain as we can get. There is always a small chance the rootkit can launch itself from the BIOS, wait until the firmware is restored, and then re-install itself. However that is a rare and, so far as I know, unverified level of persistence from a rootkit.
Most rootkits I have encountered work at the operating system level, rather than the hardware/BIOS level, and can usually be removed by backing up one's files and re-installing the operating system from scratch. This would be my first suggestion, wiping the operating system, and then see if the rootkit has been successfully removed.
There are some common tools for checking for rootkits. You may want to investigate the chkrootkit tool, which is available in most Linux distributions. You may also be interested in looking at the Clam AV anti-virus software which can detect a variety of malware.
* * * * *
Additional answers can be found in our Questions and Answers archive.
|
Released Last Week |
Porteus Kiosk 5.1.0
Tomasz Jokiel has announced the release of Porteus Kiosk 5.1.0, a single-purpose, Gentoo-based Linux distribution designed for web kiosks and limited to web browsing with Firefox or Google Chrome: "I am pleased to announce that Porteus Kiosk 5.1.0 is now available for download. Major software upgrades in this release include: Linux kernel 5.4.70, Google Chrome 85.1.4183.121 and Mozilla Firefox 78.3.1 ESR. Packages from the userland are upgraded to portage snapshot tagged on 20201004. Short changelog for 5.1.0 release: silent printing feature is available again for the Firefox browser after Mozilla developers fixed the bug which we have reported to them; it's possible to wipe the guest's home folder from the persistent partition using the 'persistence=wipe' parameter in remote kiosk config; enabled microphone and webcam redirection for the Citrix Workspace sessions by default; disabled 'irc://' and 'ircs://' handlers for the Firefox browser which in certain circumstances could allow an attacker to unlock default browser profile and run other applications in kiosk...." Continue to the release announcement for further details.
Parted Magic 2020_10_12
Parted Magic, a live disc utility for managing disks and partitions as well as rescuing data has released a new version which introduces two major changes. The first is the graphical interface has migrated from Openbox to Xfce and the second is Parted Magic is now a 64-bit distribution. "Desktop is now Xfce and you can configure the crap of it now with GUIs and use the save session. The NVIDIA drivers are used by default. This was a big gain moving to 64-bit. Lots of program requests that were not possible or problematic because of the 32-bit system are now included. LibreOffice, Wireshark, Keepassxc, VLC, etc. This should put a smile on a lot of faces: international language support and man pages have returned. All languages supported by Linux should be available. Not a cherry picking of a few European countries. Ibus is also included. You'll see the new entry in the boot menu to get this going. The downside: the ISO is now 1.5GB. I found some old laptops and tested the bigger Parted Magic. The one with 2GB of RAM worked just fine in live mode. Another one with 4GB ran just fine from RAM. Even the cheapest computers made in the last 10 years can still run this." Further information can be found on the project's news page.
Untangle NG Firewall 16.0.1
Untangle, Inc. has announced the release of Untangle NG Firewall 16.0.1, a major new update of the company's Debian-based firewall and network gateway designed for small to medium-sized enterprises. Besides an upgrade of the base system to Debian 10, the main new feature of the release is the addition of WireGuard VPN: "Untangle, Inc., today announced the latest release of its award-winning flagship product, NG Firewall. NG Firewall 16.0 includes significant updates including the addition of WireGuard VPN which allows for VPN options to fit any type of networking deployment and administrative preferences, better addressing any organization's critical VPN connectivity needs. In today's world of increased remote work, VPN technology is being heavily relied upon to help users and businesses connect safely to a network. In fact, a recent SMB security survey reveals that SMBs rank firewalls (82%) and VPN technologies (47%) as the most important features when considering which IT security solutions to purchase." See the company's full press release for further details.
