Debian

Devuan Jessie 1.0 Officially Released (softpedia.com) 210

prisoninmate quotes a report from Softpedia: Announced for the first time back in November 2014, Devuan is a Debian fork that doesn't use systemd as init system. It took more than two and a half years for it to reach 1.0 milestone, but the wait is now over and Devuan 1.0.0 stable release is here. Based on the packages and software repositories of the Debian GNU/Linux 8 "Jessie" operating system, Devuan 1.0.0 "Jessie" is now considered the first stable version of the GNU/Linux distribution, which stays true to its vision of developing a free Debian OS without systemd. This release is recommended for production use. As Devuan 1.0.0 doesn't ship with systemd, several adjustments needed to be made. For example, the distro uses a systemd-free version of the NetworkManager network connection manager and includes several extra libsystemd0-free packages in its repository.
Debian

Privacy-Focused Debian-Based Tails 3.0 Reaches RC Status (betanews.com) 32

BrianFagioli quotes BetaNews: Today, Tails achieves an important milestone. Version 3.0 reaches RC status -- meaning the first release candidate (RC1). In other words, it may soon be ready for a stable release -- if testing confirms as much. If you want to test it and provide feedback, you can download the ISO now. This is quite the significant upgrade, as the operating system is moving to a new base — Debian 9 "Stretch." The Debian kernel gets upgraded to 4.9.0-3, which is based on Linux kernel 4.9.25. As previously reported back in February, Tails 3.0 will drop 32-bit processor support too.

Using Tor is a huge part of the privacy aspect of Tails, and the tor web browser sees an update to 7.0a4. Tor itself is updated to 0.3.0.7-1. Less important is the move from Icedove to Thunderbird for email. This is really in name only, as Debian has begun using the "Thunderbird" branding again. From a feature perspective, it is inconsequential.

Debian

Debian 8.8 Released (debian.org) 65

prisoninmate quotes Softpedia: The Debian Project announced today Debian GNU/Linux 8.8, the most advanced stable version of the Jessie series, which brings corrections for numerous packages and various security flaws discovered and patched since the release of the Debian GNU/Linux 8.7 maintenance update back in mid-January 2017... "This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available," reads today's announcement.

"Please note that this update does not constitute a new version of Debian 8 but only updates some of the packages included. There is no need to throw away old 'jessie' CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated."

Debian 8.8 contains more than 150 bug fixes and security updates.
Debian

Systemd-Free Devuan Linux Announces A Second Release Candidate (devuan.org) 122

An anonymous reader quotes The Register: Devuan Linux has released its second release candidate... A 1.0.0 release candidate emerged just under a fortnight ago and today the developers announced Devuan Jessie 1.0.0 RC2. New in this cut of the code is a systemd-free version of network-manager, new versions of reportbug, desktop-base and xfce4-panel. GNOME, KDE, and Cinnamon have been removed from tasksel, but can still be installed although they "are known to suffer from some glitches due to the lack of systemd."
The Devuan web site says this series of release candidates "marks an important milestone towards the sustainability and the continuation of Devuan as a universal base distribution." And their announcement describes Devuan as "the Debian that was and could have been. Our goal is to provide a viable and sustainable alternative...a new path, nurtured with your help and support."
IT

No More FTP At Debian (debian.org) 75

New submitter Gary Perkins writes: It looks like anonymous FTP is officially on its way out. While many public repositories have deprecated it in favor of HTTP, I was rather surprised to see Debian completely drop it on their public site. In a blog post, the team cited the FTP's lack of support for caching or acceleration, and declining usage as some of the reasons for their decision.
Debian

UEFI Secure Boot Booted From Debian 9 'Stretch' (theregister.co.uk) 168

Debian's release team has decided to postpone its implementation of Secure Boot. From a report: In a release update from last week, release team member Jonathan Wiltshire wrote that "At a recent team meeting, we decided that support for Secure Boot in the forthcoming Debian 9 'stretch' would no longer be a blocker to release. The likely, although not certain outcome is that stretch will not have Secure Boot support." "We appreciate that this will be a disappointment to many users and developers," he continued, "However, we need to balance that with the limited time available for the volunteer teams working on this feature, and the risk of bugs being introduced through rushed development." The decision not to offer Secure Boot support at release leaves Debian behind Red Hat and Suse, making it the only one of Linux's three main branches not to support the heir-to-BIOS and the many security enhancements it offers.
Crime

