Thursday, August 06, 2015

Is it DEF CON 23 already?

Welcome, and congratulations on your interest in Pentoo Linux!  DEF CON 23 starts thursday, and the Wireless Village and Wireless Capture the Flag starts on friday.  I would have more to say, but honestly there is a lot to do still to prepare.  To keep it brief, we have all the usual updates, and this release should be pretty excellent for the WCTF competition.

See you all at DEF CON!

-Zero_Chaos on behalf of the Pentoo Linux team

Monday, January 05, 2015

Xmas, New Year, Pentoo Release, Shmoocon 11

Well, it's that fabulous time of year again.  The time where we all have a few days in a row off work so we can concentrate on the things we really care about, like spending time with family.  But after about an hour we all get pretty tired of that and get to work on Pentoo :-)

This year, the holiday has been pretty good to us over here at Pentoo and we have a late New Years gift to all our fans, Pentoo 2015 RC3.7.  You can get it at the usual place:

This RC is the followup to the fixes and improvements in RC3.6 from BsidesDE, plus some other exciting stuff.  First of all, the boot menu has a new "verify" option which will confirm that the iso files have not been corrupted by unetbootin or a bad thumb drive.  I know checking md5sums yourself is annoying, plus it's impossible to verify after you install to a thumb drive, so now you can do it quickly on boot, automatically!  The side effect to this is that we find that things like unetbootin sometimes make unexpected changes, and you may need to use the second (no verify) boot option to actually run Pentoo.  Please report issues to the issue tracker so we can find out what is changing files, and why, I'd really like to find out why sometimes unetbootin works flawlessly, and sometimes it doesn't.

Additionally, the initramfs has been enhanced with the ability to use unetbootin's "Space used to preserve files across reboots" feature which is labeled "ubuntu only".  Well, I guess that should say "Ubuntu and Pentoo" only.  Not like changes saving is a new feature, but now you can use the changes saving from unetbootin as well.

Last update to the boot code was an update to syslinux 5 from syslinux 4.  It seems most linux distros have updated to syslinux 5 now, so this keeps unetbootin working on those distros (because unetbootin reinstalls its version of the bootloader).  Unfortunately, this means if you have a unetbootin version which still uses syslinux4 (windows seems to have this issue) you can't make a Pentoo usb stick with unetbootin.  Fortunately, you can actually boot Pentoo in a vm and make a usb stick with unetbootin from there, proof that Pentoo is the solution to all of your problems ;-)

In addition to all the boot loader changes and the standard updates, we have switched metasploit live to using ruby 2.1.  This change was not only important because ruby 1.9 support is ending soon, but because it was a near 600% increase in speed.  Remember waiting 30+ seconds for msfconsole to load?  Well, those days are gone.

We hope you enjoy using Pentoo as much as we do.  Happy Holidays, and good luck in the Wireless CTF at Shmoocon!

-Zero_Chaos on behalf of the Pentoo Team and their supportive families who let them hack for the holidays

Issue Tracker:


Saturday, January 18, 2014

Shmoocon 10 and other things which occupy our time.

So a lot of things have been taking our time.  On September 10th my wife and I had our first child, but not to be out done in December Anton welcomed twins.  Despite the significant distractions, we have still been hard at work.

Although the 32 bit builds are broken, again, since it's Shmoocon 10 I'm making a quick little update release anyway.  If you are here competing in the Wireless CTF you already have access, but if you aren't, go on over to our download page and fetch the latest goodness and enjoy the hardened and default builds for 64 bit.

Now I need to get back to fixing the wifi for all these damn attendees.  Have fun all ;-)

-Zero_Chaos and the Pentoo Linux team

Wednesday, April 24, 2013

Pentoo Status Update

Normally I try really hard to avoid posting anything personal on the official blog.  Most of the users simply don't care what I and the rest of the development team had for breakfast (I had Naked Double Berry juice), however, once in a blue moon something entertaining enough happens that it is worth sharing. Today is the birthday of the majority of the active developers. No, it's not Pentoo's birthday, that would be Jun 22nd, no, today is both my birthday and Anton's.  Lots of things draw open source groups together, common interests and goals, desire to learn and help others, and apparently shared birthdays.  Truely the birthday paradox ( has been working overtime on this one, with only 3 active developers the odds of colliding birthdays is a bit astronomical.

Okay, I've blabbed about useless things for long enough, I bet you are all wondering wtf we are doing over here (too much cake, not enough code).  Despite Anton and I celebrating getting one year older, we have actually done a lot of work.  Some bugs have popped up in opencl and cuda which we are currently working out, however, for the most part, things are humming along very smoothly.  I expect RC2 to come out in May with updated cuda/opencl support and we are pushing hard on new features for the installer as well.

Stay tuned everyone, we are always working, even today while celebrating with cake ;-)

Zero_Chaos and the Pentoo Linux Team

PS> For once I'm not disabling comments so feel free to leave some personal notes, just keep bugs on the bug tracker where they belong please:

Saturday, March 09, 2013

Codename: Backtrack 6; Pentoo 2013.0 RC1.1 Release

NOT.  I just couldn't help myself.  By now I'm sure all of you have heard, BackTrack has been renamed to Kali and they are keeping everything tightly underwraps until their release sometime, no one will say when.  A lot of fuss has been going on that the Kali release is going to be March 9th (today), but since the Offensive Security guys swear that isn't true, I figured I'd give you all a treat to pass the many weeks of waiting for a functional Kali release.

