Slashdot Mirror
Unusual, Obscure, and Useful Linux Distros
angry tapir writes "Most people will be familiar with some of the big names when it comes to Linux — distributions like Ubuntu, Red Hat Enterprise Linux, Debian, and Mandriva. Most of the well-known Linux distros are designed to be used as general-purpose desktop operating systems or installed on servers. But beyond these distros are hundreds of others either designed to appeal to very specific audiences or to fulfill the somewhat niche needs of some users. We rounded up some of the most interesting Linux distributions that you might not have heard of."
... the live CD you have with you.
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
We need a new instant mirror site for slashdot. Any suggestions?
"One of the benefits of open source software that many people are most familiar with is that it's free to download.
This means you can grab great applications — such as Mozilla's Firefox Web browser, the OpenOffice.org office suite or the GIMP photo editing program — without paying a cent.
However, the other major benefit of truly open source software (some "open source" software licences are more restrictive than others) is that you're allowed to modify a program and redistribute your altered version so other people can enjoy it.
Linux is a classic example of this: there are hundreds (at least!) of different Linux-based operating systems. Most people will be familiar with some of the big names — distributions like Ubuntu, Red Hat Enterprise Linux, Debian and Mandriva.
Most of the well-known Linux distros are designed to be used as general purpose desktop operating systems or installed on servers. But beyond these distros are hundreds of others either designed to appeal to very specific audiences or to fulfil the somewhat niche needs of some users.
We rounded up some of the most interesting Linux distros out there that you might not have heard of.
Insecure by design: Damn Vulnerable Linux
Damn Vulnerable Linux is "The most vulnerable and exploitable operating system ever" according to its Web site.
It's designed for security training; it includes training material and exercises (as well as a whole bunch of flaws to exploit). As Mayank Sharma notes: "Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn't. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks."
Indulge in paranoia: Tinfoil Hat Linux
Tinfoil Hat Linux is pretty much the opposite of Damn Vulnerable Linux: it's designed for the paranoid among us.
"It started as a secure, single floppy, bootable Linux distribution for storing PGP keys and then encrypting, signing and wiping files.
At some point it became an exercise in over-engineering." According to its developers, a possible reason for using it is that that "Illuminati are watching your computer, and you need to use morse code to blink out your PGP messages on the numlock key." They're joking. Probably. (In case you want more tinfoil protection, there are some links to a site about aluminium foil deflector beanies and tinfoil suits.)
CSI Linux: CAINE
CAINE (Computer Aided INvestigative Environment) is probably one of the coolest niche Linux distributions around. It's designed for digital forensics (so sadly, no blood spatter analysis) and was developed at the Information Engineering Department of the University of Modena e Reggio Emilia in Italy. It includes software such as TheSleuthKit and Autopsy Forensic Browser for examining file systems, data recovery applications, steganography tools and utilities for securely wiping drives (you know, in case someone else has a copy of CAINE).
Open source engineering: CAELinux
Eminently embeddable: Zeroshell
Zeroshell Linux gets its name from being designed to be solely administered through a Web interface. It's intended to be used on servers and embedded devices.
Its features include load balancing, support for 3G mobile broadband connections and RADIUS support.
Ditch Windows Media Centre: Mythbuntu
Mythbuntu is not really a niche distribution, but it is designed for a specific task rather than being a general desktop distro.
Mythbuntu is used to run PVRs and media centre PCs. As its name indicates, it's derived from Ubuntu Linux.
However, it's ditched the Gnome and by default utilises the relatively barebones Xfce desktop environment.
Damn Small Linux is damn cool
Damn Small Linux (DSL) is actually quite a well known distribution. It's not nearly as small as the amazing MenuetOS (which is a non-Linux OS writ
Domestic spying is now "Benign Information Gathering"
http://www.goodgearguide.com.au.nyud.net:8080/article/351651/12_most_interesting_unusual_useful_linux_distros/
Come on submitters, just hit it once before you hit submit, that way a mirror exists somewhere.
These distros should become meta-packages for larger distros. You should not need to install a specialized OS because you need specialized applications or specialized configurations. The application developer would be better served working with the larger Linux community, to ensure that the usefulness of the given applications is compatible and availible across all distros and platforms. Linux should always have a diverse ecosystem, but Linux should also have a universality about it, that a given meta-configuration can be established to a given Linux with automatic dependency resolution.
Replying to undo moderation. pfSense is based on FreeBSD, not Linux.
Can't get to the site but if your list is complete I'm surprised there's no mention of Scientific Linux. The distro created by the Fermi National Accelerator laboratory and CERN has to be high on the list of unusual and interesting Linux distributions. Actually, works pretty well as a standard desktop too...
It makes the Slug rock!
Set your phasers on "funky"!
Coral Cache:
http://www.goodgearguide.com.au.nyud.net/article/351651/12_most_interesting_unusual_useful_linux_distros/
List of the distros:
steveha
lf(1): it's like ls(1) but sorts filenames by extension, tersely
According to its developers, a possible reason for using it is that that "Illuminati are watching your computer, and you need to use morse code to blink out your PGP messages on the numlock key."