Rescuezilla 2.0
Shasheen Ediriweera has announced the release of Rescuezilla 2.0, a major new version of the fork of the "Redo Backup & Restore" distribution. This is the first 64-bit only release: "Rescuezilla 2.0 is a major upgrade. Key changes: switched to creating backups in Clonezilla format for full interoperability with Clonezilla - Rescuezilla is now a drop-in replacement to Clonezilla; backups created using Clonezilla can be restored using Rescuezilla and vice versa; warning - backups created with Rescuezilla 2.0 cannot be restored using earlier versions of Rescuezilla; backups created with older versions of Rescuezilla can still of course be restored with 2.0; added ability to restore individual partitions and optionally to not overwrite partition table; rewrote the Rescuezilla frontend in the Python 3 programming language; added backup/restore confirmation and summary pages, back button; improved exit code handling and error messages, image selection; disabled Linux time sync to prevent hardware clock modification; Added the ability to backup and restore software RAID (md) devices.... Read the full changelog for further information.
Rescuezilla 2.0 -- The Rescuezilla welcome screen
(full image size: 146kB, resolution: 1920x1080 pixels)
Redo Rescue 3.0.0
Zebradots Software has announced the release of Redo Rescue 3.0.0, a major new build of the project's specialist distribution designed for bare metal backups and system restoration tasks. This version upgrades the underlying operating system to Debian 10: "This release marks a major milestone as we upgrade to the Debian 10 base system for ISO images. This means expanded hardware support, UEFI images with Secure Boot, more recent binaries for Partclone and all other included tools. Non-free linux firmware is not enabled by default, but the option to add it can be changed in the make file. Changes in this release are limited only to upgrading the base operating system. As of this release, the application itself remains identical to the 2.0.7 release. The 2.0.x series based on Debian 9 will continue to exist as a stable release, but will not receive future updates (unless a major bug is discovered). Other changes: beautiful new GRUB-based bootloader theme with dynamic screen layout; language selection menu for future multiple language support; no application changes; release is strictly to upgrade base system. Here is the complete release announcement as published on the project's GitHub page.
antiX 19.3
antiX, a lightweight, desktop Linux distribution featuring IceWM as the default window manager, has been upgraded to version 19.3. It comes in the usual range of variants (net, core, base and full), supporting both SysV and Runit init systems: "All new ISO images are bug-fix and upgrade improvements of antiX 19 SysV and Runit series. antiX 19.3 'Manolis Glezos' is based on Debian 10 'Buster' and is fully systemd-free. The 32-bit editions use a non-pae kernel. This series has put on some weight mainly due to the kernel supporting old and new hardware and the inclusion of more firmware (full, base and core editions). Changes: antiX WiFi switch - tool to choose which WiFi manager to use, default is ConnMan, Ceni available; improved and updated localisation; mps-youtube includes another fix for apt_key bug; a newer 4.9.235 Linux kernel; Firefox 78.3.0esr; LibreOffice 7.0.2; IceWM upgraded to latest upstream version (1.8.3); latest firmware backported from Debian 'sid'...." See the release announcement for further information.
antiX 19.3 -- Exploring the application menu
(full image size: 165kB, resolution: 1280x1024 pixels)
Linux Kodachi 7.3
Warith Al Maawali has announced the release of Linux Kodachi 7.3, the latest stable build of the project's privacy-focused Linux distribution (with VPN, Tor and DNSCrypt) based on Xubuntu and featuring a highly customised Xfce desktop. Besides fixing some reported bugs, this release also upgrades the Linux kernel to version 5.8, upgrades the underlying system to Xubuntu 18.04.5 and updates Tor and LibreOffice (version 7.0.2rc2). From the changelog: "Linux kernel upgrade from 5.4 to 5.8; full system update from Xubuntu 18.04 to Xubuntu 18.04.5 LTS; added Demonsaw (an encrypted communications platform for chatting, messaging and transferring files without fear of data collection or surveillance); fixed Tor browser issue; fixed SSH key generation; Conky performance fixed; menu bug fixed; VPN configuration files updated; MyMonero, Electron, Wire, Xnview, Veracrypt, Session messenger and full system update done; replaced Nano with Ublock Origin on browsers; removed online installer as it caused issues when live image is too old."
