I Still Aten’t Dead
I aten’t.
I’m just busy being a combination of variously busy and/or unwell — Life’s what happens to you whilst you’re busy making other plans … you know how it is.
Bur, coincidentally … remarkably so, given that I logged in today with the express intent of rescuing you all from terminal boredom with something informative, only to learn that there had been some activity on one of the the very two posts that sprang to mind whilst contemplating writing this one … there’s been some activity on one of the the very two posts that sprang to mind whilst contemplating writing this one — what a remarkable coincidence, eh?
Aaaaaanyhow …
Why am I here again?
Oh, yes … that’s right … I’m here to brighten your day, you poor, benighted wretches.
So … without further ado … let’s do just that.
But first, a preamble ….
This is the one on which there was activity
This is the other one I was thinking of
And this one is at least tangentially related (you’ll understand why at the end).
Anyhow .. without any further prevarication …
(SouthpawPoet’s absolutely creaming herself with outrage around about now ¹ (even if she isn’t drunk) 😜).
Had a very brief play with some live distros — by preference XFCE when available (because it's what I use for my daily drive, so, I know what things are called and where they're found).
A couple of them were of a couple of years old too, but, meh, whatever.
Fedora Workstation 37 (Gnome)
I hated Gnome when I first tried it back in '99. And it hasn't endeared itself to me in the interim by being ever more 'dumbed' down, despite the fact that I thought 3 (much like Unity) was an improvement in terms of functionality. But it's just incredibly flaky/unstable (even run from an NVMe on a 128GB RAM system) ... and latterly still as dumbed down as it was in '99.
Had I tried a different DE, I might have found Fedora perfectly acceptable … but I lost interest before then, so I didn’t and I’m just gonna badmouth it here instead for being dull AF, having no tweakability without installing a completely different DE and being unstable into the bargain — it’s got nobody but itself to blame for that though by defaulting to Gnome (ain’t karma a b*tch?)
Slackware 15 (KDE)
Had to ‘google’ for the user password *sigh*
Probably a better installation platform then the horrible '90s style CLI installer was in 2014, but (naturally) I didn't try that
The search for the live version was as unintuitive as Slackware itself was when I last tried it: there's no direct mention of it on the site and it isn't listed amongst the downloads either — I eventually found it via a general web search (and had to separately double-check that the link was kosher).
I subsequently found that it's available in a variety of spins, including Gnome, XFCE, Mate and two flavours of KDE (Slackware's KDE or a 'bigger' / more 'open' one, but who knows what the differences are?). Couldn't tell you which of the two KDE variants I have though — as said, even finding a live version wasn't exactly intuitive (no more so than finding the version(s) of Debian that include non-libre elements) ... and I've only just discovered there's more than one version available (you have to go to docs.slackware.org to find out about them).
What I can say though is that I'm not entirely sure how installation works out.
First of all because I'm not about to try it — don't need no multiboot system ... Arch is all I need day-to-day; the only other thing I'm ever likely to try actually using is Qubes (probably with Whonix).
Secondly because not only could I not find any sort of 'software centre/manager' type affair, but not merely was slackpkg not available, even pkgtools wasn't recognised as a command — so, unless one/both of those are included as part of the installation from the desktop, you're gonna be screwed afterwards.
One thing's for sure: the irony of a live distro that will let you connect to the Internet, but enjoins you to download and install a firewall, if you want one (because it's a live distro in which there isn't one by default) ... but then doesn't provide a way to actually do so ... *sigh*
Fugly wallpaper by default and all but two of the others were no better — the '90s want their neo-Cubism 8bf filters back.
Debian 12.2 (XFCE)
Another one where you have to 'google' for the password for the default user.
Really?
Anyway ...
The desktop is pretty much XFCE default, albeit a little trimmer.
Unfortunately, this means you aren't using the Whisker Menu but the minimalist one that doubles as the desktop applications menu ... which is clumsy (a drop-down menu with no search is long since outmoded for good reason). Sure, it has the application finder, but that's a) fugly as and b) uncategorised (so, if you don't know what you're looking for ...)
