Re-sigh. Kernel, quo vadis?
Initially, I wanted to ignore it, because of the horrendous title: Word up to Linux fan boys: Multiple Linux flaws show that Linux also has kernel issues.
But once I noticed that the issue about CVE-2008-1375 was:
fixed in Slackware 12.1 RC4;
raised on a Zenwalk forum thread;
I started wondering what's the real deal with it.
So, Slackware has fixed its 2.6.24 kernel into 2.6.24.5, but what are the vulnerable kernel versions?
The mentioned Zenwalk forum thread mentions "2.6.24.x < 2.6.24.6", but it cites no source.
CVE-2008-1375 is still "classified".
FrSIRT doesn't list it as I am writing this!
SecurityFocus lists CVE-2008-1375 under Bugtraq ID 29003 and lists as vulnerable all the kernels from the series: 2.6.25, 2.6.24, 2.6.23, 2.6.22, 2.6.21, 2.6.20, 2.6.19, 2.6.14, 2.6.13, 2.6.12, 2.6.11, 2.6.10, 2.6.9, 2.6.8, 2.6.7, 2.6.6, 2.6.5, 2.6.4, 2.6.3, 2.6.2, 2.6.1, and it also mentions as vulnerable Debian 4.0!
Bugtraq ID 29004 (CVE-2008-1294) lists the same kernels and distros as vulnerable!
Nevertheless, Debian Security is silent, and I haven't noticed very much related activity in other mainstream distros either, Slackware-current excluded! However, except for RHEL5 and its clones, who use a 2.6.18 kernel (not listed by SecurityFocus), practically all the other distros are likely to be vulnerable!
Either SecurityFocus is eating $h1t, or we're in a deep $h1t without even acknowledging it.
UPDATE: Debian has addressed several vulnerabilities (CVE-2007-6694, CVE-2008-0007, CVE-2008-1294, CVE-2008-1375) in Etch: DSA-1565-1 linux-2.6. "For the stable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-18etch3. The unstable (sid) and testing distributions will be fixed soon."
I have tested easys 4.1 under VirtualBox. I usually test distros "on the real thing", to see how they support the real hardware, not the emulated one, but this time I just wanted to see how it is.
It's not bad at first: it's slow to install, but ALICE's installer worked perfectly. The KDM is better than the vanilla from Slackware (which is not aliased), but the overall font smoothing in KDE is inherited from Slackware-current, which means it's terrible ("amateurish"): any other distro provides much better grayscale smoothing in KDE (Debian testing, Sidux, Mint 4.0 KDE, Sabayon 3.5 Loop 2, whatever I tried on the same LCD).
The default theme and icons are not so great IMHO, but this is a matter of taste. The inclusion of the non-free Textmaker and Planmaker is a German obsession, I guess.
ALICE's tools are excellent, for instance the Package Manager (/usr/sbin/pkgmanager) is a rewriting of GSlapt in Qt!
But I wouldn't use easys...
Since I mentioned them: Sabayon is a terrible bloat in KDE, and using other environments is not a great idea: XFCE is highly incomplete, even basic applets are missing.
OTOH, although KDE and Debian unstable-based, sidux 2008-1 looks good and it feels very snappy, probably because the customized kernel is a good one, and also because by default you don't have any unnecessary services started.
What I don't understand with Sidux is why they keep going with those Greek names nobody can read (but the Greeks), why they only offer the "standard/full" KDE as a dual-arch DVD, and the LiveCDs only come as "kde-lite"?! For older systems, maybe the lack of bloatness is good, but...
Oh, I noticed that gtk-qt-engine is not on the Sidux "kde-lite", but there seem to be no GTK+ application either.
Another question concerning Sidux, but related to a situation inherited from upstream: since adept (adept-manager, adept-installer, adept-updater, adept-notifier) seems to have been dropped after Etch (testing and unstable are missing it), how is a KDE user supposed to update the system without using the GTK+/GNOME-based tools? There is siduxcc able to handle updates, but it doesn't feature any systray notifier...
Consistency in the Linux world is an oxymoron.
10 commentsYou can update your Sidux through smxi. It requires to stop X, however. Ok, this is not good for a newbie, but it's the sidux-way. See the sidux forum for a discussion on this.
As a systray notifier you can use hermes. Cheers!
