Slashdot Mirror
Slackware 9.1 Released
ThatComputerGuy writes "Slackware 9.1 is now officially released. This is another great release, featuring GCC 3.2.3, GNOME 2.4.0, KDE 3.1.4, ALSA, and Kernel 2.4.22. Check the official announcement for the full feature list. Note that ftp.slackware.com will not allow ISO downloads starting with this release; instead, the first distribution of the ISOs will be via BitTorrent."
ISOs for 9.1 won't be available via the main Slackware FTP site due to bandwidth limitations, so BitTorrents have been set up to distribute the load.
Torrent for Disc 1
Torrent for Disc 2
The 9.1 4-disc CD set is also available from the Slackware Store. I usually place my order for the CD set and download the ISOs so I can have it available to me immediately until the nice disc set arrives in the mail.
-- Give him Head? Be a Beacon? :P)
(If you can't figure out how to E-Mail me, Don't.
1)download an old ISO (8.1 or 9.0 are just fine)
2) install and run swaret (see freshmeat)
3) you now have a Slackware 9.1 box.
Been following -current and the 9.1 betas and RCs. Stable, ultra fast and simple as ever, with stacks of the latest software. The addition of two fully-fledged package management tools (Swaret and Slackpkg) is the icing on the cake; there's little to fault here (although GNOME 2.4.0 doesn't seem totally rock-solid yet).
Then again, Dropline GNOME for Slack provides one of the best and most attractive GNOME installations out there, and they'll update to GNOME 2.4.1, 2.4.2 etc.
If you're tired of all the frills in Red Hat, Mandrake and SuSE et al (good as those distros are), and want something clean, speedy and stable as hell, give this Slack a go.
are you implying Slack is a distro with lots of holes? I think you don't know anything about slack.
Acquiescence leads to obliteration
I just got started with Slackware. 8.1, I got from the back of a magazine. Been having a blast...for about 2 weeks, now 9.1 is out. Accursed upgrade cycle! On the other hand...Long live Slack!
If Mr. Edison had thought smarter he wouldn't sweat as much. --Nikola Tesla
I, for one, welcome our new Slackware 9.1 using overlords.
To NULL or not to NULL.
Ive put the ISO's online at ftp.oranged.to
disk 2 was corrupt so its still on its way but if you want the discs go for it.
I've tried just about all of them except for Slackware, and am wondering if it offers a significantly different experience than, say, Debian
or Gentoo - from an administrative as well as end-user perspective. Thanks!
The difference between stupidity and genius is that genius has its limits.
Is that Pat keeps it simple. Slack has made adminning my boxen so much easier than Red Hat, Suse, etc.
I advise anyone searching for a distro to try Slackware out, once I found it a few years ago, it's all I run-- including on my home pc.
Thanks again, Pat, for making my life easier.
Acquiescence leads to obliteration
If you're having a blast, then why curse the upgrade? 8.1 will continue to work for as long as you want it to, so don't upgrade until you feel like it.
Slack now has an apt-like tool: Swaret. There's also Slapt-get if you search for it. What makes Slack special over Debian, you ask?
Debian (stable) is immensely stable, but very var behind the times. Slack uses recent, proven and reliable releases to make an up-to-date distro which still won't fall over.
Equally, the filesystem layout, installer and general administration is much more straightforward than Debian.
A lot of folks in here have been asking why Slack still has suck a cult following. It's a fair question; Slack doesn't get a great deal of exposure with the mainstream distros taking all the column inches now.
In a nutshell, Slack delivers Linux as it should be. Whereas distros like Red Hat and Mandrake deliver an "experience" (which is certainly good for newcomers), Slack says "Here's lots of great Linux stuff, packaged up and guaranteed to work out the box. Now make yourself a cool system!".
Slack's focus is on stability and simplicity. Instead of massively-patched packages, complicated init scripts and wizards galore, Slack goes all out for an easy to administer installation. It's very reliable; 99% of the time, only tested and stable releases are included.
Additionally, Slack's bootup time is half that of Red Hat 9. In general use it's much snappier too.
Above all, Slack isn't ideal for newcomers but if you've got some Linux experience under your belt, and want a system you feel YOU'RE in control of, download and give it a try.
Agreed, or run Swaret and have you system updated to 9.1. (or run Gentoo and always be up to date) Sorry, it had to be said!
CB
free ipod and free gmail!
Slackware is a distro that has been made by just one developer, and you can notice that (for good).
We you should use Slackware:
1) Free Beer: You can just download it.