Nice. For the uninitiated, this is (spoiler alert) an allusion to one of the coolest (realistic) hacks in all of fiction, which occurs in the novel Cryptonomicon by Neal Stephenson. Required reading for computer and cryptography geeks.
"This algorithm runs in constant time. Come on, 2,147,483,648 is a constant..."
But really, I think this is all the common people would want/need if they want to replace Windows.
My favorite, but no longer obscure. Puppy is now v. 5.0 and # 10 in page hit ranking on Distrowatch. Puppy is arguably the cutest distribution, the most sincere distribution, and the most beloved distribution. Not to mention very compact, very capable, very easy to install or run live, and very extensible. Try some now! Try some today! Puppy is good for you! Everyone should know about it!
What surprises me is no SLAX. When i first found it SLAX was a very usable live-cd which would fit on those tiny 8cm CDs (before large enough USB sticks were affordable enough to just have a few in your bag) and had an easy startup option to load the entire image into ram
Then i check it a few months ago, it now offers an interface on the website to select from a very large library of software, click the boxes you want and presto, instant live-image completely to your own taste
People, what a bunch of bastards
At first reaction, I laughed quite hard. Upon further examination, the software included in the distro looks to be quite useful. I have forwarded Xiphos (a piece of bible study software included in the distro) on to my grandfather, who immerses himself in study of scripture. If that's your thing, I would check it out. Guess I learned about a new project today. Look at that, Slashdot taught me something.
That was how I read the title at first glance. So disappointed.
1. Jesus saves - early and often. Or maybe you could just configure him to auto-save?
2. Who needs backups when you have faith?
3. Wait until you see our "firewall"!
4. Well, good, at least they're trying to convert those Linux heathens.
5. Some tools not included: head, finger, fsck...
6. "missionary" the only available filesystem (mount -t missionary - and then only for procreation)
7. Good news! Jesus healed the Gimp! Zombies raised from the dead!
8. Thou shalt not take the hostname in vain.
9. Honor thy PPID.
10. Thou shall not kill -9.
11. Those are penguins, not nuns!
Known bugs:
Sometimes Jesus thinks he's Richard Stallman.
vlc only plays G-rated AVIs.
$ mesg y
$ write god
write: god is not logged in
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
"If you don't laugh, you didn't get it, but if you ONLY laugh, you didn't get it." [Book of the SubGenius]
It only took 12 hours for the site to load, but lets have a look at the "distro" and their roots.
Damn Vulnerable Linux unknown
Tinfoil Hat Linux unknown
CAINE Ubuntu
CAELinux Ubuntu
Ubuntu Christian Edition Ubuntu
live.linuX-gamers.net unknown
Parted Magic Ubuntu
GMusix GNU+Linux Debian
Zeroshell Linux LFS methods (i.e., actually rolled themselves)
Mythbuntu Ubuntu
Damn Small Linux Debian
Tiny Core Linux unknown
Ubuntu 41.6%
Debian 16.6%
--------------
Known Distros 58.3%
Unknown distros 33.3%
Original works 8.3%
Feel free to reply with updates if you know the origin of the unknown's.
I know from personal experience, rolling your own distro is hard work. I tried, using other distros (Slackware and LFS methods) as a guide. Just taking someone elses patched beyond usefulness sources and calling them your own isn't your own work. You aren't building, and you can't go back to the original author and submit a fix. Mine was to stay true to the original author's work, since I've seen so many problems which are directly (correctly) attributed to some distro haphazardly patching (and breaking) things.
I spent a lot of spare time writing and rewriting build scripts, hunting down sources (real quick, where is the authors site for the most current version of "ps"?), building a build environment, building the sources into installable packages. It sounds like an awful lot of fun, until you've already spent a month putting things together, and you've just gotten past the low level stuff (basic system utilities, filesystem utilities, compilers, major required libraries, and the boot loader of your choice). Wow, a month later, and we don't even have X, a desktop manager, or occasionally useful things like a web browser. Now you have to go back and check all your versions against the current version available from the author. Unless you have a rather dedicated team of folks with no day jobs nor personal lives, you'll spend your days just verifying that your packages are built from current sources.
God forbid there's a change in say glibc, which breaks some other application. Now you're notifying the author of the application, which can be a job in itself to go back and forth with them about what distro you're running (built it myself). Oh, you're own? That's good and bad. What versions of the compiler and required libraries are you using? "Sign up to my mailing list, so we can all work on it." Two weeks later, you may have a patch which may become a released version two more weeks later. If you're a good guy, and somehow have way too much time on your hands, well versed in every programming language and methodology, a genetic disposition to not sleeping, and a serious speed habit, you may be patching it yourself, and handing that patch up to the author. What? Your patch was refused because it didn't follow his methodology? It doesn't work in recursion and will break older distros (like the one right before the glibc update). Now you've fallen into what others do. I'll patch mine, but just this one, I swear. It'll be the authors true code when he releases the right fix. On to the next!
Serious? Seriousness is well above my pay grade.
Surely BackTrack needs a mention. One stop shop for Penetration Testing, Ethical Hacking, Security Analysis and pretty much anything else security-related. It might not qualify as a fully-blown "distro" depending on your definition, but it's a lot more customised than your standard "Clonebuntu" variants.
