Turnkey Linux

UPDATE: Stage 2 includes OVA/VM, OpenStack and Xen. Docker and Proxmox/LXC builds published too. Stage 3 includes 35 additional appliances; including info on 3 new v15.0 appliances, plus other notes of interest. Stage 4; the 4th and final instalment ... [More] of v15.0, includes the remaining v15.0 appliances, plus a number of bugfixed and updated v15.0 apps - 31 in total. All appliances are available in ISO, OVA/VM, OpenStack, Xen, Docker and Proxmox/LXC builds. I am overjoyed to announce stage 1 of the TurnKey v15.0 stable release is now available. Stage 1 of the TurnKey GNU/Linux v15.0 stable release is finally available for public consumption! Stage 1 includes nearly half the library (47 appliances to be precise), albeit only in ISO format so far. We are busily preparing updated Hub builds, as well as Amazon MarketPlace builds which I hope to announce very soon too. All the other build types (i.e. VM/OVA, OpenStack, Proxmox/LXC, Xen & Docker) will follow soon after. The relevant v15.0 ISOs are all available for download via the "v15.0" links on their respective appliance pages. Updated appliances for this stage include Core LAMP, WordPress, Joomla3, Drupal 7, Drupal 8 [unpublished due to security issue], and more. v15.0 changes worthy of particular note include a new Debian base OS, inclusion of PHP7, MariaDB replaces MySQL, a new Webmin theme, Reproducible Packages and Website upgrades (work in progress), as well as many other tweaks, improvements and upgrades. Read on for details. Alternatively, jump straight to the list of upgraded appliances to jump straight in! :) v15.0 Highlights Based on Debian 9/Stretch As per previous major "point zero" releases of TurnKey, v15.0 is based on the most recent release of Debian. For v15.0, that is Debian 9/Stretch (v14.x was based on Debian 8/Jessie). Most (if not all) pre-installed software should be newer versions and the Debian apt repos are filled with literally thousands of updated packages. PHP 7.0 Possibly one of the most highly anticipated and significant changes for many TurnKey users this release, will be the provision of PHP 7.0. Many users have been asking for it for a while, and it's finally here as the default TurnKey PHP version! :) It's also worth noting, that there are a few appliances which are currently incompatible with PHP7. For those few, we're leveraging Ondřej Surý's third party Debian repo. Ondřej is trusted Debian and Ubuntu developer and a member of the official Debian PHP maintainers. Appliances that utilize Ondřej's PHP packages have (or at least will have) it clearly noted on their relevant appliance page and in the appliance changelog. MySQL replaced with MariaDB Debian have dropped MySQL as the default "MySQL database", in favour of MariaDB. MariaDB is provided as a "drop in MySQL replacement". As of Debian 9/Stretch, installing the "MySQL" Debian package, will actually install MariaDB. As TurnKey is based on Debian, we've followed suit. Whilst we've not changed the name of our MySQL appliance, it should be noted, that it is in fact a MariaDB appliance! Whilst MariaDB is provided as a "drop in replacement" for MySQL, it is important to highlight, that it contains some advanced features which aren't (yet?) available in MySQL. Moving forward, if you continue to use MariaDB on TurnKey (or any other distro for that matter) you should expect no issues. OTOH, if you for some reason decide to move back to MySQL, especially if you are using any of the advanced MariaDB features, then you would be well advised to do your homework and some solid testing first. For a fairly comprehensive list covering compatibility between MariaDB and MySQL, please see this page on the MariaDB site. For features in MariaDB vs MySQL, please see this page. It's also worth noting that as well as the change to MariaDB v10.1 in TurnKey v15.0, MariaDB (and MySQL 5.6 - essentially the basis for MariaDB 10.1) have a quirk. It's a result of the updated default MySQL character encoding format to "utf8mb" ("UTF-8 Multi-Byte" as opposed to "utf8"). Whilst it's a bit of a silly and somewhat misleading name ("utf8" already uses 3 bytes to store each character), the reality is that MySQL's previous "utf8" was itself incorrect and misleading! FWIW MySQL "utf8" character encoding is only a subset of UTF-8, whereas "uft8mb" is the full UFF-8 character set! But why does this matter? The change to the full UTF-8 character set means that MySQL/MariaDB now supports the full range of International/Asian characters, as well as mathematical symbols and emoji. The "utf8" character set has been the default MySQL character encoding for many years now. Problems can occur when app developers work on the assumption that each character requires 3 bytes. MySQL tables generally define how may bytes they will require (rather than how many characters), so a change to the default encoding can cause issues when these assumptions are broken. Details of how we've worked around this in our appliances and how TurnKey users may need to address this as they migrate existing data to v15.0 is beyond the scope of this post. It's a blog post for another day, but I figured well worth noting now. New Webmin Theme When TurnKey first started packaging Webmin (about 10 years ago!), we found the default Webmin theme a little clunky. The 3rd party "StressFree" theme was more to our liking. And we've been packaging the "StressFree" theme amd setting it as default ever since. It's served us well over the years, but as it has not had any serious maintenance for quite a few years now, it was getting a little tired. A quick google lead me to new (at least to me) default Webmin theme; "Authentic". It's quite attractive IMO and very functional. So for this release we have dropped "StressFree" in favour of "Authentic". The new theme provides a responsive layout so will render well on mobile devices (one of the complaints against StressFree). It also provides a handy system resource usage dashboard. It does use a few more resources, so users of lower resource servers may find it a little slow. But we hope that most TurnKey users find the improved look and functionality outweigh any downsides. Those who prefer the lower resource usage of "StressFree", or just prefer it's simplicity will be pleased to hear that "StressFree" is still packaged and can easily be installed via apt. Please see the docs for details. We have it configured it to open by default to the TKLBAM initialization module/page. But that can be easily changed (e.g. to the system resource dashboard). Please see the docs for details of that too. Reproducible Packages For those that are unaware, in recent years, Debian has embarked on a Reproducible Builds initiative. In a nutshell, Debian aims to make all binary packages byte-for-byte reproducible. In other words, you can build the package locally from source and it should EXACTLY match the binary package (of the same version) that you can download via apt. This has massive security benefits, in that users no longer need to trust the package distribution system. Users can verify that the binary package installed on their system is built from the source code available to view on the Debian version control system. This makes Debian an unlikely target for compiler level attacks, such as XcodeGhost (a MacOS/iOS malware distribution system implemented via hacked compiler). Debian note that they do not yet have full coverage, but according to the latest stats they have made significant progress. As I write this, over 94% of the packages in (64 bit) Debian Stretch are reproducible! As security fans, we asked one of the reproducible build experts, and current Debian Project Leader, Chris Lamb to work his reproducible magic on our packages! There are still a couple of packages that haven't had the attention, but most (if not all) of the TurnKey packages installed on TurnKey servers should currently be reproducible. Please feel free to test them out yourself, and if you notice anything amiss (e.g. a package that is not reproducible), please open a new bug on our issue tracker (although perhaps have a quick read of the existing meta issue &/or search first, just in case). For further background reading on Reproducible Builds, please see reproducible-builds.org. Website upgrade (work in progress) As any seasoned TurnKey user should have noticed, the website has had a major refresh with a shiny new responsive theme. Over the last few months, we have been tidying up a few minor flaws and imperfections, but we're almost there. As part of the v15.0 release, I also plan on tidying up the appliance pages a little. Part of that will involve updating the appliance page text itself, but also some of the other components. Many noticed that for v14.2 the changelogs weren't updated. That was due to the backend update semi-automation scripts broke with the update to a newer Drupal version. The scripts have now been updated to work with the current Drupal version we use so should be fully functional again. As such, I aim to get the website changelogs back up to date for the v15.0 release [see update below]. It's also worthy of note that many/most of the screenshots are old and outdated. I hope to fix that too as the release progresses - although it may be a little slower than ideal. [update] v14.2 changelogs have (finally) been uploaded and the v15.0 changelogs for the appliances released so far are now available. Plus much more As noted in the v15.0RC release announcement, there are numerous other updates, changes and fixes that have been applied in v15.0. Some specific to individual appliances, some more general TurnKey tweaks. I had intended to provide more details of them in this blog post but it has already grown much larger than I had intended. So I'll aim to highlight and discuss some of them in the announcements of future stages of the release and/or in their own blog posts. In the meantime, I'll simply restate those previously mentioned (that I haven't already mentioned above): Use of new union filesystem (running live and in TKLDev) OverlayFS - new default in Stretch; v14.x and earlier used auFS Updates for Confconsole; Let's Encrypt module Webmin - Update to latest v1.881 (plus new default theme: 'Authentic' - as noted above) Webshell - now using Debian's package (rather than our own fork) SystemD now default init system on all builds (SysvInit was still used on some v14.x builds) Security hardening - courtesy of long time TurnKey contributor; John Carver, we have some nice hardening tweaks, including security improvements to: postfix, ssh & kernel sysctl variables/options (plus easy way to disable kernel hardening) Inclusion of fail2ban - only an MVP implementation protecting SSH, but it's a start! Please browse the Core changelog for an overview of all library wide changes for v15.0. In the meantime, if you'd like to know more about anything that I've noted or hinted above, or you notice something that I haven't even mentioned, please feel free to post below in the comments, or open a new thread in the forums. Same goes if you have any problems or difficulties. The v15.0 stage 1 appliance ISOs B2evolution CakePHP CodeIgniter Collabtive Concrete5 Core Drupal7 Drupal8 [unpublished due to security issue] e107 EspoCRM Foswiki Gallery GNUsocial Joomla3 LAMPStack LAPPStack LighttpdPHPFastCGIServer LimeSurvey Magento Mahara Mambo Mantis MediaWiki Mibew Mumble MySQL Nextcloud NginxPHPFastCGIServer Observium Omeka OpenLDAP ownCloud phpList PostgreSQL Prestashop ProcessMaker Redmine Revision-control Roundup SilverStripe SiT!SupportIncidentTracker TKLDev Trac WordPress XOOPS ZenCart Zurmo Let us know what you think As per always, we welcome user feedback; back-slapping and constructive criticism alike! So spin them up, give them a go and let us know what you think. Comment below, open a new thread in the forums, or open a new feature request or bug report on our issue tracker (requires free GitHub user account). I hope to hear from you soon! :) Blog Tags:  news development debian community appliances release stable iso [Less]