2) Free Speech: Run Only GNU.
3) Free Mind: Many Distros install the software and then install themselves!!, Slackware install the software and then you can forgot you are running it, 'cause it won't get on the middle. You can use your GNU System without stupid modifcations or distro-specific bullshit automagic config tools. (But if you want them, they are just there, and they are the best).
I Think an important concept in Slackware is this:
Slackware config tools are basic. They do a minimal setup; if you need a config tool, you will be happy with them; some people think that just making a front end to configure a config file just wrapping the options from the Option=Value Format to the input/check/click/etc format; and that is just stupid. If someone doesn't know what an option means, he won't be able to configure it, doesn't matter if it has colors and graphics all around.
So Slackware keep it simple. Their config tools asks you for the minimal. That is enough for people who require a config tool. And if you need to go further, I think you will be more confortable using vi.
I think the only thing missing in Slack is ports and other kernels (It would be nice to run Slackhurd ; )
WTF am I doing replying to an AC at 5 A.M on a Friday night?
Hmm...lets see. I tried using Mandrake, and SuSE, and Redhat.
Well, the Redhat 9.0 installer was broken out of the box, so that was a no-go. Can't say if the actual system was fine, since it crashed three times in a row and then I deep-fried the CD.
Mandrake looked kinda cool, had nice tools. Unfortunately, the configuration tools were broken. They worked MOST of the time. Didn't really cut it. I was better off doing it by hand, because then I never broke anything, and I could still make any changes I wanted. (I never did find a way to set up dual-head)
SuSE was the only one with real power. That was kinda nice. Good configuration and everything. But that proprietary tool-set threw me off, since I wasn't apparently allowed to give friends free copied of the CDs. That made it not acceptable.
Then there was Debian. Real good, I guess. Happens to have the worst installation ever. Gives you some base stuff, then a completely counter-intuitive package manager which is virtually impossible to use. Now, people tell me things like I should use the X version of the package installer...oh, wait. I'm setting up a server without X. But, just go to the websites of things, and then find the packages, and then...Wait a second, if I use Slackware, I've already got them installed in the easy to use incredibly light text-based installer.
Of yeah, and what happens when you happen to want to install a box just to share out storage, and you happen to want your install to be...oh...30 megs? Wait, RedHat says that's impossible, same with SuSE and Mandrake. Where does all their shit come into that package? Can't say Debian is that bloated, as I stopped dealing with its crap a while ago.
Oh, and if you're only referring to dependency checking, I've never really cared. I just install it, run it, and see what causes the seg-fault. Of course, some project managers also list what they depend on, in which case I just download what I need without some stupid app holding my hand through it. And, don't tell me its because I'm an old hand at Linux or something, because I've just been using it upwards of a year, and I had never touched a command-line before then. And the Slackware installer was still better in my opinion (it has never crashed, the others have).
Single CD. Makes for easier copying, sharing, storing, replacing, everythinging...yet still manages to have More packages I want than anything but Debian, which has almost everything I don't want.
It all sounds very cool, but aren't the Slackware lot overdoing it a bit on 'stability', when they still include Apache 1.3 in the base install when 2 has been stable for what, two years now? Arguably, 2 is more secure now than 1.3. Even if the 1.3 branch is still supported and patched, 2 has been the focus of most developers for a long time now.
I remember starting on Slackware in 1995. Not hard to install, well it was fun so I guess I didn't mind the effort ... but X let me down cos I was using some weirdo video card that must have been handcrafted by a bunch of orcs. Ahem, anyways, I've been using Redhat since 4.2 with the occassional digression to Mandrake ... and you know ... the more bells and whistles the harder it seems to be to do anything constructive. I just spent way too much time trying to figure out how to customize the menus ... I gave up ... the obvious way of using the "add menu item" just plain doesn't work. And then I went to change the names of the workspaces and it didn't work .. because it seems that when you make the changes it is not stored in the same xml file that it reads from ... sheesh ... yeah I know this a gnome problem not redhat (or maybe I should just go back to KDE) ... but you'd think Redhat would check these things. All I kept thinking was , if this was Enlightenment (may it rest in peace) or WindowMaker it would be simple. And I started thinking very wistfully of Slackware. Hmmm.
I would've gone Debian, but since I'm on a dialup I can just imagine how little time it would take me to hate apt-get. And I've tried Suse, nice and consistent ... but I dunno irritating.
So I'll probably give Slackware another go.
Bitter and proud of it.
