SparkyLinux 3.5



Since my time with Qubes was cut quite short I turned my attention to another project. SparkyLinux 3.5 was released a few weeks ago and I thought the Debian-based distribution looked interesting. According to the project's website, " SparkyLinux is a lightweight, fast and simple Linux distribution designed for both old and new computers featuring customized Enlightenment and LXDE desktops. It has been built on the "testing" branch of Debian GNU/Linux. SparkyLinux is available for i486 and x86_64 machines. " SparkyLinux (hereafter referred to as Sparky) is available in several editions. At the time of writing there are 32-bit and 64-bit builds of LXDE, Enlightenment, MATE, Razor-qt, Xfce, Openbox and JWM editions. I opted to download the 64-bit build of the MATE edition of SparkyLinux. The ISO file we download is approximately 1.5 GB in size.



Booting from the SparkyLinux media brings up a menu where we can choose to run a live desktop environment with one of several languages. Once we select our preferred language we are brought to the MATE desktop environment. At the top of the display we find the application menu along with two menus for accessing directories and system settings. At the bottom of the screen we find a quick launch bar filled with popular open source applications. Over to the right side of the display we find a panel showing system status information. This panel displays network activity, memory usage statistics, current CPU usage and a short list of running processes. The wallpaper and, in fact, most of the controls and icons are drawn in shades of grey. As everything appeared to be working properly I turned my attention to the project's system installer.



SparkyLinux' graphical system installer appears to be the same one used by Linux Mint Debian Edition. We are walked thought a series of screens where we are asked to select our preferred language from a list, pick our time zone from a map of the world and we are asked to confirm our keyboard's layout. The next screen asks us to create a user account for ourselves. Next the installer offers to automatically set up disk partitions for us. By default SparkyLinux will create two partitions, one for our operating system and another for swap space. We can choose, at this time, to click a button to launch the GParted partition manager. Using GParted we can arrange our disk the way we like and then return to SparkyLinux' installer. Back on the partition management screen we are asked to click on partitions to assign them mount points, such as "/" and "/home". Next, we are asked to confirm whether we would like to install a boot loader on our computer and, assuming we do want a new boot loader, we are asked where it should be placed. The system installer then shows us what actions it will take and waits for us to confirm before it begins copying files to our hard drive. Once the installer has finished setting up SparkyLinux on our computer we are asked to reboot the machine.



Booting our new copy of SparkyLinux brings up a graphical login screen. Like the rest of the distribution the login screen is decorated in grey. Signing into our user account brings us back to the MATE desktop. Upon logging in I found there was no welcome screen or other pop-ups. Apart from the Conky status panel on the right side of the screen, the MATE desktop remains calm and empty. In the upper-right corner of the display I noticed an icon which I suspected indicated the availability of software updates. Clicking on this icon gives us the option of either opening the Synaptic package manager or opening a program called APTus.







SparkyLinux 3.5 - managing software packages with APTus

(full image size: 861kB, screen resolution 1280x1024 pixels)



APTus is a simple graphical front end to package management which focuses on providing users with an easy way to update software, fix broken packages and clear the package cache. The APTus window is divided into tabs, each tab containing modules of similar functionality. For example, there are tabs for accessing update features, repair features, adding new packages and removing unwanted software. I found APTus did a nice job as far as gathering new updates was concerned. Adding or removing packages is a bit less user friendly as trying to add/remove a package requires typing in the name of the package we wish to manipulate. APTus does not display lists of available packages and this makes it better suited to general actions, such as updating all software or clearing the cache of stale files. I used APTus mostly for performing updates and found that it worked well enough. Whenever we perform an action from APTus's interface a new terminal window opens and we see the appropriate APT command executed in command line fashion. When the action completes we are returned to the APTus window.



While APTus has its uses, I found the Synaptic graphical package manager was usually my preferred tool for managing software. Synaptic presents a fairly simple interface where we are shown an alphabetical list of available software packages. Clicking a checkbox next to a package allows us to install, remove or upgrade the package. Synaptic works quickly and allows us to create batches of actions to perform. SparkyLinux pulls much of its software from the Debian Testing repositories. The project also maintains its own repository for some custom items. Digging through the APT configuration files I found SparkyLinux has the ability to pull software from a number of third-party repositories, including one maintained by Google, another for PlayOnLinux and there are some personal package archives (PPA) too. These third-party repositories were disabled on my system, but could be activated to provide additional applications. The first day I used SparkyLinux there were 237 software packages which could be upgraded and these totalled 250 MB in size. All packages downloaded and installed without any problems.



