Distributions
Webconverger 12
The Webconverger project released its latest update on April 7. The distribution is targeted at web kiosk usage, providing only a minimal OS and the packages required to run a modern browser. Version 12.x includes several significant changes, however, including support for installing to disk (rather than offering live-mode only), a commercial configuration and update service, and hosting the entire OS in a Git repository.
Webconverger in a nutshell
By "kiosk" usage, the project means something rather specific. It is designed to support intermittent, anonymous users in an environment where system administrators are hard to come by. The examples listed on the project's commercial support page include unrestricted environments like libraries and public gathering spots, plus businesses with more specific needs (like retail banks or doctors' offices). In all cases, it is important that the user's private information be wiped as soon as the session ends, and that the kiosk cannot be altered to change browser or OS settings. The expectation is that with any sort of problem, from a power loss to a browser crash, the system will reboot quickly into a known good state.
Historically that has meant running only in live-mode, from a read-only medium such as a CD or a USB flash drive that is physically inaccessible to the user. The OS uses DHCP to configure networking, and boots into a session running the minimalist dwm window manager along with a version of Firefox customized with kiosk-oriented extensions. The underlying OS is based on Debian Live, and is compiled to run on 486 processors to offer maximum compatibility with older hardware.
The freely available version of Webconverger offers no persistent customization; it will boot to a pre-configured home page inviting you to sign up for the Webconverger remote configuration service. The service allows subscribers to choose a custom start page, adjust or disable the length of the session-resetting timeout, and to remove the address bar chrome to prevent users from navigating off into the wild. The service is Webconverger founder Kai Hendry's mechanism for supporting development; it works by contacting the the Webconverger configuration server at boot time and sending a machine ID code (generated from the BIOS UUID and network interface MAC address), then retrieving the customization details if the account is paid up.
However, you can also specify a range of options at the boot prompt, including the all of the aforementioned customizations available for subscribers, plus display settings, WiFi configuration, internationalization, and debug mode. These options do not survive an unattended reboot, though. If you want your kiosk to start up in something other than the default configuration (including the Webconverger sign-up form as a home page), then your choices are manually rebuilding the ISO and changing the default bootloader options, or signing up for the paid configuration service. You might find other users on the mailing list who have walked down the manual-rebuild road, but the project offers no support for this option.
Firefox is currently the only browser offered (technically, the package is Debian's Iceweasel, but the Webconverger documentation is not strict about the name). The kiosk-mode features are implemented in a suite of open source extensions authored by the Webconverger team: webconverger removes the menu bar and disables keyboard access to many of the Firefox configuration tools, while webcnoaddressbar and webcfullscreen simply remove the address bar and start the browser in full-screen mode, respectively.
A few add-ons and auxiliary packages round out the "web experience" — including the Adobe Flash plug-in and a PDF reader. Although Webconverger attempts to preserve user privacy by disabling browsing history and wiping all private data after each session, it is obviously possible for users to visit unsafe sites, recklessly avoid SSL, or expose themselves to attack by other means. The distribution attempts to guarantee security by having no superuser account and running from read-only media, but the guarantee is essentially machine-level security; a privacy tool like HTTPS Everywhere is not part of the experience.
What's new
The April 7 release is numbered 12.3, and is a minor update to the 12.x series that debuted at the end of March. Downloadable ISO images weigh in at 450MB. The biggest change in this release series is the addition of a hard-disk install option. Obviously such an option dramatically shifts the security profile, since flipping the reset switch and rebooting from read-only media is no longer the simple recovery option.
The project's strategy for securing the system under these circumstances is to maintain the entire OS in a GitHub-hosted Git repository. On an installed system, there is a .git directory (in /) pointing to the official repository. An updater script periodically checks for commits in the repository with a specific tag, and fetches them. At the next reboot, the updated files are merged into the filesystem.
The state of update verification is a little unclear, though. A blog post from April 9 indicates that for now the updater does not verify signatures on the commits, but that the feature has been added to development builds. However, the 12.3 release notes (from April 7), say that the updater runs signed code, and that it checks to see that the signing keys have not been revoked before doing so. Whatever the exact state of the security retooling is, the project does attempt to make it clear that a hard disk install cannot be regarded as being as secure as a live system, and warns concerned users to stick with the live option.
The other noteworthy change in 12.x is that Firefox has been updated to the 10.0.3 Extended Support Release (ESR) version. The ESR versions of Firefox are Mozilla's attempt to designate certain releases for one full year of security and critical updates — in contrast to the now six-week lifespan of Firefox releases for everyone else. The program is the result of Mozilla's Enterprise Working Group, a forum the project established to cooperate with enterprise IT and other large-deployment users who were unhappy with cost and headaches that the rapid-release-cycle was predicted to generate.
Many web kiosks might fall under the same IT rules as large enterprises;
they are designed to run unattended, and re-installing a browser every six
weeks certainly means more work. The interesting wrinkle is that
Webconverger itself has historically released several updates per year. In
an email, Hendry said that Webconverger is shifting its focus to following
the ESR releases — although, he added, that plan hinges on what
happens with the upstream distribution. "We do not have a fixed
position really, we are looking for a stable, secure and up-to-date HTML5
browsing experience ultimately.
"
Kiosk mode is not for everyone; the browser-only OS model envisioned by Mozilla's Boot-to-Gecko and Google's ChromeOS is for a lightweight, persistent environment that centers on the browser. Webconverger is for institutions who need to make the web accessible to strangers for a few minutes at a time. It has its limitations — for example, although it is possible to manually tweak and rebuild the ISO (such as to add new or different add-ons), the project offers no support for such endeavors. It is focused solely on the boot-it-and-forget-it model, with an eye towards attracting paying customers. Perhaps some users will put a peculiar new spin on the primary use-case, such as deploying it as an instant-on option for a secondary OS.
