Language Selection

English French German Italian Portuguese Spanish

Stuck on Stux

Filed under
Linux
Reviews
-s

Stux Linux is an unique Linux distribution. Version 0.8.1 was released on the 7th and Distrowatch reports, "The new version is a quick bug-fix update to the new 0.8 series, which the developers launched a week ago. Some of the new features include: "Based on Slackware Linux 10.2 and Knoppix 3.7 for kernel and modules; all procedure and interfaces have been substantially reviewed; added boot option 'toram' to load STUX image in RAM and run from there; STUX Network Panel added - configure network for dial-up, ADSL, ethernet and wireless connections; STUX Media Center added; USB support enhanced; hard disk and USB installation process enhanced; created BitTorrent UI, also integrated in Firefox....""

It was quite the surprise to boot the livecd and watch a Knoppix init and hardware detection, being under the impression Stux was based on Slackware. However, this impression was correct. How did those developers come up with that idea? But the surprises don't end there. Wait until you see the desktop.

The default desktop environment is KDE 3.4.2. What makes this desktop unique is some of the customizations put in place. Granted most of them are mere KDE options, but how many developers have the courage to ship with them? Not so different is the gkrellm on the desktop in a transparent theme, nor the background of the famous blue-blend. Not so distinctive is the menu or even the windec and icons. Where the differences start are the panel arrangements. First is the launcher at the top of the screen, auto-hiding yet with a transparent background when visible. That in of itself may not impress, but it is also accompanied by the main panel at the bottom of screen with of course, transparency enabled, and also a few well chosen applets. The kasbar on the right, auto-hiding, as well as side-bar on the left were also something one doesn't encounter everyday in a distro by default.

        

It's different and refreshing in a way, however I think the main panel is a bit too cluttered. The cpu and memory monitors should probably be turned off and that functionality added to gkrellm, and that mixer is overkill as well. Most functions of a mixer are inoperative or not used very often in my case and suspect it may be so for many folk. That could at least be trimmed down if not removed completely. There is a mixer plugin for gkrellm as well and if stux is gonna have gkrellm on the desktop at boot, I say incorporate what they can into it. In addition, noatun has never been a very good application for me, I'm not sure I'd leave that applet either. But these are personal preferences and if installed onto the harddrive or saved the configuration I could easy change.

I was quite impressed with the Stux Control Center. From there one can configure various hardware devices, install software, and install the system to hard drive or even an usb key. It is different from other distro's control centers in presentation and functionality. Not only can you configure your system through it, but it is also an application launcher. It has several application buttons running down the right side as well as having a menu of clickable links. As stated I was quite impressed with it even if I encountered a few niggles.

I've been using Stux for a coupla days and I first began having issues when I attempted to use the control center to adjust my mouse settings so my scroll button would work. It wrote the new configuration and restarted X, but the system became quite sluggish and there was artifacting and visual corruption afterwards. I figured the scroll wasn't worth it, so I just rebooted to get the original default settings and performance back. But throughout the course of the day, surfing the internet, checking webmail, and trying to take screenshots and write this article, X has crashed out on me a few times and sent me out to the terminal. X always restarts, but it can be annoying when you haven't saved your work in a coupla paragraphs. However, the system seemed much more stable after a hard drive install. Your mileage may vary and you may not experience any negative issues with the livecd at all.

        

The greatest achievement in Stux I believe is their Stux Control Center as introduced above. It's unique appearance and the fact it opens upon start bring it into attention immediately. One of the functions it contains is a package manager. Besides the qtswaret found in the KDE menu, Stux seems to have its own package manager that can download Stux packages and install them to disk or ram. I decided to test the install to ram feature for the nvidia drivers, but alas I was met with a "not enough ram error." As my machine only contains 512mb of ram, my only recourse was to install onto harddrive.

        

The harddrive install is another unique interface with lots of nice options. There's a really nice description on the Stux site, but basically one clicks the harddrive target partition and check boxes for options. Some of these options include Install Current configuration which copies the root and etc partitions as they presently exist, format device, and install bootloader onto harddrive or mbr. There are buttons to launch qtparted or cfdisk if needed as well as option to create a boot floppy.

