Language Selection

English French German Italian Portuguese Spanish

Kanotix 2005-04-RC17

Filed under
Linux
Reviews
-s

Kanotix 2005-04-RC17 was released a few days ago and tuxmachines is running really behind in their reviews. However, this was one I wanted to make sure I completed. I've reviewed several distros that are based on Kanotix and the time was right to finally review the source. However, if I really want to get down to where the rubber meets the road, I'm going to have to review Knoppix. Saving that for another time, today we look at Kanotix 2005-04-RC17.

  • Introduction

Distrowatch has described Kanotix as "a Linux live CD based on Knoppix technology using Debian/sid. The included XFree86 is from Debian/experimental. The main specs are: GRUB based startup from CD, ACPI support, DMA default on, additional support for DSL modems (Fritz!Card DSL and Eagle USB), optimal for HD install (you get a working Debian/sid install in about 10 minutes!), kernel forcedeth (for nForce NIC), device mapper and some other patches."

  • Features

    • Kernel 2.6.14.2 with many patches
    • ACPI and DMA enabled by default (can be disabled with acpi=off and nodma respectively)
    • i586 optimization - not for use with older CPUs!
    • Unionfs support (with unionfs cheat)
    • AVM Fritz!Card
      DSL
      support
    • Eagle USB DSL support
    • KDE 3.4.3
    • Captive 1.1.5
    • ALSA 1.0.10rc3
    • GRUB boot
      loader for CD start - ideal for rescue in command line mode
    • GCC 4.0.5
    • Xorg 6.8.2
    • Memtest86+ - Advanced Memory Diagnostic Tool in the extra menu of the boot loader
  • Boot

I had a feeling this was going to be a really nice system from the first boot of the livecd. The initial boot screen features red fonts and graphics, but they did a really tasteful job. It's quite attractive. Not only that, but it has so many boot options that you'll need to stop the 30 second count down timer to read them all. I ended up just hitting the default and adding xmodule=vesa (just in case). Once the boot started it was obvious that Kanotix is heavily based Knoppix. The silent splash soon kicks in and was found to be really tidy and professional looking. It features the same image that is used for the kde activation splash, and adds a progress bar as well as an animated tux walking back and forth. I like the continuity using that same image gives the distro. It adds to the professional feel.

        

        

  • LiveCD

The livecd boots automagically into KDE 3.4.3 and one is greeting by the familiar feminine "Initiating Start Sequence." Then one spots the attractive wallpaper. Usually I don't care for backgrounds with words, but this one does it tastefully and is presented in the most attractive shades of bluish-purple. The default plastic windec is still using the ugly default kde blue, so one might want to change that.

In addition, the 'show devices on the desktop' in the KDE desktop configuration is on by default, making for an ugly mess since Kanotix mounts all partitions automagically. I unchecked that and umounted my partitions.


The fonts on the default desktop weren't really too attractive. They weren't what I'd call ugly, they just didn't seem to render as well as some others I've seen. They were antialiased, yet they just seemed a little thin and jagged. There wasn't a lot of choice in the font menu either, nothing better than the default was available.

The menus were chocked full of applications and tools. The debian menu is separated from the almost traditional KDE menu by the heading Debian divided up into several other catagories such as graphics, net, and system. They also had some transparency going on which made for an attractive "extra touch" that didn't seem to hit performance any.


In those menus are many tools for configuring your hardware and system. Some are obviously Knoppix derivatives, and some others appear original. Most seemed to function without issue like the firewall config, although some did not seem to work correctly. For example the tv card configuration script seems to just die off.

    

Also in those menus were plenty of applications for just about anything you could think of to do. Most work really well except xine seemed to drop a few frames from time to time.

      

One of the nicest applications found was the hard drive installer. It's apparently a gui front-end for the knoppix-installer, but it gives a really nice feel to the process. It makes choosing your configurations so much easier to visualize and I imagine enhances the experience tenfold for the new user. It walks the user thru a simple setup and functions really well. I obtained a hard drive install in about 15 minutes without so much as a hiccup.