Four wallpapers available, but only two of them are actually different (so, it's not clear why two of them are even there), but neither of them is fugly as such, so that's a bonus of sorts, I suppose.
Not a lot of apps available, but at least it comes with with the full LibreOffice suite (unlike a number of other live distros).
No firewall app I could find and, worse still, trying to start the iptables service resulted in an error declaring the service unit to be unfound — what!? Fair enough, I've criticised Arch in the Past for not making it clear to newcomers that the service isn't started by default (there is, in fact, no mention of it in the Installation Guide), but there really is no excuse for this — even if the rules are as useless as the defaults for Gentoo (and Arch, tbf), you should at least have access to iptables ffs! It's all well and good reasoning that anyone playing with it will be behind at least a domestic router with inbuilt firewall, but it's woefully poor OPSEC — how old is that router, what WPA version(s) does it support, are there any known exploits, has the default password been reset (you know, stuff your average home user knows nothing, and cares even less, about) ?
Mint 21.2 (XFCE)
It's Mint — ‘nuff said.
XFCE was reasonably tastefully configured — nothing exceptional, but not as ugly as the default version.
Not exciting, but less intrusive than Ubuntu — it doesn't know best and unilaterally make unannounced changes (like taking ownership of your extant partitions, renaming and resetting permissions on them). And, if you need a *buntu for any reason, that's reasonably stable, it's the one to go for.
Gentoo 20231126 (KDE)
Can't really say anything about it as an introduction to Gentoo.
Because it isn't … it's a live platform for installing Gentoo the easy way.
But it does have the most sophisticated KDE config I've seen — if you wanna learn Plasma ... or simply use it without the limitations other distros always seem to suffer from ... I'd say this were the one to use. If you wanna learn Gentoo though, I'd say you were still better off going oldschool and starting with a Stage 3 tarball.
BUT ...
I try to connect to my WiFi, only to receive an errormessage: Not authorised to control networking.
I try to configure the connection — I need, therefore, to create a WiFi connection. This is not for the casual user — you need to know about networking, if the config options are to make any sense to you.
I fill in all the blanks (including generating a random MAC address).
ERRORMESSAGE: Insufficient Privileges.
Seriously?
So, how am I supposed to connect then?
Ah ... I appear to have sufficient privileges to turn IPv6 off on the ethernet link — so, presumably, I could use that at least. Shame there’s no cable plugged in though (so, it can’t be connected to anything that way), eh?
Also ... it doesn't deem it necessary to come with a pre-installed firewall app ... and netfilter/iptables might as well not be running, because the rules are:
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
I know this is pretty common practice, but it shouldn't be; at the bare minimum, the default should be a simple stateful config — not perfect, but better than ... literally ... nothing. And those live distros that do come with a firewall app (often, if not even usually, UFW / Firewalld) have that as the default, so, why isn't it the default for netfilter/iptables-only setups? There really is no excuse for it.
Still ... at least iptables was running by default (unlike under Slackware).
Anyway ... I don't know how you're supposed to actually 'try before you buy' with Gentoo as a home user, if you can't connect to your WiFi — I mean ... how many people use a wired connection at home these days?
Finally, it doesn't shut down — YMMV, but none of the other distros had this problem.
OpenSUSE (XFCE) Leap 15.5 / Tumbleweed 20231202
Oh, God! My eyes!
Leap has the fugliest wallpaper of all of them — even the (thankfully also supplied) XFCE defaults are better! Tumbleweed’s was, thankfully, altogether more tasteful.
Comes with a welcome app that lets you choose from a variety of desktop layouts (Redmond, Cupertino, Ratón, GNOME2, Xubuntu, XFCE-defaults) and doesn't do a bad job of emulating them insofar as XFCE is capable of that.
The list of YAST entries is a bit overwhelming (it's a menu category all to itself!) and really, I fail to see what that offers over the Control Center other than saving a single click to get to a specific element, but whatever.
A bit dull, but it’s really another Fedora inasmuch as it’s the ‘Home’ version of a corporate offering, so …
Slax 15
Wouldn't boot from my Ventoy stick, no matter which version I tried — no file for the UEFI found.