Debian Developer Imprisoned In Russia Over Alleged Role In Riots (itwire.com) 93

An anonymous reader writes: "Dmitry Bogatov, Debian developer and Tor node admin, is still being held in a Moscow jail," tweeted the EFF Saturday. IT Wire reports that the 25-year-old math teacher was arrested earlier this month "on suspicion of organizing riots," and is expected to be held in custody until June 8. "The panel investigating the protests claims Bogatov posted several incitory messages on the sysadmin.ru forum; for example, one claim said he was asking people to bring 'bottles, fabric, gasoline, turpentine, foam plastic' to Red Square, according to a post at Hacker News. The messages were sent in the name of one Airat Bashirov and happened to be transmitted through the Tor node that Bogatov was running. The Hacker News post said Bogatov's lawyer had produced surveillance video footage to show that he was elsewhere at the time when the messages were posted.
"After Dmitry's arrest," reports the Free Bogatov site, "Airat Bashirov continue to post messages. News outlets 'Open Russia' and 'Mediazona' even got a chance to speak with him."

Earlier this month the Debian GNU/Linux project also posted a message of support, noting Dmitry maintains several packages for command line and system tools, and saying their group "honours his good work and strong dedication to Debian and Free Software... we hope he is back as soon as possible to his endeavours... In the meantime, the Debian Project has taken measures to secure its systems by removing Dmitry's keys in the case that they are compromised."
Open Source

Systemd-Free Devuan Announces Its First Stable Release Candidate 'Jessie' 1.0.0 (devuan.org) 372

Long-time reader jaromil writes: Devuan 1.0.0-RC is announced, following its beta 2 release last year. The Debian fork that spawned over systemd controversy is reaching stability and plans long-term support. Devuan deploys an innovative continuous integration setup: with fallback on Debian packages, it overlays its own modifications and then uses the merged source repository to ship images for 11 ARM targets, a desktop and minimal live, vagrant and qemu virtual machines and the classic installer isos. The release announcement contains several links to projects that have already adopted this distribution as a base OS.
"Dear Init Freedom Lovers," begins the announcement, "Once again the Veteran Unix Admins salute you!" It points out that Devuan "can be adopted as a flawless upgrade path from both Debian Wheezy and Jessie. This is a main goal for the Devuan Jessie stable release and has proven to be a very stable operation every time it has been performed. "
Operating Systems

Ask Slashdot: What's The Easiest Linux Distro For A Newbie? 510

joseph Kramer -- a long-time user of both Windows and MacOS -- comes to Slashdot with the ultimate question: I've been lurking here for years and seen many recommendations for a Linux flavor that works. What I'm really looking for is Linux that works without constant under-the-hood tweaking (ala early Windows flavors, 3.1, 95/98). Does such an OS exist? For the record, I am not an IT tech. I just need something to work with the mechanical equipment it controls. Any recommendations?
When it comes to Windows and MacOs, he describes himself as "fed up with their shenanigans." So leave your best answers in the comments. What's the best way for a newbie to get started with Linux?
Debian

Debian Update: Stretch Frozen, Bug-Squashing Parties Planned (phoronix.com) 55

"Debian project leader Mehdi Dogguy has written a status update concerning the work going on for the first two months of 2017," reports Phoronix. An anonymous reader quotes their report: So far this year Debian 9.0 Stretch has entered its freeze, bug squashing parties are getting underway for Stretch, the DebConf Committee is now an official team within Debian, a broad Debian Project roadmap is in the early stages of talk, and more.
Bug-Squashing Parties have been scheduled this week in Germany and Brazil, with at least two more happening in May in Paris and Zurich, and for current Debian contributors, "Debian is willing to reimburse up to $100 (or equivalent in your local currency) for your travel and accommodation expenses for participating in Bug Squashing Parties..." writes Dogguy, adding "If there are no Bug Squashing Parties next to your city, can you organize one?"
IBM

