DistroWatch Weekly, Issue 642, 4 January 2016

Feature Story (by Jesse Smith)

paldo GNU/Linux



The paldo GNU/Linux distribution is a project I have not looked at for some time, but every so often I hear people mention it. The project has a small team, but they have created a functional desktop Linux distribution which is built around the Upkg package manager. The project's website offers further information: paldo is a Upkg driven GNU/Linux distribution. It's kind of a mix of a source and a binary distribution. Even though it builds packages like a source distribution it provides binary packages.



paldo wants to be a distribution according to the "just-works" principle. It tries to configure automatically as much as possible without user intervention. paldo is task-oriented, means, that we won't provide several programs to do one and the same task, we will select the program which we think does this task best, and include it into paldo. paldo aims to support cutting-edge technologies. According to the paldo documentation, the project maintains four different branches, similar to Debian's development branches. These branches are called Stable, Testing, Unstable and Experimental, with the names being fairly clear in their meaning. The developers recommend most people use the Stable branch which provides updated installation media four times per year.



While the project's documentation does not appear to state in certain terms what sort of development model paldo uses, it appears as though the project offers its users a rolling release where packages are consistently updated over time. The project's ISO images do not feature versions numbers, so users will probably want to refer to the paldo software they are running using the branch and date, for example "Stable 2015.12". Regardless of what label we assign to the installation images, the distribution is available in 32-bit and 64-bit builds for the x86 architecture and we can download media for the Stable and Unstable branches. I downloaded the latest Stable release, which is 816MB in size.



Booting from the paldo disc brings up the GNOME Shell desktop environment. The desktop is mostly empty, with the Activities menu in the upper-left corner. From the Activities menu we can launch a handful of applications and the project's system installer. In the upper-right corner of the screen we find the user menu where we can adjust desktop settings or sign out of the GNOME Shell session.





paldo GNU/Linux 2015.12 -- The GNOME Shell Activities menu

(full image size: 1.2MB, resolution: 1280x1024 pixels)



Something I noticed at this point was that the paldo installation guide still assumes the installation media ships with the GNOME 2 desktop, which is a bit dated. The section of the documentation which deals with disk partitioning is also out of date and refers to a partition manager which is no longer present in the distribution.



The paldo distribution features a graphical system installer which I think is unique to this operating system. The installer begins by asking us to select our language, keyboard layout and time zone from lists. While my language and keyboard were listed, my time zone was not and, in fact, only ten time zones are listed. I decided to select the time zone closest to me. The installer's next screen gets us to assign disk partitions to mount points in our file system. This screen includes a button which will launch the Disk application, a program which will allow us to reformat partitions. While this may be useful for changing the file system on an existing partition, Disk does not appear to be able to create or remove partitions, greatly limiting its usefulness during the installation process. Luckily, for me at least, paldo includes cfdisk, a text-based partition manager which I was able to launch from the command line. This allowed me to set up my disk the way I wanted it. Then I was able to re-launch paldo's system installer and assign my new partitions to their proper mount points. The installer's third screen gets us to create a password for the root account and assign a hostname to our computer. The fourth screen asks us to create a regular user account. The system installer then shows us a list of the actions it will take and waits for our confirmation. Once we agree to the installer's pending actions, files are copied to our hard drive and we can reboot the computer to try our new copy of paldo.



One unusual feature of paldo is the distribution still uses the GRUB Legacy boot loader rather than the newer GRUB 2 boot loader. While not many distributions still use GRUB Legacy, I find it easier to configure and was happy to see the older boot loader present.



The paldo distribution boots to a graphical login screen. From there we can sign into the account we created during the installation process. paldo ships with the GNOME Shell desktop environment and, from the login screen, we can choose whether to run GNOME in an X session or in a Wayland session. I was a little disappointed to note paldo does not offer a GNOME Classic desktop experience, just the modern GNOME Shell environment.