If you are even remotely interested in Network Security or Penetration Testing, it's a really invaluable tool.
Curse you, mod point allocation bot! I need to mod parent 'eye-opening if, like me, you never considered how much work goes into a distro'.
They whose government reduces their essential liberties for temporary security, receive neither liberty nor security.
" Damn Vulnerable Linux unknown"
It's based on Debbian and Knoppix. See: http://distrowatch.com/table.php?distribution=damnsmall
" Tinfoil Hat Linux unknown"
Not listed on Distrowatch, or at least I couldn't find it :(
" live.linuX-gamers.net unknown"
It's based on Arch, see: http://distrowatch.com/table.php?distribution=linuxgamers
" Tiny Core Linux unknown"
Independent (self-rolled). See: http://distrowatch.com/table.php?distribution=tinycore
If you want details about Linux Distributions there's no better place I know of, or more comprehensive, than distrowatch.com. Really surprised Tinfoil is not listed!
I tried to build up a RT Linux distro using the latest release from kernel.org while trying to support a OMAP processor. Needless to say, since they wanted it in 30 days, I didn't get it all put together. I was shown the door. even though I had the x86 version running.
You forgot
anything Ubuntu Debian
The preceding post was not a Slashvertisement.
What gives you the right to tell others what they should do?
If someone wants to make a carbon copy of Ubuntu but written entirely in Perl on a single line, that is THEIR business. NOT YOURS.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
I just want a 64-bit distro that has working Flash and sound drivers. Even if I had to buy a specific sound card I'd be happy.
Of course the first time I updated it would probably switch to some new sound driver which wouldn't work.....
And then there's the issue of Adobe dropping support......
I want to use Linux, I really do! But I need to get some work done, not spend all my time tracking down drivers and patches.
The original Christian distribution: Jesux!
BusyBox with a custom kernel could probably have been pulled off in that time frame. As long you were quite aware of it already.
I find some of the more obscure and useful stuff is simply about finding it.
Plop is a nice busybox variant which has been design to boot and run entirely in ramdisk. I designed several rack burn utilities with plop so I could test on a closed network. The advantage of creating a single head and moving onto the next host with my usb stick was quite handy.
However, getting to that point and finding someone who had laid a good foundation was a bit time consuming.
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
hehe. Thanks. :)
Really, I hadn't thought it was so hard until I tried. I'm glad I did. It's something every really serious senior Linux admin should try at least once. Besides a very interesting understanding of how things work beyond "type this command, watch this happen", it taught me to respect my elders, and watch for mistakes that are made (like the patching chaos that is the Redhat/Debian/derivatives world).
After that dive in, I pray to the Slackware god, since he does things pretty damned close to the way I like. There are several finer points that I could probably argue with Patrick about over beers sometime (assuming we're ever in the same place at the same time, and he'd accept a free drink or three). Not that the argument would get anywhere, but it would be a nice discussion, and a fun excuse to drink. Bah. Who needs excuses for that? :)
Serious? Seriousness is well above my pay grade.
pfSense is based on FreeBSD, not Linux.
Yeah. There're several Linux-based firewall distros, though; IpCop is perhaps closest to pfSense.
It's pretty sweet!
http://hannahmontana.sourceforge.net/Site/Home.html
I haven't checked on the TA-Spring (or simply the spring project) updates anymore... but a year ago, that seemed like one of the best (ever) real time strategy games - as far as I'm concerned up there with the likes of Starcraft... meaning it's up there with the popular windows games.
It has it's problems for the installation (you need separate bots, maps, and sets of units), but that's really why I was hoping to have it included in this gaming distro.
The highlights
DansGuardian http://dansguardian.org/ web filtering not something I'm bothered with for myself but anyone with kids should be concerned with what their children see.
Its built into ubuntu christian edition along with bible study software and other religious junk but obviously would work for any ubuntu edition.
http://ubuntusatanic.org/screenshots.php ubuntu satanic edition has some really nice art work not mentioned in the article but in the comments also there is sabily A muslim edition of ubuntu. Other religions are available even one designed to run Amiga software on, http://www.xamiga.net/
musix is a fully open source multimedia debian based distro
caine is for digital forensics
DVL might be interesting if you have an interest in security
Blarney Quality Restaurant, Plants
Thanks. Since the only one left is tinfoil, I grabbed it, and did a little poking around. Just based on the mentions in the readme.txt, it may be a self-rolled distro. It to be Busybox based. I was thinking of rolling one of those up myself, except busybox annoys me when it can't do particular things because it doesn't understand posix flags (my biggest annoyance is with cp). That can be corrected easily enough with some select static binaries, rather than symbolic links to busybox. :)
... Target
... Target
... and over ... and over ...
The busybox "cp" flags are:
cp [-a] [-d] [-p] [-R] Source
The posix "cp" flags are:
cp [-f] [-H] [-i] [-p] [-r | -R] [--] Source
There are others, I've just had quite a few occasions to boot to a Busybox based CD, and then my commands don't work. Or worse, a script on the machine doesn't work because the flags don't work.