But for the most part, web kiosks are likely to remain an island unto themselves. At least they have a free software project devoted to their care. It is regrettable that the project does not support customization, though — it is certainly within Webconverger's rights to push everyone towards its paid service, and other distributions (such as RHEL) do exactly the same thing. But the project may want to look over its shoulder now and then; RHEL has clones and competitors picking up business from those who don't care for Red Hat's corporate pricing, and kiosk customization is a lot simpler to duplicate than an enterprise support service.
Brief items
Distribution quote of the week
Debian's diversity statement
After a fairly typical Debian-style discussion, the project appears to have settled on the wording of a diversity statement for the project:
It doesn't matter how you identify yourself or how others perceive you: we welcome you. We welcome contributions from everyone as long as they interact constructively with our community.
While much of the work for our project is technical in nature, we value and encourage contributions from those with expertise in other areas, and welcome them into our community.
Stefano Zacchiroli has declared an apparent end to the discussion, but is holding off until after the project leader election to give the new leader (assuming it's somebody different) a chance to express an opinion.
Fedora 17 schedule slips
The obligatory Fedora release schedule slip has been announced. Due to some upgrade difficulties, the Fedora 17 beta has been pushed back to April 17; the final release is now expected on May 22.Kubuntu to be sponsored by Blue Systems
The Kubuntu project recently lost its sponsorship from Canonical, which is pursuing its fortunes in other areas. The project has now announced that it will be sponsored by Blue Systems instead. "Blue Systems sponsors a number of KDE projects and will encourage Kubuntu to follow the same successful formula as it has always had - community led, KDE focused, Ubuntu flavour." The actual extent of this sponsorship is not clear at this time.
Ubuntu 10.10 (Maverick Meerkat) end-of-life
Ubuntu 10.10 reached its end of support on April 10, 2012. There will be no further updates, including security updates. The supported upgrade path is through Ubuntu 11.04.
Distribution News
Fedora
Fedora 17 for Power Alpha Announcement
David Aquilina has a report on the status of Fedora's Power (PPC) port as it approaches an alpha release. "Due to lack of developer time and hardware, Apple hardware support is at this point completely untested. Especially with the switch to grub2 we rely on community feedback and participation to make this work for this release. So if you have the hardware and want it to work, patches welcome! :)"
Newsletters and articles of interest
Distribution newsletters
- DistroWatch Weekly, Issue 451 (April 9)
- Maemo Weekly News (April 9)
- Ubuntu Weekly Newsletter, Issue 260 (April 8)
ClearOS,the Missing Link LAN Server (Linux.com)
Carla Schroder showcases ClearOS. "ClearOS used to be named ClarkConnect. It was built on Red Hat Enterprise Linux and CentOS. The current stable release is 5.2, which tracks RHEL 5.2. There are no point releases after that, even though RHEL has had multiple point releases (5.3, 5.4 and so on) leading up to the 6.0 release. RHEL 6.2 was released in December 2011. ClearOS 6.2 beta 3 came out February 29. So what's up? A lot. The maintainers have given it a major overhaul, which will be revealed in all of its glory in the final 6.2 release, which is scheduled for "soon"."
DoudouLinux: A Starter Distro Where Baby Linux Gurus are Born (Linux.com)
Carla Schroder looks at DoudouLinux, a Debian derivative aimed at children and adult beginners. "Linux is now 20-plus years old and overdue for a third wave that got their start in Linux and Free software. So where will these people come from? An overlooked, obvious, and valuable user demographic is children. Microsoft and Apple know this: capture the children and you capture your future customers. A second valuable user demographic to woo is adult beginners, people who are not very experienced with computers. Children-oriented distributions like DoudouLinux are great for adults because they teach the fundamental skills that we take for granted. It's all abstract, and it's intimidating. We know it's not hard to learn, and that the main barrier for adults is disbelief in their ability to learn how to use computers. It's not a technical problem but a social problem." (LWN reviewed DoudouLinux in 2011).
Luedecke: openSUSE guide for Ubuntu users
Roger Luedecke has written a guide to openSUSE. "I made mention that our installer is part of something called YaST. Yet another Setup Tool (YaST) is in my opinion the heart of what makes openSUSE unique. Mandriva and Mageia have a similar tool, but it wasn't built with an Enterprise distribution in mind. And though YaST was built with the enterprise user in mind, it still manages to be excellent even for a naïve home user. Part of that is simply the help button. If you go clicking through the modules in YaST, you'll always see a help button. And lo and behold it is in fact actually helpful! It clearly explains what each module and each page of a module does. YaST is ideal for the new user learning about Linux due largely to this. YaST is immensely powerful despite being user friendly, and once again I recommend reading the documentation so that you can truly grasp the GUI goodness and power that is YaST. What more, is that YaST gives you a graphical tool to help you manage and fix issues that Ubuntu would always require you fiddle on a command line terminal, which is something even I am not very comfortable with."
Interview with Fabio Erculiani of Sabayon Linux (Unixmen)
Unixmen has an interview with Fabio Erculiani of Gentoo based Sabayon Linux. "Gentoo is a meta-distribution that you can bend and shape to your likes. Bringing Gentoo to the masses has always been my dream, making it simple is what Sabayon tries to do everyday. You can see it as a layer on top of Gentoo that handles the hard part for you."
Page editor: Rebecca Sobol
Next page:
Development>>