Friday, March 25, 2011

Bodhi Linux 1.0.0 Stable Release Goes Live

After two more weeks of hacking and user feedback since our final release candidate the Bodhi Team and I are proud to announce the availability of the first ever Bodhi Linux Stable release (1.0.0). This release includes a couple minor bug fixes and a few final touches polish wise. For a full change log see here. The first thing you will notice when starting the newest Bodhi disc is that our plymouth (boot splash) has a sleek new look:



In addition to the standard plymouth being reworked - a text based plymouth is now installed by default so older/virtual systems no longer display the harmless "missing library" message that had looked tacky in the previous versions.

After booting the live CD you will be greeted by the same profile and then theme selections that you where provided with previously. There is one change to the profiles however, the "Desktop" profile is now laid out in a manner that will make those coming from KDE/Linux Mint's Gnome feel at home:


Regarding the default application selection there has been a single change from what is found on the 0.1.7 release. The nautilus elementary file browser has been removed in favor of the latest version of the light weight and feature rich PCManFM file browser.

You will also notice two changes in the main menu. First there is now a Bodhi entry for quickly accessing our Quick Start Guide, Software Page, and Art website:


Second, all your system configuration tools are no longer buried like they where in previous version - they are under applications with the rest of your programs:


Current Bodhi users do not need to reinstall for these changes to take effect. Simply apt-get update && apt-get upgrade as root on your Bodhi system (or use synaptic) and you will pull down an relevant updates. New users can download the ISO via direct download from here.

This is our first ever "stable" release and we want feedback on it now more than ever! If you know of anywhere that does reviews of Linux distributions be sure to let them know about Bodhi - the more people that are using the distro the better it will become.

For those wondering about our version numbering scheme. The first number represents a major release, the center number represents a kernel update, and the third number presents a minor package update release. Bodhi 1.0.0 should be our final release until we have the 2.6.38 kernel ready to go - so expect a Bodhi 1.1.0 disc some time towards the end of May. Our major release cycle is set to go from Ubuntu LTS to LTS, so a Bodhi 2.y.z should not be expected any time before the end of the summer of 2012.

Finally, a big thank you to the entire Bodhi team and our every growing community that made this release possible!

Cheers,
~Jeff Hoogland

36 comments:

  1. congrats jeff & team (&community) !

    finally an "official" small-wonder of an o.s. for customizers and the "e-fans" !

    BTW the package management is potentially the best , since most popular packages are available for off-line installation , which is really good , since they are needed to be downloaded just once and used any no. of times. Great contribution from bodhi linux to FOSS , linux and the users with really slow internet ( and helpful friends with good internet ).

    Also , the .bod packages should also work with any ubuntu lucid spin and/or derivative too.( could some one verify please ?)

    keep up the good work , and may 'bodh-e linux' flourish :=)

    warm regards
    -siriuslee(seriously)

    ReplyDelete
  2. Thank you very much!!! and congratulations...

    Greetings:
    Agust

    ReplyDelete
  3. Congrats Jeff. Lots of luck with your distro. :D

    ReplyDelete
  4. Congratulations! I hope to get my grubby paws on this one soon :D.
    --
    a Linux Mint user since 2009 May 1

    ReplyDelete
  5. Please do not go around and 'encourage' more reviews. We've all heard about Bodhi ad nauseum now and read more about it in such a short space of time than for anything else. Personally I will start ignoring Bodhi reviews now, it's too much.
    Still wish you success though, but I don't think you should bombard everybody with it.
    That sort of thing always backfires.

    Cheers-

    ReplyDelete
  6. Great news Jeff, I know everyone put tons of time and energy into this. Your schedule must tight with school and all. I was surprised when you answered me on the irc. That alone shows dedication (I had the yellow Youtube problem). I promote this to many of the retiries here in F.l. that have still not leaned their XP. they are amazed. lol thnax again.

    ReplyDelete
  7. Yes I agree with Anonymous, no need of any "new reviews", as whoever who reviews, is biased from the beginning! The guys, who'd be using will give you enough feedback.

    Wish you luck, Jeff!

    Ariya

    ReplyDelete
  8. Whoah - I just realized that you don't sign your packages. You need to correct that, your distro is vulnerable to man in the middle attacks until you do. I saw your post in your forum about how you don't think it adds to security, unfortunately you are wrong there.

    A replica of your repository could be used with a trivial DNS cache poisoning attack to pwn anyone downstream of the exploit running Bodhi. If your packages and repository was signed, the packages would be rejected by the package manager where with your configuration they would be accepted as if nothing was awry.

    ReplyDelete
  9. So wait - someone would have to clone my repository and then build packages matching the exact same size and name of my current packages, but place vicious code in them?

    ReplyDelete
  10. rsync, insert new package, reprepro, poison, serve an update, pwned. If you don't understand how it isn't very difficult, you should read up on the subject.

    ReplyDelete
  11. And how does the poison get into the Bodhi repository?...

