DistroWatch Weekly, Issue 799, 28 January 2019

Feature Story (by Jesse Smith)

KaOS 2018.12 KaOS is an independent desktop Linux distribution that features the latest version of the KDE desktop environment, the Calligra office suite, and other popular software applications that use the Qt toolkit. KaOS employs a rolling-release development model and is built exclusively for 64-bit computer systems.



Some changes have come to the KaOS distribution lately, including the migration of applications to OpenSSL 1.1 (from OpenSSL 1.0) and KDE Plasma 5.14 is now in the project's repositories. KaOS currently ships with a welcome window called Croeso which offers a lot of customization options for first-time users. Croeso replaces the old Kaptan welcome screen.



KaOS has dropped support for Qt 4 which has not received active development for a while. The latest snapshot also updates Calamares and introduces a fix to make sure systems with Btrfs volumes should install properly on UEFI-enabled computers. Further, the project's release notes warn the distribution cannot be installed on a RAID system.



The latest snapshot of KaOS is 1.9GB in size. Booting from this media brings up the KDE Plasma desktop. The interface features a blue and grey theme with the desktop panel displayed vertically down the right-hand side. I think KaOS may be the only distribution I have used which places the panel in this manner.



Once the live desktop loads we are shown a welcome window which offers to open the distribution's guide (which features installation instructions), launch the Calamares installer, display on-line documentation, show us the operating system's default passwords, or open the user forum. The forum and documentation links are opened in the Falkon browser.



Installing



The Calamares installer offers a nice, graphical point-n-click experience to quickly set up Linux distributions. The installer begins by asking us for our preferred language and showing us the project's release notes. We are asked for our time zone and keyboard layout. Calamares offers guided or manual partitioning with the manual option presenting a nice, easy interface that includes a graphical representation of the local disk. I decided to set up KaOS on a Btrfs volume, though ext2/3/4, XFS, Reiser, JFS and LVM volumes would have also been possible. We are then asked to make up a username and password and the installer then shows us progress while it copies packages to the hard drive. Once finished, the installer offers to reboot the computer.



Early impressions



My fresh copy of KaOS booted to a graphical login screen. The elements on the screen are placed over on the right-hand side, rather than in the middle or to the left as found on other distributions. We can sign into the Plasma desktop running on either a Wayland or X.Org session and I will talk a bit about both of these later. Next to the password box there is a toggle for showing the password we are typing. I think this is the first time I have observed an option to show the user's password on a GNU/Linux login screen.



A problem I faced with the login screen is elements are presented with text in low contrast. This made it difficult to read session options, for example.





KaOS 2018.12 -- The welcome screen

(full image size: 388kB, resolution: 1280x1024 pixels)



Once I got signed in a new welcome window appeared. This one features several tabs that give us access to project news and customization options. Some of these customization modules deal with the look of the desktop (the theme, fonts, wallpaper, and window decorations) while others show more advanced modules to configure the firewall, systemd services and user accounts. I played around with a few of the modules, making little tweaks to the desktop. The only component I ran into trouble with was the firewall module. The interface did not respond to input when run from the welcome menu. Later I opened the firewall configuration tool via another method and it worked for me without further problems.





KaOS 2018.12 -- Managing the firewall

(full image size: 313kB, resolution: 1280x1024 pixels)



Shortly after I began using KaOS, a notification appeared in the system tray letting me know package updates were available. Clicking the notification icon itself doesn't do anything, but right-clicking on it gives us the option of opening the Octopi package manager, launching the update manager, or changing settings related to when the system looks for new packages. The update manager shows us a list of available updates and offers to install them in a terminal window. We are then prompted for the root password and then prompted again to confirm we really want to install the updates. The updates appear to be presented in an all-or-nothing manner as I did not see any way to unselect specific packages from the update process.





KaOS 2018.12 -- Downloading software updates

(full image size: 371kB, resolution: 1280x1024 pixels)



Another characteristic I noticed early on is the text on the clock widget is unusually small. Menus, virtual terminals and window title bars typically used a medium-sized font, but the clock was too tiny to read easily. I tried looking through the clock settings and font settings without finding a way to resize it. I did find it amusing though that swapping out the digital clock widget for another, like the fuzzy clock, presented the opposite problem. The fuzzy clock's font was so large it could only show three letters at a time ("quarter to five" would show as just "ter") even after I increased the panel's width.



