Also in today's open source roundup: DistroWatch reviews Zorin OS 11 Core, and does Windows piracy lower the adoption rate of Linux on the desktop? Credit: Thinkstock Linux Mint site hacked The Linux Mint site was hacked recently, and the folks that did it pointed to ISOs that included a backdoor. Anybody who downloaded Linux Mint on February 20th should take action immediately, according to a post on the Linux Mint Blog. Clem reports for the Linux Mint Blog: I’m sorry I have to come with bad news. We were exposed to an intrusion today. It was brief and it shouldn’t impact many people, but if it impacts you, it’s very important you read the information below. Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it. As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition. If you downloaded another release or another edition, this does not affect you. If you downloaded via torrents or via a direct HTTP link, this doesn’t affect you either. If you still have the ISO file, check its MD5 signature with the command “md5sum yourfile.iso” (where yourfile.iso is the name of the ISO). If you still have the burnt DVD or USB stick, boot a computer or a virtual machine offline (turn off your router if in doubt) with it and let it load the live session. Once in the live session, if there is a file in /var/lib/man.cy, then this is an infected ISO. More at Linux Mint Blog The shocking news about the Linux Mint hack spawned a large thread in the Linux subreddit and the folks there shared their thoughts about it: Rafelement: “Has this ever happened before? Someone compromising the .iso?” Ipsirc: “It’s happened with a redhat mirror long years ago.” LeaveTheMatrix: “Sometimes I get tired of people, ESPECIALLY WordPress users, who don’t even follow such basic security procedures. I do put some blame on the WP devs themselves as well, in their haste to make it “user friendly” they have been the cause of so many servers getting compromised over the years. Heck, least they could do is occasionally change the login url so that bots can’t easily find it.” Cbmuser: “This issue shows that the Mint people don’t know how to secure their infrastructure. And as it turns out, their configuration was blatantly unsecure. There is a difference whether something like this happens by accident or the people in charge don’t know how to do their job.” Wanderhomer: “This and their policy regarding security updates of the kernel, X.org and such makes me really wonder why so much people trust this distribution and recommend it to new Linux users.” Dain42: “Primarily because it’s not Ubuntu. People’s complaints with Canonical aside, there is a lot of snobbishness about using Ubuntu, because people see it as a “starter distro” since it was the first one they picked up, ignoring the fact that roughly 50% of Google’s internal users run it, as do Wikipedia’s servers, last I heard. Ubuntu is a mature, well-maintained distro with corporate backing, and a very strong consumer/user focus, compared to the other big distros. I think it makes a much better choice for family and friends of you’re recommending Linux. There are plenty of flavors, too, for people who don’t like Unity or have older or slower machines.” Cbmuser: “Then, for God’s sake, use Debian, Arch, Gentoo, openSuSE or Fedora. At least, these distros take security serious and issue regular security advisories which are also posted on lwn.net. Linux Mint doesn’t do anything like that and whenever something like the recent glibc vulnerability occurs (CVE-2015-7547), users have no easy means to inform themselves whether their distro has been fixed. Really, I wouldn’t touch Mint – or any distro without proper security support – with a 10-feet pole.” Wanderhomer: “By default Linux Mint disables all updates for the following packages, including all security updates: kernel, dbus, X.org, acpid, mountall, mesa, systemd, plymouth, upstart, *base-files, grub, grub2 Afaik Linux Mint doesn’t provide any nice documenation or notification about that, so as a user you have to know about that and enable those updates manually if you care about a secure system. I mean since the release of Mint 17.3 more than ten security bugs have been fixed in the kernel alone, all of them not getting shipped to Mint by default. The details can be found in some file in the mintUpdate package where they blacklist all those packages.” ExpertNewb: “How can they do this? We are a small software development company who have a few custom linux drivers we distribute from our own repo. It runs on a separate server than the rest of our infrastructure (which in itself is separated and containerized into several parts, mostly for security). So, even if anything else in our infrastructure is hacked, our file server which sends