DistroWatch Weekly, Issue 742, 11 December 2017

Feature Story (by Jesse Smith)

heads 0.3.1 heads is a live Linux distribution which can be run from a DVD or USB thumb drive. The distribution connects to the Internet through the Tor network. This helps protect the identity and location of the person using heads. The heads distribution is very similar to its popular sibling, Tails, in its mission, but heads has some special characteristics which set it apart. The heads distribution is based on Devuan while Tails is based on Debian, which means heads uses the SysV init software rather than systemd. The heads project is also dedicated to shipping a distribution which features free software only, as the heads website explains: Non-free software can not be audited and as such cannot guarantee you security or anonymity. On the other hand, with heads you only use free software, meaning you can gain access to any source code that is included in heads, at any time. Using free software it is far easier to avoid hidden backdoors and malware that might be in non-free software. heads is available in a single edition which is 831MB in size. When booting from the project's ISO, we are given the option of booting heads normally from the disc or loading the distribution into RAM. The latter option frees up our removable drive and can make applications load faster after the initial boot process has completed.



The distribution boots to a command line interface and automatically logs us in as a user called luther. On the screen we are shown the root account's password along with commands we can run to launch a graphical interface. The default shell for the luther account is zsh, a less common shell than bash, but often loved for its additional features. heads ships with the Awesome and Openbox window managers and we can choose which one we wish to launch from the command line. I focused on using Openbox during my trial.





heads 0.3.1 -- The welcome screen

(full image size: 1.0MB, resolution: 1366x768 pixels)



Launching the Openbox environment brings up a welcome window which explains where we can find launchers for the distribution's applications and how to access our network settings through the Wicd connection manager. Dismissing the welcome window leaves us in the Openbox environment. Along the bottom of the screen we find a panel crowded with an application menu, quick-launch buttons, a task switcher and a system tray. There are a few icons on the desktop. One icon launches a file manager, another opens a text file with the same message we read in the welcome window. A third icon opens a text file containing URLs for services on the Tor network.



I found the Openbox window manager to be quick and responsive. The environment looks and acts like a heavier, full featured desktop environment, but with the performance of a minimal, well configured window manager.



Hardware



I explored running heads in a VirtualBox virtual machine and on a laptop. When run in VirtualBox the distribution performed fairly well. heads booted quickly, automatically connected to the Internet and sound worked. However, heads was unable to make use of my host computer's full screen resolution. I also found that sometimes the integrated mouse would stop working in heads. I could work around this by turning off mouse integration to get my pointer back.



When run on my laptop, heads started out well, using my full screen resolution and audio worked. However, heads was unable to use my laptop's wireless card. This left me without an Internet connection unless I was plugged directly into a router. This limitation appears to stem from the project's free software only policy as it means firmware my wireless card requires to function is removed from the operating system.



In either test environment, heads used approximately 100MB of RAM when booted to the text console and about 180MB when logged into the Openbox interface.



Applications



Digging through the application menu we find an interesting combination of software, with many applications geared towards communicating on-line. The Tor Browser is present and includes the NoScript and HTTPS Everywhere extensions by default. These extensions try to keep us on encrypted versions of websites and block unwanted scripts which may be used to track us. The Thunderbird e-mail client is included along with the Psi+ XMPP client and the HexChat IRC client. I found copies of Abiword and Gnumeric included for editing word processing and spreadsheet documents. The Evince document viewer is included too along with a desktop application for creating and managing security keys.





heads 0.3.1 -- The Tor Browser

(full image size: 527kB, resolution: 1366x768 pixels)



heads ships with a few media players, including the mpv multimedia player and the LXMusic audio player. The GNU Image Manipulation Program is featured too. One uncommon program included is the Electrum Bitcoin Wallet. The distribution also provides us with the PCManFM file manager the GNU Compiler Collection and the Htop process monitor. In the background we find the distribution runs SysV init and version 4.9 of the Linux kernel.