OpenBSD 6.8
The OpenBSD project produces a free, multi-platform UNIX-like operating system. Its efforts emphasize portability, standardisation, correctness, proactive security and integrated cryptography. The project's latest release, OpenBSD 6.8, introduces support for the powerpc64 CPU architecture, improves the speed of time-related operations, and offers several fixes. "New/extended platforms: New powerpc64 platform, supporting PowerNV (non-virtualized) systems with POWER8 and POWER9 CPUs, such as Raptor Computing Systems Talos II and Blackbird systems. POWER8 support has not been tested on real hardware yet. Improvements to time measurements, mostly in the kernel: Added support in the kernel and libc for timecounting in userland, eliminating the need for a context switch everytime a process requests the current time, thereby improving speed and responsiveness in programs which make many gettimeofday(2) calls, especially browsers and office software. The userland timecounters are enabled on the amd64, arm64, macppc, octeon and sparc64 architectures." Further information can be found in the project's release announcement.
* * * * *
Development, unannounced and minor bug-fix releases
|
Torrent Corner |
Weekly Torrents
The table below provides a list of torrents DistroWatch is currently seeding. If you do not have a bittorrent client capable of handling the linked files, we suggest installing either the Transmission or KTorrent bittorrent clients.
Archives of our previously seeded torrents may be found in our Torrent Archive. We also maintain a Torrents RSS feed for people who wish to have open source torrents delivered to them. To share your own open source torrents of Linux and BSD projects, please visit our Upload Torrents page.
Torrent Corner statistics:
- Total torrents seeded: 2,178
- Total data uploaded: 34.2TB
|
Upcoming Releases and Announcements |
Summary of expected upcoming releases
|
Opinion Poll (by Jesse Smith) |
Checking for rootkits
In our Questions and Answers column we discussed rootkits, pieces of malware which provide remote access to people who wish to break into computers. There are a number of tools available which can attempt to detect common rookits and other forms of malware. We would like to hear if you run any of these security tools. Let us know which detection tools you deploy on your systems in the comments.
You can see the results of our previous poll on using zRAM to compress data in memory in last week's edition. All previous poll results can be found in our poll archives.
|
Tools for detecting rookits
I use Clam AV: | 151 (12%) |
I use chkrootkit: | 93 (8%) |
I use both of the above: | 122 (10%) |
I use another detection tool: | 64 (5%) |
I do not use any rootkit detection tools: | 793 (65%) |
|
|
Website News |
New distributions added to waiting list
- AllegianceOS. AllegianceOS is a lightweight distribution based on Slackware's development (-current) branch. The distribution ships with the Xfce desktop and runs on 64-bit machines only, though it includes multilib support for 32-bit programs.
* * * * *
DistroWatch database summary
* * * * *
This concludes this week's issue of DistroWatch Weekly. The next instalment will be published on Monday, 26 October 2020. Past articles and reviews can be found through our Article Search page. To contact the authors please send e-mail to:
- Jesse Smith (feedback, questions and suggestions: distribution reviews/submissions, questions and answers, tips and tricks)
- Ladislav Bodnar (feedback, questions, donations, comments)
- Bruce Patterson (podcast)
|
|
Tip Jar |
If you've enjoyed this week's issue of DistroWatch Weekly, please consider sending us a tip. (Tips this week: 0, value: US$0.00) |
|
|
|
bc1qxes3k2wq3uqzr074tkwwjmwfe63z70gwzfu4lx lnurl1dp68gurn8ghj7ampd3kx2ar0veekzar0wd5xjtnrdakj7tnhv4kxctttdehhwm30d3h82unvwqhhxarpw3jkc7tzw4ex6cfexyfua2nr 86fA3qPTeQtNb2k1vLwEQaAp3XxkvvvXt69gSG5LGunXXikK9koPWZaRQgfFPBPWhMgXjPjccy9LA9xRFchPWQAnPvxh5Le paypal.me/distrowatchweekly • patreon.com/distrowatch |
