DistroWatch Weekly, Issue 638, 30 November 2015

Feature Story (by Jesse Smith)

Qubes OS 3.0



Sometimes, rather than take a long look at a single distribution, I like to quickly check in on the progress being made by several projects. This week I would like to rapidly walk through my brief experiences with three interesting open source projects: Qubes OS, KaOS and NetBSD.



Qubes OS is an interesting experiment in isolating processes and tasks from each other. In computer security there are a number of ways to tackle keeping systems secure. Since no method of securing software works perfectly, isolating tasks in virtual machines (VMs) limits the amount of damage a misbehaving (or compromised) process can inflict. As the project's website states, " In general, Qubes takes an approach called security by isolation, which in this context means keeping the things you do on your computer securely isolated in different VMs so that one VM getting compromised won't affect the others. This allows you to do everything on a single physical computer without having to worry about one successful cyber attack taking down your entire digital life in one fell swoop. "



One might think of Qubes OS as a way to keep one's work life, personal life and financial life locked away in separate compartments. This way if a web browser is compromised in the Work virtual machine, it will not put one's personal financial records at risk.



The latest release of Qubes OS includes a number of technical improvements. Curious to try it out, I downloaded the ISO for Qubes OS 3.0 which is 3.5GB in size. Booting from the Qubes installation media brought me first to a menu where I could either check the media's integrity or launch the project's system installer. In my case, selecting to run the system installer launched the Anaconda installer (the same installer currently used by Fedora) in text mode. The installer guided me through selecting my time zone, protecting the root account with a password and choosing whether to install Xfce, KDE or both desktops together. Where I ran into trouble was with the disk partitioning section.



I tried running through the partitioning section of the installer several times, selecting different options for file systems (standard partitions, LVM volumes and Btrfs are supported). I tried telling Qubes to use just one free partition I had set aside and, other times, offered to let Qubes take over the entire hard disk. In each case, the installer reported I had not provided a root partition for the operating system and refused to proceed. I found this odd as I had, on a few occasions, instructed the installer to use the entire disk. After a handful of attempts, I gave up on trying to install Qubes.



I am sorry to say I have tried each major release of Qubes OS released to date and, so far, none has installed successfully for me. I admire the goal of the Qubes project, making it easy for users to isolate separate tasks in order to improve security. I am of the opinion the concept of a user (and a user's processes) having full access to everything in a user's account raises security concerns. I would like to see more effort put into projects like Qubes and AppArmor in order to make it easier for a user to compartmentalize their digital life. * * * * * KaOS 2015.10 and Plasma on Wayland



KaOS is a distribution which takes an approach I find interesting. Rather than adding features or creating new utilities, the KaOS team strives to offer cutting edge software that has been neatly packaged. The distribution focuses on one architecture (64-bit x86) and one desktop environment (KDE). This gives KaOS a narrow, yet polished, focus. I decided to download the latest installation media for KaOS in order to try out two new features: KDE's Plasma 5 desktop running in a Wayland session and improvements to KaOS's installer.



The ISO file I downloaded for KaOS 2015.10 was 1.6GB in size. Booting from this media brings us to the Plasma 5 desktop, running on a traditional X session. A welcome screen greets us and offers to provide us with information about this new release or launch the distribution's graphical installer.





KaOS 2015.10 -- Running the Plasma 5 desktop

(full image size: 745kB, resolution: 1366x768 pixels)



I like KaOS's implementation of the Calamares system installer. The installer has a layout and style similar to the system installer used by Ubuntu or Linux Mint. It's one of those installers where the user can pretty much just click "Next" a few times and end up with a functioning operating system. That being said, we do have some options available to us and I particularly like how streamlined and easy to navigate the disk partitioning section is. KaOS, due to its inclusion of some non-free components, has added a screen to the installer which displays licensing information for these non-free packages.