Slackware is above all a very focussed distribution. It aims to give you a fairly complete, simple and stable operating system for 486+ computers, that can be easily customized by yourself. In the past, there were also Alpha and Sparc versions, but now I think only Intel is officially supported. Slackware does not attempt to include every open source software package under the sun. There is sendmail, but not postfix, qmail, exim etc. There is mysql but not postgre, firebird, etc. There are a few window managers, as opposed to dozens. It does include the usual development tools and the most common libraries. If you want something not provided in the default distribution, you are expected to download and compile/install it yourself. The result is that the complete distribution can more or less be managed by a single person. Of all the major distributions, Slackware has probably the smallest development team. If the Mandrake or Gentoo company (yes folks, Gentoo is not a non-profit org like Debian!) were to fold next month, it is not easy to continue the distributions, because they need a reasonable amount of supporting infrastructure and developers. If Patrick Volkerding quits next month, I can maintain my own Slackware tree reasonably well, because I have a reasonable overview of how the entire distribution works.
I don't understand why people rave so much about Apt. Why is it so superior? Oh, I can type apt-get whatever and get it? Similarly, I can download it and install it myself. Odds are, I don't want to install something without going to its home-page anyway.
Why not? Well, groups that can't even explain why their system is good usually don't have a good product. And I don't want to install crap and find out its crap for myself. I'd rather read about it and avoid it.
And, how-the-hell is it competing with OpenBSD? OpenBSD offers security, Slackware offers more up-to-date packages that any other distro, and is stable. Where's the relationship?
What happens to slack if Pat dies?
IIRC slack is Pat's HD image
I suggest you save this joke for the next Mandrake of Redhat release. It doesn't fit so well with Slackware, Debian Stable, or SuSE.
Now I mostly use RedHat, which reminds me... does anyone have any idea (roughly) when *RedHat* 9.1 is due out?
Going to have to start upgrading some of these RedHat boxen before support dries up after New Years :-(
I have never used slackware but I have read a lot about it. One problem that this distro seems to have is that you have to download a completely new ISO every time a new one comes out, similar to the RPM distrobutions. This is very ineffecient IMO. Most slack users I know and have read about just reinstall and than add all their old configs and such like .bash_config. Maybe I have been reading the wrong info, but this a major flaw in any distro that is to be considered for widescale deployment. Please don't get me wrong, we owe a lot to patrick for things like a BSD like init and such as well as a great distro!
Shouldn't all you guys who talked about getting the LAST release already have slack and just need to upgrade?
It seems every release the same people claim to be downloading the iso. Shouldn't you guys already have 9.0 and just need to upgrade to 9.1??
I know this is a troll but I've always wondered how every release, the same people rush to say they are dling yet they said that the last week. I just simply upgrade freebsd when a new version comes out, I don't have to download the whole iso.
Anyway, flame on I suppose.
I don't understand why people rave so much about Apt. Why is it so superior?
.deb will be there shortly. Just type "apt-get update" and presto!
:-) But I only use it for headless systems. Setting up X in debian is an excercise in frustration for me. Redhat wins here hands down. It even works with my mousewheel thru kvm. I never managed to get debian (or FreeBSD) do that.
Speaking for myself (of course), apt has a *huge* number of mirrors. The main advantage of installing over apt, however, is the fact that they are pre-compiled (tho you can choose to apt the sources) and the system does dependency tracking.
You can still go to the product home page, but when you download it and try to compile, only to find that you have to download and compile the dependencies (that might have dependencies themselves), you can grow frustrated pretty quickly. And apt will warn you if it needs to install dependencies *before* it installs them.
If you keep the security repository in your apt config file, whenever there's a security flaw, chances are the corrected
I love Debian (and it shows)
No sig
I don't know why but Slashdot doesn't like my stories... I sent them the Slackware Linux 9.1 annoucement and they rejected it... OSnews posted mine on 2003-09-27 00:07:36 (before someone sent it to Slashdot)... BTW Slashdot doesn't have any Slackware icon/subject. Anyway, what a nice surprise; Slackware Linux 9.1. I have tried several OSes and Slackware Linux remains the 2nd (speed, stability, simplicity). FreeBSD is the 1st. However, Slack is really nice. n0dez
as stated, an Anonymous Coward ;-)
- LinuxPackages (formerly LinuxMafia), for user-contributed binaries not in the base distribution
- UserLocal is a 100% lynx compatible user community for Slackware.
- LinuxQuestions has a Slackware forum.