Most of the applications included with heads worked well and most programs appear to have been selected for their lightweight, simple nature. Still, I did run into the occasional issue. For example, trying to open the Evince documentation simply brings up a blank page. Another problem I found was double-clicking an audio file in the file manager causes a media player window to open and then immediately crash. I could get around this problem by opening the LXMusic player and using it to select and play audio files.



Browsing the web through the Tor Browser is, as expected, a slow experience. This is a problem one often runs into when using Tor and not an issue with the distribution. I had hoped to sometimes work around slow sites by disabling Tor or using an "unsafe" browsing option, but heads does not offer an "unsafe" option that will connect us directly to the Internet. This is probably a good security feature, but having an unsafe option to test is a feature I have enjoyed on other privacy-oriented distributions.



In the Tor Browser there is a Tor button next to the address bar. This button lets us select a security level and request a new Tor circuit to reroute our traffic. These options both worked, but a third option for opening the Tor network settings did not do anything. Unlike Tails, the heads distribution does not appear to have a Tor control panel and we cannot access the Tor settings.



The Tor Browser can check for updates to the browser and install them. This gives us a chance to patch security issues. At one point I updated the browser and tried to restart it, whereupon I found Tor Browser would no longer start. I was running from live media, so I was able to fix the issue by rebooting the computer and reverting back to the old (and insecure) version of the browser.



One minor bug I ran into was each time I opened a virtual terminal the zsh shell would report there was an error in the zsh start-up file. As it turned out, one line in the file which should have been commented out was missed and it caused an error to be displayed each time the terminal was launched.





heads 0.3.1 -- zsh error in a virtual terminal

(full image size: 934kB, resolution: 1366x768 pixels)



One security feature of heads I did appreciate was that each user's processes are hidden from other users. This means the default user account, luther, cannot see processes run by other users, including the root user. This process hiding feature is available in several distributions and on FreeBSD, but I almost never see it activated. I like it as it gives each user some privacy and a little extra security, especially against command line snooping.



Package management



While heads does not include a graphical package manager the distribution does feature the APT command line utilities for finding, installing, removing and upgrading packages. By default, APT is set up to pull in software from Devuan's repositories. Unfortunately heads does not recognize Devuan's security keys. This means package information (and the packages themselves) cannot be verified. If we download new packages or upgrades we risk downloading compromised packages. Given the security focus of heads, this omission of verification keys seems like an odd oversight.



Conclusions



In principle, I like what heads is trying to do. The project is basically attempting to do what Tails does - provide safer, anonymous web browser and on-line communication - with the added benefit of having a completely auditable operating system. heads is also lighter on resources, using minimal user interfaces, when compared next to Tails. However, heads faces several problems which make it less user friendly and less polished than Tails.





heads 0.3.1 -- Generating an encryption key

(full image size: 412kB, resolution: 1366x768 pixels)



One area where heads faces an uphill battle is with hardware. Some computers (including my laptop) require non-free firmware or drivers to get on-line and, without an Internet connection, the benefit of an anonymous distribution like heads disappears. There are other little problems like the zsh start-up error which makes me wonder if anyone opened a virtual terminal during the testing of heads before the 0.3.1 release was published.



My big issue though was with updating software, especially the Tor Browser, which is the centrepiece of the distribution. If we cannot update software to more secure versions, due to bugs or missing package verification then that leaves us with a potentially unsafe operating system. Tails, while it ships with non-free firmware, has been good about releasing regular ISO updates and making updated Debian packages available to help users avoid potential security exploits.



I like what heads is trying to do by making a lighter, more open distribution for anonymous communication, but I'm not sure it is practical. heads requires more technical knowledge and, in my experience, does not work as well as Tails which I think will hinder its adoption. * * * * * Hardware used in this review



My physical test equipment for this review was a de-branded HP laptop with the following specifications: Processor: Intel i3 2.5GHz CPU

Display: Intel integrated video

Storage: Western Digital 700GB hard drive

Memory: 6GB of RAM

Wired network device: Realtek RTL8101E/RTL8102E PCI Express Fast

Wireless network device: Realtek RTL8188EE Wireless network card * * * * * Visitor supplied rating



heads has a visitor supplied average rating of: 8.3/10 from 12 review(s).

