EasyOS 1.0I was in the mood to try something different this week and found myself reading a list of features that separate EasyOS from other Linux distributions. EasyOS is an experimental distribution and more likely to appeal to people who like to tinker or experiment with features than someone who wants a stable system for day-to-day use. This week an experimental approach was exactly what I wanted so I downloaded EasyOS 1.0 to give it a spin.
EasyOS was created by Barry Kauler and will probably look familiar to you if you have used a member of the Puppy Linux family of distributions. EasyOS has a similar desktop, many of the same tools and even makes the same barking sound when the desktop loads. As the project's website states:
Barry Kauler created Puppy Linux in 2003, turned it over to the 'Puppy community' in 2013. It is only natural that a lot of 'puppyisms' can be found in Easy, though, it must be stated that Easy is also very different, and should not be thought of as a fork of Puppy. Inherited features include the JWM-ROX desktop, menu-hierarchy, run-as-root, SFS layered filesystem, PET packages, and dozens of apps developed for Puppy.
The features which caught my attention were focused on containers, lightweight environments isolated from the main operating system. The project's website does a nice job of explaining this: "EasyOS is designed from scratch to support containers. Any app can run in a container, in fact an entire desktop can run in a container. Container management is by a simple GUI, no messing around on the command line. The container mechanism is named Easy Containers, and is designed from scratch (Docker, LXC, etc are not used). Easy Containers are extremely efficient, with almost no overhead -- the base size of each container is only several KB."
What this means, for the user, is we can run a web browser or e-mail client inside an isolated environment. If a malicious actor manages to take over our application, they can only affect things inside the container. All of my files and applications outside of the container remain unaffected. I can open a container, create new files, delete folders and, when the container is shutdown, all of my changes are wiped clean; it's like my actions inside the container never happened. Now that we have covered the theory, let's see how it works in practice.
EasyOS 1.0 -- Introduction to the operating system (full image size: 353kB, resolution: 1366x768 pixels)
My trial with EasyOS got off to a rough start. I tried booting the operating system in a VirtualBox virtual machine and ran into a kernel panic right away. I could not get the system to finish its boot process.
EasyOS 1.0 -- The welcome window with settings (full image size: 405kB, resolution: 1366x768 pixels)
I then switched over to running EasyOS on a laptop. The system booted, showed me its JWM-ROX desktop, which looks and acts almost exactly like earlier versions of Puppy Linux I have tried. Once the desktop loads, a welcome window appears giving us a chance to customize our time zone, language and screen resolution. We are also given the chance to enable a firewall. A new window then opened giving me a general overview of the project and showing me a diagram of the desktop with explanations of what the various components do.
As the diagram shows, many key applications and two package managers can be launched from desktop icons. More programs, in a variety of categories, can be opened through the application menu in the bottom-left corner of the screen, or via right-clicking on the desktop. The diagram shows us where the application menu is, the icon we need to click to install new application bundles and we are shown that the icons with locks in their upper-left corners are containerized programs.
EasyOS 1.0 -- An introduction to the desktop (full image size: 330kB, resolution: 1366x768 pixels)
The main reason I was trying out EasyOS was to experiment with its custom container technology. I find containers are often useful, particularly when used to isolate desktop programs which need to process data from untrusted sources. Web browsers especially are popular targets and isolating them to prevent a hijacked browser from damaging or infecting the rest of the operating system is useful.
Containers on EasyOS seem to be set up to be used in one of two ways: running a single application in a container sandbox, or running an entire desktop environment in a sandbox. Clicking an icon for a contained application opens it on the desktop and the application works as we would normally expect. However, the application is limited in that it cannot see processes running outside its container and cannot create files outside of its own container.
EasyOS 1.0 -- Running a web browser and terminal in containers (full image size: 207kB, resolution: 1366x768 pixels)
While contained individual applications will probably be useful for virtually everyone, I found the contained desktop environment more intriguing. Clicking the Easy icon on the desktop opens a new, full-screen desktop environment that has been trimmed down to include a handful of desktop icons and the application menu, but without the option to logout or shutdown the system. This pristine desktop allows us to open programs, create files, delete directories, browse the web and transfer files between computers. We can do all of this without affecting files or processes in the rest of the operating system, it gives us an entire desktop environment in a sandbox that gets wiped clean when we are done with it.