- Dropline Gnome, which packages GNOME stuff for Slackware. For a while, this was because Pat didn't include any GNOME 2 stuff. Now Dropline's packages are a replacement for the base Slack GNOME. Sometimes they're more up to date.
Of course, there is the infamous alt.os.linux.slackware. It's not as hostile as some people say, as long as you try Google first.it's green.
Well, the torrent is giving me a steady 60K per second right after a release anouncement for a disto that is getting tons of downloads. It sucks if you're behind a firewall that you cannot poke holes in, but for the rest of us, it's a great tool.
Gentoo is actually so *bleeding* edge that they managed to stuff a broken GCC in their release-stream a few weeks back... It'll be some time before slackware does the same ;-)
Or, you can just apt-get install programname , and save yourself all that trouble. If there's ever a new version of that program, it will be upgraded automatically (unless you don't want it to be). If you want to remove it, see where its files are located, or reinstall it, all of those are one command away. If you want to read about something before you install it, you can still do that. It's not like apt will refuse to install something if you've been to its web site.
It's hard to be religious when certain people are never incinerated by bolts of lightning.
great, now the bittorrent and the stupid oranged.to are overloaded
Nice going bittorrent, two strike-outs in one day (fanimatrix trailor)
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
Actually you don't even need swaret-- though it makes things easier I'm sure. Just download everything you need from slackware-current, and
/var/log/packages will reflect your new version.
upgradepkg --install-new *.tgz (the install-new gets packages that you may not have earlier versions of installed.)
Voila-- you're done, and you have a totally current system. And done more easily than any of the rpm based systems, IMO.
Remember, the version number in Slackware is just a snapshot in time. Unlike Redhat where the rpm version names of different programs vary from each release, you can pretty much upgradepkg any named package and
Acquiescence leads to obliteration
I've had trouble getting NVidia's driver to install on Slackware versions 8.0 and 8.1. Has anyone gotten this to work with a more recent version?
The box that I'm typing this message from was originally installed w/8.0. I made the leap to 8.1, then 9.0, and I'm currently on -mostly-current (I pick 'n' choose). All upgrades, with no reinstall. I tried an upgrade from Solaris 2.6 to 7, but had to run a fresh install of 7 after a month or so. Upgrade experiences in windows-land were similar. In short, the *only* OS that I've been able to upgrade w/out reformatting and starting from scratch is slackware.
And before I get flamed for not being able to upgrade windows or solaris, the point I'm trying to make should be more of a reflection on slackware's ease of upgrade than my incompetance in solaris or windows administration. You may want to point out to the slack users you know that there's usually an upgrade.txt file on the CD to walk you through the upgrade. No problems here so far.
As a matter of interest, what is on Disc 2? Slackware has come on one CDROM (for the binary/install stuff) for some time now. I have been so used to keeping a separate directory for sources in addition (or complementary) to the distro, I wonder if I need the second CD iso. Anybody have any information on this?
I maintain a few dozen slackware boxes at work, and quite a few of our staff run slack at home,
so I've been using rsync to maintain a copy of the latest rev + slackware-current. The problem is, SF
seems to have stopped offerring rsync, and there are no rsync mirrors listed on the getslack page
anymore. The main site is way too busy for reliable rsync, so i'd rather use a mirror...
Anyone have any suggestions?
And if you're reading this Patrick, thanks.
I got into Linux back in '94 or thereabouts with Slackware, but had flings with RedHat, Mandrake and Debian between 1989 and 2001. Eventually, I got tired of their respective idiocies and went back to Slackware, and I don't regret it.
You should be seeding the torrent if you already have the ISOs! Make it faster for everybody else :)
I can't say I've ever found the need to bother with Swaret, since the distribution is so easy to maintain with a text editor, but I find that it is generally easiest to simply download the source and compile applications rather than bothering with arcane package management systems. Since Slackware mostly has everything in the right place to start with, I rarely have any problems.
rsync mirrors are in the swaret docs.
Of course, if you know of other ones not listed there, feel free to share here...
>> Hope you like that program, cause you're never going to get it fully uninstalled.
If I don't like it, why would I remove it? I'm more likely to just not use it. After all, every Linux dsitribution is full of applications that a given user never touches.
With all this jabber about installation routines, sometimes I think people spend all their Linux time installing and removing software, rather than actually using the thing.