Wayland and X.Org



When I first started using KaOS I was running the Plasma desktop in an X.Org environment. At first the desktop was a little slow to respond, which is not uncommon with larger desktops as they often load extra services, index files and perform other background actions. Shortly after getting started I left the computer alone for a few hours, then came back and found Plasma had gotten slower while I was away. It could take five seconds for the desktop to respond to mouse clicks or keyboard input and resizing or maximizing a window could take ten seconds - a most unusual turn of events. After disabling file indexing and most visual effects, the desktop remained slow to respond.



Some looking around revealed that the X.Org display server was using over half of my computer's RAM and this was, in turn, causing the system to swap heavily as it struggled to find room for my handful of applications. I decided to reboot and start fresh, keeping an eye on my system's memory consumption. When I first signed in, KaOS used a little less than 500MB of RAM in total, about what I would expect. Over time though the X.Org server gradually used more and more. I repeated the experiment a few times and found X.Org typically grabbed about 10MB of memory per minute. At this rate the system could fill its memory in under a day with a few applications open, necessitating a reboot.



I switched over the to Plasma Wayland session and generally had a better experience, at least concerning memory. While the Wayland session was a little laggy and produced visual artefacts when run in a virtual machine, when run on physical hardware Wayland was smooth and responsive. Initial memory usage was about the same (around 500MB) and tended to stay low. My only real issue with the Wayland session was the mouse pointer, which was unusually large most of the time (it changed size occasionally). I also found the mouse pointer was choosy about when it would change shape, particularly when moved over hyperlinks in a web browser. Sometimes the pointer morphed to indicate it was over a link and sometimes it did not, which made web browsing a little confusing at first. Otherwise the Wayland session worked well for me. This is one of the first times I have preferred using a Wayland session over the default X.Org session on any distribution.





KaOS 2018.12 -- The Wayland session with large mouse pointer

(full image size: 347kB, resolution: 1280x1024 pixels)



Apart from some performance issues in the virtual machine, KaOS worked well in both of my test environments. It was quick to respond on the desktop and all my hardware was properly detected. When run in VirtualBox, KaOS integrated with the virtual environment and could use my display's full screen resolution.



Package management



KaOS uses Octopi as its graphical package manager. Octopi is fairly simple in its design, listing available package names and allowing us to perform basic searches. Packages are listed with just a short name and version number. Clicking on an item and selecting the Info tab at the bottom of the window provides some terse information and a one-line description of the package. Octopi sets up batches of installation and removal actions and processes them all at once.



I did not run into any problems with Octopi, but I think its layout and limited package descriptions indicate it is best suited to more experienced Linux users. For people who prefer to use the command line, the pacman package manager can be used.



Applications



KaOS ships with a collection of software that mostly fits into the KDE/Qt family of applications. The Falkon web browser is included along with the Quassel IRC client. The KDE Connect service is offered to coordinate actions with Android phones. The K3b disc burning software is included along with the Kamoso webcam tool, and the MPV and SMPlayer media players. A wide range of media codecs are available by default. Gwenview and Krita are offered to view and edit images.





KaOS 2018.12 -- Managing system settings from the welcome screen

(full image size: 384kB, resolution: 1280x1024 pixels)



The Calligra productivity software is featured in the menu instead of LibreOffice and Okular is present for reading PDF documents. KaOS also offers the Dolphin file manager, the KDE Partition Manager, the KGpg encryption software, and the KDE help documentation. Digging further I found Java is included along with the GNU Compiler Collection. KaOS uses systemd for its init implementation and runs on version 4.19 of the Linux kernel, though new versions are periodically packaged and released.



There is a Skype entry in the application menu, but it just opens a web browser and takes us to the Microsoft Live login page. Another entry, called Seafile, had me puzzled at first. The program asks us to select a folder where it can put files, then asks us for a server name and our e-mail address, but does not say why or what the program does. The application does not offer any help, just a button for signing into accounts. I later found Seafile is a cross-platform file synchronization service.



