Tuesday, August 02, 2016

Another DEF CON, another Pentoo Release :-) This time with a surprise

You know how every security livecd for all history has run as root by default?  Well, as we like to practice what we preach, we here at Pentoo have switched to logging in as a user by default.  So now, when you boot up, you will find yourself logged in as "pentoo" (with sudo access of course).  Even the menu has been completely designed to run sudo automatically *(not actually a new feature) for anything in /sbin or /usr/sbin so you don't get permission errors using the menu for hacking tools.

With a host of new and updated packages we hope you love this Pentoo release more than any previous release.  We take security seriously, not just in keeping our packages up to date, but with system and kernel hardening, and now our latest update to run as a user by default.

Get the new release here:

Please note, for this DEF CON special release we are only making an amd64 release.

Zero_Chaos on behalf of the Pentoo Linux Team

Wednesday, December 02, 2015

Surprise! A working iso just in time for nothing at all!

Hi all.  As you are likely aware, the team rushes out isos for every major conference (or dies trying), and often that leaves things in a somewhat imperfect state.  It's almost become a joke in recent years about if the installer will work, or binary drivers, or whatever else.

Well this time, we wanted to do something really special.  We have still been working on isos and publicly posting them, but we skipped that cute little step where we announced things without testing thoroughly.  The DEF CON 23 release was RC 3.8, and today we are announcing RC 4.6.  That is 7 (publicly uploaded) builds (and a few more that were never uploaded and tested only by me) that got tested, and we found bugs worth fixing.  What you can download today, is hopefully the most impressive iso to date.  I won't harp on how it's awesome, or why it's awesome, other than to say we tested things, made some usability improvements, and things just plain work.  Isn't that what you have always wanted out of your livecd?

I'll keep this announcement brief, but baring a major bug this will be your iso for a little while.  There are plans brewing for a fairly major improvement in the next release that is totally hush hush (unless you hang out in irc where I talk about it all the time).  I will give a hint, it is something I have wanted to do for a long time, and now I finally get to.

Enjoy the iso, and as always, please report bugs:



Zero_Chaos on behalf of the Pentoo Linux Team

Thursday, August 06, 2015

Is it DEF CON 23 already?

Welcome, and congratulations on your interest in Pentoo Linux!  DEF CON 23 starts thursday, and the Wireless Village and Wireless Capture the Flag starts on friday.  I would have more to say, but honestly there is a lot to do still to prepare.  To keep it brief, we have all the usual updates, and this release should be pretty excellent for the WCTF competition.


See you all at DEF CON!

-Zero_Chaos on behalf of the Pentoo Linux team

Monday, January 05, 2015

Xmas, New Year, Pentoo Release, Shmoocon 11

Well, it's that fabulous time of year again.  The time where we all have a few days in a row off work so we can concentrate on the things we really care about, like spending time with family.  But after about an hour we all get pretty tired of that and get to work on Pentoo :-)

This year, the holiday has been pretty good to us over here at Pentoo and we have a late New Years gift to all our fans, Pentoo 2015 RC3.7.  You can get it at the usual place: http://www.pentoo.ch/download

This RC is the followup to the fixes and improvements in RC3.6 from BsidesDE, plus some other exciting stuff.  First of all, the boot menu has a new "verify" option which will confirm that the iso files have not been corrupted by unetbootin or a bad thumb drive.  I know checking md5sums yourself is annoying, plus it's impossible to verify after you install to a thumb drive, so now you can do it quickly on boot, automatically!  The side effect to this is that we find that things like unetbootin sometimes make unexpected changes, and you may need to use the second (no verify) boot option to actually run Pentoo.  Please report issues to the issue tracker so we can find out what is changing files, and why, I'd really like to find out why sometimes unetbootin works flawlessly, and sometimes it doesn't.

Additionally, the initramfs has been enhanced with the ability to use unetbootin's "Space used to preserve files across reboots" feature which is labeled "ubuntu only".  Well, I guess that should say "Ubuntu and Pentoo" only.  Not like changes saving is a new feature, but now you can use the changes saving from unetbootin as well.

Last update to the boot code was an update to syslinux 5 from syslinux 4.  It seems most linux distros have updated to syslinux 5 now, so this keeps unetbootin working on those distros (because unetbootin reinstalls its version of the bootloader).  Unfortunately, this means if you have a unetbootin version which still uses syslinux4 (windows seems to have this issue) you can't make a Pentoo usb stick with unetbootin.  Fortunately, you can actually boot Pentoo in a vm and make a usb stick with unetbootin from there, proof that Pentoo is the solution to all of your problems ;-)

In addition to all the boot loader changes and the standard updates, we have switched metasploit live to using ruby 2.1.  This change was not only important because ruby 1.9 support is ending soon, but because it was a near 600% increase in speed.  Remember waiting 30+ seconds for msfconsole to load?  Well, those days are gone.