UPDATE: Stage 2 includes OVA/VM, OpenStack and Xen. Docker and Proxmox/LXC builds published too. Stage 3 includes 35 additional appliances; including info on 3 new v15.0 appliances, plus other notes of interest. All appliances so far released are ... [More] available in ISO, OVA/VM, OpenStack, Xen, Docker and Proxmox/LXC builds. More to come soon! I am overjoyed to announce stage 1 of the TurnKey v15.0 stable release is now available. Stage 1 of the TurnKey GNU/Linux v15.0 stable release is finally available for public consumption! Stage 1 includes nearly half the library (47 appliances to be precise), albeit only in ISO format so far. We are busily preparing updated Hub builds, as well as Amazon MarketPlace builds which I hope to announce very soon too. All the other build types (i.e. VM/OVA, OpenStack, Proxmox/LXC, Xen & Docker) will follow soon after. The relevant v15.0 ISOs are all available for download via the "v15.0" links on their respective appliance pages. Updated appliances for this stage include Core LAMP, WordPress, Joomla3, Drupal 7, Drupal 8 [unpublished due to security issue], and more. v15.0 changes worthy of particular note include a new Debian base OS, inclusion of PHP7, MariaDB replaces MySQL, a new Webmin theme, Reproducible Packages and Website upgrades (work in progress), as well as many other tweaks, improvements and upgrades. Read on for details. Alternatively, jump straight to the list of upgraded appliances to jump straight in! :) v15.0 Highlights Based on Debian 9/Stretch As per previous major "point zero" releases of TurnKey, v15.0 is based on the most recent release of Debian. For v15.0, that is Debian 9/Stretch (v14.x was based on Debian 8/Jessie). Most (if not all) pre-installed software should be newer versions and the Debian apt repos are filled with literally thousands of updated packages. PHP 7.0 Possibly one of the most highly anticipated and significant changes for many TurnKey users this release, will be the provision of PHP 7.0. Many users have been asking for it for a while, and it's finally here as the default TurnKey PHP version! :) It's also worth noting, that there are a few appliances which are currently incompatible with PHP7. For those few, we're leveraging Ondřej Surý's third party Debian repo. Ondřej is trusted Debian and Ubuntu developer and a member of the official Debian PHP maintainers. Appliances that utilize Ondřej's PHP packages have (or at least will have) it clearly noted on their relevant appliance page and in the appliance changelog. MySQL replaced with MariaDB Debian have dropped MySQL as the default "MySQL database", in favour of MariaDB. MariaDB is provided as a "drop in MySQL replacement". As of Debian 9/Stretch, installing the "MySQL" Debian package, will actually install MariaDB. As TurnKey is based on Debian, we've followed suit. Whilst we've not changed the name of our MySQL appliance, it should be noted, that it is in fact a MariaDB appliance! Whilst MariaDB is provided as a "drop in replacement" for MySQL, it is important to highlight, that it contains some advanced features which aren't (yet?) available in MySQL. Moving forward, if you continue to use MariaDB on TurnKey (or any other distro for that matter) you should expect no issues. OTOH, if you for some reason decide to move back to MySQL, especially if you are using any of the advanced MariaDB features, then you would be well advised to do your homework and some solid testing first. For a fairly comprehensive list covering compatibility between MariaDB and MySQL, please see this page on the MariaDB site. For features in MariaDB vs MySQL, please see this page. It's also worth noting that as well as the change to MariaDB v10.1 in TurnKey v15.0, MariaDB (and MySQL 5.6 - essentially the basis for MariaDB 10.1) have a quirk. It's a result of the updated default MySQL character encoding format to "utf8mb" ("UTF-8 Multi-Byte" as opposed to "utf8"). Whilst it's a bit of a silly and somewhat misleading name ("utf8" already uses 3 bytes to store each character), the reality is that MySQL's previous "utf8" was itself incorrect and misleading! FWIW MySQL "utf8" character encoding is only a subset of UTF-8, whereas "uft8mb" is the full UFF-8 character set! But why does this matter? The change to the full UTF-8 character set means that MySQL/MariaDB now supports the full range of International/Asian characters, as well as mathematical symbols and emoji. The "utf8" character set has been the default MySQL character encoding for many years now. Problems can occur when app developers work on the assumption that each character requires 3 bytes. MySQL tables generally define how may bytes they will require (rather than how many characters), so a change to the default encoding can cause issues when these assumptions are broken. Details of how we've worked around this in our appliances and how TurnKey users may need to address this as they migrate existing data to v15.0 is beyond the scope of this post. It's a blog post for another day, but I figured well worth noting now. New Webmin Theme When TurnKey first started packaging Webmin (about 10 years ago!), we found the default Webmin theme a little clunky. The 3rd party "StressFree" theme was more to our liking. And we've been packaging the "StressFree" theme amd setting it as default ever since. It's served us well over the years, but as it has not had any serious maintenance for quite a few years now, it was getting a little tired. A quick google lead me to new (at least to me) default Webmin theme; "Authentic". It's quite attractive IMO and very functional. So for this release we have dropped "StressFree" in favour of "Authentic". The new theme provides a responsive layout so will render well on mobile devices (one of the complaints against StressFree). It also provides a handy system resource usage dashboard. It does use a few more resources, so users of lower resource servers may find it a little slow. But we hope that most TurnKey users find the improved look and functionality outweigh any downsides. Those who prefer the lower resource usage of "StressFree", or just prefer it's simplicity will be pleased to hear that "StressFree" is still packaged and can easily be installed via apt. Please see the docs for details. We have it configured it to open by default to the TKLBAM initialization module/page. But that can be easily changed (e.g. to the system resource dashboard). Please see the docs for details of that too. Reproducible Packages For those that are unaware, in recent years, Debian has embarked on a Reproducible Builds initiative. In a nutshell, Debian aims to make all binary packages byte-for-byte reproducible. In other words, you can build the package locally from source and it should EXACTLY match the binary package (of the same version) that you can download via apt. This has massive security benefits, in that users no longer need to trust the package distribution system. Users can verify that the binary package installed on their system is built from the source code available to view on the Debian version control system. This makes Debian an unlikely target for compiler level attacks, such as XcodeGhost (a MacOS/iOS malware distribution system implemented via hacked compiler). Debian note that they do not yet have full coverage, but according to the latest stats they have made significant progress. As I write this, over 94% of the packages in (64 bit) Debian Stretch are reproducible! As security fans, we asked one of the reproducible build experts, and current Debian Project Leader, Chris Lamb to work his reproducible magic on our packages! There are still a couple of packages that haven't had the attention, but most (if not all) of the TurnKey packages installed on TurnKey servers should currently be reproducible. Please feel free to test them out yourself, and if you notice anything amiss (e.g. a package that is not reproducible), please open a new bug on our issue tracker (although perhaps have a quick read of the existing meta issue &/or search first, just in case). For further background reading on Reproducible Builds, please see reproducible-builds.org. Website upgrade (work in progress) As any seasoned TurnKey user should have noticed, the website has had a major refresh with a shiny new responsive theme. Over the last few months, we have been tidying up a few minor flaws and imperfections, but we're almost there. As part of the v15.0 release, I also plan on tidying up the appliance pages a little. Part of that will involve updating the appliance page text itself, but also some of the other components. Many noticed that for v14.2 the changelogs weren't updated. That was due to the backend update semi-automation scripts broke with the update to a newer Drupal version. The scripts have now been updated to work with the current Drupal version we use so should be fully functional again. As such, I aim to get the website changelogs back up to date for the v15.0 release [see update below]. It's also worthy of note that many/most of the screenshots are old and outdated. I hope to fix that too as the release progresses - although it may be a little slower than ideal. [update] v14.2 changelogs have (finally) been uploaded and the v15.0 changelogs for the appliances released so far are now available. Plus much more As noted in the v15.0RC release announcement, there are numerous other updates, changes and fixes that have been applied in v15.0. Some specific to individual appliances, some more general TurnKey tweaks. I had intended to provide more details of them in this blog post but it has already grown much larger than I had intended. So I'll aim to highlight and discuss some of them in the announcements of future stages of the release and/or in their own blog posts. In the meantime, I'll simply restate those previously mentioned (that I haven't already mentioned above): Use of new union filesystem (running live and in TKLDev) OverlayFS - new default in Stretch; v14.x and earlier used auFS Updates for Confconsole; Let's Encrypt module Webmin - Update to latest v1.881 (plus new default theme: 'Authentic' - as noted above) Webshell - now using Debian's package (rather than our own fork) SystemD now default init system on all builds (SysvInit was still used on some v14.x builds) Security hardening - courtesy of long time TurnKey contributor; John Carver, we have some nice hardening tweaks, including security improvements to: postfix, ssh & kernel sysctl variables/options (plus easy way to disable kernel hardening) Inclusion of fail2ban - only an MVP implementation protecting SSH, but it's a start! Please browse the Core changelog for an overview of all library wide changes for v15.0. In the meantime, if you'd like to know more about anything that I've noted or hinted above, or you notice something that I haven't even mentioned, please feel free to post below in the comments, or open a new thread in the forums. Same goes if you have any problems or difficulties. The v15.0 stage 1 appliance ISOs B2evolution CakePHP CodeIgniter Collabtive Concrete5 Core Drupal7 Drupal8 [unpublished due to security issue] e107 EspoCRM Foswiki Gallery GNUsocial Joomla3 LAMPStack LAPPStack LighttpdPHPFastCGIServer LimeSurvey Magento Mahara Mambo Mantis MediaWiki Mibew Mumble MySQL Nextcloud NginxPHPFastCGIServer Observium Omeka OpenLDAP ownCloud phpList PostgreSQL Prestashop ProcessMaker Redmine Revision-control Roundup SilverStripe SiT!SupportIncidentTracker TKLDev Trac WordPress XOOPS ZenCart Zurmo Let us know what you think As per always, we welcome user feedback; back-slapping and constructive criticism alike! So spin them up, give them a go and let us know what you think. Comment below, open a new thread in the forums, or open a new feature request or bug report on our issue tracker (requires free GitHub user account). I hope to hear from you soon! :) Blog Tags:  news development debian community appliances release stable iso [Less]