Might just not work as an ISO and need to be installed to a key to work — I used it that way a number of years ago and found it to be quite impressive ... so, I might try that out later, just for fun.
Kodachi 8.27
I’m not exactly keen on the ISOs being hosted on Sourceforge, but okay … whatever — I’m just investigating.
As luck would have it, it’s XFCE based ... with some extra doodads: Cairo Dock and what I suspect is Conky (or similar solution — I didn't delve that far).
I was initially sceptical about its looks, but they're actually surprisingly useful (functional and of genuine utility) ... and the wallpaper has a surprisingly appealing '90s/early '00s cyberpunk aesthetic (the cultural/literary reference isn't subtle, but the image itself is tastefully subdued) — I don't bother with wallpaper myself (if I'm not focussed on whatever app I'm using, and consequently not looking at the desktop anyway, I'm not catatonically staring at the desktop, but looking at whatever I else I am occupied with other than the computer, so, I'll never see it, whatever it is, so, why waste the resources?), but it was the least jarring of them all ... and on a desktop that you aren't meant to customise, because it isn't persistent (which would be antithetical to the whole purpose of the distro), that's actually a consideration worth *cough* considering.
And, unlike TAILS, it was clear at boot whether or not I was running it from RAM or disk/key — I think TAILS runs from RAM by default and you have to explicitly tell it to run (semi) permanently, but there was no boot option for that, so, I've no idea without looking it up (and I'm not gonna do that right now).
Like many (if not most) distros, Bluetooth was turned on by default — not good at the best of times, but all the more questionable on a one intended for use in situations where you'd rather not be compromised in terms of your privacy, never mind security (and Bluetooth is anything but secure). A surprising array of plugins were enabled for the service (a case of swings and roundabouts vis à vis utility vs security), but no firewall functionality that I could discern (and I've even had one of those on my phone for years now) — again, not good at the best of times and especially not for a distro like this, but okay, I haven't seen one anywhere else either (and, as I disable the Bluetooth connection on any of my computers, I haven't had occasion to investigate the availability of a Bluetooth firewall for anything but my phone, so, it may not be an especially noteworthy omission here).
There are some odd aspects to it.
I was, for instance, able to launch a terminal emulator (much to my delight Terminator is preinstalled) and issue a systemctl status iptables command as the default user without any warning about insufficient permissions, yet trying to list the rules with iptables --list-rules did warn me that I couldn't do so as a non-privileged user (which is what you’d expect).
Like Debian, sudo systemctl status iptables informed me that the iptables service unit wasn't found — gufw is installed by default, so, it's not the end of the World ... and the default config there is to block both inbound and outbound connections (which makes sense when you think about what a distro like Kodachi is all about).
Backtracking a bit, to investigate why the system didn't seem to mind my issuing systemctl commands as a seemingly unprivileged user, I investigated /etc/passwd (which confirmed the ordinary user status of the default account) and /etc/group (but, no, the default user wasn't a member of group 0).
So, I thought I'd take a look at /etc/sudoers.
Permission was denied on a straight cat command — leaving me none the wiser as to why I could issue systemctl commands without hindrance.
su -c 'cat /etc/sudoers' root left me having to 'google' the root and user passwords — only the latter of which was immediately returned.
In the end though, it didn't matter, because sudo cat /etc/sudoers listed the content without the need for a password ... and, frankly, I’m a bit flummoxed:
root ALL=(ALL:ALL) ALL is what you'd expect to find
%admin ALL=(ALL) ALL is also what you'd expect to find (that or %wheel ALL=(ALL) ALL)
And, as the default user is a member of the admin group, that would explain it.
Except, wait, what? Wait a second ... no password was required.
Okay ...
%sudo ALL=(ALL:ALL) ALL — and, yep, you guessed it, the default user is a member of that group too (so, why even bother making it a member of admin?).
That still doesn't explain the lack of password challenge though.
#includedir /etc/sudoers.d is pretty standard (and definitively so on Debian), but there are no drop-in files there, so ...
