Other Sites

9to5Linux

NVIDIA 550.135 Graphics Driver Released with Better Linux Kernel 6.11 Support

NVIDIA 550.135 is a small update that only improves support for distribution running the Linux 6.11 kernel series, which renamed the drm_fbdev_generic function to drm_fbdev_ttm, by using drm_fbdev_ttm when present to keep supporting direct framebuffer access on Wayland compositors to present content on newer kernels.

Blender 4.3 Open-Source 3D Graphics App Introduces Experimental Vulkan Backend

Four months after Blender 4.2 LTS, the Blender 4.3 release introduces an experimental Vulkan backend on Linux and Windows systems to render the user interface. This can be enabled over the default OpenGL backend under Preferences > Interface > Developer Extras > System > Backend. However, there are some limitations like lack of support for GPU subdivision and OpenXR, and slower performance compared to the OpenGL backend.

FreeCAD 1.0 Open-Source 3D Parametric Modeler Released, Here’s What’s New

Highlights of FreeCAD 1.0 include a new built-in Assembly Workbench, the inclusion of the topological naming problem mitigation code, a new materials system for appearance properties, a new BIM workbench with better setup & management tools and better IFC support, as well as a new logo.

Ubuntu 25.04 (Plucky Puffin) Daily Build ISOs Are Now Available for Download

As expected, the first Ubuntu 25.04 daily builds are based on the previous Ubuntu release, Ubuntu 24.10, which arrived last month on October 10th. This means that the Plucky Puffin ISOs include the same core components and software versions as the Oracular Oriole release.

GNU Linux-Libre 6.12 Kernel Released for Those Seeking 100% Freedom for Their PCs

Based on the just-released Linux 6.12 kernel series, the GNU Linux-libre 6.12 kernel is here to clean up CPM/QE QMC SoC support, Realtek 8852BE-VT Wi-Fi driver, Amlogic BT protocol support, amcc qt2025 phy driver, aw96103/aw96105 proximity sensor, and TI TLV320AIC31XX codecs.

AlmaLinux OS 9.5 Is Here as a Free Alternative to Red Hat Enterprise Linux 9.5

Built from the same sources as Red Hat Enterprise Linux and fully compatible with Red Hat Enterprise Linux 9.5, AlmaLinux OS 9.5 is here to introduce improvements to system performance monitoring, visualization, and system performance data collecting.

Shotcut 24.11 Open-Source Video Editor Released with Various Bug Fixes

Shotcut 24.11 is only a bugfix release that addresses some issues reported by users from the Shotcut 24.10 and Shotcut 24.08 releases, including converting variable frame rate to constant, filtering in and out points when resizing transition by moving a clip, as well as lost Reframe keyframes during export.

9to5Linux Weekly Roundup: November 17th, 2024

I want to thank all the people who sent us donations. You guys are awesome and your help is very much appreciated! I also want to thank you all for your continued support by commenting, liking, sharing, and boosting the articles, following us on social media, and last but not least thank you for sending us feedback.

Ubuntu Buzz !

App Center - Intro to Ubuntu Software Manager

App Center (formerly Ubuntu Software and Software Center) is the program for Ubuntu users to install applications and manage them on Ubuntu computer and laptop. It is an official application of Ubuntu that makes it different to other GNU/Linux systems. We write this article as an explanation to the first item listed in our published compilation List of Ubuntu Default Applications and Their Purposes. We hope this helps everyone including you Ubuntu beginners. Now let's start sharing Free Software together once again!

LinuxGizmos.com

HackerBox 0108 Implements a Macintosh 128K Emulator on RP2040 Platform

This month’s HackerBox introduces an opportunity to explore retro computing through the configuration of the PICOboot RP2040 Development Board to emulate the functionality of an original Macintosh 128K.

Tor Project blog

Memory quota tracking in Arti, for Onion Service DoS resistance

The memory quota tracking feature allows you to restrict the amount of memory used by an Arti process. In particular, it allows you to limit the amount of memory that other people can cause your Arti to use.

Security Leftovers and Microsoft/Windows TCO

posted by Roy Schestowitz on Oct 12, 2023

BPF and security

The eBPF in-kernel virtual machine is approaching its tenth anniversary as part of Linux; it has grown into a tool with many types of uses in the ecosystem. Alexei Starovoitov, who was the creator of eBPF and did much of the development of it, especially in the early going, gave the opening talk at Linux Security Summit Europe 2023 on the relationship between BPF and security. In it, he related some interesting history, from a somewhat different perspective than what is often described, he said. Among other things, it shows how BPF has been both a security problem and a security solution along the way.
Security policies for GNU toolchain projects

While the CVE process was created in response to real problems, it's increasingly clear that CVE numbers are creating problems of their own. At the 2023 GNU Tools Cauldron, Siddhesh Poyarekar expressed the frustration that toolchain developers have felt as the result of arguing with security researchers about CVE-number assignments. In response, the GNU toolchain community is trying to better characterize what is — and is not — considered to be a security-relevant bug in its software.

Fuzzing the binutils utilities has, he began, become a popular exercise; it is an example of the "fuzzing epidemic" that is happening more widely. Fuzzing is good, he took pains to say, but what happens afterward is not. Researchers have started filing for CVE numbers, often for bugs which are not, in truth, security problems. The "infection" is spreading from binutils into the rest of the toolchain ecosystem. The whole CVE system, he said, is broken. People will report issues and get CVE numbers, but nobody involved has any real understanding of the context in which these bugs are found. As a result, a lot of engineering time goes into rebuilding packages, backporting fixes, and so on, all for problems that are not seen as valid security issues.