    ReplyDelete
  12. Ugh. It doesn't have to get "into" the bodhi repository! It just has to make people (few or many) downstream from the exploit and downstream from your repo believe that they are pulling from the real repo. That is the definition of a man in the middle attack.

    Sounds like you have some googling to do.

    ReplyDelete
  13. Got some suggested reading? Not finding anything very solid here. An attack such as this doesn't require any security issues on my server's end?

    If this is so easy to do why doesn't it happen to http/public ftp downloads all the time?

    ReplyDelete
  14. ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf

    Section 3.1.1 mentions the attack I talked about specifically, however the entire document should be read and understood if you wish to be in the business of package management.

    ReplyDelete
  15. Nobody is going to make Bodhi specific malware, it is pure paranoia.

    ReplyDelete
  16. Ok then Nathan, pretend it won't happen.

    Microsoft used to do that and look what happened to them for disregarding the importance of security.

    ReplyDelete
  17. Stirring the pot again ".....pretend it won't happen.

    Microsoft used to do that and look what happened to them for disregarding the importance of security."

    Nice thing about Linux... It ain't Microsoft built.

    ReplyDelete
  18. @Jeff I have to agree with the Anonymous poster, package signing is a real must (it is the reason I won't use Arch) and man in the middle attacks can and do happen. Some info that might prove useful. http://it.toolbox.com/wiki/index.php/Man-in-the-Middle_Attack

    Congrats on your release though.

    ReplyDelete
  19. congrats bodhi linux team.. :) ..m waiting 4 dis release!!

    ReplyDelete
  20. I love this! Thanx TOO much.....

    ReplyDelete
  21. Distrowatch did have an article on the dangers of unsigned repos, but like anything else connected to the net, it depends on how paranoid you want to get. I`ve just installed the new release and it`s a beautiful, professional and slick piece of work. Good work, Jeff!

    ReplyDelete
  22. sure..criminals and secret services go after the real thing and start hacking your mini-distros. There must be something hidden.. ;D

    Please don't go after these
    never-satisfied-i-want-more-people.
    It ends up with bodhi beeing as big and slow like other ubuntus. I just had a try on a natty alpha and it doesn't even boot.
    Bodhis basic ideal should be respected

    ReplyDelete
  23. Congrats Jeff and the entire Bodhi team!!!!
    I am downloading the stable version as I type this and look forward to installing and finally checking what sounds like a great distro out.

    All the best

    Ian

    ichase BATL

    ReplyDelete
  24. About the repos. Isn't it easy enough to find the signatures and use them in the Man in the Middle attack anyway? It's like locking your doors but keeping the keys in them.

    ReplyDelete
  25. You need to read up on public key cryptography. You only ever give out the public key used to decrypt; the private key used to encrypt is completely different and never given out. As the encryption and decryption keys are different, then no, it is not the same as your door analogy.

    ReplyDelete
  26. I see. I didn't realise there were two keys.

    ReplyDelete
  27. I have been waiting for the first stable release for installation on three of my vintage rigs. The moment has arrived!

    Could anyone tell me if Enlightenment is as fast and stable as lxde, the desktop environment of my current PCLinuxOS?

    ReplyDelete
  28. E is just as fast (if not more so) than LXDE. In terms of stability, E is just as solid as any other modern Linux desktop.

    ReplyDelete
  29. Man in the middle attacks rarely happen now adays, so worrying about package signing is just overkill anyway

    ReplyDelete
  30. I'm gonna try it because..

    1) I like the strip down...what I want and has hardly ever been delivered

    2)Because I wanna!

    Need more reviews...have to have one on number one and none are on distrowatch yet...my two cents...)

    ReplyDelete
  31. You might want to check the front page of the Bodhi website. It say that 1.0.0 was released in 2010 not 2011.

    ReplyDelete
  32. HA! Thanks anon! Fixing that now.

    ReplyDelete
  33. Can't test it on my laptop. tried every boot option but resolution way out of spec. I run Ubuntu and it works fine. how to change? BTW, it's a HP laptop

    ReplyDelete
  34. After repeatedly attempting to get other linux distros to work with my Atheros AR9285 wireless card, I am ecstatic about Bodhi working, out of the box, for my system. Thanks to Bodhi, I am, now, new to linux...and I love it! Please, keep up the simplistic intuitiveness, it is blissful. As to the middle man attacks, I trust that the Bodhi team will address this matter, before it becomes a problem, especially, since the distro is so new (I imagine it takes time to compile attack code) and the community support forum is so competent and responsive. My flag is in the ground. I am not leaving. I am at home with Bodhi and, just, love it!

    ReplyDelete
  35. Hello!

    When could we expect 64 bit version of Bodhi Linux?
    Dan

    ReplyDelete
  36. There isn't a time line set for 64bit. Bodhi Linux is aimed at desktop users and tablet computers currently so our focus is on 32bit and ARM architectures. So while 64bit will happen eventually it is not high priority as it is mainly servers and workstations that gain a benefit from 64bit

    ReplyDelete