Once the installation was finished, I booted into my new copy of KaOS and experimented with the desktop session options. The Plasma on X session worked well. The desktop was responsive and everything worked as expected. The Plasma on Wayland session did not work for me. This was not entirely unexpected. In the recent past I have tried running GNOME Shell on Wayland (via the Fedora distribution) without success. However, where trying to login to a Wayland session on Fedora would cause the screen to briefly go blank before I was returned to the login screen, signing into Wayland on KaOS caused the display to blank and the system to lock-up. This meant I had to hit the power button to trigger a reboot in order to get back to a login screen.



In short, my exploration of KaOS's new features was mixed. The Calamares system installer is beautiful, it works well, it's fast and I was very happy with it. I hope more distributions adopt Calamares as their graphical installer as it really makes getting a new distribution up and running a pleasant process. Wayland, unfortunately, continues to be problematic on my test equipment. This is probably a driver-related setback which I hope gets resolved in the near future. * * * * * NetBSD 7.0



NetBSD is a fascinating project, largely due to the operating system's portability. NetBSD runs on a vast array of CPU architectures and the project's tag line is, "Of course it runs NetBSD." The latest release of NetBSD, version 7.0, includes support for a number of new devices, including the Raspberry Pi 2 and BeagleBone mini computers.



NetBSD is available for many architectures and I decided to download the 64-bit x86 installation image which is 372MB in size. Booting from NetBSD's disc brings up a text menu where we are asked if we would like to perform a regular installation, try to install without ACPI support or try to install with no ACPI or SMP support.



NetBSD's installer consists of a series of text screens, most of which ask us to select items from menus. We begin by confirming our keyboard's layout. The installer then asks if we would like to perform a fresh installation, upgrade an existing copy of NetBSD, re-install over an old copy or access system utilities. The utilities offered include tools to partition the hard drive, a useful function since the installer seems to assume we already have a spare partition set aside for NetBSD. Choosing to perform a fresh installation of NetBSD kicks off a series of screens where we are asked which hard drive to use. We are then shown a default partition layout and given the chance to change mount points or partition sizes. I found the partition managing screen difficult to navigate. I did not feel as though there was a clear path through the process and so I fumbled around a bit before, essentially, taking the defaults offered. Next, we are asked what sort of installation we would like to perform with options including Full, Text Only, Minimal and Custom. I went with Full since a complete installation of NetBSD takes up less than 2GB of disk space. We then choose where to install packages from with choices including local optical media, FTP/HTTP servers, NFS network shares and floppy disks. Files are copied to our hard drive and then we configure our network connection, pick out our time zone from a list and set a password on the root account. The next few screens ask if we would like to enable a binary package manager (with the alternative being to install software from source code using a collection of ports) and we can optionally install the operating system's source code. The next series of screens asks if we would like to enable a secure shell service, enable network time synchronization, enable a display manager and add a regular user account.



When we boot into our fresh copy of NetBSD we are brought to a simple graphical login screen. Or at least I was, given that I had installed all the available packages. I found that I could sign into my user account and, upon doing so, I was presented with a blank screen. Shortly after logging in a mini terminal window would appear in the bottom-right corner and display login/logout and system messages. I was able to click in this terminal window and scroll through the messages, but otherwise the graphical environment was unresponsive to input. I was unable to type or click on anything, other than the message window, and I was unable to logout. In short, graphical software is present, but we do not have any desktop environment in which to work.



I very rarely work with NetBSD systems so I looked up a tutorial on how to easily install and enable the Xfce desktop on NetBSD. Since the guide was originally written, some things have changed on NetBSD, but stumbling through the guide resulted in me being able to sign into the Xfce 4.12 desktop environment. This greatly improved my experience as I was better able to run multiple terminal windows and look up further information using the Firefox web browser right from my NetBSD installation.



The easiest way to handle packages on NetBSD is with the pkgin package manager. The pkgin command line utility has a syntax similar to pkg-ng on FreeBSD and dnf on Fedora. The package manager smoothly handles installing, removing, upgrading and searching for packages. I found pkgin had terse output and functioned well during my very brief trial. Unfortunately, I only had time this week to play with NetBSD for a day and in a virtual machine, so the experience was a bit limited. However, I was pleasantly pleased to find NetBSD includes a range of useful desktop applications in the project's software repositories.