While KaOS uses a different set of software than what I typically use (Calligra versus LibreOffice, MPV versus VLC, Krita versus GIMP) I mostly found myself comfortable with the alternative programs. The only one which gave me trouble was the Calligra suite. I have used, and enjoyed, Calligra before, but it has changed in recent versions and I found the changes made using its word processor difficult. For example, the suite features a big dock to the right of the window. I could move it, but not remove it, and the dock uses a lot of screen space. There did not appear to be any settings in the menus relating to the dock and clicking what looked to be its close button attached the dock to the top of my document, taking up most of the application window. I tried switching to Calligra's "distraction-free" mode, but this caused the word processor to take up the entire screen and remove all of its menus and I could not find a way to revert back to normal mode, and had to use Alt-Tab to switch windows. After fighting with the suite for a few more minutes I finally removed it and installed LibreOffice.





KaOS 2018.12 -- Struggling with Calligra's layout

(full image size: 60kB, resolution: 1280x1024 pixels)



Another problem I ran into was the inability to configure printers. I could open the printer configuration module in the System Settings panel, but it would not allow me to browse the network for printers or manually set up a new printer. I could also not enable printer sharing. Any action I attempted was met with errors saying I did not have proper permission or access was forbidden. The printer module does not prompt for a root or sudo password, effectively locking out the user.



Conclusions



My overall impression of KaOS at the moment is not great. My trial started out well. I like the project's focus and its efforts to try to polish one desktop. The installer offered a good experience and the distribution is easy to get set up. The welcome window has evolved nicely and makes it easy to customize the system right from the start.



However, using KaOS - trying to run it as a platform to get things done - proved to be a challenge. Part of this is a matter of taste or personal preference and I will completely admit that half the issue is conditioning. I'm used to having a mixture of GTK+ and Qt software while KaOS just uses Qt applications and I had to either adapt or swap out components in order to be productive. The problems I faced with Calligra and its interface were an extreme example of this, but there were other hurdles too. Everything from Dolphin to Gwenview seems to be set up differently compared next to other distributions, with panels down the left side instead of across the top, or on the right side rather than the left. The developers probably have a good reason for doing this, but it means the user needs to unlearn their experiences from other distributions before feeling at home on KaOS and my week-long trial did not afford me enough time to make the transition.





KaOS 2018.12 -- Browsing files in Dolphin

(full image size: 496kB, resolution: 1280x1024 pixels)



A minor complaint I had was with font colour. Looking back over the above screen shots the reader can see sometimes text is white on a black background, other times black on white, another time it is green on white, on the login screen it is dark blue on grey. Fonts were often smaller than I liked and sometimes lower-contrast than I'd like.



I do want to give the project credit for offering a pretty good Plasma on Wayland session. This is a rare accomplishment and I feel as though KaOS's implementation of Wayland is nearly on par with its X.Org experience. Wayland still stutters in a virtual machine, but it performed very nicely on my hardware.



Wayland working pretty well is especially important in the face of the X.Org memory leak I experienced. X.Org's expanding size necessitated a daily reboot of KaOS in order to reclaim my RAM and this is not a problem I have had on any other distribution. KaOS is a rolling release often on the cutting edge and I hope this issue is not a problem I run into elsewhere.



I ran into a bunch of other little issues, such as the irregular font sizes and the inability to set up printers and gradually became convinced that it would be difficult for me to be productive while running KaOS. The distribution does some things well and several things differently which makes it an interesting project. However, for me it is not a practical tool at the moment for getting things done. * * * * * Hardware used in this review



My physical test equipment for this review was a desktop HP Pavilon p6 Series with the following specifications: Processor: Dual-core 2.8GHz AMD A4-3420 APU

Storage: 500GB Hitachi hard drive

Memory: 6GB of RAM

Networking: Realtek RTL8111 wired network card

Display: AMD Radeon HD 6410D video card * * * * * Visitor supplied rating



KaOS has a visitor supplied average rating of: 7.5/10 from 54 review(s).

Have you used KaOS? You can leave your own review of the project on our ratings page.