|
Extended Lifecycle Support by TuxCare |
| |
TUXEDO |
TUXEDO Computers - Linux Hardware in a tailor made suite Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
|
Archives |
• Issue 1099 (2024-12-02): AnduinOS 1.0.1, measuring RAM usage, SUSE continues rebranding efforts, UBports prepares for next major version, Murena offering non-NFC phone |
• Issue 1098 (2024-11-25): Linux Lite 7.2, backing up specific folders, Murena and Fairphone partner in fair trade deal, Arch installer gets new text interface, Ubuntu security tool patched |
• Issue 1097 (2024-11-18): Chimera Linux vs Chimera OS, choosing between AlmaLinux and Debian, Fedora elevates KDE spin to an edition, Fedora previews new installer, KDE testing its own distro, Qubes-style isolation coming to FreeBSD |
• Issue 1096 (2024-11-11): Bazzite 40, Playtron OS Alpha 1, Tucana Linux 3.1, detecting Screen sessions, Redox imports COSMIC software centre, FreeBSD booting on the PinePhone Pro, LXQt supports Wayland window managers |
• Issue 1095 (2024-11-04): Fedora 41 Kinoite, transferring applications between computers, openSUSE Tumbleweed receives multiple upgrades, Ubuntu testing compiler optimizations, Mint partners with Framework |
• Issue 1094 (2024-10-28): DebLight OS 1, backing up crontab, AlmaLinux introduces Litten branch, openSUSE unveils refreshed look, Ubuntu turns 20 |
• Issue 1093 (2024-10-21): Kubuntu 24.10, atomic vs immutable distributions, Debian upgrading Perl packages, UBports adding VoLTE support, Android to gain native GNU/Linux application support |
• Issue 1092 (2024-10-14): FunOS 24.04.1, a home directory inside a file, work starts of openSUSE Leap 16.0, improvements in Haiku, KDE neon upgrades its base |
• Issue 1091 (2024-10-07): Redox OS 0.9.0, Unified package management vs universal package formats, Redox begins RISC-V port, Mint polishes interface, Qubes certifies new laptop |
• Issue 1090 (2024-09-30): Rhino Linux 2024.2, commercial distros with alternative desktops, Valve seeks to improve Wayland performance, HardenedBSD parterns with Protectli, Tails merges with Tor Project, Quantum Leap partners with the FreeBSD Foundation |
• Issue 1089 (2024-09-23): Expirion 6.0, openKylin 2.0, managing configuration files, the future of Linux development, fixing bugs in Haiku, Slackware packages dracut |
• Issue 1088 (2024-09-16): PorteuX 1.6, migrating from Windows 10 to which Linux distro, making NetBSD immutable, AlmaLinux offers hardware certification, Mint updates old APT tools |
• Issue 1087 (2024-09-09): COSMIC desktop, running cron jobs at variable times, UBports highlights new apps, HardenedBSD offers work around for FreeBSD change, Debian considers how to cull old packages, systemd ported to musl |
• Issue 1086 (2024-09-02): Vanilla OS 2, command line tips for simple tasks, FreeBSD receives investment from STF, openSUSE Tumbleweed update can break network connections, Debian refreshes media |
• Issue 1085 (2024-08-26): Nobara 40, OpenMandriva 24.07 "ROME", distros which include source code, FreeBSD publishes quarterly report, Microsoft updates breaks Linux in dual-boot environments |
• Issue 1084 (2024-08-19): Liya 2.0, dual boot with encryption, Haiku introduces performance improvements, Gentoo dropping IA-64, Redcore merges major upgrade |
• Issue 1083 (2024-08-12): TrueNAS 24.04.2 "SCALE", Linux distros for smartphones, Redox OS introduces web server, PipeWire exposes battery drain on Linux, Canonical updates kernel version policy |
• Issue 1082 (2024-08-05): Linux Mint 22, taking snapshots of UFS on FreeBSD, openSUSE updates Tumbleweed and Aeon, Debian creates Tiny QA Tasks, Manjaro testing immutable images |
• Issue 1081 (2024-07-29): SysLinuxOS 12.4, OpenBSD gain hardware acceleration, Slackware changes kernel naming, Mint publishes upgrade instructions |
• Issue 1080 (2024-07-22): Running GNU/Linux on Android with Andronix, protecting network services, Solus dropping AppArmor and Snap, openSUSE Aeon Desktop gaining full disk encryption, SUSE asks openSUSE to change its branding |