Have you used heads? You can leave your own review of the project on our ratings page.





Miscellaneous News (by Jesse Smith)

Improvements coming to Tails, Debian makes all package code available on the web, plans automatic updates and updates install media, Ubuntu phasing out Python 2, tips for using Void The Tails project, which makes a privacy-focused operating system for anonymous web browsing and on-line communication, has published a list of big picture tasks the developers are working on. These tasks include stronger random number generation, the ability to mount VeraCrypt volumes in GNOME and improved document translations. " As part of our current donation campaign, we recently explained why we need donations and what we accomplished this year. Today we are sharing with you some of our plans for the next years. Applications and features: Tails Server - run Onion services from Tails (VoIP chat rooms, collaboration tools, web servers, messaging servers, etc). VeraCrypt support in GNOME - graphical utilities to mount VeraCrypt volumes. Graphical interface for the Additional Packages persistent feature: allow users to customize which applications are available in their Tails. " The complete list can be found on the distribution's news page. * * * * * People curious about the components and code which are used to make their applications like open source software because it is possible to review and audit the building blocks of the packages they install. One hurdle to reviewing a package's source code is finding the code in question, which is often tucked away on some obscure server. The Debian project is making code reviews easier by hosting a service called Debian Sources. Matthieu Caneill reports: " We're happy to announce that Debsources, the web application that allows to browse and search the entire source code of all Debian releases, is now hosted on the official Debian infrastructure and available at sources.debian.org . You may already know this service as previously hosted at sources.debian.net . We took the move to Debian hardware as the opportunity to officially announce it here. Debsources is a web service that exposes the content of Debian source packages on the web, both via an HTML user interface and a JSON API. mailing list post.



The Debian developers recently published an update for Debian's system installer. The new system installer, which will be used to set up Debian 10 "Buster" offers a number of changes, perhaps the most interesting one being enabling automatic software updates. " The unattended-upgrades package is now installed by default through the pkgsel component. The intent is to ensure the automatic installation of security upgrades. Feel free to help documenting this in the release notes! " According to the corresponding issue ticket, it looks like it will be possible to disable automatic updates, possibly at install time.



The Debian team has released refreshed installation media for both Debian 8 "Jessie" and Debian 9 "Stretch". The new installation discs do not represent new versions of Debian, just refreshed media for existing versions with bug fixes. Information on the new installation media can be found in two separate news posts for Debian 8.10 Jessie and Debian 9.3 Stretch. * * * * * Matthias Klose has posted an update on the progress made phasing Python 2 out of the Ubuntu distribution. Python 2 will reach the end of its supported life in about two years and distributions are trying to make sure all software packages work with the newer Python 3. " Getting Python 2 demoted has been an ongoing task for several Ubuntu releases, now finally having a desktop CD image in Ubuntu 17.10 which ships without a Python 2 interpreter. The next step is to get Python 2 demoted to Universe, before finally in the far future it can be removed entirely from the archive. To get this done, we need: OpenStack package builds using Python 3. Removing or updating Python 2 packages in the Ubuntu seeds. Fixing remaining packages to use Python 3 instead of Python 2. Make sure that no new Python 2 packages enter Main (now being a topic for the MIR process). " Further details can be found in Klose's e-mail. * * * * * For many people, December is a time of winter festivals and holidays. The Void team is celebrating the season with a series of tutorials which cover lesser known programs and features of the distribution. The Advent of Void series begins with a post about the gcal command line calendar. A new tutorial is published each day and all the posts can be read on the distribution's news page. * * * * * These and other news stories can be found on our Headlines page.