Something I really like about the contained desktop is that we can switch out of it at any time, returning to the main desktop, by pressing Alt+F6. Then we can hop back into the contained desktop by clicking its icon on the task switcher. In other words, the contained desktop acts a lot like a full screen application we can switch to or away from as needed.
EasyOS 1.0 -- Running a complete desktop in a container (full image size: 701kB, resolution: 1366x768 pixels)
This approach to running an isolated desktop that can have its own icons, wallpaper and files makes me think this type of container would be well suited to privacy-focused distributions such as Tails. Especially if different contained desktops could be made to look like other, mainstream operating systems.
The only problem I faced while using containers came when, at one point, I accidentally launched the contained desktop twice. (It was a slip of the mouse-button finger.) Unfortunately, it seems that having two contained desktops open at the same time meant I could not switch out of the isolated environment using the Alt+F6 short-cut. Since we cannot logout of the container and the container cannot (as far as I can tell) kill its own process, there was no way to get back to the regular desktop. The best I could do was switch to a command line terminal (using Ctrl+Alt+F2) and trying to shutdown the container from there. This makes me think the desktop container could use a "sign out/destroy container" icon.
EasyOS ships with two graphical package managers, PETget and SFSget for managing the distribution's PET and SFS archives, respectively. Now, to be honest I have not done a lot of digging into the technical details of what makes up a PET package and what makes up a SFS package. However, PET packages seem to work and be managed like traditional packages on Debian, Fedora and Arch Linux. The packages reside in a repository with their dependencies and installing an application, like Firefox, optionally pulls in its dependencies too as separate packages. SFS packages are bundled with their dependencies internally. And, instead of being unpacked and installed on the system, SFS archives appear to be mounted so their contents can be accessed and run. This makes SFS archives portable and self-supporting. (I may be off on the details, but these are my impressions from using both formats are reading the provided overview on EasyOS's website.)
EasyOS 1.0 -- The PETget and SFSget package managers (full image size: 226kB, resolution: 1366x768 pixels)
The PETget package manager has a fairly simple layout. It shows us categories of software down the left side of the window and package names with descriptions on the right. We can highlight a package and click a button to install the software and, optionally, its dependencies. This is fairly straight forward and, apart from asking us if we want the dependencies, PETget works about the same as package managers on other distributions. What puts a twist into the experience is PETget has a couple of filters. One which determines which types of packages to show and another which filters PETs based on which repository they are in. There does not appear to be a way to show packages across all repositories.
These filter options at first made me think there were very few PET packages available, but then I realized I had to switch between repositories, like flipping TV channels, in order to see all of what was available in a given category. This makes PET packages a little cumbersome to work with, but I will admit PETget worked for me without any technical issues.
SFSget, while it offers fewer packages, provided the more interesting experience. With SFSget, we can browse through a simple list of packages, paired with their descriptions. Selecting a package and clicking the Download button grabs the SFS archive and then offers to install it either on the main operating system, in its own container, or in an existing container. To me this is the intriguing part because it means we can completely isolate a game or web browser in its own container, or dump it into another container to be used with another isolated program.
EasyOS 1.0 -- Installing Chromium in a container (full image size: 157kB, resolution: 1366x768 pixels)
In effect, we can build multi-program containers to keep our tasks separate. For instance, I might want to run Chromium and a word processor in one container for work while I run Firefox and a terminal in another container for personal use. This allows us to keep aspects of our lives separate, a bit like Qubes OS does, but with very little overhead and no noticeable impact on performance.
I was a big fan of SFS packages inside containers. Partly because I like using sandboxing technology (such as Firejail) for Internet-facing programs, but EasyOS has taken it a step further. I do not need to manually set up launchers for container programs or do manual work to isolate specific programs. EasyOS allows me to just click a button to contain applications and it automatically adds the contained application's icon to the desktop and application menu. It is a very smooth experience.
One of EasyOS's declared features is "GUIs for everything", the idea that everything can be managed through graphical tools. The distribution does a good job of living up to this goal. Apart from the standard applications such as the Seamonkey web browser, LibreOffice, some media players (with codecs), the GNU Image Manipulation Program, text editors, and so on, the distribution also offers a lot of configuration tools.