UPDATE: Stage 2 includes OVA/VM, OpenStack and Xen. Docker and Proxmox/LXC builds published too. More to come soon! I am overjoyed to announce stage 1 of the TurnKey v15.0 stable release is now available. Stage 1 of the TurnKey GNU/Linux v15.0 ... [More] stable release is finally available for public consumption! Stage 1 includes nearly half the library (47 appliances to be precise), albeit only in ISO format so far. We are busily preparing updated Hub builds, as well as Amazon MarketPlace builds which I hope to announce very soon too. All the other build types (i.e. VM/OVA, OpenStack, Proxmox/LXC, Xen & Docker) will follow soon after. The relevant v15.0 ISOs are all available for download via the "v15.0" links on their respective appliance pages. Updated appliances for this stage include Core LAMP, WordPress, Joomla3, Drupal 7, Drupal 8 [unpublished due to security issue], and more. v15.0 changes worthy of particular note include a new Debian base OS, inclusion of PHP7, MariaDB replaces MySQL, a new Webmin theme, Reproducible Packages and Website upgrades (work in progress), as well as many other tweaks, improvements and upgrades. Read on for details. Alternatively, jump straight to the list of upgraded appliances to jump straight in! :) v15.0 Highlights Based on Debian 9/Stretch As per previous major "point zero" releases of TurnKey, v15.0 is based on the most recent release of Debian. For v15.0, that is Debian 9/Stretch (v14.x was based on Debian 8/Jessie). Most (if not all) pre-installed software should be newer versions and the Debian apt repos are filled with literally thousands of updated packages. PHP 7.0 Possibly one of the most highly anticipated and significant changes for many TurnKey users this release, will be the provision of PHP 7.0. Many users have been asking for it for a while, and it's finally here as the default TurnKey PHP version! :) It's also worth noting, that there are a few appliances which are currently incompatible with PHP7. For those few, we're leveraging Ondřej Surý's third party Debian repo. Ondřej is trusted Debian and Ubuntu developer and a member of the official Debian PHP maintainers. Appliances that utilize Ondřej's PHP packages have (or at least will have) it clearly noted on their relevant appliance page and in the appliance changelog. MySQL replaced with MariaDB Debian have dropped MySQL as the default "MySQL database", in favour of MariaDB. MariaDB is provided as a "drop in MySQL replacement". As of Debian 9/Stretch, installing the "MySQL" Debian package, will actually install MariaDB. As TurnKey is based on Debian, we've followed suit. Whilst we've not changed the name of our MySQL appliance, it should be noted, that it is in fact a MariaDB appliance! Whilst MariaDB is provided as a "drop in replacement" for MySQL, it is important to highlight, that it contains some advanced features which aren't (yet?) available in MySQL. Moving forward, if you continue to use MariaDB on TurnKey (or any other distro for that matter) you should expect no issues. OTOH, if you for some reason decide to move back to MySQL, especially if you are using any of the advanced MariaDB features, then you would be well advised to do your homework and some solid testing first. For a fairly comprehensive list covering compatibility between MariaDB and MySQL, please see this page on the MariaDB site. For features in MariaDB vs MySQL, please see this page. It's also worth noting that as well as the change to MariaDB v10.1 in TurnKey v15.0, MariaDB (and MySQL 5.6 - essentially the basis for MariaDB 10.1) have a quirk. It's a result of the updated default MySQL character encoding format to "utf8mb" ("UTF-8 Multi-Byte" as opposed to "utf8"). Whilst it's a bit of a silly and somewhat misleading name ("utf8" already uses 3 bytes to store each character), the reality is that MySQL's previous "utf8" was itself incorrect and misleading! FWIW MySQL "utf8" character encoding is only a subset of UTF-8, whereas "uft8mb" is the full UFF-8 character set! But why does this matter? The change to the full UTF-8 character set means that MySQL/MariaDB now supports the full range of International/Asian characters, as well as mathematical symbols and emoji. The "utf8" character set has been the default MySQL character encoding for many years now. Problems can occur when app developers work on the assumption that each character requires 3 bytes. MySQL tables generally define how may bytes they will require (rather than how many characters), so a change to the default encoding can cause issues when these assumptions are broken. Details of how we've worked around this in our appliances and how TurnKey users may need to address this as they migrate existing data to v15.0 is beyond the scope of this post. It's a blog post for another day, but I figured well worth noting now. New Webmin Theme When TurnKey first started packaging Webmin (about 10 years ago!), we found the default Webmin theme a little clunky. The 3rd party "StressFree" theme was more to our liking. And we've been packaging the "StressFree" theme amd setting it as default ever since. It's served us well over the years, but as it has not had any serious maintenance for quite a few years now, it was getting a little tired. A quick google lead me to new (at least to me) default Webmin theme; "Authentic". It's quite attractive IMO and very functional. So for this release we have dropped "StressFree" in favour of "Authentic". The new theme provides a responsive layout so will render well on mobile devices (one of the complaints against StressFree). It also provides a handy system resource usage dashboard. It does use a few more resources, so users of lower resource servers may find it a little slow. But we hope that most TurnKey users find the improved look and functionality outweigh any downsides. Those who prefer the lower resource usage of "StressFree", or just prefer it's simplicity will be pleased to hear that "StressFree" is still packaged and can easily be installed via apt. Please see the docs for details. We have it configured it to open by default to the TKLBAM initialization module/page. But that can be easily changed (e.g. to the system resource dashboard). Please see the docs for details of that too. Reproducible Packages For those that are unaware, in recent years, Debian has embarked on a Reproducible Builds initiative. In a nutshell, Debian aims to make all binary packages byte-for-byte reproducible. In other words, you can build the package locally from source and it should EXACTLY match the binary package (of the same version) that you can download via apt. This has massive security benefits, in that users no longer need to trust the package distribution system. Users can verify that the binary package installed on their system is built from the source code available to view on the Debian version control system. This makes Debian an unlikely target for compiler level attacks, such as XcodeGhost (a MacOS/iOS malware distribution system implemented via hacked compiler). Debian note that they do not yet have full coverage, but according to the latest stats they have made significant progress. As I write this, over 94% of the packages in (64 bit) Debian Stretch are reproducible! As security fans, we asked one of the reproducible build experts, and current Debian Project Leader, Chris Lamb to work his reproducible magic on our packages! There are still a couple of packages that haven't had the attention, but most (if not all) of the TurnKey packages installed on TurnKey servers should currently be reproducible. Please feel free to test them out yourself, and if you notice anything amiss (e.g. a package that is not reproducible), please open a new bug on our issue tracker (although perhaps have a quick read of the existing meta issue &/or search first, just in case). For further background reading on Reproducible Builds, please see reproducible-builds.org. Website upgrade (work in progress) As any seasoned TurnKey user should have noticed, the website has had a major refresh with a shiny new responsive theme. Over the last few months, we have been tidying up a few minor flaws and imperfections, but we're almost there. As part of the v15.0 release, I also plan on tidying up the appliance pages a little. Part of that will involve updating the appliance page text itself, but also some of the other components. Many noticed that for v14.2 the changelogs weren't updated. That was due to the backend update semi-automation scripts broke with the update to a newer Drupal version. The scripts have now been updated to work with the current Drupal version we use so should be fully functional again. As such, I aim to get the website changelogs back up to date for the v15.0 release [see update below]. It's also worthy of note that many/most of the screenshots are old and outdated. I hope to fix that too as the release progresses - although it may be a little slower than ideal. [update] v14.2 changelogs have (finally) been uploaded and the v15.0 changelogs for the appliances released so far are now available. Plus much more As noted in the v15.0RC release announcement, there are numerous other updates, changes and fixes that have been applied in v15.0. Some specific to individual appliances, some more general TurnKey tweaks. I had intended to provide more details of them in this blog post but it has already grown much larger than I had intended. So I'll aim to highlight and discuss some of them in the announcements of future stages of the release and/or in their own blog posts. In the meantime, I'll simply restate those previously mentioned (that I haven't already mentioned above): Use of new union filesystem (running live and in TKLDev) OverlayFS - new default in Stretch; v14.x and earlier used auFS Updates for Confconsole; Let's Encrypt module Webmin - Update to latest v1.881 (plus new default theme: 'Authentic' - as noted above) Webshell - now using Debian's package (rather than our own fork) SystemD now default init system on all builds (SysvInit was still used on some v14.x builds) Security hardening - courtesy of long time TurnKey contributor; John Carver, we have some nice hardening tweaks, including security improvements to: postfix, ssh & kernel sysctl variables/options (plus easy way to disable kernel hardening) Inclusion of fail2ban - only an MVP implementation protecting SSH, but it's a start! Please browse the Core changelog for an overview of all library wide changes for v15.0. In the meantime, if you'd like to know more about anything that I've noted or hinted above, or you notice something that I haven't even mentioned, please feel free to post below in the comments, or open a new thread in the forums. Same goes if you have any problems or difficulties. The v15.0 stage 1 appliance ISOs B2evolution CakePHP CodeIgniter Collabtive Concrete5 Core Drupal7 Drupal8 [unpublished due to security issue] e107 EspoCRM Foswiki Gallery GNUsocial Joomla3 LAMPStack LAPPStack LighttpdPHPFastCGIServer LimeSurvey Magento Mahara Mambo Mantis MediaWiki Mibew Mumble MySQL Nextcloud NginxPHPFastCGIServer Observium Omeka OpenLDAP ownCloud phpList PostgreSQL Prestashop ProcessMaker Redmine Revision-control Roundup SilverStripe SiT!SupportIncidentTracker TKLDev Trac WordPress XOOPS ZenCart Zurmo Let us know what you think As per always, we welcome user feedback; back-slapping and constructive criticism alike! So spin them up, give them a go and let us know what you think. Comment below, open a new thread in the forums, or open a new feature request or bug report on our issue tracker (requires free GitHub user account). I hope to hear from you soon! :) Blog Tags:  news development debian community appliances release stable [Less]