-- Slashdot: When Public Access TV Says "No"
I guess I'm the only person that doesn't really think that sounds nice. I usually find that I can get what I want easier as sources, and that is really nice. I know, most things have debian packages, but I've found I have a tendency to only need things which don't. Might just be me however (or they don't post their debian packages in their binary packages lists, which would be really weird). Also, I run CVS almost half the time, so...yeah.
There'e enough to learn and use in Linux without getting bogged down in learning about a particular distributions proprietary packaging scheme.
I've tried and used several releases of all the major RPM-based distributions (RedHat, SuSe, Mandrake), installed Debian more than a few times, spent a l-o-t of time on Gentoo installs.
What has caused me the biggest headaches in each of these distributions? Problems with their packaging systems. Every blasted one of them has managed to put my machines in a broken state.
Yes, sometimes chasing down and compiling some obscure piece of code can be frustrating if I'm using Slackware and installing from source. But, I know how to do that, the concept is simple, and if it goes wrong, I know I can trace the problem and fix it.
If RPM or apt or emerge or whatever goes belly-up, fixing the problem means I have to take time to learn about that packaging system. Why should I?
-- Slashdot: When Public Access TV Says "No"
9/23/2003 7:58 : Slackware: 'openssh' PAM vulnerability
/etc/rc.d/rc.M.
/etc/rc.d/rc.M.
- Upgraded OpenSSH 3.7.1p2 packages are available for Slackware 8.1, 9.0 and -current. This fixes security problems with PAM authentication. It also includes several code cleanups from Solar Designer.
9/23/2003 7:57 : Slackware: 'proftpd' vulnerability
- Upgraded ProFTPD packages are available for Slackware 8.1, 9.0 and -current. These fix a security issue where an attacker could gain a root shell by downloading a specially crafted file.
9/23/2003 7:56 : Slackware: 'wu-ftpd' vulnerability
- Upgraded WU-FTPD packages are available for Slackware 9.0 and -current. These fix a problem where an attacker could use a specially crafted filename in conjunction with WU-FTPD's conversion feature to execute arbitrary commands on the server.
9/17/2003 15:35 : Slackware: sendmail multiple vulnerabilities
- There are multiple vulnerabilities in the sendmail package.
9/17/2003 15:34 : Slackware: openssh buffer management errors
- These packages fix additional buffer management errors that were not corrected in the recent 3.7p1 release.
9/16/2003 19:40 : Slackware: openssh Buffer management error
- These fix a buffer management error found in versions of OpenSSH earlier than 3.7. The possibility exists that this error could allow a remote exploit, so we recommend all sites running OpenSSH upgrade to the new OpenSSH package immediately.
9/11/2003 16:02 : Slackware: pine arbitrary code execution vulnerability
- Upgraded pine packages are available for Slackware 8.1, 9.0 and - -current.
9/9/2003 12:10 : Slackware: inetd denial of service vulnerability
- These updates fix a previously hard-coded limit of 256 connections-per-minute, after which the given service is disabled for ten minutes.
8/26/2003 17:47 : Slackware: unzip directory traversal vulnerability
- These fix a security issue where a specially crafted archive may overwrite files (including system files anywhere on the filesystem) upon extraction by a user with sufficient permissions.
8/25/2003 17:46 : Slackware: GDM file permission vulnerability
- This fixes a bug where a local user may read any system file by making a symlink to it from $HOME/.xsession-errors and using GDM's error browser to read the file.
8/1/2003 22:45 : Slackware: Konqueror Multiple vulnerabilities
- Note that this update addresses a security problem in Konqueror which may cause authentication credentials to be leaked to an unintended website through the HTTP-referer header when they have been entered into Konqueror as a URL
7/16/2003 16:13 : Slackware: nfs-utils off-by-one overflow vulnerability
- There is an off-by-one overflow in xlog() in the nfs-utils package.
7/15/2003 16:51 : Slackware: nfs-utils denial of service vulnerability
- This fixes an off-by-one buffer overflow in xlog.c which could be used by an attacker to produce a denial of NFS service, or to execute arbitrary code.
6/18/2003 21:14 : Slackware: kernel Multiple vulnerabilities
- These provide an improved version of the ptrace fix that had been applied to 2.4.20 in Slackware 9.0, and fix a potential denial of service problem with netfilter.
5/29/2003 10:25 : Slackware: cups denial of service vulnerability
- Upgraded CUPS packages are available for Slackware 8.1, 9.0, and -current to fix a denial of service attack vulnerability.