EasyOS 1.0 -- Browsing a list of applications (full image size: 320kB, resolution: 1366x768 pixels)
I found tools for working with the mouse and keyboard, setting up network connections, adjusting the clock, changing window manager settings, and monitoring system resources. With a few clicks we can mount drives, enable a firewall, download new packages, and set up shared network resources such as printers. Virtually everything can be handled through graphical applications. Some of the utilities are a little rough in appearance (people might say they have a classic look), and many of the tools are different from their mainstream Linux counterparts. However, all of the ones I used worked as expected.
EasyOS runs on version 4.14 of the Linux kernel and uses low-level userland tools provided by Busybox. The Busybox package is used for the distribution's init implementation.
EasyOS 1.0 -- Connecting to a network (full image size: 363kB, resolution: 1366x768 pixels)
Hardware and performance
As I mentioned earlier, I ran into trouble getting EasyOS to run in a virtual machine. The distribution ran smoothly on my laptop though. The system booted quickly, the desktop was responsive and programs launched quickly. EasyOS played audio, connected to my wireless network and used my full screen resolution automatically. My trackpad was a little sluggish at first, but the distribution ships with configuration tools to customize virtually everything, including the mouse pointer. The distribution and its applications were stable during my trial and I ran into no hardware-related issues.
When I first began looking at EasyOS I was not sure what I was getting myself into this week. The project's documentation tends to be more focused on the technical wizardry of the distribution and less on the day-to-day practicalities. The documentation also warns EasyOS is in an development stage and users may have some problems as a result. I also thought I might be setting out to explore just a strange a remix of Puppy Linux since EasyOS also uses PET packages and many of the same technologies.
However, I came away from my experience with EasyOS feeling impressed. Partly because everything seemed to work well and blend together smoothly. The configuration tools all worked well, the application menu was arranged in a way that provided a lot of functionality without too much clutter, and the system was surprisingly responsive most of the time. But the crown jewel of EasyOS is the way it handles containers. On most distributions, containers are an add-on, an extra security feature we need to set up manually and often configure or run from the command line.
EasyOS provides an evolution in containers for desktop applications. Not only are some key components set up to run in containers by default, the package manager will offer to install applications into containers (either a fresh container or an existing one) with the click of a button. In the application menu, contained applications are marked with a little lock symbol. We do not need to use the command line or do any manual steps as we do with other sandboxes like Firejail. EasyOS containers are automatic and effective.
Inside a container we can create or delete anything and our actions are wiped clean, leaving no footprint on the host operating system. EasyOS will even let us run an entire guest desktop environment in isolation. This allows us (or a guest) to run as root inside a container, create files, download anything, and when we sign out, the whole contained desktop is wiped clean. It's a lot like guest accounts on Ubuntu, but the guest user gets to act as root in their own sandboxed environment.
Speaking of root, EasyOS takes the philosophy of running as root by default. We can change this, but we are signed in as root automatically by default for the sake of convenience. Some people see this as a security issue, only somewhat offset by the use of containers. Personally, while I am less worried about the security side of things (given the use of containers when browsing the web), I do get nervous when signed in as root as I am aware a wrong click or key combination could wipe out a partition or move a directory tree to the wrong location by accident. I prefer not to wield that level of power by default, at least not before noon.
EasyOS also shuns the idea that operating systems need to be installed locally. While it is possible to install EasyOS on its own partition, the more standard approach is to run a frugal install (allowing distributions to share a partition) or run the system live. The distribution is quite flexible in this regard, if somewhat unusual.
EasyOS may be experimental at this stage, but it is setting the bar higher for portable applications, at least from the point of view of being easy of use, and it is making containers easier than any other distribution I have used to date. I hope EasyOS's contained desktop applications migrate to other distributions as they have the potential to make users a lot safer with virtually no additional effort.
* * * * *
Hardware used in this review
My physical test equipment for this review was a de-branded HP laptop with the followingspecifications:
Processor: Intel i3 2.5GHz CPU
Display: Intel integrated video
Storage: Western Digital 700GB hard drive
Memory: 6GB of RAM
Wired network device: Realtek RTL8101E/RTL8102E PCI Express Fast