Other Sites

LinuxGizmos.com

Forlinx FET MX95xx C System on Module for Industrial and IoT Applications

Forlinx Embedded has introduced the FET-MX95xx-C System on Module, built around the high-performance NXP i.MX95xx processor for industrial, automotive, and IoT applications. Key features include a 10GbE port, dual GbE ports, CAN interfaces, camera support, and multiple wireless protocols.

T Display S3 AMOLED Plus with Enhanced 1.91″ Display and Real Time Clock

The T-Display S3 AMOLED Plus is an upgraded development board based on the ESP32-S3 microcontroller with a dual-core LX7 processor. It features a 1.91″ AMOLED display with a 240×536 resolution, using RM67162 IPS AMOLED technology for sharp colors and full viewing angles with QSPI interface support.

MYC LR3576 SoM with Octa-Core RK3576 for Embedded Applications

The MYC-LR3576 System-On-Module from MYIR is described as a robust platform for AIoT applications. Powered by the Rockchip RK3576, this compact module handles demanding edge computing, multimedia, and AI tasks with high-performance processing and versatile connectivity.

9to5Linux

KDE Gear 24.08.3 Released with More Fixes for Your Favorite KDE Applications

Coming almost a month after KDE Gear 24.08.2, the KDE Gear 24.08.3 release is here to fix conditional ripped file pattern parsing in the K3b CD/DVD burning software, add support for storing session group name on save and improve support for openSUSE Linux in the Kate text editor, and add WebP thumbnail support in kio-extras.

GIMP 3.0 Release Candidate Is Now Available for Public Testing

Featuring a much-refined interface, GIMP 3.0 introduces massive improvements to color management, a stable public API to allow porting of plug-ins and scripts from the GIMP 2.10 series, support for loading layers from TIFF files saved in the Autodesk Sketchbook format, and support for 64 bits per pixel images for the BMP format.

Tor Project blog

Get the latest from Tor, join us for State of the Onion 2024

Both events will be live-streamed and available for replay on our YouTube channel. Engage in the conversation on social media with the hashtag #StateOfTheOnion2024 or post questions and comments in the chat during the event.

Security Leftovers

posted by Roy Schestowitz on Sep 23, 2022

Security updates for Friday [LWN.net]

Security updates have been issued by Debian (bind9, expat, firefox-esr, mediawiki, and unzip), Fedora (qemu and thunderbird), Oracle (webkit2gtk3), SUSE (ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma, ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma, dpdk, freetype2, rubygem-rack, and virtualbox), and Ubuntu (etcd, libjpeg-turbo, linux-gcp, linux-gke, linux-raspi, linux-oem-5.17, linux-raspi-5.4, python-oauthlib, and python3.5).
Can reflections in eyeglasses actually leak info from Zoom calls? Here's a study into it

Our models and experimental results in a controlled lab setting show it is possible to reconstruct and recognize with over 75 percent accuracy on-screen texts that have heights as small as 10 mm with a 720p webcam.” That corresponds to 28 pt, a font size commonly used for headings and small headlines.

[…]

Being able to read reflected headline-size text isn’t quite the privacy and security problem of being able to read smaller 9 to 12 pt fonts. But this technique is expected to provide access to smaller font sizes as high-resolution webcams become more common.

“We found future 4k cameras will be able to peek at most header texts on almost all websites and some text documents,” said Long.

[…]

A variety of factors can affect the legibility of text reflected in a video conference participant’s glasses. These include reflectance based on the meeting participant’s skin color, environmental light intensity, screen brightness, the contrast of the text with the webpage or application background, and the characteristics of eyeglass lenses. Consequently, not every glasses-wearing person will necessarily provide adversaries with reflected screen sharing.

With regard to potential mitigations, the boffins say that Zoom already provides a video filter in its Background and Effects settings menu that consists of reflection-blocking opaque cartoon glasses. Skype and Google Meet lack that defense.
Private Eye: On the Limits of Textual Screen Peeking via Eyeglass Reflections in Video Conferencing

Using mathematical modeling and human subjects experiments, this research explores the extent to which emerging webcams might leak recognizable textual and graphical information gleaming from eyeglass reflections captured by webcams. The primary goal of our work is to measure, compute, and predict the factors, limits, and thresholds of recognizability as webcam technology evolves in the future. Our work explores and characterizes the viable threat models based on optical attacks using multi-frame super resolution techniques on sequences of video frames. Our models and experimental results in a controlled lab setting show it is possible to reconstruct and recognize with over 75% accuracy on-screen texts that have heights as small as 10 mm with a 720p webcam. We further apply this threat model to web textual contents with varying attacker capabilities to find thresholds at which text becomes recognizable. Our user study with 20 participants suggests present-day 720p webcams are sufficient for adversaries to reconstruct textual content on big-font websites. Our models further show that the evolution towards 4K cameras will tip the threshold of text leakage to reconstruction of most header texts on popular websites. Besides textual targets, a case study on recognizing a closed-world dataset of Alexa top 100 websites with 720p webcams shows a maximum recognition accuracy of 94% with 10 participants even without using machine-learning models. Our research proposes near-term mitigations including a software prototype that users can use to blur the eyeglass areas of their video streams. For possible long-term defenses, we advocate an individual reflection testing procedure to assess threats under various settings, and justify the importance of following the principle of least privilege for privacy-sensitive scenarios.
Software Supply Chain Security Guidance for Developers