Just a quick remark related with Sidux:
For what I've read (I dont use Sidux myself), their developers strongly recommend using apt-get, since they consider synaptic inadequate for a rolling-release distro (especially based on -unstable branch), and capable of producing system breakage. So it is CLI all the way for them :)
I think if you search their forums or mailing list you can find the related thread.
PS: Out of curiosity - since you dislike GNOME+MONO(unseparable siblings now, it seems), and KDE4.0, whats your opinion on the lighter WM (Fluxbox, ICEWM, etc). Ever considering using one of them? For me, Debian Testing + Fluxbox was the best computing experience I had with linux (rock solid too, if you dont do apt-get update + apt-get upgrade with your eyes closed and do check what is getting installed)
Just an addendum to the previous comment:
http://manual.sidux.com/en/sys-admin-upgrade-en.htm
Folks, thanks, but it was not about a major UPGRADE, it was about the "daily updates" from Debian Sid!
smxi must be a replacement for apt-get dist-upgrade, right?
siduxcc-hermes is what I was looking for, it's superb!!!
Darth Vader,
It's not wise to reuse an already existing project name -- "YaLI" in our case.
Still, it's good you haven't called it "Coca-Cola" or "Mercedes Benz".
Maestre, şi uite aşa devii mai catolic decât Papa...
Am fost contactaţi, de mult, de dezvoltatorii Pardus în privinţa faptului lui YaLI (DARKSTAR Linux) & Alliance), dacă nu cumva este un derivativ al lui YALI (Pardus Linux)... Problema s-a rezolvat elegant, ca o coincidenţă de nume, provenind din anglicanismul "Un alt installer Linux" şi după ce prietenii noştrii turci s-au lămurit că nu sunt legături, la nivel de cod, la ce nivel vrei, totul a fost OK, de ambele părţi...
Deci?
Toate cele bune!
P.S. De aceea stiam, candva, de YALI (Pardus Linux) cum e construit, chiar de la "izvoare"...
Nu era vorba de o eventuală supărare a turcilor, ci despre confuzia potenţialilor utilizatori, care vor presupune că există o legatură!
Yes, but you can use smxi for many other tasks. For example, with smxi you can remove old kernels, install open-office-koffice-whatever you want, install your ati-nvidia driver, etc.
The most important smxi's feature (almost for me) it's the dist-upgrade warning system. It stop d-u when there's a possibility to break the system. It saved me from break my KDE last february (it's a problem with libqt-mt package). So i use smxi even for minor upgrades, altough it's a bit time-wasting.
Here you can found many other information about smxi:
http://techpatterns.com/forums/about736.html
HTH. Bye!
Maestre...
Actual, YaLI poartă trei distribuţii în spate, e adevărat, Slackware-based, dar DARKSTAR's YaLI e mult mai evoluat decât omonimul său turcesc, nu e greu să remarci asta...
Si cred că acestă posibilă confuzie a utilizatorilor sa aiba o cale elegantă de rezolvare, având în vedere că pe la Porţile Orientului se cochetează cu ideea că este relativ simplu să se creeze o interfaţă între PiSI şi ALICE, singurul fapt real ce l-ar împiedica pe YaLI (al lui DARKSTAR) să fie folosit pe malurile Bosforului...
Aşa că-ţi ofer ceva în premieră absolută (cu speranţa de a nu mai auzi comentarii maliţioase pe temă): un deja vu, poate chiar funny! Ce ai zice dacă pe la începutul anului viitor, o anume distribuţie s-ar putea să abandoneze pe YALI pentru... YaLI şi Alianţa s-ar putea să crească cu un distins şi ţăcanit membru?
Toate cele bune!
Comments are closed, complaints to info@.
Şi iaca că ai întalnit şi pe cea de a treia distribuţie din Alliance... Remember? DARKSTAR, Bluewhite64 si... ?
"ALICE's installer" este YaLI, installer-ul despre care am mai tăinuit, ca nefiind rudă cu omonimul sau turcesc, însă în acest caz, variantă customizată pentru instalarea lui easys GNU/Linux...
Iar ALICE, e... ALICE. E la fel in toate cele 3 distribuţii...
Bine, ca aici, tu ai vazut versiunile actuale ale lui ALICE si YaLI(4easys)...
Toate cele bune!