I am overjoyed to announce stage 1 of the TurnKey v15.0 stable release is now available. Stage 1 of the TurnKey GNU/Linux v15.0 stable release is finally available for public consumption! Stage 1 includes nearly half the library (47 appliances to ... [More] be precise), albeit only in ISO format so far. We are busily preparing updated Hub builds, as well as Amazon MarketPlace builds which I hope to announce very soon too. All the other build types (i.e. VM/OVA, OpenStack, Proxmox/LXC, Xen & Docker) will follow soon after. The relevant v15.0 ISOs are all available for download via the "v15.0" links on their respective appliance pages. Updated appliances for this stage include Core LAMP, WordPress, Joomla3, Drupal 7, Drupal 8 [unpublished due to security issue], and more. v15.0 changes worthy of particular note include a new Debian base OS, inclusion of PHP7, MariaDB replaces MySQL, a new Webmin theme, Reproducible Packages and Website upgrades (work in progress), as well as many other tweaks, improvements and upgrades. Read on for details. Alternatively, jump straight to the list of upgraded appliances to jump straight in! :) v15.0 Highlights Based on Debian 9/Stretch As per previous major "point zero" releases of TurnKey, v15.0 is based on the most recent release of Debian. For v15.0, that is Debian 9/Stretch (v14.x was based on Debian 8/Jessie). Most (if not all) pre-installed software should be newer versions and the Debian apt repos are filled with literally thousands of updated packages. PHP 7.0 Possibly one of the most highly anticipated and significant changes for many TurnKey users this release, will be the provision of PHP 7.0. Many users have been asking for it for a while, and it's finally here as the default TurnKey PHP version! :) It's also worth noting, that there are a few appliances which are currently incompatible with PHP7. For those few, we're leveraging Ondřej Surý's third party Debian repo. Ondřej is trusted Debian and Ubuntu developer and a member of the official Debian PHP maintainers. Appliances that utilize Ondřej's PHP packages have (or at least will have) it clearly noted on their relevant appliance page and in the appliance changelog. MySQL replaced with MariaDB Debian have dropped MySQL as the default "MySQL database", in favour of MariaDB. MariaDB is provided as a "drop in MySQL replacement". As of Debian 9/Stretch, installing the "MySQL" Debian package, will actually install MariaDB. As TurnKey is based on Debian, we've followed suit. Whilst we've not changed the name of our MySQL appliance, it should be noted, that it is in fact a MariaDB appliance! Whilst MariaDB is provided as a "drop in replacement" for MySQL, it is important to highlight, that it contains some advanced features which aren't (yet?) available in MySQL. Moving forward, if you continue to use MariaDB on TurnKey (or any other distro for that matter) you should expect no issues. OTOH, if you for some reason decide to move back to MySQL, especially if you are using any of the advanced MariaDB features, then you would be well advised to do your homework and some solid testing first. For a fairly comprehensive list covering compatibility between MariaDB and MySQL, please see this page on the MariaDB site. For features in MariaDB vs MySQL, please see this page. It's also worth noting that as well as the change to MariaDB v10.1 in TurnKey v15.0, MariaDB (and MySQL 5.6 - essentially the basis for MariaDB 10.1) have a quirk. It's a result of the updated default MySQL character encoding format to "utf8mb" ("UTF-8 Multi-Byte" as opposed to "utf8"). Whilst it's a bit of a silly and somewhat misleading name ("utf8" already uses 3 bytes to store each character), the reality is that MySQL's previous "utf8" was itself incorrect and misleading! FWIW MySQL "utf8" character encoding is only a subset of UTF-8, whereas "uft8mb" is the full UFF-8 character set! But why does this matter? The change to the full UTF-8 character set means that MySQL/MariaDB now supports the full range of International/Asian characters, as well as mathematical symbols and emoji. The "utf8" character set has been the default MySQL character encoding for many years now. Problems can occur when app developers work on the assumption that each character requires 3 bytes. MySQL tables generally define how may bytes they will require (rather than how many characters), so a change to the default encoding can cause issues when these assumptions are broken. Details of how we've worked around this in our appliances and how TurnKey users may need to address this as they migrate existing data to v15.0 is beyond the scope of this post. It's a blog post for another day, but I figured well worth noting now. New Webmin Theme When TurnKey first started packaging Webmin (about 10 years ago!), we found the default Webmin theme a little clunky. The 3rd party "StressFree" theme was more to our liking. And we've been packaging the "StressFree" theme amd setting it as default ever since. It's served us well over the years, but as it has not had any serious maintenance for quite a few years now, it was getting a little tired. A quick google lead me to new (at least to me) default Webmin theme; "Authentic". It's quite attractive IMO and very functional. So for this release we have dropped "StressFree" in favour of "Authentic". The new theme provides a responsive layout so will render well on mobile devices (one of the complaints against StressFree). It also provides a handy system resource usage dashboard. It does use a few more resources, so users of lower resource servers may find it a little slow. But we hope that most TurnKey users find the improved look and functionality outweigh any downsides. Those who prefer the lower resource usage of "StressFree", or just prefer it's simplicity will be pleased to hear that "StressFree" is still packaged and can easily be installed via apt. Please see the docs for details. We have it configured it to open by default to the TKLBAM initialization module/page. But that can be easily changed (e.g. to the system resource dashboard). Please see the docs for details of that too. Reproducible Packages For those that are unaware, in recent years, Debian has embarked on a Reproducible Builds initiative. In a nutshell, Debian aims to make all binary packages byte-for-byte reproducible. In other words, you can build the package locally from source and it should EXACTLY match the binary package (of the same version) that you can download via apt. This has massive security benefits, in that users no longer need to trust the package distribution system. Users can verify that the binary package installed on their system is built from the source code available to view on the Debian version control system. This makes Debian an unlikely target for compiler level attacks, such as XcodeGhost (a MacOS/iOS malware distribution system implemented via hacked compiler). Debian note that they do not yet have full coverage, but according to the latest stats they have made significant progress. As I write this, over 94% of the packages in (64 bit) Debian Stretch are reproducible! As security fans, we asked one of the reproducible build experts, and current Debian Project Leader, Chris Lamb to work his reproducible magic on our packages! There are still a couple of packages that haven't had the attention, but most (if not all) of the TurnKey packages installed on TurnKey servers should currently be reproducible. Please feel free to test them out yourself, and if you notice anything amiss (e.g. a package that is not reproducible), please open a new bug on our issue tracker (although perhaps have a quick read of the existing meta issue &/or search first, just in case). For further background reading on Reproducible Builds, please see reproducible-builds.org. Website upgrade (work in progress) As any seasoned TurnKey user should have noticed, the website has had a major refresh with a shiny new responsive theme. Over the last few months, we have been tidying up a few minor flaws and imperfections, but we're almost there. As part of the v15.0 release, I also plan on tidying up the appliance pages a little. Part of that will involve updating the appliance page text itself, but also some of the other components. Many noticed that for v14.2 the changelogs weren't updated. That was due to the backend update semi-automation scripts broke with the update to a newer Drupal version. The scripts have now been updated to work with the current Drupal version we use so should be fully functional again. As such, I aim to get the website changelogs back up to date for the v15.0 release [see update below]. It's also worthy of note that many/most of the screenshots are old and outdated. I hope to fix that too as the release progresses - although it may be a little slower than ideal. [update] v14.2 changelogs have (finally) been uploaded and the v15.0 changelogs for the appliances released so far are now available. Plus much more As noted in the v15.0RC release announcement, there are numerous other updates, changes and fixes that have been applied in v15.0. Some specific to individual appliances, some more general TurnKey tweaks. I had intended to provide more details of them in this blog post but it has already grown much larger than I had intended. So I'll aim to highlight and discuss some of them in the announcements of future stages of the release and/or in their own blog posts. In the meantime, I'll simply restate those previously mentioned (that I haven't already mentioned above): Use of new union filesystem (running live and in TKLDev) OverlayFS - new default in Stretch; v14.x and earlier used auFS Updates for Confconsole; Let's Encrypt module Webmin - Update to latest v1.881 (plus new default theme: 'Authentic' - as noted above) Webshell - now using Debian's package (rather than our own fork) SystemD now default init system on all builds (SysvInit was still used on some v14.x builds) Security hardening - courtesy of long time TurnKey contributor; John Carver, we have some nice hardening tweaks, including security improvements to: postfix, ssh & kernel sysctl variables/options (plus easy way to disable kernel hardening) Inclusion of fail2ban - only an MVP implementation protecting SSH, but it's a start! Please browse the Core changelog for an overview of all library wide changes for v15.0. In the meantime, if you'd like to know more about anything that I've noted or hinted above, or you notice something that I haven't even mentioned, please feel free to post below in the comments, or open a new thread in the forums. Same goes if you have any problems or difficulties. The v15.0 stage 1 appliance ISOs B2evolution CakePHP CodeIgniter Collabtive Concrete5 Core Drupal7 Drupal8 [unpublished due to security issue] e107 EspoCRM Foswiki Gallery GNUsocial Joomla3 LAMPStack LAPPStack LighttpdPHPFastCGIServer LimeSurvey Magento Mahara Mambo Mantis MediaWiki Mibew Mumble MySQL Nextcloud NginxPHPFastCGIServer Observium Omeka OpenLDAP ownCloud phpList PostgreSQL Prestashop ProcessMaker Redmine Revision-control Roundup SilverStripe SiT!SupportIncidentTracker TKLDev Trac WordPress XOOPS ZenCart Zurmo Let us know what you think As per always, we welcome user feedback; back-slapping and constructive criticism alike! So spin them up, give them a go and let us know what you think. Comment below, open a new thread in the forums, or open a new feature request or bug report on our issue tracker (requires free GitHub user account). I hope to hear from you soon! :) Blog Tags:  news development debian community appliances release stable [Less]