Tips and Tricks (by Jesse Smith)

Working with images from the command line When we think of tasks which are better suited to a graphical environment than a command line, image editing is a natural choice. After all, if we are going to work with images it helps to be able to see the adjustments we are making. That being said, there are command line tools for manipulating digital images and the power of the command line allows us to work with multiple images at once. This week we explore how to tweak images using the ImageMagick suite of command line utilities and how to work on multiple images at the same time.



On the ImageMagick website most commands are prefixed with the word magick, but on my system the equivalent command is named convert. This is why my examples here may not match up exactly with the documentation on the project's website.



In this first example we engage in a fairly simple manipulation of an image, converting it from a JPEG file to a PNG file. This example converts the file yellow-submarine.jpg into yellow-submarine.png: convert yellow-submarine.jpg yellow-submarine.png We can adjust the image conversion process slightly and use multiple JPEG images to make one animated GIF. This example takes all the JPEG files in the current directory and turns them into one rapidly changing, animated GIF: convert *.jpg animated.gif To slow down the animation of the GIF we can add a delay parameter: convert -delay 100 *.jpg animated.gif One common task I often find myself performing is resizing images, particularly screen shots or photos I want to e-mail to people. ImageMagick offers a few different approaches to resizing an image. One method is to shrink (or enlarge) the dimensions of an image to a percentage of its original size. This example creates a new image with the width and height set to half (50%) of the original: convert original.jpg -resize 50% new-and-smaller.jpg Should we wish to create a larger image, we can use a resize percentage larger than 100%. What if we have an existing image and we want to find out its current dimensions and then shrink it down to a specific size, given in pixels? We can do that with a combination of the file and convert commands. The file command can tell us the size of the original image. Here we run the file command and it tells us our original photo is 500x500 pixels: file original.png

original.png: PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced We can then shrink the file down to 400x400 pixels using the convert command: convert original.png -resize 400x400 new-image.png These steps on their own are fine, but it does not save us any time compared to working with our images in a desktop application such as Gwenview or the GNU Image Manipulation Program. Where the ImageMagick command line tools shine is when we use the power of the command line to work on multiple images. We can do this with a for loop. In this example we access every JPEG file in our current directory and shrink it down so its dimensions are a quarter of the original size. The new images are saved with the suffix "-small". for oldname in *.jpg; do newname=$(basename "$oldname" .jpg)-small.jpg; convert "$oldname" -resize 25% "$newname"; done A lot is happening in the above command so let's break it down a little. The for oldname in *.jpg part looks for all files with the .jpg extension and, one at a time, processes them using the variable name oldname. The next part, do newname=$(basename "$oldname" .jpg)-small.jpg uses the basename command to strip away the file's suffix, .jpg. Then we add on a new suffix, -small.jpg, that will be appended to the new image's filename. For instance, my-photo.jpg would become my-photo-small.jpg with this step. Then the convert command at the end takes the original file, shrinks it down and saves it under the new name. The double-quotes around the filenames is a way to avoid trouble if there are spaces in a file's name which might confuse our shell.



One artistic touch we can perform on photographs is adjusting them from full colour to black and white. This can be done by adjusting the image type to grayscale. In this example we change a family photo from colour to black and white: convert family-photo.jpg -type grayscale family-photo-bw.jpg Rotating an image is often useful and ImageMagick will allow us to select a number of degrees to turn an image. The following example turns my family photo 90 degrees clockwise: convert family-photo.jpg -rotate 90 family-photo-turned.jpg As before, we can mix the conversion of an image with the power of the command line's processing power. In this example we both shrink and rotate all of the images in our current directory with the suffix .JPG, using a for loop. In the process we convert the JPG suffix to lowercase: for oldname in *.JPG; do newname=$(basename "$oldname" .JPG)-small.jpg; convert "$oldname" -resize 50% -rotate 90 "$newname"; done Using a command like the one shown above we can tidy filenames, correct rotation and shrink hundreds of images in preparation for transmission or storage in a matter of seconds - a much more efficient approach than working with each photo manually in a desktop application.