NetBSD 7.0 -- Running the Xfce desktop

(full image size: 182kB, resolution: 1024x768 pixels)



Security updates to the base system involve either checking out source code and building it, or downloading and unpacking binary builds from the project's server and manually putting the new files into place on the operating system. This makes handling security updates to the core system a bit more involved on NetBSD than it is on most Linux distributions or FreeBSD.



NetBSD is fairly light on memory. While using the command line interface and with just an empty X session running, the operating system used approximately 100MB of memory. When I installed Xfce 4.12 and was logged into the desktop environment, NetBSD used about 200MB of memory. Even with Xfce installed, NetBSD only used about 2GB of disk space.



One feature of NetBSD that does not get talked about much is that the portable operating system includes support for ZFS, an advanced file system. I experimented with setting up a ZFS volume and found the utilities worked well. From what I could find, ZFS is only supported on the 32-bit and 64-bit x86 architectures, other platforms, such as ARM, are still a work in progress.



At the end of my day with NetBSD I came away feeling pretty good about this highly portable operating system. I like the pkgin package manager, it's fast and pretty easy to use. I like that, with a short tutorial, it's pretty easy to set up a desktop environment and I like that NetBSD includes ZFS support.



I was a little less thrilled with the system installer. I have used a lot of different installers, including those put forward by FreeBSD, OpenBSD and MINIX and I think NetBSD's was, for me, the most difficult to navigate with regards to partitioning the hard drive. The installer works and, I presume, works across more platforms than I have encountered in my life, but I think it might scare off some newcomers.



What I really liked about NetBSD though was that the system was light and it should work the same across multiple platforms. The operating system took me a little while to get up and running, but once some basic tools were in place, I had a stable and pleasant experience. * * * * * Hardware used in this review



My physical test equipment for this review was a desktop HP Pavilon p6 Series with the following specifications: Processor: Dual-core 2.8GHz AMD A4-3420 APU

Storage: 500GB Hitachi hard drive

Memory: 6GB of RAM

Networking: Realtek RTL8111 wired network card

Display: AMD Radeon HD 6410D video card

Miscellaneous News (by Jesse Smith)

Fedora seeks Wayland testers, a new application for scheduling tasks and how to deal with rootkit warnings



Two weeks ago we mentioned the Fedora developers have been experimenting with making GNOME on Wayland the default desktop session for the upcoming release of Fedora 24. The Fedora project is now asking people to experiment with the new default desktop session and report any problems. " Before GNOME on Wayland becomes default in Fedora, we need to ensure the transition is smooth and the user won't recognize a difference. So we need reports on deficiencies that occur on Wayland but not X11. Kamil Paral of the Fedora QA team has written a comprehensive guide how to debug Wayland-related problems. If you want to provide developers with useful reports, please read it carefully. It has useful information such as how to find out whether a particular app is running on Wayland or on XWayland, and what to include in bug reports. this Fedora Magazine post. * * * * * Scheduling tasks to take place at a certain time is one of those things that has long been an easy thing to do on Linux, so long as a person is familiar with the command line. However, most people are not comfortable typing commands and learning the proper syntax for setting up scheduled jobs. The When desktop application bridges the gap and makes it easy for people to schedule tasks to occur at a given time (or following an event) from the comfort of their desktop. Hectic Geek has a nice write-up on When and how it can be used. " When lets the user to define when a certain task should be executed based on Time (using the system clock), Intervals (if the task is set to repeat), Command (after running a command prior to the execution of the actual task), Idle (after the system is idle for a certain period of time), Event (system start-up, suspend, shutdown, after connecting to a network etc), File Change (after the state of the file is changed). " Further exploration of the When application along with screen shots can be found in the Hectic Geek article. * * * * * A common question that appears a lot on distribution support forums is, "Do I need to run anti-virus software on Linux?" A common follow-up question is, "My anti-virus scan found a problem, what do I do next?" The Dedoimedo website talks about the nature of malware scanners on Linux and suggests some things to do following the discovery of a potential infection. " All right so you've run chkrootkit, what about rootkit hunter (rkhunter)? After all, you've executed one program, you might as well run both of them. This will help you narrow down your anxiety. If both tools report the same issue, you might need to investigate more, but if only one does, it increases the chance of this message being a false positive. " The post points out a lot of infection warnings are false positives and offers ways to check to see if there really is an issue or if the malware scanner has incorrectly reported a problem.