Miscellaneous News (by Jesse Smith)

Debian 10 freezes while Debian 9 gets a media refresh, Ubuntu publishes IoT release The Debian distribution does not have a fixed release schedule, famously shipping "when it is ready" rather than on a specific date. Still, there are milestones in the project's development and we have reached a significant one: the beginning of the Testing repository freeze. The freeze marks a time when the Testing repository mostly stops changing, apart from bug fixes and critical updates. Jonathan Wiltshire announced the freeze in a mailing list post: " We're pleased to announce that the freeze for Debian 10 'Buster' has begun. On January 12th we stopped accepting transition requests and we are working to complete the remaining transitions in progress. This also means that autopkgtest regressions have now become migration blockers. Other stages of the release are on target. They are: 2019-02-12 Soft freeze (no new packages, no re-entry, 10 day migration); 2019-03-12 Full freeze. " The release of Debian 10 "Buster" is likely to occur shortly after the Full freeze.



In other Debian news, the project has released updated media for version 9 "Stretch". The new media includes security fixes, but is not a new, independent release. " The Debian project is pleased to announce the seventh update of its stable distribution Debian 9 (codename Stretch). This point release incorporates the recent security update for APT, in order to help ensure that new installations of Stretch are not vulnerable. No other updates are included. New installation images will be available soon at the regular locations. " * * * * * Fans of Internet of Things (IoT) devices should be happy to learn that Canonical has published a new release of Ubuntu for embedded devices. The new release, Ubuntu Core 18, focuses on providing a minimal platform with Snap packages and long term support. The announcement reads: " Immutable, digitally signed snaps ensure that devices built with Ubuntu Core are resistant to corruption or tampering. Any component can be verified at any time. All snaps on Ubuntu Core devices are strictly confined, limiting any damage from a compromised application. Ubuntu Core 18 will receive ten years low-cost security maintenance, enabling long-term industrial and mission-critical deployments. Updates are delivered with a device-specific SLA, ensuring that change is managed by the manufacturer or the enterprise and providing a rapid response to any vulnerabilities that are detected over the device lifetime. " Ubuntu Core 18 images can be found on the distribution's IoT download page. * * * * * These and other news stories can be found on our Headlines page.





Book Review (by Jesse Smith)

Linux Basics For Hackers Some people tend to think of computer hacking as a dark, mysterious art form. In the minds of many, partly thanks to TV shows and movies, hackers are seen as dangerous, immoral actors and their skills are cause for suspicion. However, what rarely gets talked about is the skills required to hack into a computer has a huge overlap with the skills required to securely maintain a computer system. Hacking and system administration are really two sides to the same coin, both jobs require that the individual knows how the system works, what it can do, and what its weak points are.



I bring this up because, at first glance, people probably have a flash of either excitement or suspicion when they see the title Linux Basics For Hackers, written by someone going by the pen name OccupyTheWeb. It looks dangerous, in a digital way, and one might wonder what forbidden secrets lurk between the covers. However, learning the basics of being a hacker is really similar to learning how to be a system administrator, approached from a different angle. The skills are mostly the same, the final application of those skills is just different.



At its core Linux Basics For Hackers (LBFH) is a textbook which teaches the reader how to operate a GNU/Linux distribution from the command line. What sets the book apart from other sysadmin books is largely the flavour or the angle the author takes. For instance Kali Linux, a penetration testing distro, is used as the reference distribution instead of Ubuntu or Red Hat Enterprise Linux. The skills discussed and the tips offered are similar, but always with a stronger aim toward using the system for personal benefit rather than examining the background on subjects and how to lock down the operating system.



LBFH has 17 chapters, each of them averaging just over ten pages long, making for a terse, rapid-fire approach to learning Linux. The book covers how to install Kali, how to navigate the file system, some common shell commands (cat, cd, and ls) and then goes on to explore practical topics. We are walked through file and directory permissions, editing configuration files, system logging, connecting to networks, finding files, scanning network ports, and managing software packages. Later on we get into using databases, Bash scripting, some basic Python scripting, and managing storage devices.



On the surface these topics probably do not sound all that different from the ones covered in such texts as The Official Ubuntu Server Book or the Linux Bible. The subject matter is mostly the same, but LBFH is different in a couple of important ways:



The first is the book skips over most of the hand holding and background information on topics. LBFH assumes we already know how to use an operating system - specifically some knowledge of Windows is assumed, but a little Linux experience wouldn't hurt. We are not taught the history of command names or why directories are set up the way they are. We are told what we need to know to use Linux, not why the operating system works the way it does. The chapters are short and generally just offer some basic examples and a few tips, enough to get us started. Exploring ideas in depth or learning why things work the way they do is left up to the reader. Hackers are expected to be curious and continue learning via other methods.