If you use ImageMagick to manipulate images, please share your favourite tricks in the comments. * * * * * More tips can be found in our Tips and Tricks archive.





Released Last Week

Puppy Linux 7.5



Philip Broughton has announced the release of a new version of Puppy Linux. The new version is Puppy Linux 7.5, code name "Xenialpup". The new version of the lightweight distribution is built using packages from Ubuntu's 16.04 "Xenial" release and Puppy maintains binary compatibility with Ubuntu packages. " Puppy Linux is small, runs in RAM, is lightning fast, very versatile and good fun! It has everything a novice will need while allowing full control to the experienced user. It comes in both 32-bit & 64-bit versions that can boot in both BIOS and UEFI enabled computers. The 32-bit version has kernel 4.4.95-noPAE for better compatibility with older hardware while the 64-bit has kernel 4.9.58 for better modern hardware support. True to Puppy Linux tradition both versions come with a full range of communications, productivity and entertainment applications as well as a wide range of the unique puppy-specific utilities and applications. The 330MB ISO includes: JWM window manager and ROX file manager. Palemoon browser and Claws mail client. FTP, torrent and chat applications. MPV media player, Simple Screen Recorder and Deadbeef audio player. Abiword word processor and Gnumeric spread sheet application. " Further information can be found in the project's release announcement.





Puppy Linux 7.5 -- The default desktop

(full image size: 132kB, resolution: 1920x1080 pixels)



Uruk GNU/Linux 2.0



Uruk GNU/Linux is a completely free software distribution based on Trisquel and featuring the MATE desktop. The project's latest release, version 2.0, includes an updated Linux-libre kernel, version 7 of the GNU Compiler Collection, MATE 1.12 and a new welcome screen. " We grew up, and the project grew up with us. At this time we worked a lot, and we made great changes. The big change came today, yes today, it's Uruk GNU/Linux 2.0 "lugalbanda". We use "lugalbanda" as a code name for this release, Lugalbanda is a character found in Sumerian mythology and literature in ancient Iraqi history. It's come with many changes like: Build new repository for Uruk GNU/Linux 2.0; Linux-libre 4.9.66 LTS; GCC 7; MATE 1.12.1; Abrowser 57; new welcome screen; replace MDM with LightDM as a default DM; new control center; Guix Installer; new customization with new themes, cursor and wallpapers; comes with many useful apps as default... Further details can be found in the project's release announcement.



ROSA R10



Vladimir Potapov has announced the release of ROSA R10, the latest stable build of the desktop-focused distribution with support for KDE 4 and Plasma 5 desktop environments: " ROSA Desktop R10 is the second release based on the ROSA 2016.1 platform. The distribution is targeted mainly at the Linux advocates eager to try new software versions. According to the updates policy, the ROSA 2016.1 platform will have four years of technical support. Technical changes in comparison with ROSA R9: many system libraries, system and software packages were updated to their latest versions; Linux kernel 4.9.60 LTS is used by default, other kernel versions and variants are available in special repositories; the proprietary NVIDIA drivers have been updated to new versions - 384.90 and experimental 387.12 for the relatively new video cards, 340.104 for GeForce 8 and 9, 304.137 for GeForce 6 and 7; MESA has been updated to version 17.1.6 with OpenGL support up to version 4.5.... " See the release announcement (in Russian) and release notes (in English) for more details.