        

My experience with the harddrive install was mixed. I installed twice on two different partitions hoping to ascertain the most appropriate configuration of the installer. The first time the install itself went smoothly and I made a boot floppy to boot the system. It booted but locked up because of the "nv" driver bug, despite having edited the xorg.conf file for vesa from another linux install in order to avoid that. The fly in the ointment is that on every boot Stux/knoppix hardware detection is not only checking for new hardware each boot, it rewrites every config file previously edited. Not good.

The second install I unchecked "install current configuration" and it wouldn't even boot. It hung right after starting "multi-user" with an error about read-only filesystem. Ho hum.

So back in the original install, I tried to run the Stux package manager to install the nvidia drivers. It downloaded its nvidia package and tried to install it, however it errors out with the message something about the glx library missing. The kernel source was included, so I exited KDE and installed them using nvidia's installer/package. The Stux process edited the correct files however for use of the drivers upon reboot, indicating that it was just a problem with the package itself.

        

With the mixer and noatun applets big and bold and taking up much of the panel, it appears that Stux is trying to be an out-of-the-box multimedia system as well. In testing I found that xine could in fact play most of the video files I had on hand if it was in a standard video format such as mpeg and avi, further the win32codecs were available for installation through the Stux Packages installer. xawtv performs well after configuration of drivers and settings (as with any xawtv install), however I couldn't persuade xmms or kscd to play any audio cdroms. Flash and java weren't installed, but java was available through the package installer and installed without incident.

    

As far as applications, besides the full compliment of KDE applications, Stux is well equipped with many popular packages such as gimp, firefox/thunderbird, abiword and koffice, amule, gaim, xsane and qtswaret. There really aren't too many games, but there are several premier games or demos in available through the package installer.

        

So in conclusion, I think those Stux fellars might be onto a something a little different and out of the ordinary. As many people grow weary of the same ole same ole, Stux might have a chance to rival some of the big boys. They have some brave and bold default configurations that add to the user experience as well as wonderful original tools. Stux might need some more maturing and a bit more refining, but I predict great things to come of this project. If you're looking for something a little different, you just might become stuck on Stux. More Screenshots in the gallery.

More in Tux Machines

Android Leftovers

Developers Devising Plan To Ship Newer NVIDIA Drivers On Ubuntu Stable Releases

Currently NVIDIA's packaged drivers on Ubuntu can get a bit stale on Ubuntu stable releases since they aren't updated in-step with the latest driver releases. But a new stable release update (SRU) policy/exception similar to the Firefox approach is being made for Ubuntu so that new releases will end up working their way into currently supported Ubuntu series. The Canonical developers working on Ubuntu are really ramping up their support for NVIDIA's proprietary driver. On top of Ubuntu 19.10 to bundle the NVIDIA binary driver into the operating system's ISO image, they are working out the SRU details for shipping newer NVIDIA driver releases on existing Ubuntu stable releases. Read more

Security Leftovers

  • Microsoft Warns about Worm Attacking Exim Servers on Azure [Ed: Microsoft should also warn "customers" of Windows back doors for the NSA, but it does not (this one was patched ages ago; the Microsoft back doors aren't). Shouldn't Microsoft ask its proxies and partners, as usual, to come up with buzzwords and logos and Web sites for bugs in FOSS, then talk about how FOSS is the end of the world?]
  • The Highly Dangerous 'Triton' [Attackers] Have Probed the US Grid [Ed: It's Windows]
     

    Over the past several months, security analysts at the Electric Information Sharing and Analysis Center (E-ISAC) and the critical-infrastructure security firm Dragos have been tracking a group of sophisticated [attackers] carrying out broad scans of dozens of US power grid targets, apparently looking for entry points into their networks. Scanning alone hardly represents a serious threat. But these [attackers], known as Xenotime—or sometimes as the Triton actor, after their signature malware—have a particularly dark history. The Triton malware was designed to disable the so-called safety-instrument systems at Saudi Arabian oil refinery Petro Rabigh in a 2017 cyberattack, with the apparent aim of crippling equipment that monitors for leaks, explosions, or other catastrophic physical events. Dragos has called Xenotime "easily the most dangerous threat activity publicly known."