So the distro tally is up to:
Damn Vulnerable Linux Debian
Tinfoil Hat Linux self-rolled (?)
CAINE Ubuntu
CAELinux Ubuntu
Ubuntu Christian Edition Ubuntu
live.linuX-gamers.net Arch
Parted Magic Ubuntu
GMusix GNU+Linux Debian
Zeroshell Linux self-rolled - LFS methods
Mythbuntu Ubuntu
Damn Small Linux Debian
Tiny Core Linux self-rolled
Ubuntu (5) 41.6%
Debian (3) 25.0%
Arch (1) 8.3%
--------------
Known Distros (9) 75.0%
Original (3) 25.0%
That's still a long way from a list of distros to check out, unless you like checking out the same thing over
BTW, sorry for the code formatting. I wanted to keep my columns straight in the data parts of the post, and I don't know of a better way on here to do it.
Serious? Seriousness is well above my pay grade.
I had busybox on my list of tools I used and cut a systems with it using slack, but I got paranoid
after the latest kernel requirement and bailed to debian for the tools. In the end, I SUCKED and DIED.
Its always been a great distro for people who just want a stock Unix on their PC rather than a Wannabe-Windows clone but it was frequently a bugger to get some hardware working properly and also Xwin configuration was very tedious. I defected to Suse for a while because of this but now Slackware is more or less plug and play. I installed 13.0 on my Acer laptop and desktop Dell at work and it Just Worked. The only issue I had was with the wifi on the laptop but that was a kernel bug - I compiled a later kernel (yeah, slackware can still be hardcore) and wifi worked fine.
Is this like fast, cheap, and reliable - choose any two?
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
I only did it to differentiate between those who have chosen to use Ubuntu, and those who didn't. I know Ubuntu is a pretty skinned Debian with some extra patches. Ubuntu patches on top of Debian patches, on previously good code, what could possibly go wrong. Oh, lots.
It's similar to CentOS being a patched derivation of RHEL. It's another layer of people messing with perfectly good code, and making it not so perfectly good. In the list provided, there were no CentOS, RHEL, nor Fedora variations, so I didn't mention them.
I'm anything but a fan of messing with someone else's code, unless it's for internal use. Sure, I'll make my own changes to your code, but I won't then distribute it as if it was as good as the original. I know there are a lot of authors and software companies/groups who agree with me on that. My changes are usually performance patches (as necessary), and usually commented in the code that the change may be acceptable. For example, here's one I use on Apache for my web servers:
cd apache_$apache/src/include ; cat httpd.h | sed -e s/HARD_SERVER_LIMIT\\ 256/HARD_SERVER_LIMIT\\ 4096/g > httpd.h.new ; mv httpd.h.new httpd.h.
(that's just one line of my 152 line Apache/PHP/mod_ssl build script. It's 76 lines without the comments and stdout messages showing the status of the build)
I don't pass it off my Apache as the official Apache version though. It's known if you use my Apache/PHP/mod_ssl build script, it will make some minor changes like this. If you use my build of Apache, it's a given I've made some changes. It's amazing, I can drop this on just about any server, and it's blazing fast compared to the RH provided one. I can't comment on what changes Debian or Ubuntu make to their installed version of Apache, I haven't needed to deal with that yet for a high load production environment.
Serious? Seriousness is well above my pay grade.
Just organize the differences you make as a set of SlackBuilds and release those. Call it a derivative (unless you are a financial institution).
now we need to go OSS in diesel cars
I'd like to throw voyage-linux in there as well, (its debian lenny based). I use it alot loading linux onto embedded devices (x86). Great if the system only has a cf card for storage, load the live cd up on your desktop, and pxe boot the embedded device. After installed, two commands remountrw and remountro let you update/change stuff on the device and then set the filesystem read only again. http://linux.voyage.hk/live-cd
I'm suprised no-one has listed backtrack yet. I always have one flash drive and one dvd of it in my kit with me at all times (among some other things listed). It rocks for throwing up metasploit or cracking WEP real fast. It is a merge of Whax and Auditor) I also miss PHLAK.
"It's ok, I'm completely secure as long as my iron is off"
I read your post and i'm not really sure why you are taking something someone else did and trying to keep "loyal" to his work.
If your making your own distro/branch/whatever. You snapshot whatever source your taking it from, and then just work from that. If you keep going back to the source and trying to add updates to your NOT finished work, you will never get your project finished.
You take the source, do what you need to do to get it working. Then you can go back to the updates and work them in.
Plus, if your going to follow someones source so close, just go help them out instead of stealing their crap and changing stuff for your own. Your just wasting your time, and then theirs if they are trying to help you fix something that's not working.
Be seeing you...
I was using Slackbuilds, but those can get complicated, with programs that require complex setups. I wish everyone just set up for "./configure && make && make install", of course with setting an install prefix so it doesn't just go stomping all over the running filesystem.
