Archive

May 31, 2022

Browsing

Titan Linux is not an operating system that casual Linux users – especially new adopters – should have installed on their primary or only computer. But seasoned Linux distribution hoppers in search of a pleasant new Linux experience shouldn’t pass up the new offering.

Titan is a new distro built on the Debian stable branch. The developers first announced its arrival on April 24. This is a very early beta release, so it’s mostly bare bones. Nevertheless, it is surprisingly very stable given this stage of its development.

I looked at version 1.2 and found little things about its performance. The new distro’s two-person developer team has a growing community of testers for such new projects; Around 60 on the last count.

Usually, such small start-up teams cannot keep up with the further progress and often Linux distros fall by the wayside. But I am impressed by the achievements of this team so far.

Project leader Matthew Moore readily admits that the success or failure of the new distro will depend on user acceptance and a supportive community. One of the biggest adoption challenges facing Titan Linux is that with no ads or reviews (so far), it’s difficult to attract the risk of potential users.

Progress and updates come almost daily. So I would expect Titan to mature more quickly than it usually does with fledgling releases.

This distro is a fully functional yet minimal KDE Plasma desktop experience with an emphasis on usability and performance. It already has a wide range of hardware support out of the box.

Titan Linux takes a unique approach to the Debian experience. This eliminates the dependency on certain meta-packages to make the system a more stable overall.

something old is turning into something new

KDE is a comprehensive desktop environment that offers users a plethora of customization options. It is also a Linux staple that is popular and reliable. However, KDE may put off new users due to its complexity and quirks.

I’ve used KDE Plasma with several distros over the years. I first tried it when the old KDE desktop turned out to be a revitalized KDE Plasma upgrade. Some of its user interface (UI) issues got in my way as a daily driver.

If I see Titan moving beyond beta releases, Titan Linux with KDE might make me a happy user again. It all comes down to usability.

work in progress

Until now, developers trimmed the fat from KDE Plasma to make it less complicated without endless customization options. That’s the point of this distro.

In addition to simpler, lighter means in the long run, the Titan could attract a larger user with aging and less powerful computers. Keeping KDE as streamlined as possible while offering full hardware support from the Debian catalog are welcome performance goals.

Titan Linux offers something a little more slim than the standard Debian. But according to Moore, it’s more useful than a standard Debian Net installation.

Customization is not a bad thing. Linux thrives on having the freedom to customize, tweak, and create a desktop environment suited to individual user preferences.

Part of the simplification is an innovative Titan Toolbox – a work in progress but very promising – by head developer Cobalt Rogue. This set of system management tools will let users maintain the OS with a single click. The toolbox will include a range of software apps hardwired to the Titan’s distinctive design, rather than a one-size-fits-all Debian Linux component.

sharing insider ideas

If you want to find out how Sausage is made, check out the developer’s website for links to both Moore and Cobalt Rogue’s YouTube videos on building Titan Linux. They both provide live stream discussion of their development efforts.

It is practical to observe conversations that focus on the goals of the team. A leading man doesn’t want Titan Linux to be just another remix. Moore plans to grow its new distribution into a unique offering with meaningful features.

In a recent video, Moore explained why he decided to build Titan Linux on Debian instead of Arch, which he used to use before. This is because Debian’s longevity between stable releases is more conducive to rapid beta releases.

Debian has long release cycles – in the neighborhood of two years – so Titan’s development doesn’t break because the base components change frequently. Arch distros are very erratic with rolling releases which often break systems.

Leaner KDE Deployed

KDE is the moniker for the K desktop environment introduced in 1996. It is a reference to the organization sponsoring the development of the K desktop and the family of software that runs on its K desktop, as well as other desktops.

When the KDE community released a major upgrade from KDE 4, the developers dubbed the new desktop upgrade to KDE 5 under the name “Plasma”. That name reflected the radical redesign and functionality changes as a type of KDE rebranding.