Second, many examples are geared toward investigating the operating system or even exploiting it rather than locking it down or understanding it. The differences are mostly minor, but it puts a different focus on the examples. For instance, the shell script we learn to write scans the network for open ports rather than scanning logs. When we learn about shell variables it is to turn off logging of our command line history rather than changing the default editor. The database section talks about reading tables of information, not how to properly create our own database. The skills we pick up are the same as in a sysadmin textbook, but the focus is a little different.



Third, there is a section of the book about trying to stay anonymous and secure on-line. While system administrators usually want to gather information and track their users' actions, LBFH encourages us to stay anonymous and leave no footprints. This is a set of skills most users will likely benefit from knowing in this always on-line age.



While reading LBFH I found a number of things I enjoyed about the book and a few points I didn't like. Let's look at the detractors first. The first concern I had, and the one which I suspect will affect potential readers the most, is that the explanations are short. The book covers almost 20 topics in about 200 pages, which does not give us any time to explore topics in depth. This makes LBFH a good reference book or introductory text, but it means we may be left wanting more information. As an example, the chapter on shell scripting does not cover the (in my opinion) important subjects of conditional statements and loops. At the end of the chapter there is a table of commonly used script commands and the testing operator ([) is mentioned, but without an example or further explanation, and the "if" keyword isn't mentioned at all. Likewise, the section on logging mentions different types of logs, but very little information is provided on what each log file is used for or how that would be helpful for future hackers or system administrators.



My second concern is with typos. Any book, even textbooks, will contain a few typos - authors are only human, after all. This is a minor issue, but one which may cause confusion. For example, the networking section mixes up the terms "MAC address" and "IP address". Luckily it is usually clear what the author means from the context. In other areas, such as scripting examples, the intent is not always clear and it will cause some of the presented scripts to not work due to syntax errors.



My final point is a bit more important, in my view. There are a handful of places in the text where incorrect information or commands are used and, in the latter case, the command output the author expected to see is still provided. For instance, an error appears in the section on directory navigation where we are told we can use the command "cd .. .." to go up multiple levels. This example was later corrected on the publisher's website.



There are a few more examples of these kinds of errors in the chapter on processes. For instance, the book states that a zombie process is one that misbehaves or is frozen, when zombie processes are really ones that have been terminated, leaving their meta-data behind. Later, the book suggests we can remove zombie processes with the kill command, which will not work since zombie processes have already terminated. The chapter also states sending processes the SIGHUP signal will cause them to be restarted with their original PID which is not the case. There are a handful of mistakes like this which left me puzzled as to how they came to be included in the text.



Shifting gears over to the positive aspects of the book, paradoxically, LBFH's primary weakness (terse explanations) may also be one of the strongest points in its favour. The book is a delightfully light and fast read. A dedicated reader can get through the chapters and exercises in a couple of days. It is one of the shortest "how to use Linux" texts I have read and it covers a wide range of topics. Most of the material will be applicable to most Linux distributions and almost all of it will apply to the Debian and Ubuntu family of distributions. While I would not recommend this book for Linux beginners, people who are already familiar with desktop Linux and want to pick up command line basics quickly will greatly benefit from this quick-and-light approach.



As someone who has always favoured the administrative side of the hacker/sysadmin skill set, I found it worthwhile reading about the technology I use from the other side's point of view. To offer a good defence we should know how to think like an attacker and LBFH provides this necessary insight. I wouldn't say LBFH can replace an in-depth text like Linux Bible, but it is a good companion read in order to get an alternative perspective.



Finally, I like that most of LBFH is immediately practical. Some Linux textbooks spend a lot of time on theory or edge cases and LBFH is more streamlined. The author focuses on the commands and scenarios most people will find useful most of the time. Little time is spent on corner cases or legacy situations. This means the examples and suggestions will almost all be useful right from the beginning and the exercises listed at the backs of the chapters are practical.