5/23/2003 12:14 : Slackware: UPDATED: quotacheck
- An upgraded sysvinit package is available which fixes a problem with the use of quotacheck in
5/22/2003 9:49 : Slackware: quotacheck vulnerability
- An upgraded sysvinit package is available which fixes a problem with the use of quotacheck in
5/22/2003 9:47 : Slackware: mod_ssl timing based attack vulnerability
- This version provides RSA blinding by default which prevents an extended timing analysis from revealing details of the secret key to an attacker.
"Sufferin' succotash."
perl -e 'print $i=pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'
9/23/2003 19:14 : Gentoo: openssh Multiple PAM vulnerabilities
/tmp which could allow local user to overwrite arbitrary files.
- Portable OpenSSH versions 3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the new PAM code. At least one of these bugs is remotely exploitable (under a non-standard configuration, with privsep disabled).
9/17/2003 21:56 : Gentoo: sendmail Buffer overflow vulnerabilities
- Fix a buffer overflow in address parsing. Fix a potential buffer overflow in ruleset parsing. This problem is not exploitable in the default sendmail configuration.
9/16/2003 19:39 : Gentoo: openssh Buffer management error
- ll versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively.
9/16/2003 15:50 : Gentoo: exim buffer overflow vulnerability
- There's a heap overflow in all versions of exim3 and exim4 prior to version 4.21. It can be exercised by anyone who can make an SMTP connection to the exim daemon.
9/15/2003 8:28 : Gentoo: mysql buffer overflow vulnerability
- Anyone with global administrative privileges on a MySQL server may execute arbitrary code even on a host he isn't supposed to have a shell on, with the privileges of the system account running the MySQL server.
9/2/2003 17:17 : Gentoo: 'atari800' buffer overflow
- atari800 contains a buffer overflow which could be used by an attacker to gain root privileges.
9/2/2003 9:34 : Gentoo: 'gallery' cross-site scripting vulnerability
- Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter.
9/2/2003 9:33 : Gentoo: 'mindi' temporary file vulnerability
- Mindi creates files in
9/2/2003 9:33 : Gentoo: 'eroaster' temporary file vulnerability
- Previous eroaster versions allowwed local users to overwrite arbitrary files via a symlink attack on a temporary file that is used as a lockfile.
9/2/2003 9:32 : Gentoo: 'phpwebsite' SQL injection vulnerability
- phpwebsite contains an sql injection vulnerability in the calendar module which allows the attacker to execute sql queries.
9/1/2003 23:09 : Gentoo: horde Remote session hijacking
- An attacker could send an email to the victim who ago use of HORDE MTA in order to push it to visit a website. The website in issue log all the accesses and describe in the particular the origin of every victim.
9/1/2003 23:07 : Gentoo: vmware Insecure symlink vulnerability
- The previous GLSA 200308-03 was wrong when it stated that vmware-workstation-4.0.1-5289 would fix the problems described in the advisory.
9/1/2003 23:07 : Gentoo: pam_smb Remote buffer overflow vulnerability
- If a long password is supplied, this can cause a buffer overflow which could be exploited to execute arbitrary code with the privileges of the process which invokes PAM services.
8/25/2003 17:41 : Gentoo: vmware-server env variable vulnerability
- By manipulating the VMware GSX Server and VMware Workstation environment variables, a program such as a shell session with root privileges could be started when a virtual machine is launched.
8/14/2003 16:17 : Gentoo: semi Insecure temp files
- The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
8/14/2003 8:36 : Gentoo: multiple vulnerabilities
- There are multiple vulnerabilities in Gentoo Linux source tree.
7/19/2003 18:06 : Gentoo: nfs-utils Denial of service
- Local or remote attacker which is capable to send RPC request to vulnerable mountd daemon could execute artitrary code or cause denial of service.
7/19/2003 18:06 : Gentoo: gnupg Unauthorized acess
- gpg needs to be setuid to make use of protected memory space, however the setgid bit all
"Sufferin' succotash."
Is there any reason to use Slackware, besides 31337 penis erlargement ?
And what's more important than 31337 penis enlargement? This being slashdot, after all...
Frankly, I agree w/ you to some extent. SlW was my first distro, and I tried the last two installments. Frankly, I can't think of any reason to run it right now, given Debian's easy apt-get upgrade and red hat's and SUSE's "it just works" mentality. But I still wouldn't want to see the world without Slackware.