out debian packages, which runs barely anything else other than file server, won’t be affected. How can people behind a popular Linux distro let this happen?” Hgwellsrf: “The OS itself is sound and robust; I install all updates too. And afaik this is only the first time something like this has happened to them. So unless they make it a habit, I’m good with mint. Also I dual boot with Arch. Best of both worlds!” More at Reddit DistroWatch reviews Zorin OS 11 Core Zorin OS is a distribution geared toward providing a comfortable and welcoming experience to new Linux users who are coming from Windows. Zorin OS is based on Ubuntu, and the latest release is version 11. DistroWatch did a full review of Zorin OS 11 Core and found it to be worth a test drive. Joshua Allen Holm reports for DistroWatch: Aside from the work done creating the multiple desktop layouts, the distribution is not much different than any other Debian style Linux running the GNOME desktop environment. The core bundled applications are largely what one would expect: Firefox, LibreOffice, and the usual GNOME applications and utilities. However there are some notable differences. The default e-mail client is Geary and the OpenShot video editor is installed by default. Even though Firefox is the default browser, a utility is included to help the user install Google Chrome, GNOME Web, and Midori, should they wish to use one of those browsers instead. Zorin OS also includes WINE, WineTricks and PlayOnLinux by default, making it easier for Windows users to make the transition to Linux. Like Ubuntu, Zorin OS does come with “restricted extras” like mp3 support and Adobe’s Flash Player. If the bundled applications are not enough, Software Centre and Synaptic Package Manager are available for users to add whatever software they want. Everything that is available in the Ubuntu 15.10 repositories is there, so there is plenty of software to choose from. For hardware support, Zorin OS can install proprietary drivers just like Ubuntu and it even includes a graphical tool for using ndiswrapper to install Windows wireless networking card drivers. On my test machine, Zorin OS 11 Core performed nicely. With no applications running, the system used approximately 950MB of RAM and switching between the different desktop layouts did not seem to alter the memory usage. Minor issues with the Windows XP and GNOME 2 desktop modes aside, Zorin OS 11 Core is a very solid release. It makes good use of its Ubuntu core while developing its own identity. It just is not a very exciting release. My experience with Zorin OS 11 Core was positive. I liked it well enough, I am just not sure I would recommend this particular release of Zorin OS to Windows users looking to make the switch to Linux. The current Long Term Support release, sure. A future version based on Ubuntu 16.04 LTS, almost certainly. Do not get me wrong, Zorin OS 11 is very good, but it will only be supported for six months, making it a hard sell to Windows users used to longer time periods between releases. That said, I do encourage Linux users with an interest in user interface design to give Zorin OS a test drive. A user interface that can transition between three different desktop styles (six in the paid versions) on the fly is worth exploring if only just to learn from it. More at DistroWatch Does Windows piracy lower the adoption of Linux on the desktop? Many people have been disappointed over the years that Linux has not gained more of a foothold on the desktop. But is Windows piracy a cause of that? A recent study notes that pirated versions of Windows may be holding Linux back on the desktop. Silviu Stahie reports for Softpedia: Some studies only reveal stuff that is way too obvious or that seems to be related to common sense. For example, this latest study titled “Software Piracy and Linux Adoption” published at the University of Oslo, by Arne Rogde Gramstad, shows that there might be a connection between software piracy and the rate of adoption for Linux systems. To account for the Windows piracy numbers, the researchers used the data from BSA ((Business Software Alliance) from 2012 and from 104 countries. Depending on the country and on the level of development, the rate of piracy varies between 40% and 90%. The conclusion of the study, which can be read in its entirety on the Social Science Research Network website, is a country’s piracy rate by 1% is expected to reduce the Linux user share by 0.5-0.65%. In other words, in a world without software piracy, the Linux adoption rate should be somewhere between 20 and 40%. More at Softpedia Did you miss a roundup? Check the Eye On Open home page to get caught up with the latest news about open source and Linux. Software DevelopmentOpen Source