• Issue 1079 (2024-07-15): Ubuntu Core 24, hiding files on Linux, Fedora dropping X11 packages on Workstation, Red Hat phasing out GRUB, new OpenSSH vulnerability, FreeBSD speeds up release cycle, UBports testing new first-run wizard |
• Issue 1078 (2024-07-08): Changing init software, server machines running desktop environments, OpenSSH vulnerability patched, Peppermint launches new edition, HardenedBSD updates ports |
• Issue 1077 (2024-07-01): The Unity and Lomiri interfaces, different distros for different tasks, Ubuntu plans to run Wayland on NVIDIA cards, openSUSE updates Leap Micro, Debian releases refreshed media, UBports gaining contact synchronisation, FreeDOS celebrates its 30th anniversary |
• Issue 1076 (2024-06-24): openSUSE 15.6, what makes Linux unique, SUSE Liberty Linux to support CentOS Linux 7, SLE receives 19 years of support, openSUSE testing Leap Micro edition |
• Issue 1075 (2024-06-17): Redox OS, X11 and Wayland on the BSDs, AlmaLinux releases Pi build, Canonical announces RISC-V laptop with Ubuntu, key changes in systemd |
• Issue 1074 (2024-06-10): Endless OS 6.0.0, distros with init diversity, Mint to filter unverified Flatpaks, Debian adds systemd-boot options, Redox adopts COSMIC desktop, OpenSSH gains new security features |
• Issue 1073 (2024-06-03): LXQt 2.0.0, an overview of Linux desktop environments, Canonical partners with Milk-V, openSUSE introduces new features in Aeon Desktop, Fedora mirrors see rise in traffic, Wayland adds OpenBSD support |
• Issue 1072 (2024-05-27): Manjaro 24.0, comparing init software, OpenBSD ports Plasma 6, Arch community debates mirror requirements, ThinOS to upgrade its FreeBSD core |
• Issue 1071 (2024-05-20): Archcraft 2024.04.06, common command line mistakes, ReactOS imports WINE improvements, Haiku makes adjusting themes easier, NetBSD takes a stand against code generated by chatbots |
• Issue 1070 (2024-05-13): Damn Small Linux 2024, hiding kernel messages during boot, Red Hat offers AI edition, new web browser for UBports, Fedora Asahi Remix 40 released, Qubes extends support for version 4.1 |
• Issue 1069 (2024-05-06): Ubuntu 24.04, installing packages in alternative locations, systemd creates sudo alternative, Mint encourages XApps collaboration, FreeBSD publishes quarterly update |
• Issue 1068 (2024-04-29): Fedora 40, transforming one distro into another, Debian elects new Project Leader, Red Hat extends support cycle, Emmabuntus adds accessibility features, Canonical's new security features |
• Issue 1067 (2024-04-22): LocalSend for transferring files, detecting supported CPU architecure levels, new visual design for APT, Fedora and openSUSE working on reproducible builds, LXQt released, AlmaLinux re-adds hardware support |
• Issue 1066 (2024-04-15): Fun projects to do with the Raspberry Pi and PinePhone, installing new software on fixed-release distributions, improving GNOME Terminal performance, Mint testing new repository mirrors, Gentoo becomes a Software In the Public Interest project |
• Issue 1065 (2024-04-08): Dr.Parted Live 24.03, answering questions about the xz exploit, Linux Mint to ship HWE kernel, AlmaLinux patches flaw ahead of upstream Red Hat, Calculate changes release model |
• Issue 1064 (2024-04-01): NixOS 23.11, the status of Hurd, liblzma compromised upstream, FreeBSD Foundation focuses on improving wireless networking, Ubuntu Pro offers 12 years of support |
• Issue 1063 (2024-03-25): Redcore Linux 2401, how slowly can a rolling release update, Debian starts new Project Leader election, Red Hat creating new NVIDIA driver, Snap store hit with more malware |
• Issue 1062 (2024-03-18): KDE neon 20240304, changing file permissions, Canonical turns 20, Pop!_OS creates new software centre, openSUSE packages Plasma 6 |
• Issue 1061 (2024-03-11): Using a PinePhone as a workstation, restarting background services on a schedule, NixBSD ports Nix to FreeBSD, Fedora packaging COSMIC, postmarketOS to adopt systemd, Linux Mint replacing HexChat |
