[sf-lug] Meeting of November 7, 2021 and some updated iso files.

Rick Moen rick at linuxmafia.com
Mon Oct 25 15:46:00 PDT 2021

Quoting Bobbie Sellers (bliss-sf4ever at dslextreme.com):

> /Redo Rescue is one for which I have found no checksums.  Too bad as it//
> //sounds like a potentially useful live utility distribution./

SourceForge.net, these days, tries to direct your attention away from
the files displays and pushes you towards direct download of the latest
ISO _only_, but a few seconds of poking around can re-find the files
listing, in this case

(There ya go!)

Disappointingly, the ISOs and their SHA256SUMs are not _signed_, so you
have only the word of BizX, LLC d/b/a Slashdot Media that their their
security is studly and that the ISO isn't a trojaned third-party fake
that will hax0r your network, steal your lunch, leave the toilet seat
up, and open a subspace channel to V'ger.

You should be extremely wary of unsigned ISOs, and meanwhile should
disclose to anyone you give ISOs to that you have done nothing to verify
their authenticity, only that you downloaded them intact, fake or not.
(Vetting checksums does _nothing_ about the authentication problem,
since a trojaned fake will be accompanied by a matching fake checksums
file.  And I've explained all this to you before.)

> Recently we have had notable updates but some are difficult to find
> checksums for then i discover that the downloaded file does not match
> the given checksums.

If your download doesn't match the provided checksum, then there are
three possible explanations:

1.  The download was corrupted.
2.  The distro maintainer posted incorrect checksums.
3.  You're doing checksum verification wrong.

No matter which of those three applies, you should IMO distrust the
download completely.

> /4MLinux 37.1 took me about half an hour to locate the checksums and then//
> //the download failed the checksum.

Maybe you should use 'wget -c' rather than clicking in a Web browser,
Bobbie.  I mean, seriously, you've been doing this for decades, and I'll 
wager good money you still aren't using a reasonable and reliable
download tool.

BTW, 38.0 is out.  

Also, I find no such thing as a version 37.1 ISO in public availability,
despite what their blog says about a 37.1 point release.  However, it's
possible that installing 37.0 and then upgrading gets you to 37.1.

> Searching for the checksums I found//
> //a lot of negative comments about its performance.//

The complainers I saw were trying to run it version with X11 on machines
with ludicrously low amounts of RAM, or complaining (in 2021) about lack
of an IA32 version.  Really, the system minimum of 128MB RAM (for liveCD
opertion, even!) should not have been an obstacle for a long time.

> //Sooner or later 4M version 38 will be out and maybe it will be usable.//
> /

I don't believe the complaints, actually.  Suspect they aren't even
reading the FAQ (https://4mlinux.com/faq.txt).

More information about the sf-lug mailing list