The Webconverger project released its latest update on April 7. The distribution is targeted at web kiosk usage, providing only a minimal OS and the packages required to run a modern browser. Version 12.x includes several significant changes, however, including support for installing to disk (rather than offering live-mode only), a commercial configuration and update service, and hosting the entire OS in a Git repository.
Webconverger in a nutshell
By "kiosk" usage, the project means something rather specific. It is designed to support
intermittent, anonymous users in an environment where system administrators
are hard to come by. The examples listed on the project's commercial support page include
unrestricted environments like libraries and public gathering spots, plus
businesses with more specific needs (like retail banks or doctors'
offices). In all cases, it is important that the user's private
information be wiped as soon as the session ends, and that the kiosk cannot
be altered to change browser or OS settings. The expectation is that with any sort of problem, from a power loss to a browser crash, the system will reboot quickly into a known good state.
Historically that has meant running only in live-mode, from a read-only
medium such as a CD or a USB flash drive that is physically inaccessible to
the user. The OS uses DHCP to configure networking, and boots into a
session running the minimalist dwm
window manager along with a version of Firefox customized with kiosk-oriented extensions. The underlying OS is based on Debian Live, and is compiled to run on 486 processors to offer maximum compatibility with older hardware.
The freely available version of Webconverger offers no persistent
customization; it will boot to a pre-configured home page inviting you to
sign up for the Webconverger remote configuration service. The service
allows subscribers to choose a custom start page, adjust or disable the
length of the session-resetting timeout, and
to remove the address bar chrome to prevent users from navigating off into
the wild. The service is Webconverger founder Kai Hendry's mechanism for
supporting development; it works by contacting the the Webconverger configuration server at boot
time and sending a machine ID code (generated from the BIOS UUID and
network interface MAC address), then retrieving the customization details
if the account is paid up.
However, you can also specify a range of options at the boot prompt, including the all of the
aforementioned customizations available for subscribers, plus display
settings, WiFi configuration, internationalization, and debug mode. These
options do not survive an unattended reboot, though. If you want your
kiosk to start up in something other than the default configuration
(including the Webconverger sign-up form as a home page), then your choices
are manually rebuilding the ISO and changing the default bootloader
options, or signing up for the paid configuration service. You might find
other users on the mailing list who have walked down the manual-rebuild
road, but the project offers no support for this option.
Firefox is currently the only browser offered (technically, the package
is Debian's Iceweasel, but the Webconverger documentation is not strict
about the name). The kiosk-mode features are implemented in a suite of open source extensions authored by the Webconverger team: webconverger removes the menu bar and disables keyboard access to many of the Firefox configuration tools, while webcnoaddressbar and webcfullscreen simply remove the address bar and start the browser in full-screen mode, respectively.
A few add-ons and auxiliary packages round out the "web experience"
— including the Adobe Flash plug-in and a PDF reader. Although
Webconverger attempts to preserve user privacy by disabling browsing
history and wiping all private data after each session, it is obviously
possible for users to visit unsafe sites, recklessly avoid SSL, or expose
themselves to attack by other means. The distribution attempts to
guarantee security by
having no superuser account and running from read-only media, but the
guarantee is essentially machine-level security; a privacy tool
like HTTPS Everywhere is
not part of the experience.
7 release is numbered 12.3, and is a minor update to the 12.x series that debuted at the end of March. Downloadable ISO images weigh in at 450MB. The biggest change in this release series is the addition of a hard-disk install option. Obviously such an option dramatically shifts the security profile, since flipping the reset switch and rebooting from read-only media is no longer the simple recovery option.
The project's strategy
for securing the system under these circumstances is to maintain the entire OS in a GitHub-hosted Git repository. On an installed system, there is a .git directory (in /) pointing to the official repository. An updater script periodically checks for commits in the repository with a specific tag, and fetches them. At the next reboot, the updated files are merged into the filesystem.
The state of update verification is a little unclear, though. A blog post from April 9 indicates that for now the updater does not verify signatures on the commits, but that the feature has been added to development builds. However, the 12.3 release notes (from April 7), say that the updater runs signed code, and that it checks to see that the signing keys have not been revoked before doing so. Whatever the exact state of the security retooling is, the project does attempt to make it clear that a hard disk install cannot be regarded as being as secure as a live system, and warns concerned users to stick with the live option.
The other noteworthy change in 12.x is that Firefox has been updated to the 10.0.3 Extended Support Release (ESR) version. The ESR versions of Firefox are Mozilla's attempt to designate certain releases for one full year of security and critical updates — in contrast to the now six-week lifespan of Firefox releases for everyone else. The program is the result of Mozilla's Enterprise Working Group, a forum the project established to cooperate with enterprise IT and other large-deployment users who were unhappy with cost and headaches that the rapid-release-cycle was predicted to generate.
Many web kiosks might fall under the same IT rules as large enterprises;
they are designed to run unattended, and re-installing a browser every six
weeks certainly means more work. The interesting wrinkle is that
Webconverger itself has historically released several updates per year. In
an email, Hendry said that Webconverger is shifting its focus to following
the ESR releases — although, he added, that plan hinges on what
happens with the upstream distribution. "We do not have a fixed
position really, we are looking for a stable, secure and up-to-date HTML5
browsing experience ultimately."