In the end, I came away liking LBFH. Its quick and dirty approach to exploring and using a Linux system was welcome. I like that it is more hands-on and less theory. Having theory and background can be useful for people who want to become expert administrators, but for home users who want to know the basics and learn how to leverage the power of the command line, LBFH is an good guide. The book does not deal much with hacking directly, but does set us up with the skills required to test our systems, regain access to a wireless network we lost the password for, and set up home video surveillance. It is a text full of practical examples and, some rough edges aside, I think it will be helpful to a lot of people. I wouldn't suggest it for a Linux beginner, but for someone who is comfort with running a Linux desktop and wants to gain more immediately practical skills, this book is a good place to start. * * * * * Title: Linux Basics For Hackers

Author: OccupyTheWeb

Published by: No Starch Press

Pages: 203

ISBN-10: 1-59327-855-1

ISBN-13: 978-1-59327-855-7

Available from: No Starch Press

Released Last Week

Porteus Kiosk 4.8.0



Tomasz Jokiel has announced the release of Porteus Kiosk 4.8.0, an updated version of the project's specialist distribution designed for web kiosks - based on Gentoo Linux, with a choice of Firefox or Chrome browsers: " I am pleased to announce that Porteus Kiosk 4.8.0 is now available for download. Major software upgrades in this release include: Linux kernel 4.19.16, X.Org Server 1.20.3, Google Chrome 70.0.3538.110 and Mozilla Firefox 52.9.0 ESR. Packages from the userland are upgraded to portage snapshot tagged on 2019-01-19. Short changelog: added support for the 'onscreen buttons' to the Firefox browser - back, forward, home, print, etc; it is possible to set default paper size for the printer directly in the kiosk configuration - 'A4' and 'Letter' sizes are available in the wizard by default but other ones are supported as well; added possibility of forcing the 'fbdev' DDX driver which in some cases - depending on the GPU card - offers higher screen resolution than the VESA driver; it is possible to set a custom port number on which the VNC service will be listening. " See the release announcement and changelog for further details.



Parrot 4.5



Lorenzo Faletra has announced the release of Parrot 4.5, the latest stable version of the project's specialist distribution designed for penetration testing, digital forensics and privacy protection, based on Debian's "Testing" branch: " Parrot 4.5 is officially released and there are some major changes under the hood. We are in 2019 now, and computers that are not capable of running 64-bit operating system are mostly legacy computers that are not capable of running modern and complex applications. Additionally, many programs and frameworks are no longer available for 32-bit x86 systems. We have been releasing 32-bit images since the beginning of the project and we worked hard to provide fresh binary updates for the i386 architecture for a while, but nowadays 32-bit-only computers are no longer capable of running a full pentest campaign or providing hardware-accelerated support to our security protection systems. Parrot 4.5 no longer provides live ISO files for the i386 architecture. " Read the comprehensive release notes for further details. * * * * * Development, unannounced and minor bug-fix releases

ArchLabs 2019.01.20

AUSTRUMI 3.9.2

OPNsense 19.1-rc1

Live Raizo 10.19.01.20

Archman GNU/Linux 2019.01 "JWM"

Clonezilla Live 2.6.1-2

Debian 9.7.0

ClonOS 19.01

Robolinux 9.6

Nitrux 1.1.3

Torrent Corner

Upcoming Releases and Announcements

Opinion Poll

Which new distro should be listed as a major project? DistroWatch maintains a Major Distributions page where we provide summaries for, and history on, ten major projects. These projects tend to be either highly popular or significant for historical purposes.



This past week, while updating some of the information on this page, we realized Mageia, once highly popular for its ease of use, has been relatively quiet in recent years and seems to have fallen out of the spotlight. With this in mind, we are considering replacing Mageia on our Major Distributions page with one other project. Ideally, the replacement distribution should be one which has also gained popularity for being easy to use. We are interested in which distribution our readers think should take over the spot.



You can see the results of our previous poll on picking a distribution based on its core or the desktop in last week's edition. All previous poll results can be found in our poll archives.



Which new distro should be listed as a major project?



Manjaro Linux: 1097 (20%) MX Linux: 1572 (29%) elementary OS: 563 (10%) Solus: 658 (12%) Kali Linux: 103 (2%) Other: 348 (6%) Leave Mageia on the page: 1112 (20%)