PC-BSD 10.1 review
Systemd has caused some Linux users to look around for alternative operating systems. PC-BSD is one such option, and the newest version has just been released. LinuxBSDos.com has a full review of PC-BSD 10.1.
LinuxBSDos.com spent four days with PC-BSD 10.1 and notes some serious problems with the Cinnamon desktop:
PC-BSD 10.1 comes with some very cool features and very good graphical management applications. And many have been much improved since the version 9.1 edition. A PC-BSD 10.1 KDE is the only one worth using. But even then, the default settings could be better, much better. A default installation that uses the Cinnamon desktop is worse than anything that Microsoft has ever produced. And we know that Microsoft has produced some very bad stuff.
PC-BSD obviously brings a lot to the table, but what happened to the Cinnamon desktop? For now, that’s one desktop that I will not recommend that you install for normal use. For bug-hunting purposes, sure, but for anything else, try the KDE desktop. That’s what I am writing this from and I’m loving it. It just requires more time to customize than should be necessary had the default settings been better.
The dangers of the Less command for Linux users
ITworld has a disturbing report about the use of the Less command to view file contents. Malware authors are using it to go after some Linux users.
Lucian Constantin of the IDG News Service reports on the Less exploit in Linux:
Less is frequently used to view text files, but on many Linux distributions, including Ubuntu and CentOS, it supports many more file types, including archives, images and PDF. That’s because, on these systems, less is extended through a script called lesspipe that relies on different third-party tools to process files with various extensions.
For the moment, users can protect themselves by removing the LESSOPEN and LESSCLOSE environment variables if they are set on their Linux systems, Zalewski said. These variables automatically call lesspipe when less is run for files with supported extensions.
Michal Zalewski at Seclists.org also shares details about the problems with the Less command:
Many Linux distributions ship with the 'less' command automagically interfaced to 'lesspipe'-type scripts, usually invoked via LESSOPEN. This is certainly the case for CentOS and Ubuntu.
Unfortunately, many of these scripts appear to call a rather large number of third-party tools that likely have not been designed with malicious inputs in mind. On CentOS, lesspipe appears to include things such as groff + troff + grotty, man, and cpio. On Ubuntu, there's isoinfo (?!), ar from binutils, and so on. Ancient and obscure compression utilities and doc converters crop up, too.