For my old work, we ran our own Slackware mirror, and let it pull additional packages as needed. It was a very smooth operation. You have to love a network of about 150 machines, where there are just two guys doing all of the IT, and everything works like clockwork, so the only "urgent" work is the occasional page warning something is down. Of course, those come at the worst times. No woman is impressed when your phone starts beeping, when you're having an X rated adult moment. Somehow, the servers knew when it was happening, and would break something before either of us finished. :(
Serious? Seriousness is well above my pay grade.
Quote "Most people will be familiar with some of the big names when it comes to Linux -- distributions like Ubuntu, Red Hat Enterprise Linux, Debian, and Mandriva."
Scientific Linux is Red Hat Enterprise Linux, like CentOS.
But anyhow, the submission is wrong. "Most people" haven't heard of RHEL, Debian and Mandriva. "Most people" think Linux is a synonym for Ubuntu, and that anything you type must be preceded with "sudo ".
Which, IMHO, has done a great disservice to the Linux community, in bringing in more people who want things done The Microsoft Way, with windows blown up full screen, use of privilege escalation instead of multiple concurrent users and groups, and kitchen sink apps instead of the toolbox approach.
There have been a lot of great Linux distros over the years. Unfortunately, most of them have either sold out (like SuSE) or succumbed to internal political quagmires (Gentoo). Right now, I think Fedora is the best pretender for the throne, despite being more bleeding edge than cutting edge.
Hopefully, some of the others listed in TFA will find their fiefdoms or even aspire to greatness too.
The Ubuntu Satanic Edition. This list had the Christian Edition, it really should have included the Satanic as well, which is just as much of a legitimate distro as they are both based on Ubuntu anyways. Yet for some reason this one gets snubbed regularly, even having difficulties getting listed at distrowatch for some reason (while their Christian brothers have no such problems).
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Tinfoil is gentoo hardened.
Being a flash developer? :P
I also run Debian (now Ubuntu) on my now 3 year old laptop with no sound issues and perfectly stable Flash 10 plugin (though I did install it manually, not using the ndiswrapper)
Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
Where's systemrescuecd? Where's Backtrack?
Not an attempt to be a smartmass; but, had you considered building a distro just for building distros? Database, web crawler for tracking source updates, virtual box included for compiling/testing, svn, etc....all the tools for building a maintaining a distro over time.
Every mans' island needs an ocean; choose your ocean carefully.
I was interested in the bit about busybox (namely, wondering why they wouldn't include such useful and dead-simple flags like -f), and the first page I discovered (http://www.busybox.net/downloads/BusyBox.html) listed the following for cp:
If I had a nickel for every time I had a nickel, I'd be richcursive!
" Tinfoil Hat Linux unknown"
Not listed on Distrowatch, or at least I couldn't find it :(
Hence the name...
Not an attempt to be a smartmass; but, had you considered building a distro just for building distros? Database, web crawler for tracking source updates, virtual box included for compiling/testing, svn, etc....all the tools for building a maintaining a distro over time.
In some respects, I think that's what Gentoo is.
You mean Tin Hat Linux is gentoo hardened.
Debian patches are usually kept to a miniumum, as long as upstream is still active. (Debian has become the de facto upstream for some packages, including a few GNU packages.)
The most common changes include adding a manpage if one does not exist, and tweaking the install paths so the system conforms to the FHS. Now sometimes larger changes do occur, but usually that is because upstream has not yet accepted the patch, or is sometimes a cherry picked back-ported patch from the development branch, but we try to keep these to a minimum.
Let us look at Debian's apache2 patches for an example.
The first patch adjusts "httpd --version" to display LSB_release information (i.e. identify the build as a Debian patched build).
The next patch changes an example script's she-bang line to use "/usr/bin/perl" instead of "/usr/local/bin/perl".
The next patch tweaks configuration include globbing so as not to include extra files that dpkg may create in /etc/apache2 while asking the user if they want to use the the shipped configuration file (if it has changed since the version installed, or use the customized file the user has created, or merge the changes.) This is clearly specific to dpkg-based distros.
The next patch tweaks the apxs script to not bother checking if Apache was compiled with shared library support, because Debian always configures it with shared library support, and Debian allows apxs to be used even when the "httpd" binary is not installed.
The next patch tweaks the config.layout file (which is explicitly designed to be customized by distributions!) to conform to the FHS. It also adjusts the configure script so the correct directories are used, and finally adds a #define to ap_config_layout.h.in that specifies the location of the default PID log.
The next patch further adjusts the apxs script to use httpd.conf rather than apache2.conf, tweaks the permissions it uses, and a few other path related adjustments.
It patches unixd.c to work correctly is suexec is built as a a shared library module.
The next patch changes the dbmmanage script to support both hash and btree based DBM files.
The next patch tweaks how the apxs script calls libtool to keep it from issuing an inappropriate warning.
The next patch tweaks envvars-std.in so that LD_LIBRARY_PATH is not propagated, since Debian has no need to for that, and copying in the building user's personal LD_LIBRARY_PATH is undesirable.
The next patch fixes prevents a buffer overflow attack on the htdigest executable.
The next patch changes suexec.c to use the close-on-exec flag for file descriptors, allowing the resulting error to be logged, which the existing code does not properly support (despite the claimsin the comments). This patch has also been comitted upstream.