Questions and Answers (by Jesse Smith)

What an ELF is and an HTTPS option



Searching-for-an-elf asks: I occasionally check the properties of files. Some are ELF. What is an ELF file?



DistroWatch answers: The term ELF stands for Executable and Linkable Format. It is a commonly used file format for executable files and shared libraries on Linux distributions and some other Unix and Unix-like operating systems. When you check the properties of a file and find it is listed as an ELF, that means the file is intended to be run as a program, or a part of a program in the case of shared libraries. * * * * * Seeking-privacy asks: Does DistroWatch support HTTPS for encrypted web traffic?



DistroWatch answers: Not yet, all of our data is publicly available and we do not deal with sensitive information like login credentials or financial information through our website, so encryption has been a low priority item. However, some people have been asking about it and we are planning to implement HTTPS soon. We hope to be one of the early adopters of the Let's Encrypt software. * * * * * Past Questions and Answers columns can be found in our Q&A Archive.





Torrent Corner

Weekly Torrents



Bittorrent is a great way to transfer large files, particularly open source operating system images, from one place to another. Most bittorrent clients recover from dropped connections automatically, check the integrity of files and can re-download corrupted bits of data without starting a download over from scratch. These characteristics make bittorrent well suited for distributing open source operating systems, particularly to regions where Internet connections are slow or unstable.



Many Linux and BSD projects offer bittorrent as a download option, partly for the reasons listed above and partly because bittorrent's peer-to-peer nature takes some of the strain off the project's servers. However, some projects do not offer bittorrent as a download option. There can be several reasons for excluding bittorrent as an option. Some projects do not have enough time or volunteers, some may be restricted by their web host provider's terms of service. Whatever the reason, the lack of a bittorrent option puts more strain on a distribution's bandwidth and may prevent some people from downloading their preferred open source operating system.



With this in mind, DistroWatch plans to give back to the open source community by hosting and seeding bittorrent files. For now, we are hosting a small number of distribution torrents, listed below. The list of torrents offered will be updated each week and we invite readers to e-mail us with suggestions as to which distributions we should be hosting. When you message us, please place the word "Torrent" in the subject line, make sure to include a link to the ISO file you want us to seed. To help us maintain and grow this free service, please consider making a donation.



The table below provides a list of torrents we currently host. If you do not currently have a bittorrent client capable of handling the linked files, we suggest installing either the Transmission or KTorrent bittorrent clients.



Operating System Torrent MD5 checksum KNOPPIX KNOPPIX_V7.6.0DVD-2015-11-21-EN.iso 07bb29666baa2ad8d2f18bd117a44408 CRUX crux-32.iso b856bf35ab0a0da5ceff1a038c44b67e Netrunner netrunner-17-64bit.iso a70f60d02a1ca22fd20352265d63c9fb



Archives of our previously seeded torrents may be found here. All torrents we make available here are also listed on the very useful Linux Tracker website. Thanks to Linux Tracker we are able to share the following torrent statistics.