IBM Gets a Patent On 'Out-of-Office' Email Messages -- In 2017 (arstechnica.com) 65

The U.S. Patent and Trademark Office has issued IBM a -- what the Electronic Frontier Foundation calls -- "stupefyingly mundane" patent on e-mail technology. U.S. Patent No. 9,547,842, "Out-of-office electronic mail messaging system" was filed in 2010 and granted about six weeks ago. Ars Technica reports: The "invention" represented in the '842 patent is starkly at odds with the real history of technology, accessible in this case via a basic Google search. EFF lawyer Daniel Nazer, who wrote about the '842 patent in this month's "Stupid Patent of the Month" blog post, points to an article on a Microsoft publicity page that talks about quirky out-of-office e-mail culture dating back to the 1980s, when Microsoft marketed its Xenix e-mail system (the predecessor to today's Exchange.) IBM offers one feature that's even arguably not decades old: the ability to notify those writing to the out-of-office user some days before the set vacation dates begin. This feature, similar to "sending a postcard, not from a vacation, but to let someone know you will go on a vacation," is a "trivial change to existing systems," Nazer points out. Nazer goes on to identify some major mistakes made during the examination process. The examiner never considered whether the software claims were eligible after the Supreme Court's Alice v. CLS Bank decision, which came in 2014, and in Nazer's view, the office "did an abysmal job" of looking at the prior art. "[T]he examiner considered only patents and patent applications," notes Nazer. The office "never considered any of the many, many, existing real-world systems that pre-dated IBM's application."
Debian

Mozilla Thunderbird Finally Makes Its Way Back Into Debian's Repos (softpedia.com) 47

prisoninmate quotes a report from Softpedia: A year ago, we told you that, after ten long years, the Debian Project finally found a way to switch their rebranded Iceweasel web browser back to Mozilla Firefox, both the ESR (Extended Support Release) and normal versions, but one question remained: what about the Mozilla Thunderbird email, news, and calendar client? Well, that question has an official answer today, as the Mozilla Thunderbird packages appear to have landed in the Debian repositories as a replacement for Icedove, the rebranded version that Debian Project was forced to use for more than ten years due to trademark issues. "Thunderbird is back in Debian! We also renamed other related packages to use official names, e.g. iceowl-extension -> lightning. For now, we need testers to catch existing issues and things we haven't seen until now," said Christoph Goehre in the mailing list announcement. You can find out how to migrate your Icedove profiles to Thunderbird via Softpedia's report.
Open Source

LinuxQuestions Users Choose Their Favorite Distro: Slackware (zdnet.com) 145

ZDNet summarizes some of the surprises in this year's poll on LinuxQuestions, "one of the largest Linux groups with 550,000 member". An anonymous reader quotes their report: The winner for the most popular desktop distribution? Slackware...! Yes, one of the oldest of Linux distributions won with just over 16% of the vote. If that sounds a little odd, it is. On DistroWatch, a site that covers Linux distributions like paint, the top Linux desktop distros are Mint, Debian, Ubuntu, openSUSE, and Manjaro. Slackware comes in 28th place... With more than double the votes for any category, it appears there was vote-stuffing by Slackware fans... The mobile operating system race was a runaway for Android, with over 68% of the vote. Second place went to CyanogenMod, an Android clone, which recently went out of business...

Linux users love to debate about desktop environments. KDE Plasma Desktop took first by a hair's breadth over the popular lightweight Xfce desktop. Other well-regarded desktop environments, such as Cinnamon and MATE, got surprisingly few votes. The once popular GNOME still hasn't recovered from the blowback from its disliked design change from GNOME 2 to GNOME 3.

Firefox may struggle as a web browser in the larger world, but on Linux it's still popular. Firefox took first place with 51.7 percent of the vote. Chrome came in a distant second place, with the rest of the vote being divided between a multitude of obscure browsers.