ROSA R10 -- The application menu

(full image size: 254kB, resolution: 1280x1024 pixels)



ReactOS 0.4.7



ReactOS is an open source operating system which strives to be binary compatible with Microsoft Windows and is capable of running many Windows applications. The project has released ReactOS 0.4.7 which introduces improvements to application skins, better disk usage reporting and a smoother experience when sending files to the Recycle Bin. " James Tabor has put in a great deal of effort into getting the ReactOS painting process as close to Windows as possible. Furthermore, Katayama Hirofumi MZ has fixed the anti-aliasing text when a button was grayed out (and which was impossible to read before this fix). Another major achievement brought to you by Giannis has been to solve the Clipboard and Recycle Bin bugs. Now, in 0.4.7, ReactOS won't crash due an invalid/empty clipboard as it did previously, copy/pasting multiple files and pasting folders in the background should work well and now follows the Windows specs more closely. In 0.4.7, ReactOS now correctly manages file deletions when dragging them to the Recycle Bin thanks to a patch from Serge Gautherie. Add to that numerous fixes regarding Drag and Drop and the whole user experience now feels much more polished for end users. " Further details and screen shots can be found in the project's release announcement. ReactOS is available in two editions, one for installing the operating system and a LiveCD edition for testing.



Peppermint OS 8-20171130



Mark Greaves has announced the release of an updated build of Peppermint OS 8, a lightweight distribution based on Lubuntu (the long-term support branch) and featuring the LXDE desktop: " Team Peppermint is pleased to announce the latest iteration of our operating system, Peppermint 8 Respin, which still comes in 32-bit and 64-bit variants, with the 64-bit variant having full UEFI and Secureboot support. Whilst a respin is generally a minor release intended as an ISO image update, the Peppermint 8 Respin does contain some significant changes: Nemo 2.8.7 updated to 3.4.7 which seems more stable during large file operations and now has a separate process for controlling the desktop; OpenVPN updated in the repository to version 2.4.4 to support mixed mode IPv4/IPv6 VPNs; switched to slick-greeter, a much prettier login screen and a GUI utility in the menu called 'Login Window' for login screen settings, including the ability to add, change, remove an auto-login user; added a desktop right-click 'Open Peppermint Settings Panel' context menu item.... " Read the rest of the release announcement for a complete list of changes.



Bodhi Linux 4.4.0



Jeff Hoogland has announced the release of Bodhi Linux 4.4.0. Bodhi Linux is based on Ubuntu LTS and features the Moksha desktop environment, a fork of Enlightenment. The new version of Bodhi Linux features several package updates, including version 4.13 of the Linux kernel. The project's release announcement states: " Today I am pleased to announce the release of Bodhi Linux 4.4.0. This is a normal update release and it comes three months after the release of Bodhi 4.3.1. Existing Bodhi 4.x.y users do not need to reinstall as the primary goal of this update release is to simply keep the current ISO image up to date. This release image includes EFL 1.19.1, Terminology 1.1.0, Ephoto 1.5, and Linux kernel 4.13. As with every release in the 4.x.y Bodhi series it is built on top of the rock solid foundation that is Ubuntu 16.04. " Bodhi Linux is available in three editions: Standard, AppPack (with additional applications), and Legacy for older computers. * * * * * Development, unannounced and minor bug-fix releases

DragonFly BSD 5.0.2

CAELinux 2017-build4

Super Grub2 Disk 2.02s10-beta5

Bluestar Linux 4.14.3

KDE neon 20171205

Clonezilla Live 2.5.5-3

SmartOS 20171207

LinHES 8.5

Rescatux 0.51-beta3

MX Linux 17-rc1

NAS4Free 11.1.0.4.5017

Torrent Corner

Upcoming Releases and Announcements

Opinion Poll

Privacy protecting distributions



In our Feature Story we discussed the heads distribution which strives to keep its users anonymous on-line. heads, and its close cousin, Tails, have become increasing popular lately among people who wish to avoid being tracked while they communicate over the Internet. This week we would like to find out how many of our readers use privacy-protecting distributions.



You can see the results of our previous poll on scheduling tasks in last week's edition. All previous poll results can be found in our poll archives.



Privacy protecting distributions



I use Tails: 245 (18%) I use heads: 22 (2%) I use another privacy protecting distro: 91 (7%) I do not use a privacy protecting distro: 1008 (74%)

DistroWatch.com News