I am overjoyed to announce stage 1 of the TurnKey v15.0 stable release is now available. Stage 1 of the TurnKey GNU/Linux v15.0 stable release is finally available for public consumption! Stage 1 includes nearly half the library (47 appliances to ... [More] be precise), albeit only in ISO format so far. We are busily preparing updated Hub builds, as well as Amazon MarketPlace builds which I hope to announce very soon too. All the other build types (i.e. VM/OVA, OpenStack, Proxmox/LXC, Xen & Docker) will follow soon after. The relevant v15.0 ISOs are all available for download via the "v15.0" links on their respective appliance pages. Updated appliances for this stage include Core LAMP, WordPress, Joomla3, Drupal 7, Drupal 8, and more. v15.0 changes worthy of particular note include a new Debian base OS, inclusion of PHP7, MariaDB replaces MySQL, a new Webmin theme, Reproducible Packages and Website upgrades (work in progress), as well as many other tweaks, improvements and upgrades. Read on for details. Alternatively, jump straight to the list of upgraded appliances to jump straight in! :) v15.0 Highlights Based on Debian 9/Stretch As per previous major "point zero" releases of TurnKey, v15.0 is based on the most recent release of Debian. For v15.0, that is Debian 9/Stretch (v14.x was based on Debian 8/Jessie). Most (if not all) pre-installed software should be newer versions and the Debian apt repos are filled with literally thousands of updated packages. PHP 7.0 Possibly one of the most highly anticipated and significant changes for many TurnKey users this release, will be the provision of PHP 7.0. Many users have been asking for it for a while, and it's finally here as the default TurnKey PHP version! :) It's also worth noting, that there are a few appliances which are currently incompatible with PHP7. For those few, we're leveraging Ondřej Surý's third party Debian repo. Ondřej is trusted Debian and Ubuntu developer and a member of the official Debian PHP maintainers. Appliances that utilize Ondřej's PHP packages have (or at least will have) it clearly noted on their relevant appliance page and in the appliance changelog. MySQL replaced with MariaDB Debian have dropped MySQL as the default "MySQL database", in favour of MariaDB. MariaDB is provided as a "drop in MySQL replacement". As of Debian 9/Stretch, installing the "MySQL" Debian package, will actually install MariaDB. As TurnKey is based on Debian, we've followed suit. Whilst we've not changed the name of our MySQL appliance, it should be noted, that it is in fact a MariaDB appliance! Whilst MariaDB is provided as a "drop in replacement" for MySQL, it is important to highlight, that it contains some advanced features which aren't (yet?) available in MySQL. Moving forward, if you continue to use MariaDB on TurnKey (or any other distro for that matter) you should expect no issues. OTOH, if you for some reason decide to move back to MySQL, especially if you are using any of the advanced MariaDB features, then you would be well advised to do your homework and some solid testing first. For a fairly comprehensive list covering compatibility between MariaDB and MySQL, please see this page on the MariaDB site. For features in MariaDB vs MySQL, please see this page. It's also worth noting that as well as the change to MariaDB v10.1 in TurnKey v15.0, MariaDB (and MySQL 5.6 - essentially the basis for MariaDB 10.1) have a quirk. It's a result of the updated default MySQL character encoding format to "utf8mb" ("UTF-8 Multi-Byte" as opposed to "utf8"). Whilst it's a bit of a silly and somewhat misleading name ("utf8" already uses 3 bytes to store each character), the reality is that MySQL's previous "utf8" was itself incorrect and misleading! FWIW MySQL "utf8" character encoding is only a subset of UTF-8, whereas "uft8mb" is the full UFF-8 character set! But why does this matter? The change to the full UTF-8 character set means that MySQL/MariaDB now supports the full range of International/Asian characters, as well as mathematical symbols and emoji. The "utf8" character set has been the default MySQL character encoding for many years now. Problems can occur when app developers work on the assumption that each character requires 3 bytes. MySQL tables generally define how may bytes they will require (rather than how many characters), so a change to the default encoding can cause issues when these assumptions are broken. Details of how we've worked around this in our appliances and how TurnKey users may need to address this as they migrate existing data to v15.0 is beyond the scope of this post. It's a blog post for another day, but I figured well worth noting now. New Webmin Theme When TurnKey first started packaging Webmin (about 10 years ago!), we found the default Webmin theme a little clunky. The 3rd party "StressFree" theme was more to our liking. And we've been packaging the "StressFree" theme amd setting it as default ever since. It's served us well over the years, but as it has not had any serious maintenance for quite a few years now, it was getting a little tired. A quick google lead me to new (at least to me) default Webmin theme; "Authentic". It's quite attractive IMO and very functional. So for this release we have dropped "StressFree" in favour of "Authentic". The new theme provides a responsive layout so will render well on mobile devices (one of the complaints against StressFree). It also provides a handy system resource usage dashboard. It does use a few more resources, so users of lower resource servers may find it a little slow. But we hope that most TurnKey users find the improved look and functionality outweigh any downsides. Those who prefer the lower resource usage of "StressFree", or just prefer it's simplicity will be pleased to hear that "StressFree" is still packaged and can easily be installed via apt. Please see the docs for details. We have it configured it to open by default to the TKLBAM initialization module/page. But that can be easily changed (e.g. to the system resource dashboard). Please see the docs for details of that too. Reproducible Packages For those that are unaware, in recent years, Debian has embarked on a Reproducible Builds initiative. In a nutshell, Debian aims to make all binary packages byte-for-byte reproducible. In other words, you can build the package locally from source and it should EXACTLY match the binary package (of the same version) that you can download via apt. This has massive security benefits, in that users no longer need to trust the package distribution system. Users can verify that the binary package installed on their system is built from the source code available to view on the Debian version control system. This makes Debian an unlikely target for compiler level attacks, such as XcodeGhost (a MacOS/iOS malware distribution system implemented via hacked compiler). Debian note that they do not yet have full coverage, but according to the latest stats they have made significant progress. As I write this, over 94% of the packages in (64 bit) Debian Stretch are reproducible! As security fans, we asked one of the reproducible build experts, and current Debian Project Leader, Chris Lamb to work his reproducible magic on our packages! There are still a couple of packages that haven't had the attention, but most (if not all) of the TurnKey packages installed on TurnKey servers should currently be reproducible. Please feel free to test them out yourself, and if you notice anything amiss (e.g. a package that is not reproducible), please open a new bug on our issue tracker (although perhaps have a quick read of the existing meta issue &/or search first, just in case). For further background reading on Reproducible Builds, please see reproducible-builds.org. Website upgrade (work in progress) As any seasoned TurnKey user should have noticed, the website has had a major refresh with a shiny new responsive theme. Over the last few months, we have been tidying up a few minor flaws and imperfections, but we're almost there. As part of the v15.0 release, I also plan on tidying up the appliance pages a little. Part of that will involve updating the appliance page text itself, but also some of the other components. Many noticed that for v14.2 the changelogs weren't updated. That was due to the backend update semi-automation scripts broke with the update to a newer Drupal version. The scripts have now been updated to work with the current Drupal version we use so should be fully functional again. As such, I aim to get the website changelogs back up to date for the v15.0 release [see update below]. It's also worthy of note that many/most of the screenshots are old and outdated. I hope to fix that too as the release progresses - although it may be a little slower than ideal. [update] v14.2 changelogs have (finally) been uploaded and the v15.0 changelogs for the appliances released so far are now available. Plus much more As noted in the v15.0RC release announcement, there are numerous other updates, changes and fixes that have been applied in v15.0. Some specific to individual appliances, some more general TurnKey tweaks. I had intended to provide more details of them in this blog post but it has already grown much larger than I had intended. So I'll aim to highlight and discuss some of them in the announcements of future stages of the release and/or in their own blog posts. In the meantime, I'll simply restate those previously mentioned (that I haven't already mentioned above): Use of new union filesystem (running live and in TKLDev) OverlayFS - new default in Stretch; v14.x and earlier used auFS Updates for Confconsole; Let's Encrypt module Webmin - Update to latest v1.881 (plus new default theme: 'Authentic' - as noted above) Webshell - now using Debian's package (rather than our own fork) SystemD now default init system on all builds (SysvInit was still used on some v14.x builds) Security hardening - courtesy of long time TurnKey contributor; John Carver, we have some nice hardening tweaks, including security improvements to: postfix, ssh & kernel sysctl variables/options (plus easy way to disable kernel hardening) Inclusion of fail2ban - only an MVP implementation protecting SSH, but it's a start! Please browse the Core changelog for an overview of all library wide changes for v15.0. In the meantime, if you'd like to know more about anything that I've noted or hinted above, or you notice something that I haven't even mentioned, please feel free to post below in the comments, or open a new thread in the forums. Same goes if you have any problems or difficulties. The v15.0 stage 1 appliance ISOs B2evolution CakePHP CodeIgniter Collabtive Concrete5 Core Drupal7 Drupal8 e107 EspoCRM Foswiki Gallery GNUsocial Joomla3 LAMPStack LAPPStack LighttpdPHPFastCGIServer LimeSurvey Magento Mahara Mambo Mantis MediaWiki Mibew Mumble MySQL Nextcloud NginxPHPFastCGIServer Observium Omeka OpenLDAP ownCloud phpList PostgreSQL Prestashop ProcessMaker Redmine Revision-control Roundup SilverStripe SiT!SupportIncidentTracker TKLDev Trac WordPress XOOPS ZenCart Zurmo Let us know what you think As per always, we welcome user feedback; back-slapping and constructive criticism alike! So spin them up, give them a go and let us know what you think. Comment below, open a new thread in the forums, or open a new feature request or bug report on our issue tracker (requires free GitHub user account). I hope to hear from you soon! :) Blog Tags:  news development debian community appliances release stable [Less]