Torrent Corner statistics:

Total torrents seeded: 137

Total data uploaded: 21.2TB

Released Last Week

CRUX 3.2



Juergen Daubert has announced the release of CRUX 3.2, the latest stable build of the project's lightweight, x86-64 optimised Linux distribution designed for experienced Linux users: " The CRUX team is happy to announce the release of CRUX 3.2. CRUX 3.2 comes with a multilib toolchain which includes glibc 2.22, GCC 5.2.0 and Binutils 2.25.1. The kernel is Linux 4.1.13. CRUX 3.2 ships with X.Org 7.7 and X.Org Server 1.18.0. The ISO image is processed with isohybrid and is suitable for burning on a CD and putting on a USB drive. UEFI support is available during installation with dosfstools, efibootmgr, and grub2-efi added to the ISO image. Important libraries have been updated to new major versions which are not ABI compatible with the old versions. We strongly advise against manually updating to CRUX 3.2 via ports, since these changes will temporarily break the system. Please note that there may still be packages that need updating which are not included on the ISO image. These packages will need to be updated/rebuilt manually. " See the release announcement and release notes for more details.



Netrunner 17



The developers of Netrunner, a Kubuntu-based Linux distribution with useful extras such as Java, Flash and multimedia codecs, have announced the launch of Netrunner 17. The new release features a number of package updates, including the Plasma 5.4 desktop, VirtualBox 5, LibreOffice 5, Firefox 42 and version 4.2 of the Linux kernel. " The Netrunner team is happy to announce the release of Netrunner 17 (codename Horizon) - 64-bit version. (Note that the 32-bit version remains at 16 until 18 LTS). Netrunner 17's codename was chosen as an indication of a mature Plasma finally emerging at the horizon with another update of KDE Plasma, Frameworks and Applications. The desktop is now at Plasma 5.4.3 together with KDE Applications 15.08.2 and many more programs and libraries updated to their latest versions. Firefox with built-in Plasma support ships as 42.0.3. " Further information and screen shots for Netrunner 17 can be found in the project's release announcement.



KNOPPIX 7.6.0



Klaus Knopper has announced the release KNOPPIX 7.6.0, a brand-new version of the distribution's Debian-based live CD/DVD with a choice of LXDE, KDE 5.4 and GNOME 3.18, as well as a separate edition designed for visually impaired users: " Version 7.6.0 of KNOPPIX is based on the usual picks from Debian stable and newer graphics drivers or desktop software packages from Debian testing and Debian unstable. New in 7.6.0: Linux kernel (still 4.2.2, thorougly tested) and system software (Debian 'Jessie') updated; new experimental version of Compiz 0.9.12.2 3D window manager; LXDE (default) with PCManFM 1.2.3 file manager, KDE 5.4 (boot option 'knoppix desktop=kde'), GNOME 3.18 (boot option 'knoppix desktop=gnome'); WINE version 1.7.50 (git) for integration of Windows-based programs; QEMU 2.4 for (para-)virtualization; Electrum 2.5.4 for managing Bitcoin wallets.... " Read the detailed release notes for a full list of changes and new features.





Knoppix 7.6.0 -- Running the LXDE desktop

(full image size: 1.1MB, resolution: 1366x768 pixels)



KaOS 2015.11



The developers of KaOS, a rolling release distribution with a strong focus on KDE software, have announced the availability of a new installation snapshot. The new installation media, KaOS 2015.11, offers a number of package updates, new artwork and experimental support for running the Plasma desktop in a Wayland session. " As always with this rolling distribution you will find the very latest packages for the Plasma Desktop, this includes Frameworks 5.16.0, Plasma 5.4.3 and KDE Applications 15.08.3. Most notable major updates to the base of the system are the Boost 1.59.0/ICU 56.1 stack, Glib2 2.46.2 stack, a move of Mariadb to the 10 series, Perl 5.22.0 stack, Linux 4.2.6, all Texlive packages updated to their 2015 versions, Qt 5.5.1 and systemd 228. " At this time, KaOS supports booting in UEFI-enabled machines, but does not support the Secure Boot feature. Further information on KaOS 2015.11 can be found in the project's release notes.