Whether it’s package hijacking, dependency confusing, typosquatting, continuous integration and continuous delivery (CI/CD) compromises, or basic web exploitation of outdated dependencies, there are many software supply chain attacks adversaries can perform to take down their victims, hold them to ransom, and exfiltrate critical data.

It’s often more efficient to attack a weak link in the chain to reach a bigger target, like what happened to Kaseya or SolarWinds in the last couple of years. Attackers can implant an RCE (remote code execution) or harvest developers’ credentials to escalate privileges and perform malicious actions stealthily.

Besides, they may only have to compromise a single package to distribute malware to a large range of users and organizations, because the current supply chain is insanely complex and interconnected.

Other Recent Tux Machines' Posts

After Cyberwar: many applications labelled as "cybersecurity" and given a veneer of legitimacy are really "weaponised" and abusive code
Slow Weekend Ahead [original]: It's part of the Web becoming worse and worse each month
Tux Machines Will Hopefully Become Faster Soon [original]: At the moment we're finishing the last batch of maintenance work
Mass Layoffs at Mozilla Again: 30% of staff
Windows Gets Infected, Media Blames "Linux": Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation
Canonical/Ubuntu Leftovers: Canonical/Ubuntu stories
Security Leftovers: Security links, only 3 for now
GIMP 3.0 Release Candidate Is Now Available for Public Testing: The development team behind the popular GIMP open-source image editing software announced today the general availability of the Release Candidate (RC) milestone of the highly anticipated GIMP 3.0 release.
Inkscape Turned 21, Happy Birthday!: Inkscape's 21st anniversary
What’s new for Fedora Atomic Desktops in Fedora 41: So let’s see what arrives with the new releases for the Fedora Atomic Desktops variants (Silverblue, Kinoite, Sway Atomic and Budgie Atomic)
today's leftovers: only half a dozen for now
BarryK's Latest Development Updates From EasyOS: Some of his latest
Today in Techrights: Some of the latest articles
today's leftovers: mixture of topics of less importance
Programming Leftovers: Programming with various paradigms
Red Hat and Fedora Leftovers: Inc. Red Hat's official site
Education Leftovers: FreeBSD, LANOG, Eleventy, and OpenFest
PCBs, Purism, Arduino, Retro and More: hardware themed stories for today
Release of curl 8.11.0 and Daniel Stenberg at FLOSS Weekly: curl news
NetBSD, FreeBSD, and More: BSD news collection
KDE Gear 24.08.3 Released with More Fixes for Your Favorite KDE Applications: The KDE Project released today KDE Gear 24.08.3 as the third and last maintenance update to the KDE Gear 24.08 collection of applications for the KDE Plasma desktop environment and the GNU/Linux ecosystem.
today's howtos: long list of howtos
Android Leftovers: The secret to summarizing notifications on Android
Immich Celebrates 50K Stars on GitHub with v1.120: Immich celebrates 50K GitHub stars with v1.120, which now includes auto-database backups, faster HDR transcoding, and a timeline scroll indicator
Forty years of commitment to software freedom: We're planning a jam-packed anniversary year and we hope you'll join us for the festivities
What happens to Linux when Linus Torvalds dies?: The Linux kernel is at the heart of countless operating systems, powering everything from smartphones to servers
Why we're still waiting for Canonical's immutable Ubuntu Core Desktop: 'First impressions matter' but a KDE flavor is in the making – and more publicly at that
Forlinx launches NXP i.MX 95 SoM and development board with 10GbE, CAN Bus, RS485, and more: Only Linux is supported, and the company says its module targets the automotive, industrial, and commercial IoT markets
Andes QiLai quad-core AX45MP RISC-V SoC with NX27V vector processor powers micro-ATX Voyager Development Platform: Andes explains the NX27V core can cooperate with the AX45MP cluster and make QiLai a heterogeneous software development platform where a Linux SMP system and an RTOS or bare-metal system can run simultaneously
Best Free and Open Source Software: The ratings only relate to the Flickr functionality offered by each program
Little Wayland Things: While I do have a Qt git build on my machine that I use for development
HDR and color management in KWin, part 5: HDR on SDR laptops: This one required a few other features to be implemented first, so let’s jump right in