The next patch tweaks the usage message to exose the -X flag.
The next patch tweaks logresolve to support line lengths greater than 1024 bytes. Many distos have this patch, but I am unsure if upstream has fixed it. I don't see any bug for it in Apache's bugzilla database.
The next patch is one for the configure script to permit the option "--enable-modules=none" to build an httpd with no optional modules enabled.
The next patch fixes a known security vulnerability (CVE-2007-1742) in suexec.c
The next patch fixes a segfault caused by inaproprtiately freeing memory in ab.c. This patch has been accepted upstream.
The next patch disbabled mod_deflate for HEAD requests to mitigate a ptential DOS attack.
There are more, but I am getting tired of typing them up.
Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524
Last I looked a few months ago or so Damn Small Linux looks to be abandoned ware, or close to it. Too bad, an interesting and useful little distro.
Cache of the download mirrrors page: http://webcache.googleusercontent.com/search?q=cache:http://live.linux-gamers.net/%3Fs%3Ddownload
...and that anything you type must be preceded with "sudo ".
You can get around that by typing "sudo su".
Really?
Pretty much all I've ever used at home over the past years has been Gentoo. I don't find any problems with downloading and installing it.
Their help forums, IMHO, still continue to be some of the most helpful and friendly ones I've ever encountered.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Because of previous experiences, I take into consideration the effort and time it'll take to write something up from scratch for my own customized use or just adapt someone else's work. Though, I've never released code that I didn't write.
What is interesting though, is to catch your work in action under someone else's name! I was writing scripts for mIRC (I know!) in the 90s and did some cool stuff. So one day in a channel I see familiar format and I'm like hmmmm. So of course, being a little sneaky after having been ripped off (no credit!) before, I paste some text and bam! There it is, Socrates Script 2000! Ah how sweet it was.
My abilities are only limited by my imagination
I used IpCop a long time ago and switched to pfsense. At the time I was under the impression that IpCop was based off of smoothwall and (IpCop) was pretty much a dead project.
Over the years, I've seen many times where end users will have a fault that was a direct result of patches the distro vendor did. Basically, they install the vendor (distro) provided package. It has some nasty bug that makes the software crash. The end user goes to the software author's mailing list or forum (obvious choices for getting help with a specific program) and says "Your program always crashes. You need to fix it! Help me!" In reality, the software works fine as the author wrote it, but the vendor patches broke it. I've seen it where either applications, or even major libraries.
It's not always just crashing problems. Sometimes there are induced security holes. I cringe every time I see an announcement on a security mailing list, where the only affected systems are from a particular distro vendor, because they inadvertently created the security hole.
I believe in loyalty to the authors work, because they are the experts in it. If there's a fix to be made, provide it to the author, and let them include it in their future release. If you think you know the authors software so much better than them, and their program needs your patches so bad but you aren't willing to submit them back up, fork it or write your own competing software.
You don't read security mailing lists much, do you? You'll never make a snapshot of a utopian world. Program x today may have a huge bugfix tomorrow. Distros are always putting out upgrade packages specifically to fix problems. If you just grab what's available today, and bury your head in the sand, you'll have all kinds of problems in the future. I worked somewhere, and they sang the song you're singing. They'd used a particular version of a distro years ago. Once they decided that worked for them, they kept installing the same version of that distro everywhere. They didn't do patches. They didn't upgrade anything because "We don't know what else it could break." They also found themselves vulnerable to a huge variety of remote exploits that had been corrected in subsequent patches and newer versions.
Where did I say anything about stealing anyone else's stuff?
Serious? Seriousness is well above my pay grade.
I'm an Ubuntu user, and I just finished an introductory course on Apache. The course, naturally, assumed default Apache layouts and default installations, except where it walked us through simple customizations.
So, at first I found the Ubuntu package for Apache a bit perplexing. There were a lot of changes from the Apache defaults, that I found useful and reasonable -- once I figured them out. For instance, the configuration files are rearranged, so that the basic configuration that you would expect in httpd.conf is in apache2.conf, with the expectation that local customizations will be in httpd.conf (initially an empty file). Virtual hosting is pre-configured, with a default virtual host pointing at the document root. Some of the supporting programs were renamed, e.g., apache2ctl instead of apachectl, and there were some supporting scripts added, e.g., a2enmod and a2dismod, for enabling and disabling modules.
I didn't have that much trouble figuring this out, and I'm sure someone with more experience would have figured it out more quickly -- or would have just snorted, and compiled from source. My one real complaint about any of this was that there wasn't an overview of how the Ubuntu installation differed from the Apache standards. Indeed, the documentation never once mentioned that it differed.
That wasn't nearly as frustrating as it was to discover that Ubuntu doesn't use System V-style runlevels and associated scripts, that we spent two weeks going over in a system administration course. Thank goodness for virtual machines.
My general rule is that one should stick to default settings unless one has a good reason to vary from them, if for no other reason than to remain close to the documentation, for the sake of other poor slobs who may have to maintain your system, and that nontrivial variations should be documented.
a long time ago [...] I was under the impression that IpCop was based off of smoothwall and (IpCop) was pretty much a dead project.