SparkyLinux ships with a collection of useful software. Included in the distribution are the Iceweasel web browser (with an accompanying Flash player), the Pidgin instant messaging client, the Transmission bittorrent client, the XChat IRC client and the gFTP file transfer application. The LibreOffice productivity suite is installed for us along with a document viewer, the Camorama webcam viewer, the GNU Image Manipulation Program and a collection of small games. The distribution provides users with the Exaile audio player, the VLC multimedia player and a YouTube video browser. We are also given a collection of media codecs which allow us to play a wide range of multimedia files. SparkyLinux ships with the Xfburn optical disc burning application, the Midnight Commander terminal file manager, a system monitor and the Caja graphical file manager.



SparkyLinux further provides an archive manager, a text editor and a virtual calculator. The MATE desktop comes with a Control Centre application which acts as a hub for configuring the desktop and parts of the underlying operating system. The distribution provides Network Manager to help us get on-line. SparkyLinux additionally ships with a virtual keyboard, the WINE compatibility software that allows us to run Windows applications, Java and the GNU Compiler Collection. I found SparkyLinux ships with the 3.14 version of the Linux kernel and the distribution runs an e-mail server in the background.







SparkyLinux 3.5 - working with system services

(full image size: 302kB, screen resolution 1280x1024 pixels)



While most applications ran very well for me, I had mixed results while working with the project's Control Centre. Many modules of the Control Centre, those which dealt with the look and feel of the MATE desktop, worked well. I could change the desktop's appearance and alter which programs were launched when I logged in, for example. On the other hand, modules which handled the underlying operating system usually would not work. For instance, the user account manager, the services manager and Synaptic would not launch from the Control Centre. The systemd services manager front end would load and display the status of services, but I could not start/stop services or even refresh the list of running services.



Likewise the Device Driver Manager refused to load, claiming it could not be run from live media (though at this time I was running my local copy of SparkyLinux). I suspect the problem lies in the fact the modules which did not work all required administrative rights. My regular user account did not have admin access and the modules in the Control Centre do not prompt for the administrator's password when they are launched. This meant I either had to login as root to perform administrative tasks or manipulate SparkyLinux from the command line where I could use the su command to gain administrative access.



I tried running SparkyLinux on a physical desktop computer and in a VirtualBox virtual machine. In both environments the distribution performed well. The MATE desktop was very responsive and the distribution performed actions quickly. I found MATE looked quite bland with the default theme, but I was able to add a splash of colour through the distribution's Control Centre. SparkyLinux does not require a lot of resources and I found the distribution could run the MATE desktop with 270MB of RAM. When running on physical hardware SparkyLinux properly detected my screen resolution, sound worked out of the box and networking was set up automatically. When running in the virtual environment SparkyLinux provided similar, good results and good performance.







SparkyLinux 3.5 - changing the look of the MATE desktop

(full image size: 733kB, screen resolution 1280x1024 pixels)



About halfway through my week with the distribution I downloaded a second round of updates. The next time I booted into SparkyLinux I noticed the login screen's background was blank, a plain black instead of shades of grey. When I logged in I noticed several problems. There was no top panel on the MATE desktop, there was no quick-launch panel available and no application menu. The wallpaper had changed to a sort of rainbow pattern. I opened a virtual terminal by right-clicking on the desktop and found SparkyLinux was thrashing my hard drive and the MATE-panel process was taking up all available CPU cycles.



I killed the MATE-panel process and CPU usage returned to normal, but my desktop was still empty and decorated with odd colours. When I attempted to run MATE-panel from the command line a message appeared indicating the package was probably broken and that I could run a command to restore functionality. The provided command did not exist on my system and searches in the software repositories did not find a match. I also found my window manager no longer worked and running any graphical applications caused windows to pile up in the upper-left corner of the screen. After a time of trying to find a solution I decided I had reached the limit of what most users could be expected to attempt and brought my trial to an end.





Conclusions



Despite my time with SparkyLinux coming to an early close I found a good deal to recommend the distribution. SparkyLinux is easy to install, thanks to a pleasant graphical system installer. The distribution features a responsive desktop environment, it boots quickly and properly handled my hardware. SparkyLinux features relatively low resource usage and ships with a good selection of quality open source applications.



On the other hand I ran into several issues while playing with SparkyLinux. Many of the Control Centre modules did not work, probably because they did not prompt for administrator access. This means users must make the choice between logging into a graphical environment as root (not a recommended practice) or we need to manage the operating system from the command line, a practice that will turn off many users. The default desktop environment, with its heavy usage of grey, struck me as depressing. That's just my opinion and some people might like the plain grey theme, but I quickly decorated the desktop in more festive colours. Mostly though my concern with SparkyLinux is that an update broke my desktop after just three days. SparkyLinux' parent distribution, Debian Testing, has a well earned reputation for stability and I was surprised to see a package break, especially this close to Debian's upcoming feature freeze.