LibreOffice won a whopping 89.6% of the vote for "best office suite" -- and Vim beat Emacs.
Debian

Debian 8.7 Released (debian.org) 124

Debian 8.7 has been released. An anonymous reader quotes Debian.org: This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available. Please note that this update does not constitute a new version of Debian 8 but only updates some of the packages included.

There is no need to throw away old "jessie" CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated. Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update.

86 packages have been updated -- including some fixes for systemd. ("Rework logic to determine when we decide to add automatic deps for mounts; various ordering fixes for ifupdown; systemctl: Fix argument handling when invoked as shutdown...")
Debian

Linux.com Announces The Best Linux Distros for 2017 (linux.com) 224

Friday Linux.com published their list of "what might well be the best Linux distributions to be found from the ever-expanding crop of possibilities... according to task." Here's their winners (as chosen by Jack Wallen), along with a short excerpt of his analysis.
  • Best distro for sysadmins : Parrot Linux. "Based on Debian and offers nearly every penetration testing tool you could possibly want. You will also find tools for cryptography, cloud, anonymity, digital forensics, programming, and even productivity."
  • Best lightweight distribution: LXLE. "Manages to combine a perfect blend of small footprint with large productivity."
  • Best desktop distribution: Elementary OS "I'm certain Elementary OS Loki will do the impossible and usurp Linux Mint from the coveted 'best desktop distribution' for 2017."
  • Best Linux for IoT: Snappy Ubuntu Core "Can already be found in the likes of various hacker boards (such as the Raspberry Pi) as well as Erle-Copter drones, Dell Edge Gateways, Nextcloud Box, and LimeSDR."
  • Best non-enterprise server distribution: CentOS. "Since 2004, CentOS has enjoyed a massive community-driven support system."
  • Best enterprise server distribution: SUSE. "Don't be surprised if, by the end of 2017, SUSE further chips away at the current Red Hat market share."

Wallen also chose Gentoo for "Best distribution for those with something to prove," saying "This is for those who know Linux better than most and want a distribution built specifically to their needs... a source-based Linux distribution that starts out as a live instance and requires you to then build everything you need from source." And surprisingly, he didn't mention his own favorite Linux distro, Bodhi Linux, which he describes elsewhere as "a melding of Ubuntu and Enlightenment".


Google

Android Was 2016's Most Vulnerable Product, Oracle the (bleepingcomputer.com) 147

An anonymous reader writes: According to CVE Details, a website that aggregates historical data on security bugs that have received a CVE identifier, during 2016, security researchers have discovered and reported 523 security bugs in Google's Android OS, winner by far of this "award." The rest of the top 10 is made up by Debian (319 bugs), Ubuntu (278 bugs), Adobe Flash Player (266 bugs), openSUSE Leap (259 bugs), openSUSE (228 bugs), Adobe Acrobat DC (227 bugs), Adobe Acrobat Reader DC (227 bugs), Adobe Acrobat (224 bugs), and the Linux Kernel (216 bugs).

When it comes to software vendors, the company for which the largest number of new CVE numbers have been assigned was Oracle, with a whopping 798 CVEs, who edged out Google (698 bugs), Adobe (548 bugs), Microsoft (492 bugs), Novell (394), IBM (382 bugs), Cisco (353 bugs), Apple (324 bugs), Debian Project (320 bugs), and Canonical (280 bugs).

Desktops (Apple)

Raspberry Pi's Linux-Based PIXEL Desktop Now Available For PC and Mac (betanews.com) 50

From a report on BetaNews: If you own a Raspberry Pi, you're probably familiar with PIXEL. The desktop environment is included in the Raspbian OS. The Raspberry Pi Foundation describes PIXEL as the "GNU/Linux we would want to use" and understandably so. It offers a smart, clean interface, a decent selection of software, the Chromium web browser with plug-ins, and more -- and from today it's available for PC and Mac. The version of Debian+PIXEL for x86 platforms is described as "experimental" but having taken it for a spin, it seems pretty stable to me. To run PIXEL on your PC or Mac, download the image, burn it onto a DVD or flash it onto a USB memory stick, and boot from it. The desktop environment will load ready for use.
Open Source