Save your wrists today - switch to Dvorak
Err, slack will probably be the last to go to DVD media, in fact the philosophy of Patrick is to fit the entire set of install binaries on one CD. I'm real surprised that they even needed a second SRC CD. Slack has been a 3 CD collection since I can remember (7.0) While this doesn't lend to having everything, slackware isn't that kind of a Linux distro. I've run Linux since god knows when (~Jan-1999) and Slackware is quite honestly the distro that has changed the least, I've run most everything too; OpenLinux, SuSE (4.4.1 I may add, 2.0 days) RH, and so on and so forth. None are even cloes to Slackware's style, Slack isn't about getting everything you need out of the box, it's about not getting all the crap you don't. I will end this rant by saying that Slack proves there is a difference between using Linux and Running Linux, and as they say have a lot of fun =)
Don't call my crazy, that's what they called me back in the home!
>I mean for pure open distros we have already Debian with it's superior apt.
Slackware isn't going for the "pure open distro" thing, so Debian isn't where it's at.
Slackware is about making it work. Back a while ago that meant including XV and Netscape 4.07.
>So what makes Slackware special enough to give me a serious reason to use it ?
It's free (price), as easy, if not simpler, to install as Debian, and Patrick doesn't go ape-shit over semi-free licenses.
Also: The init system, the installer, the size (can be customized VERY easily to be quite small), the simplicity, the non-brokenness contribute to why I run it.
>And always remember: you are competing with OpenBSD, too.
In the case of slackware, why compete? They take the best of BSD (similar init system) and the best of linux (most other stuff).
If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
Slackware needs something akin to Kudzu or HardDrake. Automatic hardware detection would be a HUGE benefit to Slackware.
I first tried Slackware with version 7.1, it was clean, fast, wonderfully stable and streamlined, but it took me far too long to set up the hardware that Mandrake recognized right after installation. The setup for X windows was a bit trickier than Mandrake's as well.
I started off with Linux using Redhat 4.2, I was a big Redhat fan until I tried Mandrake 6.0, I've been a Mandrake loyalist ever since. I tried a few other distros (Storm, Turbo, SuSe) along the way since, but nothing has been able to win me back over from Mandrake.
I picked up Slackware 7.1 used for $15 with the full set of CDs and the books. I was very impressed with it. But for my needs, it's the third best choice.
Slackware would be great for a rackmount server that is rarely opened, but for a desktop system that is upgraded fairly often, I just don't see it making much progress.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
They are all Slackware-specific. Every distro has its own collection of endless holes. If a distro includes an app with a hole, that's a part of that distro.
Read my sig for a change.
"Sufferin' succotash."
Perhaps Microsoft will catch on and release official torrents for Windows from now on :)
That would make it a lot faster for us.
It's just a copy of the 9.0 announcement, witty comments and all, with all the version numbers changed (most incremented by 0.0.1) and a couple sentences added mentioning new features.
I will now go download this and install it over the top of FreeBSD.
BitTorrent package is avaible only on slack 9.1 (current/extra) and it needs python 2.3 (only avaible on 9.1) to work, i think that BitTorent use should have been better planned
More accurately, they are holes in programs that occur in _every_ linux distro that packages them, so to say they are slackware specific is quite misleading. The fixes are slackware specific, but the holes are not.
Further, you led off with SSH and PAM. That one is an example of Slackware going an extra mile for its users, since Slackware has never packaged PAM, or included it in anyway in the distro. (And I should know since I compiled it for pam_ldap). So you have a fix for things that Slack didn't even package. I won't address the rest of these since you blew your credibility with the first item.
Acquiescence leads to obliteration
How many slackware users bother with binary packages after the initial system install?
my sig's at the bottom of the page.
Setting up an usb wheel mouse in debian is a nightmare, in fact, I could not do it. FreeBSD (both 5.1 and 4.8) automatically recognised it (you had to say no to mouse configuration in sysinstall). To get the wheel working, you must add one parameter: "-z 4 5" to your usbd.conf (not rc.conf, X picks up settings from usbd methinks).
I won't use slack btw, cause I have a slow machine. FreeBSD offers the best of both worlds: use ports to compile stuff, or use pkg_add to install binaries. Both tools handles dependencies automatically, and its pretty up to date (XFree86 4.3, KDE 3.1.4, etc..)
sorry - mouse section (the command starting the mouse) in usbd.conf + I added the same param. to to XFree86cfg. Mouse worked before that, but without wheel.
It worked just fine for me. Just make sure you have hotplug installed and it should set it up automatically.
It's hard to be religious when certain people are never incinerated by bolts of lightning.