I am overjoyed to announce stage 1 of the TurnKey v15.0 stable release is now available. Stage 1 of the TurnKey GNU/Linux v15.0 stable release is finally available for public consumption! Stage 1 includes nearly half the library (47 appliances to ... [More] be precise), albeit only in ISO format so far. We are busily preparing updated Hub builds, as well as Amazon MarketPlace builds which I hope to announce very soon too. All the other build types (i.e. VM/OVA, OpenStack, Proxmox/LXC, Xen & Docker) will follow soon after. The relevant v15.0 ISOs are all available for download via the "v15.0" links on their respective appliance pages. Updated appliances for this stage include Core LAMP, WordPress, Joomla3, Drupal 7, Drupal 8, and more. v15.0 changes worthy of particular note include a new Debian base OS, inclusion of PHP7, MariaDB replaces MySQL, a new Webmin theme, Reproducible Packages and Website upgrades (work in progress), as well as many other tweaks, improvements and upgrades. Read on for details. Alternatively, jump straight to the list of upgraded appliances to jump straight in! :) v15.0 Highlights Based on Debian 9/Stretch As per previous major "point zero" releases of TurnKey, v15.0 is based on the most recent release of Debian. For v15.0, that is Debian 9/Stretch (v14.x was based on Debian 8/Jessie). Most (if not all) pre-installed software should be newer versions and the Debian apt repos are filled with literally thousands of updated packages. PHP 7.0 Possibly one of the most highly anticipated and significant changes for many TurnKey users this release, will be the provision of PHP 7.0. Many users have been asking for it for a while, and it's finally here as the default TurnKey PHP version! :) It's also worth noting, that there are a few appliances which are currently incompatible with PHP7. For those few, we're leveraging Ondřej Surý's third party Debian repo. Ondřej is trusted Debian and Ubuntu developer and a member of the official Debian PHP maintainers. Appliances that utilize Ondřej's PHP packages have (or at least will have) it clearly noted on their relevant appliance page and in the appliance changelog. MySQL replaced with MariaDB Debian have dropped MySQL as the default "MySQL database", in favour of MariaDB. MariaDB is provided as a "drop in MySQL replacement". As of Debian 9/Stretch, installing the "MySQL" Debian package, will actually install MariaDB. As TurnKey is based on Debian, we've followed suit. Whilst we've not changed the name of our MySQL appliance, it should be noted, that it is in fact a MariaDB appliance! Whilst MariaDB is provided as a "drop in replacement" for MySQL, it is important to highlight, that it contains some advanced features which aren't (yet?) available in MySQL. Moving forward, if you continue to use MariaDB on TurnKey (or any other distro for that matter) you should expect no issues. OTOH, if you for some reason decide to move back to MySQL, especially if you are using any of the advanced MariaDB features, then you would be well advised to do your homework and some solid testing first. For a fairly comprehensive list covering compatibility between MariaDB and MySQL, please see this page on the MariaDB site. For features in MariaDB vs MySQL, please see this page. It's also worth noting that as well as the change to MariaDB v10.1 in TurnKey v15.0, MariaDB (and MySQL 5.6 - essentially the basis for MariaDB 10.1) have a quirk. It's a result of the updated default MySQL character encoding format to "utf8mb" ("UTF-8 Multi-Byte" as opposed to "utf8"). Whilst it's a bit of a silly and somewhat misleading name ("utf8" already uses 3 bytes to store each character), the reality is that MySQL's previous "utf8" was itself incorrect and misleading! FWIW MySQL "utf8" character encoding is only a subset of UTF-8, whereas "uft8mb" is the full UFF-8 character set! But why does this matter? The change to the full UTF-8 character set means that MySQL/MariaDB now supports the full range of International/Asian characters, as well as mathematical symbols and emoji. The "utf8" character set has been the default MySQL character encoding for many years now. Problems can occur when app developers work on the assumption that each character requires 3 bytes. MySQL tables generally define how may bytes they will require (rather than how many characters), so a change to the default encoding can cause issues when these assumptions are broken. Details of how we've worked around this in our appliances and how TurnKey users may need to address this as they migrate existing data to v15.0 is beyond the scope of this post. It's a blog post for another day, but I figured well worth noting now. New Webmin Theme When TurnKey first started packaging Webmin (about 10 years ago!), we found the default Webmin theme a little clunky. The 3rd party "StressFree" theme was more to our liking. And we've been packaging the "StressFree" theme amd setting it as default ever since. It's served us well over the years, but as it has not had any serious maintenance for quite a few years now, it was getting a little tired. A quick google lead me to new (at least to me) default Webmin theme; "Authentic". It's quite attractive IMO and very functional. So for this release we have dropped "StressFree" in favour of "Authentic". The new theme provides a responsive layout so will render well on mobile devices (one of the complaints against StressFree). It also provides a handy system resource usage dashboard. It does use a few more resources, so users of lower resource servers may find it a little slow. But we hope that most TurnKey users find the improved look and functionality outweigh any downsides. Those who prefer the lower resource usage of "StressFree", or just prefer it's simplicity will be pleased to hear that "StressFree" is still packaged and can easily be installed via apt. Please see the docs for details. We have it configured it to open by default to the TKLBAM initialization module/page. But that can be easily changed (e.g. to the system resource dashboard). Please see the docs for details of that too. Reproducible Packages For those that are unaware, in recent years, Debian has embarked on a Reproducible Builds initiative. In a nutshell, Debian aims to make all binary packages byte-for-byte reproducible. In other words, you can build the package locally from source and it should EXACTLY match the binary package (of the same version) that you can download via apt. This has massive security benefits, in that users no longer need to trust the package distribution system. Users can verify that the binary package installed on their system is built from the source code available to view on the Debian version control system. This makes Debian an unlikely target for compiler level attacks, such as XcodeGhost (a MacOS/iOS malware distribution system implemented via hacked compiler). Debian note that they do not yet have full coverage, but according to the latest stats they have made significant progress. As I write this, over 94% of the packages in (64 bit) Debian Stretch are reproducible! As security fans, we asked one of the reproducible build experts, and current Debian Project Leader, Chris Lamb to work his reproducible magic on our packages! There are still a couple of packages that haven't had the attention, but most (if not all) of the TurnKey packages installed on TurnKey servers should currently be reproducible. Please feel free to test them out yourself, and if you notice anything amiss (e.g. a package that is not reproducible), please open a new bug on our issue tracker (although perhaps have a quick read of the existing meta issue &/or search first, just in case). For further background reading on Reproducible Builds, please see reproducible-builds.org. Website upgrade (work in progress) As any seasoned TurnKey user should have noticed, the website has had a major refresh with a shiny new responsive theme. Over the last few months, we have been tidying up a few minor flaws and imperfections, but we're almost there. As part of the v15.0 release, I also plan on tidying up the appliance pages a little. Part of that will involve updating the appliance page text itself, but also some of the other components. Many noticed that for v14.2 the changelogs weren't updated. That was due to the backend update semi-automation scripts broke with the update to a newer Drupal version. The scripts have now been updated to work with the current Drupal version we use so should be fully functional again. As such, I aim to get the website changelogs back up to date for the v15.0 release. It's also worthy of note that many/most of the screenshots are old and outdated. I hope to fix that too as the release progresses - although it may be a little slower than ideal. Plus much more As noted in the v15.0RC release announcement, there are numerous other updates, changes and fixes that have been applied in v15.0. Some specific to individual appliances, some more general TurnKey tweaks. I had intended to provide more details of them in this blog post but it has already grown much larger than I had intended. So I'll aim to highlight and discuss some of them in the announcements of future stages of the release and/or in their own blog posts. In the meantime, I'll simply restate those previously mentioned (that I haven't already mentioned above): Use of new union filesystem (running live and in TKLDev) OverlayFS - new default in Stretch; v14.x and earlier used auFS Updates for Confconsole; Let's Encrypt module Webmin - Update to latest v1.881 (plus new default theme: 'Authentic' - as noted above) Webshell - now using Debian's package (rather than our own fork) SystemD now default init system on all builds (SysvInit was still used on some v14.x builds) Security hardening - courtesy of long time TurnKey contributor; John Carver, we have some nice hardening tweaks, including security improvements to: postfix, ssh & kernel sysctl variables/options (plus easy way to disable kernel hardening) Inclusion of fail2ban - only an MVP implementation protecting SSH, but it's a start! In the meantime, if you'd like to know more about anything that I've noted or hinted above, or you notice something that I haven't even mentioned, please feel free to post below in the comments, or open a new thread in the forums. Same goes if you have any problems or difficulties. The v15.0 stage 1 appliance ISOs B2evolution CakePHP CodeIgniter Collabtive Concrete5 Core Drupal7 Drupal8 e107 EspoCRM Foswiki Gallery GNUsocial Joomla3 LAMPStack LAPPStack LighttpdPHPFastCGIServer LimeSurvey Magento Mahara Mambo Mantis MediaWiki Mibew Mumble MySQL Nextcloud NginxPHPFastCGIServer Observium Omeka OpenLDAP ownCloud phpList PostgreSQL Prestashop ProcessMaker Redmine Revision-control Roundup SilverStripe SiT!SupportIncidentTracker TKLDev Trac WordPress XOOPS ZenCart Zurmo Let us know what you think As per always, we welcome user feedback; back-slapping and constructive criticism alike! So spin them up, give them a go and let us know what you think. Comment below, open a new thread in the forums, or open a new feature request or bug report on our issue tracker (requires free GitHub user account). I hope to hear from you soon! :) Blog Tags:  news development debian community appliances release stable [Less]

