SuSE 8.2 approaches computing Nirvana
Thanks in part to KDE 3.1
Review There's a lot to like in SuSE's latest edition, 8.2, and little to complain about. There are security enhancements and graphics tweaks partly due to KDE 3.1, and major administration bonuses in YaST-2. It's clear that SuSE has worked hard to accommodate the corporate desktop market as well as the home user since edition 8.1, which we did not recommend. It appears the company is serious about tempting a mixed-species shop of Linux servers and Windows desktops to harmonize in favor of Linux and thus save considerably on administration costs. Microsoft should worry about the strides SuSE is making in this area.
Installation was an absolute breeze and hardly worth mentioning. I loaded it on three machines, a home-built P4 system, an OEM Dell P3 box and a Presario Celeron laptop. There were no unpleasant surprises; hardware detection was flawless and nearly everything I installed worked. YaST has an automatic dependency checker which seems to have been tweaked a bit since 8.1 when it first appeared. One gets a list of dependencies and suggestions for resolving them, such as what else to install, or what to delete, and of course you can ignore it if a package or library you need isn't available in the distro but needs to be scooped up off the Net later. YaST will track RPM packages installed subsequently, even ones not included in the distro, and report dependencies on those as well, which is quite handy.
For the professional admin, YaST now offers complete cruise-control for patches and updates. An entire company's worth of desktops can be updated during off-hours almost as soon as the new packages are available. On-line updating can now be set up as a cron job to reach out to the server of your choice at the time of your choosing, check for available updates and download and install them without user interaction. The machines can be set to search any of the public repositories, or, more sensibly, the admin can first download, verify and test the packages, and then push them out to an internal company network where the desktop machines would be configured to look for new goodies and security patches periodically.
When you see how easy this is to configure, and how far the KDE desktop has progressed, it becomes virtually impossible for an IT department running on Linux servers to justify keeping all those MCSEs jogging about, therapeutically re-booting the Windows desktops on a daily basis. (SuSE also has an Office Desktop product for those inclined to harmonize, which includes CodeWeavers' Crossover Office, enabling companies to keep using their MS Office products, templates, macros, etc. An enterprise version of the Office Desktop is due out in June with additional enhancements in networking support.)
On the security end, in addition to the usual SuSE Firewall-2 packet filter and YaST security-settings interface, both of which are quite good and very easy to configure, 8.2 also includes a kernel module called secumod which will tighten file and directory permissions, creation of (and follow permissions for) symlinks and hard links, set trusted paths for users, hide processes, restrict access to devices, and so on. Previously, only the module source was packaged, making it a bit tricky for novice users to deal with. It can be loaded via a boot script, but it's important to get familiar with the various options and their effects before settling on a standard configuration. Overdoing the paranoia can leave one with a system that's virtually un-hackable, but also virtually un-usable.
SuSE 8.2 comes with the usual overwhelming plethora of applications, games, office suites, utilities, development tools and clients, so package selection can be daunting. Chances are the packages you want are there, just difficult to locate in the crowd, but a search feature in the YaST package selection interface simplifies things nicely if you already know what you want. If you don't know beforehand, then plan on spending a couple of hours or more hunting down everything you need. On the plus side, package descriptions and technical info have been expanded considerably in the latest versions of YaST-2. One can, of course, opt out of the whole affair by choosing one of several default packages.
The personal distro includes the 2.4.20 kernel, GCC 3.3/glibc-2.3.2, XFree86 4.3, KDE 3.1 (about which more below), GNOME 2.2, Java 1.4.1 and OpenOffice 1.0.2 for a cool $45.00; the Pro edition includes that plus Ximian Evolution and Apache 2.0.44 plus a vast selection of utilities and applications, all for the irresistible price of $80.00.
Kde 3.1 is almost worth the price of admission on its own; there are a number of tweaks and even a few security improvements. It's now possible, when starting KDE, to partly pre-load Konqueror, OpenOffice and other apps for quick launching. The font-installer interface in KDE Control Center has been simplified, and both anti-aliasing and pixel hinting are fully functional now with no need to tweak FreeType.
There is improved support for nVidia cards so that it's now possible to get 3D acceleration and 24-bit color in virtually all screen resolutions. SuSE is not distributing the 3D nVidia drivers for Linux (just a 2D 'dummy' driver), but these can be downloaded free at the nVidia Web site. Interestingly, SuSE recommends running the nVidia installer, while nVidia recommends using their SuSE-specific RPM instead (reminiscent of the old tire-inflation conundrum where the car maker recommends one pressure range and the tire maker another). I opted for the RPM because nVidia warns of dire consequences with SaX2 configuration otherwise. There were no unpleasant surprises.
Multimedia support is now superb with KMPlayer, a KDE front-end to MPlayer which handles virtually every video format so long as one installs all the codecs which are available at the MPlayer Web site. There's MainActor for video editing, Audacity 1.1 for sound editing with MP3 and Ogg Vorbis, and pretty much every open-source rip/burn utility, mixer and media player in existence.
Security is also improved. Whenever a user logs in for the first time, KDE prompts them to set up GnuPG with a very simple GUI front-end that any novice can use with ease. It handles everything from key generation to signing and importing, and includes a tray applet that makes it a snap to encrypt the contents of the clipboard. Importing keys and sigs to KMail also could not be easier. There is also a new, permissions-based scheme enabling admins to restrict user access to numerous functions and so prevent them causing mischief (KDE says this will get a handy GUI front-end in version 3.2).
KMail now supports S/MIME and PGP/MIME, and as usual defaults to turning off HTML rendering. Perhaps in hopes of discouraging novice users from enabling it, each HTML message begins with a boxed alert thus: "Note: This is an HTML message. For security reasons, only the raw HTML code is shown. If you trust the sender of this message then you can activate formatted HTML display for this message by clicking here." It's a good idea but it needs a toggle so it can be shut off. One tires of reading it fifty or sixty times a day.
Some months ago we concluded that SuSE 8.1 had not evolved sufficiently beyond 8.0 to recommend it, but in the case of 8.2 there are more than enough new goodies to keep users happy with their systems for quite some time. ®
Sponsored: Becoming a Pragmatic Security Leader