Various Linux distros are built around the KDE project. For example, Kubuntu Linux is a version of the Ubuntu family of OSes that uses the KDE desktop. Other popular distros running the KDE desktop environment include KaiOS, Manjaro KDE, Fedora KDE Spin, MX Linux KDE, and Garuda Linux.

What makes this brand new Titan Beta OS so remarkable to me is the potential of what it offers. It can make K Desktop more productive with streamlined features and better usability.

However, offering a stripped-down version of the KDE desktop isn’t a unique idea in itself. Many other Linux developers have tried to turn KDE into a better working desktop. Some even gave it a new name.

Making a Better K Desktop, Again

Among the hundreds of Linux distributions I’ve reviewed over the years, some of the improvement efforts differ. Looking at literally hundreds of similar looking Linux distros, rebuilding KDE is rarely productive.

Few desktop environments – and Linux is both blessed and damned – can be inviting enough to meet the computing needs of all user scenarios. KDE attempts to do the same.

Consider these examples:

  • In late 2019 Feren OS switched from a Cinnamon desktop and a Linux Mint base to a KDE Plasma and Ubuntu base.
  • The KDE Neon distro – not called Plasma – is something unique. It has KDE components that have not yet been absorbed by other KDE-based distros. It is based on Ubuntu (which itself is based on Debian Linux).
  • The KaiOS Linux distro provides a UI-refreshed KDE-based computing platform. It provides better KDE experience without bloated software and cumbersome usability.
  • The Vector Linux family is a small, fast, and lightweight Slackware-based distribution that ships a customized version of KDE to be more user-friendly than other Slackware-style distros.

A glimpse of Titan’s potential

The early beta releases of the new Titan distro are like a partially loaded framework. Sectional headings and their supporting elements are enough to get a solid reading of the big picture.

The main parts are in place and working. But many vacancies are still to be filled. The OS works well with the space it has. It will work even better when more innovative parts are written in it.

This view of the Titan Linux desktop shows the two main KDE elements – access to the virtual desktop via the lower panel and the unique Activity layout accessed via a pop-out vertical left column that provides another kind of virtual computing space Is.


Widget Popup Panel Display of Screen and Panel Apps Adds a variety of services and features to the desktop layout.


Pictured in the top left is the information display of the Terminal window with the Command Line Interface (CLI). On the right is the Software Store window that provides the ability to add/remove a complete list of Debian Linux software, even in this early beta view.


Here the simplified system settings panel in Titan Linux is shown.


ground level

Beta versions of Titan Linux are releasing at a rapid pace. This development schedule heats up anticipation for the first stable release.

The KDE Plasma desktop design found in current Linux distros is not lightweight. Beta version 1.2 consumes 450MB of RAM, making this anticipated new distro much lighter. This means two things: More aging computers running Titan OS may get a revival; And newer computers may outperform the more standard KDE integration.

The Live Session ISO is upgraded several times per week as developers push the envelope to release the first stable version and beyond. The live session environment lets you try out Titan Linux beta releases without making any changes to your current OS or hard drive.

The beta version I tested is already performing surprisingly well. More features and UI changes appear with each new ISO download.

Check it out for yourself on the Titan Linux website.


suggest a review

Is there a Linux software application or distro that you would like to recommend for review? Something you love or want to know?

Email me your thoughts and I’ll consider them for future columns.

And use the Reader Comments feature below to provide your input!

Government organizations and educational institutions, in particular, are increasingly in the crosshairs of hackers as serious web vulnerabilities continue to rise upwards.

Remote code execution (RCE), cross-site scripting (XSS), and SQL injection (SQLi) are all top software offenders. All three keep rising or hovering around the same alarming numbers year after year.

RCE, often the end target of a malicious attacker, was the main cause of the IT scam in the wake of the Log4Shell exploit. This vulnerability has seen a steady increase since 2018.

Enterprise security firm Invicti last month released its Spring 2022 AppSec Indicator report, which revealed Web vulnerabilities from more than 939 of its customers worldwide. The findings come from an analysis of the Invicti AppSec platform’s largest dataset — which has more than 23 billion customer application scans and 282,000 direct-impact vulnerabilities discovered.

