Knoppix 7.3 CeBIT Edition
Knoppix 7.3 comprises the current state of Debian GNU/Linux development and comes with the current hardware support of kernel 3.13, a new update function, and extended security and privacy features.
Keeping a distro current with GNU/Linux development can be quite difficult. Debian's boot system and hardware support via udev can make it difficult for the developer of a Linux distribution to figure out what needs to change just to boot up. Lucky for me, Knoppix's boot system again proved to be a big timesaver. Knoppix completely works around the Debian default startup systems (Upstart/systemd) by using
knoppix-autoconfig, a single shell script that does all the work of preconfiguration (Figures 1 and 2). Kernel support for devtmpfs had to be enabled to get the new udev hardware detection and removable device support working again, but the rest of the transition to the Debian testing branch (pre-jessie) went pretty smoothly.
Knoppix on Flash – Now with Update
Many modern netbooks and ultrabooks do not even have a DVD drive anymore, so Knoppix is commonly used on a USB flash disk instead of a DVD. Because creating a bootable USB flash disk is probably the first thing you want to do, Knoppix 7.3 now prominently shows an icon for the Knoppix flash disk installation program at the top left of the desktop when booting from DVD (Figures 3 and 4). Even though the Knoppix DVD version is read-optimized by a sort list, which tries to reduce the slow seek speed of the laser read sensor, flash memory boosts startup and the working speed of Knoppix by a factor of at least five. Startup time from loading the kernel to a full desktop with Compiz takes less than 15 seconds if you have recent computer hardware and fast flash pen drives.
One of the features most asked for last year was the ability to upgrade. Flash-knoppix, the Knoppix flash disk installation program, now scans the target drive for an existing Knoppix installation (Figure 5) and offers to replace just the main compressed filesystem and kernel, instead of installing everything from scratch.
You have an option to keep just personal data (your
/home/knoppix directory containing all your files and settings; Figure 6) or additional software outside your home directory (which is not recommended, because software packages installed by the user could be incompatible with the new system).
For the update to work, be sure to make enough space available on your flash pen for the full content of the DVD the first time you install. A first partition of 4.5GB should be fine. The Knoppix writable data partition, which is new since Knoppix 7.1, can then spawn over the remaining capacity of the flash drive (Figure 7) with optional encryption (Figures 8 and 9) that protects your passwords and personal files if you ever lose your flash drive or it gets stolen.
EFI and Hybrid CD/Flash Boot
Booting from flash is quick and easy because all changes and stored files are written to the data partition automatically. Some computers still can't boot from flash drives, though, either because they are too old (i.e., the BIOS does not have an option for booting from USB) or because they have boot firmware like EFI that does not allow booting from external hard disks.
efi directory on the first partition of the Knoppix-installed drive contains all the files needed to boot on an EFI-aware computer. If the EFI firmware is set to "Secure Boot," booting from anything but the "allowed" operating system is impossible. If in doubt, choose the "CSM" boot option in your computer's BIOS. CSM in EFI is the official abbreviation for "Compatibility Support Module," but it means "boot normally" (with the traditional boot record and bootloader from disk).
If your computer still can't boot from a USB drive, Knoppix 7.3 includes a very small (12MB) CD-ROM ISO image in the
KNOPPIX directory that you can burn to an empty CD-R. In this way, you can start your computer when both the boot-only CD and the USB flash drive are attached. After first starting from the boot-only CD, the system automatically switches to the USB drive and continues booting from there. This workaround is known to work well even on Macs, which have restrictive USB boot capabilities.
Security and Privacy
A yellow message on the bottom status bar tells you when content has been blocked. You can disable checks for a website you trust during a browser session only or permanently (e.g., if you want to watch flash movies that require plugin activity and access to the computer hardware). NoScript makes online banking and Internet transactions a lot safer, because it also catches cross-site scripting attacks and warns even in the case of "suspicious" content.
Many users asked about a firewall in Knoppix. In other operating systems, a firewall is necessary because they have open ports reachable from the Internet. Knoppix, however, is preconfigured with no services running on the external network interfaces by default (unless you explicitly start Samba or VNC, the remote desktop server). A port scanner thrown at a Knoppix system with no firewall running will not find any attackable open port.
However, Knoppix does have an easy-to-use firewall setup script (Figure 10) that allows you to add filters that let services either run locally only or be accessible from the local network only. The firewall comes with three levels of complexity, from easy to expert (which lets you add your own iptables rules). Again, starting a firewall is not required for normal use of Knoppix as a secure client to access the Internet. In the case of video conferences, for example, a firewall can even be counterproductive, depending on the software used.
All accounts are blocked on Knoppix, with no "backdoor" password – not even for the default, unprivileged
knoppix user. Therefore, a "login" is impossible. If you manage to start a screen locker, you are effectively locked out. (For this reason, I disabled the automatic lock screen features of various desktop managers.) The only ways to "break in" to a Knoppix system is to be logged in already, to start the secure shell server (SSH) and set a password, or to start the VNC server so remote access is possible (Figure 11). By the way, the knoppix user is allowed to execute programs as root using
sudo for recovery tasks.
Privacy is the main goal of the Tor network (Tor = The onion router) by making it difficult for malicious or advertising websites to detect your location and identity. Using a complex mesh of participating routers on the Internet, Tor effectively suppresses the ability to trace your physical address. Websites only see the address of the so-called "exit node," which is a random computer enabled as a router inside the Tor network. Tor can be enabled by a starter application in the Knoppix menu and has to be set up as a "proxy" in the web browser of your choice.
A single-click option for Tor has already been added to Firefox and Chromium, so enabling Tor is quite easy (Figure 12). However, please be aware that Tor is not designed to be used for secure transactions and authenticated services. If you need to access an authenticated service, such as online banking, I recommend turning off the Tor proxy for this purpose.
Buy this article as PDF
Xen project announces a privilege escalation problem for Qemu host systems
Attackers can compromise an Android phone just by sending a text message
PC vendor will pre-install Ubuntu on portables in India.
More embarrassment for Adobe's embattled multimedia tool
Mozilla’s script blocker add-on could be putting malware sites on the whitelist.
The Internet community officially banishes the notoriously unsafe Secure Sockets Layer protocol.
Popular desktop environment continues the Gnome 2 legacy – with new support for the Gnome 3 toolkit.
The Obama White House has issued a memorandum telling all US government agencies they must use HTTPS for all websites and web communication.
New program will dial up security for the Firefox browser.
Red Hat's community distro embraces the cloud.