• Issue 1060 (2024-03-04): AV Linux MX-23.1, bootstrapping a network connection, key OpenBSD features, Qubes certifies new hardware, LXQt and Plasma migrate to Qt 6 |
• Issue 1059 (2024-02-26): Warp Terminal, navigating manual pages, malware found in the Snap store, Red Hat considering CPU requirement update, UBports organizes ongoing work |
• Issue 1058 (2024-02-19): Drauger OS 7.6, how much disk space to allocate, System76 prepares to launch COSMIC desktop, UBports changes its version scheme, TrueNAS to offer faster deduplication |
• Issue 1057 (2024-02-12): Adelie Linux 1.0 Beta, rolling release vs fixed for a smoother experience, Debian working on 2038 bug, elementary OS to split applications from base system updates, Fedora announces Atomic Desktops |
• Issue 1056 (2024-02-05): wattOS R13, the various write speeds of ISO writing tools, DSL returns, Mint faces Wayland challenges, HardenedBSD blocks foreign USB devices, Gentoo publishes new repository, Linux distros patch glibc flaw |
• Issue 1055 (2024-01-29): CNIX OS 231204, distributions patching packages the most, Gentoo team presents ongoing work, UBports introduces connectivity and battery improvements, interview with Haiku developer |
• Issue 1054 (2024-01-22): Solus 4.5, comparing dd and cp when writing ISO files, openSUSE plans new major Leap version, XeroLinux shutting down, HardenedBSD changes its build schedule |
• Issue 1053 (2024-01-15): Linux AI voice assistants, some distributions running hotter than others, UBports talks about coming changes, Qubes certifies StarBook laptops, Asahi Linux improves energy savings |
• Issue 1052 (2024-01-08): OpenMandriva Lx 5.0, keeping shell commands running when theterminal closes, Mint upgrades Edge kernel, Vanilla OS plans big changes, Canonical working to make Snap more cross-platform |
• Issue 1051 (2024-01-01): Favourite distros of 2023, reloading shell settings, Asahi Linux releases Fedora remix, Gentoo offers binary packages, openSUSE provides full disk encryption |
• Issue 1050 (2023-12-18): rlxos 2023.11, renaming files and opening terminal windows in specific directories, TrueNAS publishes ZFS fixes, Debian publishes delayed install media, Haiku polishes desktop experience |
• Issue 1049 (2023-12-11): Lernstick 12, alternatives to WINE, openSUSE updates its branding, Mint unveils new features, Lubuntu team plans for 24.04 |
• Issue 1048 (2023-12-04): openSUSE MicroOS, the transition from X11 to Wayland, Red Hat phasing out X11 packages, UBports making mobile development easier |
• Issue 1047 (2023-11-27): GhostBSD 23.10.1, Why Linux uses swap when memory is free, Ubuntu Budgie may benefit from Wayland work in Xfce, early issues with FreeBSD 14.0 |
• Issue 1046 (2023-11-20): Slackel 7.7 "Openbox", restricting CPU usage, Haiku improves font handling and software centre performance, Canonical launches MicroCloud |
• Issue 1045 (2023-11-13): Fedora 39, how to trust software packages, ReactOS booting with UEFI, elementary OS plans to default to Wayland, Mir gaining ability to split work across video cards |
• Full list of all issues |
Star Labs |
Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.
|
Random Distribution |
MINIX
MINIX was a UNIX-like computer operating system based on a microkernel architecture. It was extremely small, with the part that runs in kernel mode in about 5,000 lines of source code, while the parts that run in user mode are divided into small, insulated modules which enhance system reliability. Originally designed as an educational tool, the latest versions of MINIX are also targetted at embedded systems and low-power laptops. By the project's own admission, MINIX was work in progress and was nowhere near as mature as BSD or Linux. It was released under a BSD-type licence.
Status: Discontinued
|
TUXEDO |
TUXEDO Computers - Linux Hardware in a tailor made suite Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
|
Star Labs |
Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.
|
|