Kiosk mode is not for everyone; the browser-only OS model envisioned by
Mozilla's Boot-to-Gecko and Google's ChromeOS is for a lightweight,
persistent environment that centers on the browser. Webconverger is for
institutions who need to make the web accessible to strangers for a few
minutes at a time. It has its limitations — for example, although
it is possible to manually tweak and rebuild the ISO (such as to add new or different add-ons),
the project offers no support for such endeavors. It is focused solely
on the boot-it-and-forget-it model, with an eye towards attracting paying
customers. Perhaps some users will put a peculiar new spin on the
primary use-case, such as deploying it as an instant-on option for a
But for the most
part, web kiosks are likely to remain an island unto themselves. At least
they have a free software project devoted to their care. It is regrettable
that the project does not support customization, though — it is
within Webconverger's rights to push everyone towards its paid service, and
other distributions (such as RHEL) do exactly the same thing. But the
project may want to look over its shoulder now and then; RHEL has
clones and competitors picking up business from those who don't care for
Red Hat's corporate pricing, and kiosk customization is a lot simpler to
duplicate than an enterprise support service.
Comments (6 posted)
I'm neither a developer nor a Skolelinux/Debian Edu user! The only reason
my name's in the credits for the documentation is that I hang around on
debian-l10n-english waiting for people to mention things they'd like a
native English speaker to proofread... So I did a sweep through the wiki
for typos and Norglish and inconsistent spellings of "localisation".
-- Justin B. Rye
Comments (1 posted)
After a fairly typical Debian-style discussion, the project appears to have
settled on the wording of a diversity statement for the project:
The Debian Project welcomes and encourages participation by everyone.
It doesn't matter how you identify yourself or how others perceive you:
we welcome you. We welcome contributions from everyone as long as they
interact constructively with our community.
While much of the work for our project is technical in nature, we value
and encourage contributions from those with expertise in other areas,
and welcome them into our community.
Stefano Zacchiroli has declared an apparent end to the discussion, but is
holding off until after the project leader election to give the new leader
(assuming it's somebody different) a chance to express an opinion.
Full Story (comments: 77)
The obligatory Fedora release schedule slip has been announced. Due to
some upgrade difficulties, the Fedora 17 beta has been pushed back to
April 17; the final release is now expected on May 22.
Full Story (comments: 6)
The Kubuntu project
recently lost its
sponsorship from Canonical, which is
pursuing its fortunes in other areas. The project has now announced
that it will be sponsored by Blue Systems instead. "Blue Systems
sponsors a number of KDE projects and will encourage Kubuntu to follow the
same successful formula as it has always had - community led, KDE focused,
" The actual extent of this sponsorship is not clear
at this time.
Comments (19 posted)
Ubuntu 10.10 reached its end of support on April 10, 2012. There will be
no further updates, including security updates. The supported upgrade path
is through Ubuntu 11.04.
Full Story (comments: none)
David Aquilina has a report on the status of Fedora's Power (PPC) port as
it approaches an alpha release. "Due to lack of developer time and
hardware, Apple hardware support is at this point completely
untested. Especially with the switch to grub2 we rely on community feedback
and participation to make this work for this release. So if you have the
hardware and want it to work, patches welcome! :)
Full Story (comments: none)
Newsletters and articles of interest
Comments (none posted)
Carla Schroder showcases
ClearOS. "ClearOS used to be named ClarkConnect. It was built on Red Hat Enterprise Linux and CentOS. The current stable release is 5.2, which tracks RHEL 5.2. There are no point releases after that, even though RHEL has had multiple point releases (5.3, 5.4 and so on) leading up to the 6.0 release. RHEL 6.2 was released in December 2011. ClearOS 6.2 beta 3 came out February 29. So what's up? A lot. The maintainers have given it a major overhaul, which will be revealed in all of its glory in the final 6.2 release, which is scheduled for "soon".
Comments (5 posted)
Carla Schroder looks
, a Debian derivative aimed at children and adult
"Linux is now 20-plus years old and overdue for a third wave that got
their start in Linux and Free software. So where will these people come
from? An overlooked, obvious, and valuable user demographic is
children. Microsoft and Apple know this: capture the children and you
capture your future customers.
A second valuable user demographic to woo is adult beginners, people who
are not very experienced with computers. Children-oriented distributions
like DoudouLinux are great for adults because they teach the fundamental
skills that we take for granted. It's all abstract, and it's
intimidating. We know it's not hard to learn, and that the main barrier for
adults is disbelief in their ability to learn how to use computers. It's
not a technical problem but a social problem.
" (LWN reviewed DoudouLinux
Comments (2 posted)
Roger Luedecke has written
to openSUSE. "I made mention that our installer is part of something called YaST. Yet another Setup Tool (YaST) is in my opinion the heart of what makes openSUSE unique. Mandriva and Mageia have a similar tool, but it wasn't built with an Enterprise distribution in mind. And though YaST was built with the enterprise user in mind, it still manages to be excellent even for a naïve home user. Part of that is simply the help button. If you go clicking through the modules in YaST, you'll always see a help button. And lo and behold it is in fact actually helpful! It clearly explains what each module and each page of a module does. YaST is ideal for the new user learning about Linux due largely to this. YaST is immensely powerful despite being user friendly, and once again I recommend reading the documentation so that you can truly grasp the GUI goodness and power that is YaST. What more, is that YaST gives you a graphical tool to help you manage and fix issues that Ubuntu would always require you fiddle on a command line terminal, which is something even I am not very comfortable with.
Comments (none posted)
Unixmen has an interview
with Fabio Erculiani
of Gentoo based Sabayon Linux. "Gentoo is a meta-distribution that you can bend and shape to your likes. Bringing Gentoo to the masses has always been my dream, making it simple is what Sabayon tries to do everyday. You can see it as a layer on top of Gentoo that handles the hard part for you.
Comments (none posted)
Page editor: Rebecca Sobol
Next page: Development>>