We hope you enjoy using Pentoo as much as we do.  Happy Holidays, and good luck in the Wireless CTF at Shmoocon!

-Zero_Chaos on behalf of the Pentoo Team and their supportive families who let them hack for the holidays

Issue Tracker: https://code.google.com/p/pentoo/issues/list

WCTF: http://wctf.us/

Saturday, January 18, 2014

Shmoocon 10 and other things which occupy our time.

So a lot of things have been taking our time.  On September 10th my wife and I had our first child, but not to be out done in December Anton welcomed twins.  Despite the significant distractions, we have still been hard at work.

Although the 32 bit builds are broken, again, since it's Shmoocon 10 I'm making a quick little update release anyway.  If you are here competing in the Wireless CTF you already have access, but if you aren't, go on over to our download page and fetch the latest goodness and enjoy the hardened and default builds for 64 bit.


Now I need to get back to fixing the wifi for all these damn attendees.  Have fun all ;-)

-Zero_Chaos and the Pentoo Linux team

Wednesday, April 24, 2013

Pentoo Status Update

Normally I try really hard to avoid posting anything personal on the official blog.  Most of the users simply don't care what I and the rest of the development team had for breakfast (I had Naked Double Berry juice), however, once in a blue moon something entertaining enough happens that it is worth sharing. Today is the birthday of the majority of the active developers. No, it's not Pentoo's birthday, that would be Jun 22nd, no, today is both my birthday and Anton's.  Lots of things draw open source groups together, common interests and goals, desire to learn and help others, and apparently shared birthdays.  Truely the birthday paradox (https://en.wikipedia.org/wiki/Birthday_problem) has been working overtime on this one, with only 3 active developers the odds of colliding birthdays is a bit astronomical.

Okay, I've blabbed about useless things for long enough, I bet you are all wondering wtf we are doing over here (too much cake, not enough code).  Despite Anton and I celebrating getting one year older, we have actually done a lot of work.  Some bugs have popped up in opencl and cuda which we are currently working out, however, for the most part, things are humming along very smoothly.  I expect RC2 to come out in May with updated cuda/opencl support and we are pushing hard on new features for the installer as well.

Stay tuned everyone, we are always working, even today while celebrating with cake ;-)

Zero_Chaos and the Pentoo Linux Team

PS> For once I'm not disabling comments so feel free to leave some personal notes, just keep bugs on the bug tracker where they belong please: https://code.google.com/p/pentoo/issues/list

Saturday, March 09, 2013

Codename: Backtrack 6; Pentoo 2013.0 RC1.1 Release

NOT.  I just couldn't help myself.  By now I'm sure all of you have heard, BackTrack has been renamed to Kali and they are keeping everything tightly underwraps until their release sometime, no one will say when.  A lot of fuss has been going on that the Kali release is going to be March 9th (today), but since the Offensive Security guys swear that isn't true, I figured I'd give you all a treat to pass the many weeks of waiting for a functional Kali release.

Behold, Pentoo 2013.0 RC1.1 !

Jam packed with 3.7.5 kernel (pax hardened for 64 bit users) and built with a fully hardened toolchain (did someone say wireshark exploit?).  Time may have been passing, but we here at Pentoo have been anything but idle (you can check the svn history).  As usual, we have the latest tools and toys for all the good little pen-testers.  I simply couldn't list them all if I tried, so I'm not going to try.  Everything has its usual amount of spit and polish on it, except the layers seem to be building up.  This release comes with a shiny new installer with 200% more works!  Automatic and manual modes for normal partitioning and booting now work properly, and the installer is very fast (you know, as fast as we can copy all that data to your hard drive).

I could probably keep running my mouth but I know what you all want, the download link.  This time we are going to use the official download site at http://www.pentoo.ch/download/ .  You may notice a few exciting things related to this.  First and foremost, torrents are back.  I am now auto-generating a torrent file for every release and registering it with a tracker (kindly provided by Bitweasil of Cryptohaze fame) so you can all stop crying about downloading from the webserver I host on my 3g cell phone.  For those of you who cannot use a torrent, the normal download is still available, plus some brand new (and old) mirrors are being activated for use.  Syncing is going on as we speak (and our mirror over at Inerail is already seeding the torrent) and once mirrors are ready to go I'll add them to the download page and they will be available for future releases as well.

We have some really big plans for you all in the near future, so download Pentoo, hack all the things, report all the bugs, and together we are going to have an awesome 2013.  Thanks for your support, and have fun.

Just in case you actually read all that, here is the download link again as a reward for making it through.

UPDATE: The main webserver is occasionally  unable to handle the load but our friends at Switch and Inerail have their mirrors up and running hosting the isos and the torrent files, get it while it's hot!



Be sure to get the 2013.0 RC1.1 release...it seems everyone else is.

Zero_Chaos and the Pentoo Linux Team