        

It even managed to copy the added files from the default knoppix user to the newly created "s" user. So, if I had forgotten to copy my screenshots to a real partition before rebooting the livecd, they were safe and sound on the new hard drive install. I've only seen one or two other systems do that.


  • Hard Drive System

The install boots fast and almost without issue. Upon boot, one gets a graphical login screen. From there one can choose their user and window manager/environment. KDE is default, but icewm is also offered for those wishing a lighter desktop.


Despite saving some of my files as mentioned above, I still had to turn off that "show all devices on desktop" again. This time I edited /etc/fstab as well to avoid any teary scenes that might occur in the future.


One of the first things I noticed was that the fonts rendered much better on the hard drive install. I was still using vesa at that point, yet the fonts seem to be much prettier. After installing nvidia drivers (which gave no trouble at all), they looked even better.

    

One of the things I had difficulty finding on the livecd and continued to the hard drive install was a graphical package tool (other than the kde kpackage). I figured a debian system would have synaptic installed, but Kanotix didn't. Fortunately it did include apt-get and came with more than a few repositories already set up. I only needed to run apt-get update and apt-get install synaptic to get that wonderful interface to which I've grown accustomed. After the install, a menu item even appeared for it.

        

At that point I could also install OpenOffice.org as Kanotix features KOffice as their office suite by default. That install was painless through my freshly installed synaptic front-end to apt-get. Afterwhich entries appeared in the menus for all of OpenOffice as hoped. It worked great.

        

  • Conclusion

Even with the few little negative issues described, I still found Kanotix to be polished and professional looking with simple yet handy tools for many tasks associated with setting up and maintaining a complete operating system. It functioned wonderfully and performed well above average. Applications opened and operated quite swiftly even during use of the livecd. I liked kanotix quite a bit and was impressed with the overall look and feel. I like to have a livecd or three around for emergencies, and this is one that I will keep. With some of the newest versions of applications available, this is one nice way to get a modern updated Debian system onto your machine. If I had to rate it, I'd probably give it at least an 8 out of 10. There are several more screenshots here.


More in Tux Machines

Leftovers: BSD

Security Leftovers

  • Stop using SHA1 encryption: It’s now completely unsafe, Google proves
    Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature. This shows that the algorithm's use for security-sensitive functions should be discontinued as soon as possible. SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005. The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, although some exemptions have been made. However, despite these efforts to phase out the use of SHA-1 in some areas, the algorithm is still fairly widely used to validate credit card transactions, electronic documents, email PGP/GPG signatures, open-source software repositories, backups and software updates.
  • on pgp
    First and foremost I have to pay respect to PGP, it was an important weapon in the first cryptowar. It has helped many whistleblowers and dissidents. It is software with quite interesting history, if all the cryptograms could tell... PGP is also deeply misunderstood, it is a highly successful political tool. It was essential in getting crypto out to the people. In my view PGP is not dead, it's just old and misunderstood and needs to be retired in honor. However the world has changed from the internet happy times of the '90s, from a passive adversary to many active ones - with cheap commercially available malware as turn-key-solutions, intrusive apps, malware, NSLs, gag orders, etc.
  • Cloudflare’s Cloudbleed is the worst privacy leak in recent Internet history
    Cloudflare revealed today that, for months, all of its protected websites were potentially leaking private information across the Internet. Specifically, Cloudflare’s reverse proxies were dumping uninitialized memory; that is to say, bleeding private data. The issue, termed Cloudbleed by some (but not its discoverer Tavis Ormandy of Google Project Zero), is the greatest privacy leak of 2017 and the year has just started. For months, since 2016-09-22 by their own admission, CloudFlare has been leaking private information through Cloudbleed. Basically, random data from random sites (again, it’s worth mentioning that every site that used CloudFlare in the last half year should be considered to having fallen victim to this) would be randomly distributed across the open Internet, and then indefinitely cached along the way.
  • Serious Cloudflare bug exposed a potpourri of secret customer data
    Cloudflare, a service that helps optimize the security and performance of more than 5.5 million websites, warned customers today that a recently fixed software bug exposed a range of sensitive information that could have included passwords and cookies and tokens used to authenticate users. A combination of factors made the bug particularly severe. First, the leakage may have been active since September 22, nearly five months before it was discovered, although the greatest period of impact was from February 13 and February 18. Second, some of the highly sensitive data that was leaked was cached by Google and other search engines. The result was that for the entire time the bug was active, hackers had the ability to access the data in real-time by making Web requests to affected websites and to access some of the leaked data later by crafting queries on search engines. "The bug was serious because the leaked memory could contain private information and because it had been cached by search engines," Cloudflare CTO John Graham-Cumming wrote in a blog post published Thursday. "We are disclosing this problem now as we are satisfied that search engine caches have now been cleared of sensitive information. We have also not discovered any evidence of malicious exploits of the bug or other reports of its existence."