Research from Invicti shows that one-third of both educational institutions and government organizations experienced at least one incident of SQLi in the past year. Data from 23.6 billion security checks underscores the need for a comprehensive application security approach, with governments and education organizations still at risk of SQL injection this year.

Data shows that many common and well-understood vulnerabilities in web applications are on the rise. It also shows that the current presence of these vulnerabilities presents a serious risk to organizations in every industry.

According to Mark Rawls, President and COO of Invicty, even well-known vulnerabilities are still prevalent in web applications. To ensure that security is part of the DNA of an organization’s culture, processes and tooling, organizations must gain command of their security posture so that innovation and security work together.

“We’ve seen the most serious web vulnerabilities continue to grow, either stable or increasing in frequency, over the past four years,” Ralls told TechNewsWorld.

key takeaways

Rawls said the most surprising aspect of the research was the rapid rise in incidence of SQL injections among government and education organizations.

Particularly troubling is SQLi, which has increased frequency by five percent over the past four years. This type of web vulnerability allows malicious actors to modify or change the queries an application sends to its database. This is of particular concern to public sector organizations, which often store highly sensitive personal data and information.

RCE is the crown jewel for any cyber attacker and is the driver behind last year’s Log4Shell program. This is also an increase of five percent since 2018. XSS saw a six percent increase in frequency.

“These trends were echoed throughout the report’s findings, revealing a worrying situation for cybersecurity,” Rawls said.

Skill gap, lack of talent included

Another big surprise for researchers is the increase in the number of vulnerabilities reported from organizations that scan their assets. There can be many reasons. But the lack of software trained in cyber security is a major culprit.

“Developers, in particular, may need more education to avoid these errors. We have noticed that vulnerabilities are not being discovered during scanning, even in the early stages of development,” Rawls explained.

When developers don’t address vulnerabilities, they put their organizations at risk. He said automation and integration tools can help developers address these vulnerabilities more quickly and reduce potential costs to the organization.

Don’t Blame Web Apps Alone

Web apps aren’t getting any less secure per sec. It’s a matter of developers being tired, overworked and often not having enough experience.

Often, organizations hire developers who lack the necessary cyber security background and training. According to Rawls, with the continuing effort towards digital transformation, businesses and organizations are digitizing and developing apps for more aspects of their operations.

“In addition, the number of new web applications entering the market every day means that every additional app is a potential vulnerability,” he said. For example, if a company has ten applications, it is less likely to have one SQLi than if the company has 1,000 applications.

apply treatment

Business teams – whether developing or using software – require both the right paradigm and the right technologies. This involves prioritizing a secure design model covering all base and baking security in the pre-code processes behind the application architecture.

“Break up the silos between teams,” Rawls advised. “Particularly between security and development – ​​and make sure organization-wide norms and standards are in place and created universally.”

With regard to investing in AppSec tools to stem the rising tide of faulty software, Ralls recommends using robust tools:

  • Automate as much as possible;
  • Integrate seamlessly into existing workflows;
  • Provide analysis and reporting to show evidence of success and where more work needs to be done.

Don’t overlook the importance of accuracy. “Tools with low false-positive rates and clear, actionable guidance for developers are essential. Otherwise, you waste time, your team won’t embrace the technology, and your security posture won’t improve,” he concluded.

partially blind spot on play

Rall said critical breaches and dangerous vulnerabilities continue to expose the organizations’ blind spots. For proof, see Log4Shell’s tornado effects.

Businesses around the world scrambled to test whether they were susceptible to RCE attacks in the widely used Log4j library. Some of these risks are increasing in frequency when they should go away for good. It comes down to a disconnect between the reality of risk and the strategic mandate for innovation.

“It is not always easy to get everyone on board with security, especially when it appears that security is holding individuals back from project completion or would be too costly to set up,” Rawls said.

An increasing number of effective cyber security strategies and scanning technologies can reduce persistent threats and make it easier to bridge the gap between security and innovation.