  • A Researcher Found a Bunch of Voting Machine Passwords Online
    A little more than a week ago, the Department of Homeland Security confirmed that it was going to forensically analyze computer equipment associated with part of the 2016 elections in North Carolina in association with questions about Russian hacking. The news prompted an information security researcher to announce that he’d found evidence of other election security issues in North Carolina last fall, which he’d kept quiet until now. Chris Vickery, the director of cyber-risk research at UpGuard, a cybersecurity services firm, tweeted June 7 that he had found an unlocked online repository that contained what he said were passwords for touchscreen voting machines. The repository, he said, also contained other information, including serial numbers for machines that had modems, which theoretically could have allowed them to connect to the internet. Vickery said that after he found the open repository in September 2018, he immediately told state officials, who locked the file. State officials have told Mother Jones that the passwords were nearly 10 years old and encrypted—a claim disputed by Vickery and a Democratic technology consultant in North Carolina—but admitted that the file shouldn’t have been publicly available online.
  • TPM now stands for Tiny Platform Module: TCG shrinks crypto chip to secure all the Things [Ed: Misusing the word "trust" to obliterate computer freedom and general-purpose computing]
    The Trusted Computing Group (TCG), a nonprofit developing hardware-based cybersecurity tools, has started work on the "world's tiniest" Trusted Platform Module (TPM). TPMs are silicon gizmos designed to protect devices by verifying the integrity of essential software – like firmware and BIOS − and making sure no dodgy code has been injected into the system prior to boot. These are widely used to protect servers. Now TCG wants to adopt the technology for devices that are so small that the inclusion of a full TPM chip might be impractical due to cost, space and power considerations. The first tiny TPM prototype, codenamed Radicle, was demonstrated last week at a TCG members' meeting in Warsaw, Poland. [...] We have to mention that for years, TCG and its TPMs were criticised by the open-source software community, which suspected the tech could be used for vendor lock-in – GNU father Richard Stallman called trusted computing "treacherous computing", but it looks like his worst fears have not come to pass. That doesn't mean TPMs haven't seen their share of dark days: back in 2017, it emerged that security chips made by Infineon contained a serious flaw, with experts estimating that 25 to 30 per cent of all TPMs used globally were open to attack.
  • What Is a Buffer Overflow
    A buffer overflow vulnerability occurs when you give a program too much data. The excess data corrupts nearby space in memory and may alter other data. As a result, the program might report an error or behave differently. Such vulnerabilities are also called buffer overrun. Some programming languages are more susceptible to buffer overflow issues, such as C and C++. This is because these are low-level languages that rely on the developer to allocate memory. Most common languages used on the web such as PHP, Java, JavaScript or Python, are much less prone to buffer overflow exploits because they manage memory allocation on behalf of the developer. However, they are not completely safe: some of them allow direct memory manipulation and they often use core functions that are written in C/C++.
  • Any iPhone can be hacked
    Apple’s so called secure iPhones can be turned over by US coppers using a service promoted by an Israeli security contractor. Cellebrite publicly announced a new version of its product known as a Universal Forensic Extraction Device or UFED, one that it's calling UFED Premium. In marketing that update, it says that the tool can now unlock any iOS device cops can lay their hands on, including those running iOS 12.3. Cellebrite claims UFED Premium can extract files from many recent Android phones as well, including the Samsung Galaxy S9 but no-one ever called them secure and safe. What is unusual is that Cellebrite is making  broad claims about turning over Apple gear. This is not a cat-and-mouse claim where they exploit a tiny flaw which one day might be fixed. It would appear that Cellebrite has its paw on a real howler.
  • Cellebrite Claims It Can Unlock ‘Any’ iPhone And iPad, 1.4 Billion Apple Devices Hackable
    Israel-based Cellebrite has announced a new version of its system Universal Forensic Extraction Device (UFED) — UFED Premium — which is capable of unlocking any iPhone, high-end Android device, or an iPad. The forensics company has suggested that UFED Premium is meant to help the police in unlocking iPhones and Android smartphones and getting data from locked smartphones.
  • Web-based DNA sequencers getting compromised through old, unpatched flaw
    DnaLIMS is developed by Colorado-based dnaTools. It provides software tools for processing and managing DNA sequencing requests. These tools use browsers to access a UNIX-based web server on the local network, which is responsible for managing all aspects of DNA sequencing. A simple Google search shows that dnaLIMS is used by a number of scientific, academic and medical institutions.
  • Generrate Cryptographically Secure RANDOM PASSWORD
  • DMARC, mailing list, yahoo and gmail
    Gmail was blocking one person’s email via our list (he sent that using Yahoo and from his iPhone client), and caused more than 1700 gmail users in our list in the nomail block unless they check for the mailman’s email and click to reenable their membership. I panicked for a couple of minutes and then started manually clicking on the mailman2 UI for each user to unblock them. However, that was too many clicks. Suddenly I remembered the suggestion from Saptak about using JavaScript to do this kind of work. Even though I tried to learn JavaScript 4 times and failed happily, I thought a bit searching on Duckduckgo and search/replace within example code can help me out.
  • Tired of #$%& passwords? Single Sign-on could be savior