Slackware is like... well... like floating on a cloud of titties... It's the dream you wake up from and rush to get back to. It's the climax at the end of the orgasm. It's also the best damned Linux distro ever put together. I too have tried all the big ones searching for the distro that made linux fun and easy. With Slackware everything is right where you'd expect it to be. You can run it from a command line (which Mandrake and Redhat try to hide) or you can boot up into one of the best damned desktops I've ever seen (Gnome 2.4 fsckin rocks!). When I first started with Linux a little over a year ago I had absolutely no idea which one to use. I tried Redhat first (too much like Windows), I tried Mandrake (too much like Redhat!) , Debian, Suse, and even Dragon (well the name sounded cool anyway...), and then left and went with FreeBSD (from which I learned quite a bit about the command line) and loved it! Just one problem. You can't use all the software available to linux in FreeBSD. Then I read an article written about a guy trying to use Linux in a Windows work environment (I'm a Sys Admin and was looking to do just that) and he mentioned Slackware. I downloaded it, installed it and have never looked back since. I've learned more about Linux (and oddly enough about Windows) from installing and running Slackware than any other distro I'd tried. Also, the Slackware community is unbelievably helpful and arguably one of the most knowledgable in existence many having been around since Slackware 1. I for one welcome Patrick, our reigning Slackware maintaining overlord! May the hair on his toes never fall out!
SuSE for a couple of years and currently Mandrake also have DVD installs so as to avoid disk swapping.
Yes and if you run those programs on any other distro you'll have the same security holes. Gentoo just puts out adviseries more often than the average Distro. I doubt you'll see Red hat putting up adviseries for nethack or vnc. Most distros just put out adviseries if the program has a remote root exploit in it and it's included by default on their installation discs.
This single phrase from the announcemnt shows why slackware is really unique:
"Each Slackware package follows the setup and installation instructions from its author(s) as closely as possible, offering you the most stable and easily expandable setup."
Accursed upgrade cycle!
which is not an issue when you're running something like Gentoo or Debian. People bring up Gentoo because it's relevant, regardless of if you like it or not. Speaking of, have you even used Gentoo?
Regards
CB
free ipod and free gmail!
I used Slackware 9.0 for the past 4 months, and found some problems. USB mouse issues, USB drive issues, nforce2 problems (I couldn't enable DMA, and my hdd speed transfered at 3.39MB per second, and it 6.6MB per second if I tweaked with -c3 -m16 via hdparm), and misc annoyances that seems to be misconfigured (such as sendmail). I decided to whack (fdisk) my Linux partition and rebuild with 9.1! Wow, am I amazed. Mozilla's fonts actually don't SUCK when i read slashdot, USB devices work happily, my hdd is in DMa mode and x-fers at 34MB per second. Before anyone asks, yes, I did try upping my kernel to the latest stable and still had these issues. Granted I could have fixxed the Mozilla issue myself, however I'm lazy and it wasn't _that_ important enough for me to care. Above all, it supported my nforce2 happily without me having to tweak my stuff. It also allowed me to configure my rc.M startup for software, which was very nice!
"Do or do not. There is no try." -- Master Yoda (Half man, half muppet)
To the point: If RedHat, Mandrake or Debian distribute those applications, are the holes still specific to Slackware? If so, it seems a bit harsh to saddle Pat Volkerding with the burden of shame for other people's errors.
Given that no non-trivial program is ever bug-free, and that the bugs you list have all been fixed, your argument is nonsensical.
There is nothing that is as stable as slackware. After all, it has been around since the dawn of linux.
If you compare the crash statistics between say RH and Slackware, you'll see the difference. After all, crashes=downtime, and downtime=lost money if you're a company. If you're a private person, crashes=cursing, and cursing=CHA penalty, and that means higher barter prices.
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
Hopefully a helpful minor correction:
/extra. I went to a site that had the 9.1 dist (but not the ISO's). I downloaded Pat's bittorrent .tar.gz. I ran installpkg. I tried to use btdownloadcurses.py as Pat said. It didn't work because the bt lib files were installed to /usr/lib/python2.3/site-packages/BitTorrent/*. I copied these files to /usr/lib/python2.2/site-packages/BitTorrent/* since Slack 9.0 has python 2.2. Ran btdownloadcurses and everything works like a charm.
(I'm sure this will never be read by anyone now that the story is 2 days old, but I'll post anyway.)
I run slack 9.0 and want these ISO's, so leaned everything I know about BitTorrent tonight. I learned that it is available in 9.1 in
So it will work with python2.2.
Hope this helps someone else.
Just another slacker,
-C