UPDATE: Stage 1 of v15.0 stable release is now available. It includes 47 updated appliance ISOs. Stage 2 includes OVA/VM, OpenStack and Xen. Docker and Proxmox/LXC builds published too. Stage 3 includes 35 additional appliances; including info on 3 ... [More] new v15.0 appliances, plus other notes of interest. All appliances so far released are available in ISO, OVA/VM, OpenStack, Xen, Docker and Proxmox/LXC builds. More to come soon! It is with great pleasure - and a huge sense of relief - that I announce the release of Core v15.0RC1 and TKLDev v15.0RC1! As I look back over my shoulder reflecting on the development process of v15.0, I honestly wonder where the time has gone?! With Debian Stretch out now for about 8 months, I had hoped to have this release finished long ago and perhaps even be working on v15.1. But unfortunately, wishes and hopes don't always have much to do with reality! Whilst I've more or less been in the release development driver seat since v14.0, this release has been my first full development of an TurnKey OS base transition. Alon did most of the initial development work migrating from a Wheezy base to Jessie, for Core and TKLDev v14.0RC1. It taken me a lot more effort that I had anticipated. We've now gone from Debian 8/Jessie (basis of v14.x) to 9/Stretch (basis of v15.x). As I said, it's taken much longer than I might have liked, but we're on the home stretch now (please excuse the pun). Core and TKLDev As per the v14.0RC1 release, we're providing both Core and TKLDev as release candidates. This means that you wonderful community members can not only test drive the Core appliance (the base of all other appliances), but you can also test building any of the other appliances in the library via TKLDev. There is a tutorial in the docs on how to build ISOs with TKLDev. I wrote that tutorial some time ago (for the v14.0RC1 release) but it has had a couple of minor updates and should still be relevant for v15.0. If you find any issues and can fix them, please feel free to edit it (the website docs are a wiki and all logged in users should be able to edit them). If you hit any other snags along the way and aren't sure how to resolve or workaround them, please let us know in the comments below, or start a new thread in the forums. There are still a couple of appliances that need their buildcode updated, but most are ready to go for v15.0. Usually the best way to check is have a quick peek at the changelog. If the first line looks something like this (WordPress changelog): turnkey-wordpress-15.0 (1) turnkey; urgency=low Then you should be good to go. If it still has 14.2 in the title, then it most likely hasn't been completed yet. Having said that, it may be worth checking for Pull Requests on GitHub. It might just be that I haven't yet merged a pending pull request. Download the RCs and help us test them Core (64bit / amd64 build):  252MB ISO  ( changelog ,  hash file ,  manifest ) TKLDev (64bit / amd64 build):  301MB ISO  ( changelog ,  hash file ,  manifest ) Quick overview of significant changes I'll do a full outline of the changes when we do the final stable release of v15.0, but here's a bit or an overview: Rebase on Debian Stretch Use of new union filesystem (running live and in TKLDev) OverlayFS - new default in Stretch; v14.x and earlier used auFS Updates for Confconsole; Let's Encrypt module (we also hope to backport these to the Jessie package) Webmin - Update to latest v1.881; new modern default theme: 'Authentic'. Authentic theme uses a few more resources, but looks very sexy! Webshell - now using Debian's package (rather than our own fork) SystemD now default init system on all builds (SysvInit was still used on some v14.x builds) Security - Reproducible TurnKey packages; thanks to Chris Lamb for his efforts there Security hardening - courtesy of long time TurnKey contributor; John Carver, we have some nice hardening tweaks, including security improvements to: postfix, ssh & kernel sysctl variables/options (plus easy way to disable kernel hardening) Inclusion of fail2ban - only an MVP implementation protecting SSH, but it's a start! There is still other stuff on the wishlist that we'd love to include, but at this late stage, we're going to be pushing v15.0 out the door ASAP. It's ready for prime time and the other items will have to wait. Thanks tons for all the work contributed so far. Special mention to long term contributors John Carver and Ken Robinson, plus newer TurnKey team members Chris Lamb, Vlad Kuzmenko and Zhenya Hvorostian, plus the not-so-new Stefan. Big thanks to Alon for all his support, encouragement, patience and understanding. Thanks too to MPTMG for all the new appliances (hopefully we'll add some more real soon!) and Mitchell Urgero for his ideas and CI scripts (which I plan to implement once v15.0 is done). Deep apologies to anyone I should have mentioned and haven't (please email me and I'll update this post). Please help test the release candidates and give us your feedback As with previous "point-oh" releases, this is a major OS transition. As such, we need plenty of testing! We've already done a fair bit of testing in house, but the more the merrier! So hopefully you get a chance to give the RCs a test drive. We welcome all feedback, especially constructive critique. Please post below, or bugs can be reported directly to the Issue tracker (free GitHub user account required). Look forward to hearing from you! :) Blog Tags:  news development debian core community appliances release rc tkldev v15.x [Less]

UPDATE: Stage 1 of v15.0 stable release is now available. It includes 47 updated appliance ISOs. Stage 2 includes OVA/VM, OpenStack and Xen. Docker and Proxmox/LXC builds published too. Stage 3 includes 35 additional appliances; including info on 3 ... [More] new v15.0 appliances, plus other notes of interest. All appliances so far released are available in ISO, OVA/VM, OpenStack, Xen, Docker and Proxmox/LXC builds. More to come soon! It is with great pleasure - and a huge sense of relief - that I announce the release of Core v15.0RC1 and TKLDev v15.0RC1! As I look back over my shoulder reflecting on the development process of v15.0, I honestly wonder where the time has gone?! With Debian Stretch out now for about 8 months, I had hoped to have this release finished long ago and perhaps even be working on v15.1. But unfortunately, wishes and hopes don't always have much to do with reality! Whilst I've more or less been in the release development driver seat since v14.0, this release has been my first full development of an TurnKey OS base transition. Alon did most of the initial development work migrating from a Wheezy base to Jessie, for Core and TKLDev v14.0RC1. It taken me a lot more effort that I had anticipated. We've now gone from Debian 8/Jessie (basis of v14.x) to 9/Stretch (basis of v15.x). As I said, it's taken much longer than I might have liked, but we're on the home stretch now (please excuse the pun). Core and TKLDev As per the v14.0RC1 release, we're providing both Core and TKLDev as release candidates. This means that you wonderful community members can not only test drive the Core appliance (the base of all other appliances), but you can also test building any of the other appliances in the library via TKLDev. There is a tutorial in the docs on how to build ISOs with TKLDev. I wrote that tutorial some time ago (for the v14.0RC1 release) but it has had a couple of minor updates and should still be relevant for v15.0. If you find any issues and can fix them, please feel free to edit it (the website docs are a wiki and all logged in users should be able to edit them). If you hit any other snags along the way and aren't sure how to resolve or workaround them, please let us know in the comments below, or start a new thread in the forums. There are still a couple of appliances that need their buildcode updated, but most are ready to go for v15.0. Usually the best way to check is have a quick peek at the changelog. If the first line looks something like this (WordPress changelog): turnkey-wordpress-15.0 (1) turnkey; urgency=low Then you should be good to go. If it still has 14.2 in the title, then it most likely hasn't been completed yet. Having said that, it may be worth checking for Pull Requests on GitHub. It might just be that I haven't yet merged a pending pull request. Download the RCs and help us test them Core (64bit / amd64 build):  252MB ISO  ( changelog ,  hash file ,  manifest ) TKLDev (64bit / amd64 build):  301MB ISO  ( changelog ,  hash file ,  manifest ) Quick overview of significant changes I'll do a full outline of the changes when we do the final stable release of v15.0, but here's a bit or an overview: Rebase on Debian Stretch Use of new union filesystem (running live and in TKLDev) OverlayFS - new default in Stretch; v14.x and earlier used auFS Updates for Confconsole; Let's Encrypt module (we also hope to backport these to the Jessie package) Webmin - Update to latest v1.881; new modern default theme: 'Authentic'. Authentic theme uses a few more resources, but looks very sexy! Webshell - now using Debian's package (rather than our own fork) SystemD now default init system on all builds (SysvInit was still used on some v14.x builds) Security - Reproducible TurnKey packages; thanks to Chris Lamb for his efforts there Security hardening - courtesy of long time TurnKey contributor; John Carver, we have some nice hardening tweaks, including security improvements to: postfix, ssh & kernel sysctl variables/options (plus easy way to disable kernel hardening) Inclusion of fail2ban - only an MVP implementation protecting SSH, but it's a start! There is still other stuff on the wishlist that we'd love to include, but at this late stage, we're going to be pushing v15.0 out the door ASAP. It's ready for prime time and the other items will have to wait. Thanks tons for all the work contributed so far. Special mention to long term contributors John Carver and Ken Robinson, plus newer TurnKey team members Chris Lamb, Vlad Kuzmenko and Zhenya Hvorostian, plus the not-so-new Stefan. Big thanks to Alon for all his support, encouragement, patience and understanding. Thanks too to MPTMG for all the new appliances (hopefully we'll add some more real soon!) and Mitchell Urgero for his ideas and CI scripts (which I plan to implement once v15.0 is done). Deep apologies to anyone I should have mentioned and haven't (please email me and I'll update this post). Please help test the release candidates and give us your feedback As with previous "point-oh" releases, this is a major OS transition. As such, we need plenty of testing! We've already done a fair bit of testing in house, but the more the merrier! So hopefully you get a chance to give the RCs a test drive. We welcome all feedback, especially constructive critique. Please post below, or bugs can be reported directly to the Issue tracker (free GitHub user account required). Look forward to hearing from you! :) Blog Tags:  news development debian core community appliances release rc tkldev [Less]