A ... HA!
kodachi ALL=(ALL:ALL) ALL
kodachi ALL=(ALL) NOPASSWD:ALL
Wait ... what!? Then why is the default user in either of admin or sudo?
Or, more sensibly, given that their membership of those groups grants them the same privileges, whilst maintaining the standard fine-grained separation between them, why bother replicating the :ALL for that user specifically ... or putting them in the admin group, if you're subsequently going to override the password requirement to grant them the same level of privilege escalation?
That's a lot of redundancy. And, thinking about it, why give them passwordless sudo to (ALL) but require a password for (ALL:ALL)? It doesn't make any sense — they can just edit the sudoers file to grant themselves that permission too, if they want ... so, it doesn't add any extra security.
It’s just horribly unsecure — and makes no sense in the context of a distro such as this!
And none of that explained the behaviour of systemctl anyway.
The networking configuration tool (as usual, the ubiquitous NetworkManager … *hiss* *spit*) didn't offer the option to disable IPv6 — yeah, you can always 'ignore', but nevertheless (it's just more definitive to disable it).
Connecting to the WiFi started activity on the VPN activity widget — something to investigate, perhaps (even if it's an actual VPN, rather than just a proxy, connecting to some random 'VPN' with no idea what/where it is, is no better than some random proxy/
It was good to see OpenSnitch there. It was less good to find that launching it from the standard menu started the GUI but that there was no way to start the service and the only way to shut the GUI down was with a SIGKILL. Eventually, completely haphazardly, I found that launching it from the Security Apps collection on the Cairo Dock not only launched the GUI, but also started the service (opensnitchd) — why I couldn't start it from the CLI shall remain a mystery as I can't be bothered to investigate any further (not right now anyway).
A number of very strange requests were logged. Rather alarmingly a number of them by wget and curl to Reddit, Wikipedia, mail.com and udemy.com, for no discernible reason (something else to investigate before making any serious use of the distro). That last one is especially concerning, smacking of sponsorship — it may be nothing to worry about, or at least declared on the Kodachi website (so, caveat emptor), but it bears further investigation that I don't have the time for right now ... nor, for various reasons, the actual inclination, to be fair. The default config of Allow / Until Reboot is decidedly suboptimal — and the default timeout of 10 seconds doesn't help even if you aren’t confronted by a flurry of peculiar requests and popups!
Launching the Firefox (unsafe) browser was an unremarkable experience except insofar as it welcomed me back, observing that I hadn't used it in a while and asking if I'd like to clean up — something I've never seen on any other distro (with a 'virgin' installation) ever and not a little perplexing-to-disconcerting (who’d been using it, and how, before it was added to the iso?).
Launching the Tor Browser appeared to disconnect the 'VPN' before connecting to the Tor network — which is reassuring.
Less reassuring was the configuration of the Kodachi Loaded Browser TOR browser: for all that a couple or three of the preinstalled extensions are ones I use (or have used) myself, it smacks of overconfidence due to arrogance/complacency, if not outright ignorance — you do not, by definition, add extensions beyond those that are installed by default in the Tor Browser (to do so defeats the purpose of using Tor in the first place). Moreover, why are both uBlock Origin and AdNauseam installed? Finally, I'm nitpicking here, but ... not only is it 'Tor' and never 'TOR' (Tor's not GNU) ... but that fact is explicitly noted on the Tor Project website (and has been for many a long year) — if the people behind this distro haven't read that, or else chosen to ignore it, what else don't they know (or care) about? It's not confidence inspiring: when it comes to matters of security/privacy OPSEC, a geeky (if not outright nerdy) degree of attention to detail is paramount — people who don't reassure you that they pay attention to the details don't reassure me that there aren't dirty great holes in their OPSEC practices (and when it comes to a project that is all about OPSEC, that's not insignificant).
Otherwise, it has a useful suite of apps and tools preinstalled for the purposes for which the distro is intended — although I'm unsure why Pidgin should be considered a security tool ... and the inclusion of redshift (which necessitates the presence of geoclue, which I subvert, with geoclue_fake, on my own systems) strikes me as contradictory on a platform predicated on the principle of maintaining privacy/anonymity.