    So how is single sign-on more secure, if Facebook is in charge? It's not, say security experts. "They’ve shown they can’t be trusted with our information," says Rudis.

  • Are SSO Buttons Like “Sign-in With Apple” Better Than Passwords?
    Apple recently announced a new product that could prevent users from giving away their email ID to every other site on the internet. It’s expected to launch sometime later in 2019. Called “Sign-in with Apple,” it is similar to other Single Sign-on services provided by Google and Facebook. The button lets you login to websites without creating a new user account every time.
  • App Makers Are Mixed on ‘Sign In With Apple’

    But other app makers have mixed feelings on what Apple has proposed. I spoke to a variety of developers who make apps for iOS and Android, one of whom asked to remain anonymous because they aren’t authorized to speak on behalf of their employer. Some are skeptical that Sign In with Apple will offer a solution dramatically different from what’s already available through Facebook or Google. Apple’s infamous opacity around new products means the app makers don’t have many answers yet as to how Apple’s sign in mechanism is going to impact their apps. And one app maker went as far as referring to Apple’s demand that its sign-in system be offered if any other sign-in systems are shown as “petty.”

  • Chinese Cyberattack Hits Telegram, App Used by Hong Kong Protesters

    “This case was not an exception,” he wrote.

    The Hong Kong police made their own move to limit digital communications. On Tuesday night, as demonstrators gathered near Hong Kong’s legislative building, the authorities arrested the administrator of a Telegram chat group with 20,000 members, even though he was at his home miles from the protest site.

  • Security News This Week: Telegram Says China Is Behind DDoS

    As protests erupted in the streets of Hong Kong this week, over a proposed law that would allow criminal suspects to be extradited to mainland China, the secure messaging app Telegram was hit with a massive DDoS attack. The company tweeted on Wednesday that it was under attack. Then the app’s founder and CEO Pavel Durov followed up and suggested the culprits were Chinese state actors. He tweeted that the IP addresses for the attackers were coming from China. “Historically, all state actor-sized DDoS (200-400 Gb/s of junk) we experienced coincided in time with protests in Hong Kong (coordinated on @telegram). This case was not an exception,” he added. As Reuters notes, Telegram was DDoSed during protests in China in 2015, as well. Hong Kong does not face the strict [Internet] censorship that exists in mainland China, although activists have expressed concern about increased pressure from Beijing on the region.

  • Nextcloud signs public letter, opposing German plan to force decryption of chat

10 Excellent Free Mind Mapping Software for Linux Users

Mind maps are diagrams used to organize information visually in hierarchical ways that show relationships among the elements that make up the map. Drawing mind maps have been proven to be highly effective for getting information in and out of the brain especially when combined with logical note-taking that typically details or summarizes the roles of the map’s components along the way. There are various mind mapping software out there ranging from free to paid to open source options. Today, my job is to list the best mind mapping software available to users for free. They are all modern, easy enough to use, and offer sufficient consumer support. Read more