SparkyLinux 3.5 - typing with the on-screen keyboard

(full image size: 231kB, screen resolution 1280x1024 pixels)



All in all, SparkyLinux does some things well. It is fast and friendly in most aspects. However, some problems with admin modules and the distribution's style of package management will probably turn away novice Linux users. SparkyLinux may be a good choice for people who want to play with Debian Testing and run a lightweight desktop. All of SparkyLinux' editions feature low-resource desktop environments and I suspect the distribution will suit people running on older hardware, so long as they don't mind keeping up with a rolling repository of software.



* * * * * Qubes OS 2



Several people wrote to me a few weeks ago and asked if I would review Qubes OS. The Qubes project recently released version 2 of their security-oriented operating system and I was happy to give this unusual project a try. Qubes runs Linux software, but it is not exactly a Linux distribution. As the project's website states " If you really want to call it a distribution, then it's more of a Xen distribution than a Linux one. But Qubes is much more than just Xen packaging. It has its own VM management infrastructure, with support for template VMs, centralized VM updating, etc. It also has a very unique GUI virtualization infrastructure. "



The Qubes project implements what is called "security by isolation". There are a few different approaches to security in operating systems. Some projects, such as OpenBSD, attempt to create clean, bug-free code which is difficult to exploit. Attempting to avoid problems using high quality code and good design is called "security by correctness". Other projects attempt to hide details of their inner workings (often by not sharing their source code) and this is called "security by obscurity". What Qubes does is attempt to separate components into different containers. The idea behind the isolation approach is that modern operating systems contain many components and these components are often complex. It is not realistic then to assume every component can be properly audited to make sure it works correctly and cannot be compromised. Rather than try to make sure all of the thousands of components running on our computers work correctly and are secure themselves, Qubes isolates these components so that one misbehaving (or compromised) application is not a threat to the rest of the system or our data.



Using Qubes we can set up different security zones and the idea is applications and data stay within these zones. We might use one zone for banking and buying items on-line, another zone for playing games or casual web browsing and a third zone for work. Keeping our activities compartmentalized prevents our casual web browsing from placing our confidential work information at risk. It might be easiest to think of each zone as a lightweight virtual machine, a separate quarantined area.



I feel it is important to note Qubes is only available as a 64-bit build for x86 machines and Qubes does not strive to be a multi-user operating system. " Qubes does not pretend to be a multi-user system. Qubes assumes that the user who controls Dom0 controls the whole system. It would be very difficult to securely implement multi-user support. "



The download for Qubes is approximately 3 GB in size. Booting from this media brought up a menu offering to either launch the installer or test the media and then launch the installer. Once the media check has completed we are brought to a text console where I was told the operating system could not launch the X display server. Instead the text-based version of the Anaconda system installer launches and shows us a hub menu. We access each node of the hub one at a time, providing information to the installer. Some items we are asked to provide include the time zone, the location of the source media (an ISO file, DVD or network location).



We are asked which hard drive to install Qubes on and whether to use available free space or take over a portion of the disk. We can choose to install Qubes on a standard partition, a LVM volume or using Btrfs. We are also asked to create a password for our administrative user account and create a regular user account for ourselves. When this information had been entered and I chose to proceed the installer crashed and offered to send a bug report. I went back through the installer a few more times, taking different install options. I tried different partition layouts, a different desktop environment (Xfce and KDE are available) and I tried installing Qubes on a second machine. In each case the system installer crashed before it could finish copying its files to my hard drive.



Qubes carries an interesting idea, one which I suspect is fairly practical. With modern, complex operating systems it does not make sense to assume all the programs we run will be secure and unexploitable. Nor does it make sense to think vulnerabilities can hide from today's exploit kits. Isolating processes, sandboxing applications and limiting access seem to be the most reasonable approaches to security today. For that reason I quite admire what Qubes is trying to do. I'm sorry to say I have not been able to get Qubes running in my test environments, either on physical hardware or in a virtual machine.



* * * * * Hardware used in this review



My physical test equipment for this review was a desktop HP Pavilon p6 Series with the following specifications: Processor: Dual-core 2.8 GHz AMD A4-3420 APU

Storage: 500 GB Hitachi hard drive

Memory: 6 GB of RAM

Networking: Realtek RTL8111 wired network card

Display: AMD Radeon HD 6410D video card