Oracle Linux 7.2



Oracle has announced the release of Oracle Linux 7.2. Oracle Linux is built from Red Hat Enterprise Linux source code and is designed to be binary compatible with Red Hat's product. Oracle Linux 7.2 ships with two kernels, a "Red Hat Compatible Kernel" and Oracle's "Unbreakable Enterprise Kernel", and by default the latter is booted. " We're happy to announce the general availability of Oracle Linux 7 Update 2, the second update release for Oracle Linux 7. You can find the individual RPM packages on the Unbreakable Linux Network (ULN) and the Oracle Linux Yum Server and ISO installation images are available for download from the Oracle Software Delivery Cloud. Oracle Linux 7 Update 2 ships with the following kernel packages: Red Hat Compatible Kernel (kernel-3.10.0-327.el7) for x86-64; Unbreakable Enterprise Kernel (UEK) Release 3 (kernel-uek-3.8.13-98.6.1.el7uek) for x86-64. By default, both the Unbreakable Enterprise Kernel and the Red Hat Compatible Kernel are installed and the system boots the Unbreakable Enterprise Kernel. " Further information on this release can be found in Oracle's release announcement. The distribution can be downloaded from the Oracle Software Delivery Cloud (requires registration). At this time the update has not been pushed to Oracle's download mirrors.



Kwort Linux 4.3



David Cortarello has announced the release of Kwort Linux 4.3, the latest stable built from the project developing a lightweight, CRUX-based distribution with Openbox and a custom package manager called kpkg: " A new version of Kwort available, this one is 4.3. Get it while it's hot! As always, we remain fast, stable and simple and now we have grown up a little to include a lot of Linux firmware available for tons of devices. As usual, everything has been built cleanly and from scratch. The most significant technical aspects are: Linux kernel 4.1.13; new kpkg version providing exclusion support during upgrades (to avoid upgrading configuration files); Chromium 47.0.2526.69 (beta); the init scripts are more unified now with start-stop-daemon. As usual, we want to thank the people helping the project: the infrastructure providers, the people from PGHosting for the package mirror and development environment in the UNR; the CRUX folks for developing it as it's Kwort's base.... " Visit the distribution's home page to read the release announcement.



MakuluLinux 10 "Aero"



Jacque Montague Raymer has announced the release of MakuluLinux 10. The new version, which is built from Debian and Ubuntu packages, ships with the Cinnamon desktop environment and a theme designed to make former Windows users feel at home. " Makulu kicks off the 10 series with the release of the Aero Edition, built from the ground up it offers the end users everything they have asked for, a Linux edition that has a similar look and feel to the familiar Windows environment and is ready to use straight out of the box, not only does it make it comfortable and easy for Windows users to jump ship, but its extremely fast, stable, and extensively tested for many months. " MakuluLinux 10 "Aero" ships with version 3.19 of the Linux kernel and Cinnamon 2.6. Further information on this release can be found in the release announcement. * * * * * Development, unannounced and minor bug-fix releases

Webconverger 33.1

antiX 15-beta2 "MX"

DragonFly BSD 4.4.0-rc

Elive 2.6.12-beta

Sabayon 15.12

Android-x86 20151128

Upcoming Releases and Announcements

Opinion Poll

Web browser extensions



Web pages have become increasingly complex over the years. Websites these days tend to display a lot of different elements in various formats with websites pulling in content from third-party locations. Our web browsers are called on to display text, images and video, display ads, provide interactive content and run plug-ins.



With all of this complexity, and the large amount of data travelling across the Internet, some people have chosen to simplify their web browsing experience using browser extensions. Some of these extensions block ads, others try to prevent website from tracking them, others disable scripts. Extensions like Privacy Badger and HTTPS Everywhere from the Electronic Frontier Foundation have become particularly popular.



This week we would like to know if you use browser extensions to simplify your browser experience or to prevent sites from tracking you. Please let us know what your favourite extensions are in the comments.



You can see the results of last week's poll on encumbered media codecs here. All previous poll results can be found in our poll archives. Web browser extensions



I use one privacy/security extension: 350 (22%) I use multiple privacy/security extensions: 1010 (63%) I do not use privacy/security extensions: 220 (14%) My browser is not compatible with these extensions: 19 (1%) Browsing in text mode addresses my concerns: 15 (1%)