Security Leftovers

  • Change all the passwords (again)
    Looks like it is time to change all the passwords again. There’s a tiny little flaw in a CDN used … everywhere, it seems.
  • Today's leading causes of DDoS attacks [Ed: The so-called 'Internet of things' (crappy devices with identical passwords) is a mess; programmers to blame, not Linux]
    Of the most recent mega 100Gbps attacks in the last quarter, most of them were directly attributed to the Mirai botnet. The Mirai botnet works by exploiting the weak security on many Internet of Things (IoT) devices. The program finds its victims by constantly scanning the internet for IoT devices, which use factory default or hard-coded usernames and passwords.
  • How to Set Up An SSL Certificate on Your Website [via "Steps To Secure Your Website With An SSL Certificate"]
  • SHA-1 is dead, long live SHA-1!
    Unless you’ve been living under a rock, you heard that some researchers managed to create a SHA-1 collision. The short story as to why this matters is the whole purpose of a hashing algorithm is to make it impossible to generate collisions on purpose. Unfortunately though impossible things are usually also impossible so in reality we just make sure it’s really really hard to generate a collision. Thanks to Moore’s Law, hard things don’t stay hard forever. This is why MD5 had to go live on a farm out in the country, and we’re not allowed to see it anymore … because it’s having too much fun. SHA-1 will get to join it soon.
  • SHA1 collision via ASCII art
    Happy SHA1 collision day everybody! If you extract the differences between the good.pdf and bad.pdf attached to the paper, you'll find it all comes down to a small ~128 byte chunk of random-looking binary data that varies between the files.
  • PayThink Knowledge is power in fighting new Android attack bot
    Android users and apps have become a major part of payments and financial services, carrying an increased risk for web crime. It is estimated that there are 107.7 million Android Smartphone users in the U.S. who have downloaded more than 65 million apps from the Google App Store, and each one of them represents a smorgasbord of opportunity for hackers to steal user credentials and other information.
  • Red Hat: 'use after free' vulnerability found in Linux kernel's DCCP protocol IPV6 implementation
    Red Hat Product Security has published details of an "important" security vulnerability in the Linux kernel. The IPv6 implementation of the DCCP protocol means that it is possible for a local, unprivileged user to alter kernel memory and escalate their privileges. Known as the "use-after-free" flaw, CVE-2017-6074 affects a number of Red Hat products including Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7 and Red Hat Openshift Online v2. Mitigating factors include the requirement for a potential attacker to have access to a local account on a machine, and for IPV6 to be enabled, but it is still something that will be of concern to Linux users. Describing the vulnerability, Red Hat says: "This flaw allows an attacker with an account on the local system to potentially elevate privileges. This class of flaw is commonly referred to as UAF (Use After Free.) Flaws of this nature are generally exploited by exercising a code path that accesses memory via a pointer that no longer references an in use allocation due to an earlier free() operation. In this specific issue, the flaw exists in the DCCP networking code and can be reached by a malicious actor with sufficient access to initiate a DCCP network connection on any local interface. Successful exploitation may result in crashing of the host kernel, potential execution of code in the context of the host kernel or other escalation of privilege by modifying kernel memory structures."

Android Leftovers