I tried running paldo in two test environments, a physical desktop machine and a VirtualBox virtual machine. The paldo distribution ran well on the physical computer. My screen was set to it maximum resolution, the desktop was responsive and sound worked out of the box. When run in the virtual environment, paldo was not able to provide full screen resolution until I had installed VirtualBox guest modules from the distribution's software repository. Once guest modules had been installed in the VirtualBox environment, paldo provided full screen resolution and generally worked well. The GNOME desktop was sluggish in the virtual environment, but otherwise worked as expected. In either environment, paldo required about 550MB of memory when sitting idle in GNOME Shell.





paldo GNU/Linux 2015.12 -- Running LibreOffice

(full image size: 119kB, resolution: 1280x1024 pixels)



paldo ships with a fairly standard collection of software for a GNOME-centric distribution, with just a few surprises. We are treated to "Web", a minimal WebKit-based web browser. We also have access to the Evolution e-mail software, the Empathy messaging software and Network Manager is available to help us get on-line. The Brasero disc burning software is included along with the Cheese webcam utility, a document viewer and file manager. paldo provides us with an archive manager, calculator and a text editor. A screen reader is available along with a system monitor and the XChat IRC application. The distribution ships with the Rhythmbox audio player and Totem video player. These multimedia applications are accompanied by media codecs for playing most types of audio and video files. In the background, paldo ships with OpenSSH enabled for remote access. The distribution ships with systemd 228 and version 4.2.6 of the Linux kernel.



With regards to the default collection of software, paldo held a few surprises. For example, not only does the distribution ship with the GNU Compiler Collection, the Clang compiler is also present by default. This makes paldo one of the few Linux distributions to ship with Clang. Though paldo does not offer us any productivity software by default, we can find LibreOffice, AbiWord and Gnumeric in the project's software repositories. Finally, I found I was not a fan of either the Web application or Evolution, but I was pleased to find Firefox and Thunderbird in paldo's repositories.



According to paldo's website, the distribution uses a special package manager called Upkg. Reading through the project's documentation, I was not able to find information on what, specifically, makes Upkg special, though it appears the utility can work with both binary and source packages.





paldo GNU/Linux 2015.12 -- Searching for packages

(full image size: 138kB, resolution: 1280x1024 pixels)



The first thing I tried to do with the Upkg command line utility was synchronize the local package database with the on-line repositories. Running the upkg-sync command, which appeared to be the correct command for the task, produced several screens of errors, mostly related to missing files and the proper usage of the rsync program. Not discouraged, I explored some other Upkg commands with mixed results. For example, upkg-search locates local files that have been installed via packages, rather than finding a specific package. So far as I could tell, the easiest way to locate a package we want to install is to visit the paldo website and search for items by name. Once we know the name of the package we want, there are Upkg commands to install, remove and upgrade packages from the repository. Despite my inability to use the Upkg synchronization command successfully, Upkg always seemed to be up to date with the contents of paldo's repositories and Upkg was able to install software updates for me. The paldo distribution has a relatively small repository of software, with 1,101 packages at the time of writing. Most of the items available appear to be popular ones, such as LibreOffice and Firefox.





paldo GNU/Linux 2015.12 -- Upgrading software packages with Upkg

(full image size: 1.2MB, resolution: 1280x1024 pixels)



Conclusions



While exploring paldo, the impression I got was of a small project that had started as an experiment (perhaps showcasing Upkg) and then never quite achieved critical mass. That is, the project did not seem to attract more developers, packagers or even a large number of users. The project continues to push out regular releases and its software it up to date, but paldo gives the impression it has not been completed, that the distribution is on auto-pilot. The installer, documentation and small software repository suggest development has not been able to move forward in recent years.



Which is too bad. Upkg, seems like a capable package manager and the distribution's packages are cutting-edge. The rolling release model combined with the multiple tiers of development branches would seem to be a good foundation upon which to build. I think paldo has potential, but may be stuck in a catch-22 situation where more developers are needed to make the distribution a practical solution for most users and paldo needs to attract new users who can become contributors to the project.



As it stands, the project's wiki feels unfinished and the forums are quiet. The paldo distribution continues to work and continues to push out regular software updates, but I think the distribution needs an influx of contributors to round out what the developers have created thus far. * * * * * Hardware used in this review



My physical test equipment for this review was a desktop HP Pavilon p6 Series with the following specifications: Processor: Dual-core 2.8GHz AMD A4-3420 APU

Storage: 500GB Hitachi hard drive

Memory: 6GB of RAM

Networking: Realtek RTL8111 wired network card

Display: AMD Radeon HD 6410D video card

Miscellaneous News (by Jesse Smith)

Fedora plans to adopt GCC 6, a new UNIX-like OS built with literate programming, Debian's APT performance improved, Debian tests installation media for SPARC64 and Ian Murdock passes