Devuan's Systemd-Free Linux Hits Beta 2 (theregister.co.uk) 338

Long-time Slashdot reader Billly Gates writes, "For all the systemd haters who want a modern distro feel free to rejoice. The Debian fork called Devuan is almost done, completing a daunting task of stripping systemd dependencies from Debian." From The Register: Devuan came about after some users felt [Debian] had become too desktop-friendly. The change the greybeards objected to most was the decision to replace sysvinit init with systemd, a move felt to betray core Unix principles of user choice and keeping bloat to a bare minimum. Supporters of init freedom also dispute assertions that systemd is in all ways superior to sysvinit init, arguing that Debian ignored viable alternatives like sinit, openrc, runit, s6 and shepherd. All are therefore included in Devuan.
Devuan.org now features an "init freedom" logo with the tagline, "watching your first step. Their home page now links to the download site for Devuan Jessie 1.0 Beta2, promising an OS that "avoids entanglement".
Security

Cryptsetup Vulnerability Grants Root Shell Access On Some Linux Systems (threatpost.com) 89

msm1267 quotes a report from Threatpost: A vulnerability in cryptsetup, a utility used to set up encrypted filesystems on Linux distributions, could allow an attacker to retrieve a root rescue shell on some systems. From there, an attacker could have the ability to copy, modify, or destroy a hard disk, or use the network to exfiltrate data. Cryptsetup, a utility used to setup disk encryption based on the dm-crypt kernel module, is usually deployed in Debian and Ubuntu. Researchers warned late last week that if anyone uses the tool to encrypt system partitions for the operating systems, they're likely vulnerable. Two researchers, Hector Marco of the University of the West of Scotland and Ismael Ripoll, of the Polytechnic University of Valencia, in Spain, disclosed the vulnerability on Friday at DeepSec, a security conference held at the Imperial Riding School Renaissance Vienna Hotel in Austria. According to a post published to the Full Disclosure mailing list, the vulnerability (CVE-2016-4484) affects packages 2.1 and earlier. Systems that use Dracut, an infrastructure commonly deployed on Fedora in lieu of initramfs -- a simple RAM file system directory, are also vulnerable, according to the researchers. The pair say additional Linux distributions outside of Debian and Ubuntu may be vulnerable, they just haven't tested them yet. The report adds: "The problem stems from the incorrect handling of a password check when a partition is ciphered with LUKS, or Linux Unified Key Setup, a disk encryption specification that's standard for Linux. Assuming an attacker has access to the computer's console, when presented with the LUKS password prompt, they could exploit the vulnerability simply by pressing 'Enter' over and over again until a shell appears. The researchers say the exploit could take as few as 70 seconds. After a user exceeds the maximum number of three password tries, the boot sequence continues normally. Another script in the utility doesn't realize this, and drops a BusyBox shell. After carrying out the exploit, the attacker could obtain a root initramfs, or rescue shell. Since the shell can be executed in the initrd, or initial ram disk, environment, it can lead to a handful of scary outcomes, including elevation of privilege, information disclosure, or denial of service."
GNU is Not Unix

Debian GNU/Linux 9 'Stretch' Installer Gets GNU Screen, Linux Kernel 4.7 Support (softpedia.com) 58

"Debian developer Cyril Brulebois was pleased to announce this past weekend the release and immediate availability of the eighth Alpha development snapshot of the Debian GNU/Linux 9 'Stretch' installer," reports Softpedia. An anonymous reader quotes their article: It's been four long months since Alpha 7 of Debian GNU/Linux 9 "Stretch" hit the testing channels back in July, but the wait was worth it as the Alpha 8 release adds a huge number of changes, starting with initial support for the GNU Screen terminal multiplexer and lots of debootstrap fixes, which now defaults to merged-/usr.

"debootstrap now defaults to merged-/usr, that is with /bin, /sbin, /lib* being symlinks to their counterpart in /usr (more details on: https://lists.debian.org/debian-devel/2016/09/msg00269.html)," wrote Cyril Brulebois in the mailing list announcement, where it states that default debootstrap mirror was switched to deb.debian.org.

Slashdot Top Deals