IpCop was indeed originally forked off smoothwall, but it's not a dead project yet - indeed, it looks like the next major release (2.0) is going to materialize after all.
" Damn Vulnerable Linux unknown"
It's based on Debbian and Knoppix. See: http://distrowatch.com/table.php?distribution=damnsmall
Actually, that's Damn Small Linux. Damn Vulnerable Linux is Slackware/Slax-based, at least according to this
That's kind of where mine was progressing towards. I'd grab the sources, and the build scripts were flexible enough to build new versions. My build environment did everything from scratch on a weekly basis. The project was never completed (as I mentioned), but it was set up to rebuild everything from current sources and build a fresh ISO, so i didn't have to sit around waiting for it, I could just go grab the current ISO to use. It was to take advantage of the fact that there was a scheduled weekly build, so if say a new version of zlib came out because of a nasty bug, everything that was linked to it would be updated for me too. I'm sure we all remember that happening. Automation was important, so I couldn't screw something up manually. :)
Not every authors site has a friendly way to just check in and see what the current release is. Sometimes there are version number naming convention changes. Like their version history may go: 2.0 , 2.0.1beta, 2.0.2-rc3, 2.0.2-final, 2.0.2.1, 2.2 . You could go all crazy with regular expressions, but extra decimals, abbreviations, and text make it a nightmare to automate. Even if you just had a crawler in place to see if their releases page had changed, sometimes the authors simply add some text change, which would trigger it. Like, someone may have their releases on their front page, and put news updates also. Great. On Dec 25, you could very likely get a flurry of notices that pages changed, just to find out that a few dozen people put up a note saying "Merry Christmas". What's worse is when they move. They may have a message on their page saying that it's going to be served from a new site. You may have to go hunt it down.
I'd suspect it has been done. I'd also suspect that those folks spend a lot of time reading false alarms.
Serious? Seriousness is well above my pay grade.
My example must have been from an older busybox. I know I've seen it recently, but not everyone stays up to date on boot disk utilities. :) To find the flags, I just searched Google for "busybox cp options", and got this page, which shows the older options set.
http://spblinux.de/2.0/doc/cp.html
If I'm moving a lot of stuff around, especially if there are a variety of ownerships and permissions, I (out of habit) use "cp -RPp". I know "cp -a" would do the same thing in either case. It wasn't crippled, it just broke my habits, and some scripts when they ran in that environment. I'm glad they updated it.
Serious? Seriousness is well above my pay grade.
No woman is impressed when your phone starts beeping, when you're having an X rated adult moment.
Unless it also starts vibrating, and it was being used in an X-rated manner at the time. I think there's a lesson in this...
"I don't care about the Constitution!" --Bill O'Reilly, November 17, 2009
My first distro was slackware, a 50 diskette distro for my laptop back in the early 90s. Since then I've experimented with many distros, including linux from scratch and beyond linux from scratch. Mostly now I go with ubuntu from laziness, but a couple of distros that I've been favorably impressed with lately that don't get mentioned a lot are arch linux and Sabayon. I particularly like Sabayon as a live CD. (Note: Sabayon is up to 5.3, but I'm still using 5.0).
In theory, theory and practice are the same; in practice they're different. (Yogi Berra & A. Einstein)
BTW, sorry for the code formatting. I wanted to keep my columns straight in the data parts of the post, and I don't know of a better way on here to do it.
You could... only format the table that way? Not all tags need to be opened at the beginning and closed at the end, y'know.
have you read the Moderation Guidelines Addendum?
I was just saying that if you're going to build on someone else's work, say that it's theirs with mods. The post I was replying to was complaining that these "distros" weren't distros, they were skins with some packages added. Only 2 of 12 were distros in their own right. The remaining 10 were existing distros with mods.
When I take Slackware and mod the heck out of it, it's still Slackware with mods.
Serious? Seriousness is well above my pay grade.
Debian patches are usually kept to a miniumum, as long as upstream is still active. (Debian has become the de facto upstream for some packages, including a few GNU packages.)
The most common changes include adding a manpage if one does not exist, and tweaking the install paths so the system conforms to the FHS. Now sometimes larger changes do occur, but usually that is because upstream has not yet accepted the patch, or is sometimes a cherry picked back-ported patch from the development branch, but we try to keep these to a minimum.
Let us look at Debian's apache2 patches for an example.
[long list of patches that are neither manpage additions nor tweaks to install paths]
Things like "[preventing] a buffer overflow attack on the htdigest executable" clearly should be dealt with upstream, imo. Granted, I'm an Arch user, and thus used to getting "report it upstream" as a response on every bugreport (OT: Arch has 9 patches for apache on my count, which is still more than I'd like).
have you read the Moderation Guidelines Addendum?
You're absolutely right.
I've worked on an awful lot of machines over the years. Myself, I got annoyed that things like Apache would show up in unexpected places. To make a simple change to a web page, where no one is around that knows the right path, I've had to drop test files "echo test > testme.html", and try to hit it with the web browser. Quite a few times, I've found entire duplicates of their site in the wrong directory, because someone before me thought it was right, so they uploaded everything there. Don't ask if you can clean up for them though, they'll freak. "You can't delete those, we might need them" (and then pointing out the last modified date was 5 years previous).