The Fedora project is considering a bold move for their upcoming Fedora 24 release later this year. The Fedora project currently uses version 5 of the GNU Compiler Collection (GCC) to build its many software packages. There is a proposal in place to upgrade Fedora's compiler to GCC 6 in time for Fedora 24. This is an especially ambitious idea when we consider GCC 6 has not been released yet and is not scheduled to reach completion until shortly before Fedora 24's launch. " GCC 6 is currently in stage3, will move to stage4 around mid January, in pre-release state with only regression bug fixes and documentation fixes allowed. The release will happen probably in the middle of April. We are working on scratch GCC RPMs and will perform a test mass rebuild. " * * * * * The Ulix project is an effort to create a working implementation of a UNIX-like operating system using literate programming techniques. Literate programming is an interesting concept that is designed to make a program's source code readable, like a novel. " Ulix (Literate Unix) is a Unix-like operating system that was developed at University of Erlangen-Nuremberg. We used Donald E. Knuth's concept of literate programming for the implementation and documentation. The intention was to create a fully working system which can be used in operating system courses to show students how OS concepts (such as paging and scheduling) can be implemented. Literate programs are very accessible because they can be read like a book; the order of presentation is not enforced by program logic or compiler restrictions, but instead is guided by the implementer's creative process. Ulix was written in C and Assembler for the Intel x86 architecture; for literate programming we used Norman Ramsey's noweb tool. * * * * * Julian Andres Klode announced toward the end of December that he had been working on improving the speed of Debian's APT package management utilities. Under some circumstances, APT was running a lot slower than it could have been and Klode set out to improve APT's performance. " APT's performance in applying the Pdiffs files, which are the diff format used for Packages, Sources, and other files in the archive, has been slow. The reason for this is that our I/O is unbuffered, and we were reading one byte at a time in order to read lines. This changed on December 24, by adding read buffering for reading lines, vastly improving the performance of rred. " Klode's efforts, which are documented on his blog, were successful, resulting in improving APT's performance up to ten fold. " I measured the run-time of apt-get update, excluding appstream and apt-file files, for the update from today's 07:52 to the 13:52 dinstall run. Configured sources are unstable and experimental with amd64 and i386 architectures. appstream and apt-file indexes are disabled for testing, so only Packages and Sources indexes are fetched. The results are impressive: For APT 1.1.6, updating with PDiffs enabled took 41 seconds. For APT 1.1.7, updating with PDiffs enabled took 4 seconds. " APT is already a relatively fast package manager and it is nice to see it being improved even further.



Klode was not the only developer working on Debian while we were on holiday. John Paul Adrian Glaubitz posted to the Debian SPARC mailing list to report he has managed to build net-install images for the SPARC64 architecture. His message calls on brave testers to try out the new installation media: " This has not been tested at all and was just freshly generated, so there is absolutely no warranty it will [not] turn your SPARC box into a toaster. Looking forward to any feedback! "



Finally, some very sad news came out of the Debian project last week. Debian has announced that the project's founder, Ian Murdock, passed away last week. Mr Murdock launched Debian back in 1993 and it remains one of the oldest and largest Linux distributions in the world, with over one thousand contributing developers. " Ian's sharp focus was on creating a distribution and community culture that did the right thing, be it ethically, or technically. Releases went out when they were ready, and the project's staunch stance on software freedom is the gold standard in the free and open source world. Ian's devotion to the right thing guided his work, both in Debian and in the subsequent years, always working towards the best possible future. Ian's dream has lived on, the Debian community remains incredibly active, with thousands of developers working untold hours to bring the world a reliable and secure operating system. The thoughts of the Debian community are with Ian's family in this hard time. "





Questions and Answers (by Jesse Smith)

The safety of software in distribution repositories



Watching-the-watchers asks: I keep hearing about how software in Linux repositories is safer than downloading applications from websites. It's supposed to be one of the best security features of Linux. But what guarantees do we have that software in a distribution's repositories has been vetted? What makes it safer than downloading programs from the Web?



DistroWatch answers: This question reminds me of a philosophical query I quite like that asks: "What do we think we know? And why do we think we know it?" In this case what we think we know is that installing software from a Linux distribution's official repositories is safer than downloading and installing packages from websites. But why do we think we know that?