UPDATE: Stage 1 of v15.0 stable release is now available. It includes 47 updated appliance ISOs. Stage 2 includes OVA/VM, OpenStack and Xen. Docker and Proxmox/LXC builds published too. Stage 3 includes 35 additional appliances; including info on 3 ... [More] new v15.0 appliances, plus other notes of interest. All appliances so far released are available in ISO, OVA/VM, OpenStack, Xen, Docker and Proxmox/LXC builds. More to come soon! It is with great pleasure - and a huge sense of relief - that I announce the release of Core v15.0RC1 and TKLDev v15.0RC1! As I look back over my shoulder reflecting on the development process of v15.0, I honestly wonder where the time has gone?! With Debian Stretch out now for about 8 months, I had hoped to have this release finished long ago and perhaps even be working on v15.1. But unfortunately, wishes and hopes don't always have much to do with reality! Whilst I've more or less been in the release development driver seat since v14.0, this release has been my first full development of an TurnKey OS base transition. Alon did most of the initial development work migrating from a Wheezy base to Jessie, for Core and TKLDev v14.0RC1. It taken me a lot more effort that I had anticipated. We've now gone from Debian 8/Jessie (basis of v14.x) to 9/Stretch (basis of v15.x). As I said, it's taken much longer than I might have liked, but we're on the home stretch now (please excuse the pun). Core and TKLDev As per the v14.0RC1 release, we're providing both Core and TKLDev as release candidates. This means that you wonderful community members can not only test drive the Core appliance (the base of all other appliances), but you can also test building any of the other appliances in the library via TKLDev. There is a tutorial in the docs on how to build ISOs with TKLDev. I wrote that tutorial some time ago (for the v14.0RC1 release) but it has had a couple of minor updates and should still be relevant for v15.0. If you find any issues and can fix them, please feel free to edit it (the website docs are a wiki and all logged in users should be able to edit them). If you hit any other snags along the way and aren't sure how to resolve or workaround them, please let us know in the comments below, or start a new thread in the forums. There are still a couple of appliances that need their buildcode updated, but most are ready to go for v15.0. Usually the best way to check is have a quick peek at the changelog. If the first line looks something like this (WordPress changelog): turnkey-wordpress-15.0 (1) turnkey; urgency=low Then you should be good to go. If it still has 14.2 in the title, then it most likely hasn't been completed yet. Having said that, it may be worth checking for Pull Requests on GitHub. It might just be that I haven't yet merged a pending pull request. Download the RCs and help us test them Core (64bit / amd64 build):  252MB ISO  ( changelog ,  hash file ,  manifest ) TKLDev (64bit / amd64 build):  301MB ISO  ( changelog ,  hash file ,  manifest ) Quick overview of significant changes I'll do a full outline of the changes when we do the final stable release of v15.0, but here's a bit or an overview: Rebase on Debian Stretch Use of new union filesystem (running live and in TKLDev) OverlayFS - new default in Stretch; v14.x and earlier used auFS Updates for Confconsole; Let's Encrypt module (we also hope to backport these to the Jessie package) Webmin - Update to latest v1.881; new modern default theme: 'Authentic'. Authentic theme uses a few more resources, but looks very sexy! Webshell - now using Debian's package (rather than our own fork) SystemD now default init system on all builds (SysvInit was still used on some v14.x builds) Security - Reproducible TurnKey packages; thanks to Chris Lamb for his efforts there Security hardening - courtesy of long time TurnKey contributor; John Carver, we have some nice hardening tweaks, including security improvements to: postfix, ssh & kernel sysctl variables/options (plus easy way to disable kernel hardening) Inclusion of fail2ban - only an MVP implementation protecting SSH, but it's a start! There is still other stuff on the wishlist that we'd love to include, but at this late stage, we're going to be pushing v15.0 out the door ASAP. It's ready for prime time and the other items will have to wait. Thanks tons for all the work contributed so far. Special mention to long term contributors John Carver and Ken Robinson, plus newer TurnKey team members Chris Lamb, Vlad Kuzmenko and Zhenya Hvorostian, plus the not-so-new Stefan. Big thanks to Alon for all his support, encouragement, patience and understanding. Thanks too to MPTMG for all the new appliances (hopefully we'll add some more real soon!) and Mitchell Urgero for his ideas and CI scripts (which I plan to implement once v15.0 is done). Deep apologies to anyone I should have mentioned and haven't (please email me and I'll update this post). Please help test the release candidates and give us your feedback As with previous "point-oh" releases, this is a major OS transition. As such, we need plenty of testing! We've already done a fair bit of testing in house, but the more the merrier! So hopefully you get a chance to give the RCs a test drive. We welcome all feedback, especially constructive critique. Please post below, or bugs can be reported directly to the Issue tracker (free GitHub user account required). Look forward to hearing from you! :) Blog Tags:  news development debian core community appliances release rc tkldev [Less]

UPDATE: Stage 1 of v15.0 stable release is now available. It includes 47 updated appliance ISOs. Stage 2 includes OVA/VM, OpenStack and Xen. Docker and Proxmox/LXC builds published too. More to come soon! It is with great pleasure - and a huge ... [More] sense of relief - that I announce the release of Core v15.0RC1 and TKLDev v15.0RC1! As I look back over my shoulder reflecting on the development process of v15.0, I honestly wonder where the time has gone?! With Debian Stretch out now for about 8 months, I had hoped to have this release finished long ago and perhaps even be working on v15.1. But unfortunately, wishes and hopes don't always have much to do with reality! Whilst I've more or less been in the release development driver seat since v14.0, this release has been my first full development of an TurnKey OS base transition. Alon did most of the initial development work migrating from a Wheezy base to Jessie, for Core and TKLDev v14.0RC1. It taken me a lot more effort that I had anticipated. We've now gone from Debian 8/Jessie (basis of v14.x) to 9/Stretch (basis of v15.x). As I said, it's taken much longer than I might have liked, but we're on the home stretch now (please excuse the pun). Core and TKLDev As per the v14.0RC1 release, we're providing both Core and TKLDev as release candidates. This means that you wonderful community members can not only test drive the Core appliance (the base of all other appliances), but you can also test building any of the other appliances in the library via TKLDev. There is a tutorial in the docs on how to build ISOs with TKLDev. I wrote that tutorial some time ago (for the v14.0RC1 release) but it has had a couple of minor updates and should still be relevant for v15.0. If you find any issues and can fix them, please feel free to edit it (the website docs are a wiki and all logged in users should be able to edit them). If you hit any other snags along the way and aren't sure how to resolve or workaround them, please let us know in the comments below, or start a new thread in the forums. There are still a couple of appliances that need their buildcode updated, but most are ready to go for v15.0. Usually the best way to check is have a quick peek at the changelog. If the first line looks something like this (WordPress changelog): turnkey-wordpress-15.0 (1) turnkey; urgency=low Then you should be good to go. If it still has 14.2 in the title, then it most likely hasn't been completed yet. Having said that, it may be worth checking for Pull Requests on GitHub. It might just be that I haven't yet merged a pending pull request. Download the RCs and help us test them Core (64bit / amd64 build):  252MB ISO  ( changelog ,  hash file ,  manifest ) TKLDev (64bit / amd64 build):  301MB ISO  ( changelog ,  hash file ,  manifest ) Quick overview of significant changes I'll do a full outline of the changes when we do the final stable release of v15.0, but here's a bit or an overview: Rebase on Debian Stretch Use of new union filesystem (running live and in TKLDev) OverlayFS - new default in Stretch; v14.x and earlier used auFS Updates for Confconsole; Let's Encrypt module (we also hope to backport these to the Jessie package) Webmin - Update to latest v1.881; new modern default theme: 'Authentic'. Authentic theme uses a few more resources, but looks very sexy! Webshell - now using Debian's package (rather than our own fork) SystemD now default init system on all builds (SysvInit was still used on some v14.x builds) Security - Reproducible TurnKey packages; thanks to Chris Lamb for his efforts there Security hardening - courtesy of long time TurnKey contributor; John Carver, we have some nice hardening tweaks, including security improvements to: postfix, ssh & kernel sysctl variables/options (plus easy way to disable kernel hardening) Inclusion of fail2ban - only an MVP implementation protecting SSH, but it's a start! There is still other stuff on the wishlist that we'd love to include, but at this late stage, we're going to be pushing v15.0 out the door ASAP. It's ready for prime time and the other items will have to wait. Thanks tons for all the work contributed so far. Special mention to long term contributors John Carver and Ken Robinson, plus newer TurnKey team members Chris Lamb, Vlad Kuzmenko and Zhenya Hvorostian, plus the not-so-new Stefan. Big thanks to Alon for all his support, encouragement, patience and understanding. Thanks too to MPTMG for all the new appliances (hopefully we'll add some more real soon!) and Mitchell Urgero for his ideas and CI scripts (which I plan to implement once v15.0 is done). Deep apologies to anyone I should have mentioned and haven't (please email me and I'll update this post). Please help test the release candidates and give us your feedback As with previous "point-oh" releases, this is a major OS transition. As such, we need plenty of testing! We've already done a fair bit of testing in house, but the more the merrier! So hopefully you get a chance to give the RCs a test drive. We welcome all feedback, especially constructive critique. Please post below, or bugs can be reported directly to the Issue tracker (free GitHub user account required). Look forward to hearing from you! :) Blog Tags:  news development debian core community appliances release rc tkldev [Less]