Kubuntu 24.04, it's been a few months now ...: Rough start. Very much so. A time travel back into the past, but not in a good way, if you will. I was not very happy the first time I tried Kubuntu 24.04
Windows TCO Leftovers: True cost of Microsoft/Windows
Games: Vampire Hunters, Bye Sweet Carole, and More: Latest 7 from GamingOnLinux
Focusing on Free Software, Political Sites Will Do Politics [original]: We'll try to keep this site politics-free and focus on Free software
today's leftovers: GNU/Linux, howtos, security
Programming: Ruby 3.3.6 Released, Perl, and More: Programming related picks
LWN Articles on Graphics, OSI's Openwashing, and Rust: outside the paywall as of hours ago
Today in Techrights: Some of the latest articles
Audiocasts/Shows/Videos About GNU/Linux: Some from days ago
LWN Articles About Linux Kernel: Now outside the paywall
Peropesis 2.8: OpenSSH: Peropesis 2.8 is released
Linuxfx 11.24.04: new version of the operating system based on Kubuntu 24.04.1 LTS
Parted Magic 2024.11.03: This version of Parted Magic updates the kernel to linux-6.11 and adds/updates various program
NethSecurity project milestone 8.3: We are excited to announce the release of NethSecurity project milestone 8.3
Release of Pisi GNU/Linux 2.4: Inspired by the rare flowers of Anatolia, Pisi GNU/Linux delivers the 2.4 version 'Karagül' to its users
BackBox Linux 9 released!: The BackBox Team is happy to announce the updated release of BackBox Linux
Br OS 24.10: Brazilian Linux distribution based on Ubuntu
Linux Lite 7.2 Released with Lite Theme Manager, Based on Ubuntu 24.04 LTS: Linux Lite creator Jerry Bezencon announced today the release and general availability of Linux Lite 7.2 as the latest stable version of this Ubuntu-based distribution using the lightweight Xfce desktop environment.
4MLinux 46.1 STABLE released.: This is a minor (point) release in the 4MLinux STABLE channel
Release of Dr.Parted 24.11: This release is based on the Debian testing repository (2024/November/01).
Open Hardware/Modding: Robot, Arduino, Raspberry Pi, and More: Some hardware picks
Security Leftovers: Security stories
The Bitcoin Mailing List and its history is erased from Linux: Swathes of Bitcoin’s history have been erased from the internet forum that hosted communications between developers for nearly a decade
Events: Capitole du Libre, Free Software Directory, and All Thing Open: 3 events in the blogs today
7 Reasons Why NU/Linux Is the Best Tool For Programming: Explore why GNU/Linux is the top choice for developers and programmers
today's leftovers: FOSS and more for now
ScummVM and Games; PicoROM, A DIP-32 8-Bit ROM Emulator: Gaming centric news
Security Leftovers: Security picks
Free Applications and Free Software: FOSS picks
Programming Leftovers: many picks for today
LXQt 2.1 Desktop Environment Released with Initial Wayland Support: The development team behind the lightweight LXQt desktop environment written in Qt announced today the release and general availability of LXQt 2.1 as a major update bringing exciting new features.
today's howtos: many howtos for now
HowTos, Red Hat, and FSF: today's leftovers
Open Hardware, Raspberry Pi, and Retro: Mostly Raspberry Pi
Windows TCO Leftovers: The true cost of Microsoft reliance
Android Leftovers: The best PSP emulator on Android just got even better
KDE Plasma 6.2.3 Brings Better Support for HDR Displays, Various Bug Fixes: The KDE Project released today KDE Plasma 6.2.3 as the third maintenance update to the latest KDE Plasma 6.2 desktop environment series with more bug fixes and various improvements.
Tor and Tails Team Up for Better Online Privacy Protections: The merger of two popular open-source communities could sharpen the focus on bolstering online privacy and web-surfing anonymity
GIMP 3.0 Release Candidate Arrives with Major Features in Tow: If it feels like the next major release of open source image editor The GIMP has been in the works forever
Best Free and Open Source Software: Only free and open source software is included
Games: Stardew Valley 1.6.9, SuperTuxKart 1.5, and More: Latest from GamingOnLinux
Manjaro Considers Embedding a Telemetry Tool: Manjaro’s new MDD telemetry tool will collect user data for better metrics, yet automatic sharing concerns users
Today in Techrights: Some of the latest articles
Gnome OS is Changing: "I would like to turn GNOME OS, GNOME’s home-grown distro for testing and development of the GNOME Desktop, into a daily-drivable general purpose OS."