TAILS 5.2
Gnome based ... and pretty fugly at that too — there's minimalist … which I prefer myself (see here) ... and then there's bleakly utilitarian (which is just horrible).
The last of the distros I tried and, by that stage, if it didn't immediately grab me, it wasn't gonna keep my attention long enough to do much more than nope out of Gnome.
Okay, so, TAILS is about functionality, not looks, but it still fails aesthetically in comparison to even Kodachi (q.v.).
I was wary of trying this out, because when I last downloaded it (4.23) a couple of years ago, the official site (tails.boum.org) was using a long since outdated (and notoriously unsecure) version of TLS (which just didn't bode well) and, discretion being the better part of not being pwned, I thought twice and never actually tried it.
When I tried to download it this time ... from a new site that Firefox didn't reject as unsecure (and didn't, therefore, require me to do some things against my better judgement even on a semi-DMZ) ... the first thing I saw was ... nothing.
So, I tried opening the link in a separate tab, only for it to take a while and then inform me that the connection to an entirely different domain (seemingly a mirror, but nevertheless) had timed out.
Third time was the charm and it downloaded the iso from the declared link, but, nevertheless that initial redirect attempt still gave me pause for thought — a redirect on a domain is one thing, but for an explicit file link ... yeah, I dunno so much about that.
Anyway …
Gnome 3 based *sigh*.
Albeit it includes the full LibreOffice suite and (peculiarly) Inkscape, a pretty utilitarian suite of apps, with some odd redundancy (Audacity and Sound Recorder?)
The 'unsafe browser' is a stripped down (as it were) Firefox. The lack of preinstalled search engines is nice, but the default use of the address bar for search is still questionable nevertheless — even if it doesn't work by default, because there are no search engines installed, let alone a default. It wont save to anywhere other than the amnesia directory (permission denied elsewhere), so, really what is the point of the Downloads or Documents directories — yes, they're part of the freedesktop.org standard, but they aren't required by that standard (just a defined option) and it seems lazy to leave them on a system that is anything but standard, resulting in confusion (which doesn't exactly inspire confidence). It requires a network connection before it will launch ... and can't be used to open local files by selecting it from the Open With Other Application list (it just isn't there). It's not the end of the World, as local files can still be opened offline with the Tor Browser, but it's odd: if the idea is that you should only use if for those sites you should never connect to over Tor (e.g. your bank, social media sites, anywhere else you need to provide credentials that could lead to the exfiltration of your PII and unmasking of your realworld ID along the way) then why does it allow you to save anything anywhere? Apropos of which, I’ll just gloss over the utterly nonsensical option to install the distro (think about it). Then there's the fact that you can even launch it whilst connected to the Tor network — never mind a helpful page telling you why you shouldn't do that (which, ironically, you only see when you do), there should be a check for this and you should be prevented from even launching it under those circumstances. Sure, the TAILS documentation remarks that "it runs in its own network namespace [but] it cannot contact local services, like Tor", but that's all predicated on there being no exploits, bugs and none ever arising during the lifetime of the instance (and who knows when, or even if, the user will update their version?)
The default site for the Tor Browser isn't https://check.torproject.org *sigh*
Turning the WiFi back on automatically reconnects. Sure you can go into the settings and tell it not to (or even to forget the network) but that should be the default behaviour, not an optional extra. Moreover, if you didn't disconnect from Tor when you disconnected from the network then, when you reconnect, it automatically reconnects to Tor— I can't even ...
So … there you have it: a potted roundup of some of the major (and potentially interesting) Linux distros — covering pretty much all the major players (Mint is Ubuntu enough to not need to examine its parent as well, I think).
I’ve also been playing with Garuda (XFCE) but that’s a different kettle of fish … for different reasons: if you want an Arch based distro, my advice is to stick with Arch — use Arch for a bit and you’ll understand why (IMO at least) an Arch based distro is not only a contradiction in terms but a recipe for trouble, if not outright disaster, sooner or later (Cf. my remarks, above, about not simply installing random sh*t from random sources with a pacman replacement or ‘helper’).
¹ She’s Portuguese, you know.