Behold, Pentoo 2013.0 RC1.1 !

Jam packed with 3.7.5 kernel (pax hardened for 64 bit users) and built with a fully hardened toolchain (did someone say wireshark exploit?).  Time may have been passing, but we here at Pentoo have been anything but idle (you can check the svn history).  As usual, we have the latest tools and toys for all the good little pen-testers.  I simply couldn't list them all if I tried, so I'm not going to try.  Everything has its usual amount of spit and polish on it, except the layers seem to be building up.  This release comes with a shiny new installer with 200% more works!  Automatic and manual modes for normal partitioning and booting now work properly, and the installer is very fast (you know, as fast as we can copy all that data to your hard drive).

I could probably keep running my mouth but I know what you all want, the download link.  This time we are going to use the official download site at .  You may notice a few exciting things related to this.  First and foremost, torrents are back.  I am now auto-generating a torrent file for every release and registering it with a tracker (kindly provided by Bitweasil of Cryptohaze fame) so you can all stop crying about downloading from the webserver I host on my 3g cell phone.  For those of you who cannot use a torrent, the normal download is still available, plus some brand new (and old) mirrors are being activated for use.  Syncing is going on as we speak (and our mirror over at Inerail is already seeding the torrent) and once mirrors are ready to go I'll add them to the download page and they will be available for future releases as well.

We have some really big plans for you all in the near future, so download Pentoo, hack all the things, report all the bugs, and together we are going to have an awesome 2013.  Thanks for your support, and have fun.

Just in case you actually read all that, here is the download link again as a reward for making it through.

UPDATE: The main webserver is occasionally  unable to handle the load but our friends at Switch and Inerail have their mirrors up and running hosting the isos and the torrent files, get it while it's hot!

Be sure to get the 2013.0 RC1.1 seems everyone else is.

Zero_Chaos and the Pentoo Linux Team

Friday, November 09, 2012

Pentoo Beta3 Release...mostly

Today during my presentation at BesidesDE we are releasing the 64 bit version of Beta3.  I couldn't be happier with this release, but today is a little bittersweet for me. As one giant ball of awesome, the Pentoo Linux team really isn't accustomed to failure, but every single 32 bit build I've done has resulted in complete failure.

Issues have ranged from horrifying and unexplained build failures, to building perfectly but being completely unbootable, through booting at 1983 speeds and every command simply returning "segfault".

That said, for those of you that don't have computers from 2003 will LOVE the updates in beta3.  The installer has been reworked so that it, ahem, works.  Additionally a number of tweaks to improve updating and system customization have been made. We have shiny new wifi drivers, shiny new video card drivers, and all your favorite password crackers updated and ready to rock out.

I've already begun picking up the pieces of my shattered 32 bit build and I promise all you people who got suckered into buying eeepcs that I have not given up.  Pentoo Linux does work fine on 32 bit (we have a number of users doing it now) but there is something wrong with the building of the iso that I will have to work out.

We at Pentoo Linux are very proud of this work, we hope that you enjoy using it as much as we did making it.

"The world belongs to those
who stand out from the rows
of wayward and misguided silent souls
History is shamed
By people laying blame
To everyone who doesn't feel the same"

Main site:


Zero_Chaos and the Pentoo Linux Team

Tuesday, November 06, 2012

Update on Beta3

As many of you know I promised a new beta, with both 32 and 64 bit versions, in time for Bsides Delaware.  For those of you not in the know, that conference starts on Friday this week.  Well, I have good news and bad news.  I've spent the last few months very busy trying to kick out some special things to improve beta2 enough to call it beta3.

The first thing I realized that to accomplish anything worth doing, I was going to have to compile on something a little faster than my i5 laptop.  So, I spoke to a few friends about options, and finally settled on a a set of specs that DigitalPsyko wrote up for me.

After roughing out the plans for the computer I had to take a quick break and shoot down to Louisville Kentucky for Derbycon 2012.  If you have never been, it truly is the best conference ever and worth every bit of your time...and not just because they are silly enough to let me talk about whatever I want to.

This year I spoke about how the hacker community needs to get off their asses and contribute instead of just leaching, you can watch here and share with your favorite people who are always working on cool stuff and not sharing:

After Derbycon finished, I got home and spent a few $$'s to build this:

The blue led fans came with the case and have been removed for better anti-gamer styling.

So once I had a cool little build box I started getting to work, only to find the incredibly crappy OCZ Revodrive PCI-e SSD failed. I've since replaced it twice and still have no working ssd for the box. Don't buy SSDs from OCZ, Newegg won't even refund my money because OCZ is such garbage they refuse to do anything at all now. Fortunately 64GB of RAM means I can put enough things in RAM that the old hdd I'm running off of for now.  A little embarassing to build a 32 core box and drop a random crappy spare 250GB hdd in it, but at least it got me building.

It's been a few weeks now with the new box, and let's just saying being able to build this many parallel processes means not only is it way faster to build, it's also way faster to fail... and boy how does it fail quickly.  So many parallel make bugs found, and bad dependencies, I've even managed to find a few filesystem bugs.

The good news is that this morning I tested a very functional amd64 build that I was going to call beta3, the bad news is that the corresponding x86 build couldn't even boot. In a day or two hopefully I'll resolve the issue with the 32 bit build and drop beta3 on all of you.  Until then enjoy my Derbycon 2.0 talk, and wish me luck.


PS> Please don't try to comment on the blog, I really don't read it much.  We have a bug tracker and IRC where I and the rest of the team are very responsive.