Speaking from personal experience, I would say around one in three of the computers running Windows I serviced last year were infected with malware when people had tried to download programs from websites. They had gone to a search engine, typed in the name of the application they wanted, clicked the first link that came up and it brought them to a website that looked official. Then they downloaded the offered software bundle and installed it, infecting the computer. These people followed a fairly reasonable series of steps that led them to legitimate looking pages that supplied them with malware. Based on these observations I can say, from second-hand experience, that searching the web for programs can certainly lead to an infected operating system.



I mention this because it means that if any vetting takes place, even if just some basic testing is done by the distribution's package maintainers to confirm a program is what it claims to be, then that alone will make installing software from a repository safer than searching the web for software packages.



Having a repository of software is also helpful in that it means everyone using a given distribution is using the same set of packages. If any one of the thousands of people running the distribution notices a problem with any package, they can report it and have the package removed or fixed. In other words, there is a certain safety in numbers. So long as we are all downloading the same packages, it only takes one person to raise the alarm if a problem appears.



I suspect though what the person asking the question means is whether package maintainers comb through a package's source code looking for malicious intent. Usually that does not happen, at least not at the packaging level. Some projects do perform security audits, or have a buddy system where developers sign off on each other's changes, but distribution package maintainers tend not to have time to browse through the source code they are packaging.



This means we may not have strict guarantees a given package is safe to use and is not infected with malware. However, given the number of people who use software from Linux distributions' repositories and given that it only takes one person to report an issue and given the number of security researchers who are constantly poking at software and monitoring their network connections, it does seem highly unlikely that there is hidden malware in your Linux distribution's software repository. * * * * * Past Questions and Answers columns can be found in our Q&A Archive.





Torrent Corner

Weekly Torrents



Bittorrent is a great way to transfer large files, particularly open source operating system images, from one place to another. Most bittorrent clients recover from dropped connections automatically, check the integrity of files and can re-download corrupted bits of data without starting a download over from scratch. These characteristics make bittorrent well suited for distributing open source operating systems, particularly to regions where Internet connections are slow or unstable.



Many Linux and BSD projects offer bittorrent as a download option, partly for the reasons listed above and partly because bittorrent's peer-to-peer nature takes some of the strain off the project's servers. However, some projects do not offer bittorrent as a download option. There can be several reasons for excluding bittorrent as an option. Some projects do not have enough time or volunteers, some may be restricted by their web host provider's terms of service. Whatever the reason, the lack of a bittorrent option puts more strain on a distribution's bandwidth and may prevent some people from downloading their preferred open source operating system.



With this in mind, DistroWatch plans to give back to the open source community by hosting and seeding bittorrent files. For now, we are hosting a small number of distribution torrents, listed below. The list of torrents offered will be updated each week and we invite readers to e-mail us with suggestions as to which distributions we should be hosting. When you message us, please place the word "Torrent" in the subject line, make sure to include a link to the ISO file you want us to seed. To help us maintain and grow this free service, please consider making a donation.



The table below provides a list of torrents we currently host. If you do not currently have a bittorrent client capable of handling the linked files, we suggest installing either the Transmission or KTorrent bittorrent clients.



Operating System Torrent MD5 checksum antiX 15.01 "MX" MX-15.01_386.iso ba446b7b407317222aa2382f13d0951f Solus 1.0 Solus-1.0.iso fc657e1ccbed1600a094e8c57271a1a5 deepin 15 deepin-15-amd64.iso 24a18a3240a25137201376f3991db7e3



Archives of our previously seeded torrents may be found here. All torrents we make available here are also listed on the very useful Linux Tracker website. Thanks to Linux Tracker we are able to share the following torrent statistics.



Torrent Corner statistics:

Total torrents seeded: 148

Total data uploaded: 24.2TB

Released Last Week

Upcoming Releases and Announcements

Opinion Poll

Frequency of installing software updates



Some of us like to keep our operating systems current, installing available software upgrades and patches as soon as they become available. Others are more cautious, waiting several days while others experiment with new versions of software.



This week we would like to know how frequently our readers install software updates on their computers. Please leave us a comment below with your reasons for upgrading as soon as possible or for waiting before installing updates.



You can see the results of our previous poll on the Let's Encrypt service here. All previous poll results can be found in our poll archives. Frequency of installing software updates



I install updates the same day they are released: 854 (39%) I install updates a few times per week: 563 (26%) I update my software weekly: 300 (14%) I update my software monthly: 77 (3%) I do not maintain a fixed schedule: 361 (16%) Other: 46 (2%)