Some directory structures aren't totally distro specific. On distro X, it may be in one place in version 4.0, but another in 4.1, and yet another place from a patch. None of them are where the author intended, nor in the path shown in the documentation as you said.
Serious? Seriousness is well above my pay grade.
Actually, I just set the input mode at the bottom to "code". For a while the code tag itself wasn't working, but I see it is again. I don't tend to use it that much.
Serious? Seriousness is well above my pay grade.
Sabayon?
In theory, theory and practice are the same; in practice they're different. (Yogi Berra & A. Einstein)
For a while the code tag itself wasn't working, but I see it is again.
Yes, I've noticed that and wondered why. When quoting your message I saw that it used tt for monospace, although I can't for the life of me get an option to ignore html tags in this message.
Huh, I've never even click the Options button down there. It seems to be just about as well-designed as the rest of /. ;).
have you read the Moderation Guidelines Addendum?
I moved to Kubuntu recently because Debian kept breaking stable where my notebook was concerned. I went slowly from a fully working system, to broken firewire, to no longer working bluetooth devices, to broken sound.
When I switched to Kubuntu everything but the firewire worked and one bluetooth device. I stayed on it for a good 8 months and decided to try Debian again to see if those issues were fixed. I went back to the newer version of Kubuntu and everything worked, even the stuff that was broke before.
I've been a Debian guy for year, and I used to think Ubuntu felt like Linux on training wheels, but it's getting better. I want to go back to Debian, sort of, but the way Kubuntu is improving and Debian appears to be content to break stable then not move forward, the longer I wait the happier I become staying with Kubuntu.
In fairness, my Toshiba could have a weird hardware combination, but Centrino based notebooks tend to be rather standard overall.
The preceding post was not a Slashvertisement.
Ah yes. I appologize and should have double checked that before I posted. I just vaguely remembered them from the gentoo hardened mailinglist and made an assumption. ;)
I have two servers at home -- one Gentoo, and one Fedora.
The software versions lag _severely_ behind with Gentoo. Samba, Squid, dovecot, pretty much any kind of network related software is going to be far older.
And then there's the issues compiling. Some packages won't compile with gcc3, because the maintainers have used gcc4 specific options without requiring a version >=4. And some packages fail if you do horrible things like changing root's shell from bash to something else, or set POSIXLY_CORRECT. Then there's SELinux, which is so far behind on Gentoo that it's not even working anymore. Required packages are no longer available.
In short, in order to keep the Gentoo system running, the /etc/portage/package.(mask|unmask|use) files grow longer and longer every time.
No mention of Gnewsense? Unusual - Sure is. very few distros take software freedom this seriously. Obscure - Sadly again true. Very few Linux users take software freedom this seriously. Useful - If you want to know if your hardware doesn't require non-free binary blobs then this is a good way to check.
I'm not clear on this one...
Do you think that Damn Vulnerable Linux is more vulnerable than your Vista install?
What are you, a MS fanboy or something?
wake up and hold your nose
And don't forget about Car Analogy Linux.
It is like putting 2 bottles of octane booster in a 10 gallon gas tank.
Care to share your homebrew "ALFS" scripts, etc. ? I'd love to avoid
reinventing the wheel, especially if what you've done is fairly straightforward
and clean.
What's really interesting about your list is ...
Since Ubuntu is really a Debian derivative itself...
And since not a single one is RedHat/Fedora based...
It says something very interesting about the ability to easily roll your own distro off of Debian's choices (over a decade ago) in their packaging system, vs. RPM.
And I remember oh so clearly how .spec files and RPM were going to "change the packaging world" over that "clunky dpkg stuff you use on Debian" from oh-so many friends who bought into the (paid) marketing hype from RedHat... back in the day.
Not trying to start a distro war, just thought it was interesting that RH/Fedora distros are so almost non-existent in this particular list. Respin makes rolling a custom CD of CentOS/RHEL super duper easy these days, too...
Very interesting.
+++OK ATH
Why does the gamers distro have to be unavailable at a time like this?! I was kinda looking forward to seeing what that is all about. :(
I am not devoid of humor.
Lenovo T61, Core2Duo running 64-bit (ndiswrapper isn't needed for 32-bit I thought... but it seems to be a great point of trouble for 64-bit builds that use flash with it.)
Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
There's this idea I've had in my head for a while - RSS feeds of patches from DVCS, targeting a build server directory, with basic scripting control. That way distro makers can have almost any combo of patchsets that anybody can reasonably want, and leave them just with making the final app/version selection, and wrap the binaries up in archive*cough*package format of choice. Though some compiler features are warranted, in order to support all the different compile time options - I'd say storing the AST in a database as a compiler cache, and some language integrated macros to provide for the actual compile time options. Result will probably be a main binary, with some diffs, or a really fat ELF that ca be stripped with standard tools. I was wondering whether anybody round here think it's reasonable.
I know tobacco is bad for you, so I smoke weed with crack.
Bookmarked
"Don't mind me cutting myself on Occam's Razor"