Poyarekar would like to create a better focus for security efforts and channel that work into a more helpful direction. Doing so requires creating a better understanding of what constitutes a security issue. In short, a security issue is a bug that allows a user to do something that they would otherwise be unable to do. Issues can be divided into a few subcategories; there are, for example, "direct vulnerabilities" that affect the integrity of the system as a whole. Other types include security features (such as hardening) that do not work as they should, or design flaws that make exploits easier. The first two types tend to get fixed, often after the assignment of a CVE number. Design flaws can get CVEs from zealous researchers as well, but tend to result in little more than "hand wringing".
Curl 8.4.0 released

Version 8.4.0 of the curl data-transfer tool has been released, mostly in response to a relatively severe security vulnerability that can be triggered when a SOCKS5 proxy server is in use. See this blog post for details on what went wrong. ""In hindsight, shipping a heap overflow in code installed in over twenty billion instances is not an experience I would recommend.""
Security updates for Wednesday

Security updates have been issued by Debian (curl, mediawiki, tomcat10, and tomcat9), Fedora (libcaca, oneVPL, oneVPL-intel-gpu, and tracker-miners), Gentoo (curl), Mageia (cups and firefox, thunderbird), Red Hat (curl, kernel, kernel-rt, kpatch-patch, libqb, libssh2, linux-firmware, python-reportlab, tar, and the virt:rhel module), Slackware (curl, libcue, libnotify, nghttp2, and samba), SUSE (conmon, curl, glibc, kernel, php-composer2, python-reportlab, samba, and shadow), and Ubuntu (curl, dotnet6, dotnet7, firefox, libx11, samba, tiff, and webkit2gtk).
Passwordless by default: Make the switch to passkeys

Earlier this year we rolled out support for passkeys, a simpler and more secure way to sign into your accounts online. We’ve received really positive feedback from our users, so today we’re making passkeys even more accessible by offering them as the default option across personal Google Accounts.

This means the next time you sign in to your account, you’ll start seeing prompts to create and use passkeys, simplifying your future sign-ins. It also means you’ll see the “Skip password when possible” option toggled on in your Google Account settings.
Go ahead, let the unknowable security risks of Windows Copilot onto your PC fleet

Those home machines – there’s only a few hundred million of them – are gradually getting the latest Windows 11 upgrade, and many of those users are slapping a technicolor Copilot icon on the taskbar. (Wisely, it's not enabled by default – yet.) The "PRE" embossed on the bottom of the Copilot icon tells you that it's still in preview – in other words, Microsoft's public beta of a very new and still broadly untested technology.
Inside the deadly instant loan app scam that blackmails with nudes

There are many apps that promise hassle-free loans in minutes. Not all of them are predatory. But many - once downloaded - harvest your contacts, photos and ID cards, and use that information later to extort you.

When customers don't repay on time - and sometimes even when they do - they share this information with a call centre where young agents of the gig economy, armed with laptops and phones are trained to harass and humiliate people into repayment.
Windows TCO
- Ransomwared health insurer wasn't using antivirus software
  
  It's not unusual for government agencies in developing nations to use unlicensed software, when commercial licenses are often priced beyond their means. In 2021, for example, The Register covered an outage at Pakistan's Federal Board of Revenue that it swore could not have been caused by unpaid licenses because it caught up on its bills. Your correspondent also once spoke to a major vendor of design software that had 500 people show up to a conference in India – a nation in which it had sold no licenses and in which users felt they could pirate with impunity.
- As Michigan bank becomes latest victim, SEC opens probe into MOVEit vulnerability
  
  MOVEit is managed file transfer software offered by Progress Software Corp. that is designed to provide secure and compliant file transfers for sensitive data within and between organizations. A vulnerability in the software discovered earlier this year, officially designated CVE-2023-34362, allows an unauthenticated, remote attacker to send a specially crafted SQL injection to a vulnerable MOVEit Transfer instance.
- Justice department wants to fight R5 million fine over ransomware attack in court
  
  If that is 5 million ZMW, the current conversion rate to USD would make it $232,249.90 USD.
- Justice department wants to fight R5 million fine over ransomware attack in court
  
  The Information Regulator imposed a R5 million fine on the department in July 2023 as an administrative penalty after failing to comply with an enforcement notice issued in May.
  
  Essentially, the regulator found that negligence contributed to the department falling victim to the attack.
- Justice department takes Info Regulator to court over R5-million fine
  
  The department of justice & constitutional development is taking the Information Regulator to court to fight a R5-million fine the regulator imposed on it over a 2021 cyberattack.
  
  The fine against the department was the first administrative penalty imposed by the Information Regulator since its establishment and the court case could serve to set an important precedent in the way information security breaches are regulated in South Africa.
- Notorious Qakbot Botnet Threat Continues Despite FBI Takedown
  
  LNK or Shell Link files are Windows shortcuts that can be used to open a separate file, folder, or application. In this case, the phishing emails have been circulating the LNK files with names such as “ATTENTION-Invoice-29-August.docx.lnk” or “Booking info.pdf.lnk” to trick recipients into opening them, which can then download and execute a malicious payload.
- Internet companies Google, Amazon and Cloudflare report biggest-ever denial of service operation
  
  As the online world has developed, so too has the power of denial of service operations, some of which can generate millions of bogus requests per second. The recent attacks measured by Google, Cloudflare and Amazon - which began in late August and which the tech giants say are ongoing - were capable of generating hundreds of millions of request per second.

Other Recent Tux Machines' Posts

AlmaLinux OS 9.5 Is Here as a Free Alternative to Red Hat Enterprise Linux 9.5: The AlmaLinux OS Foundation announced today the release and general availability of AlmaLinux OS 9.5 (codename Teal Serval), as the latest stable version of this free Red Hat Enterprise Linux (RHEL) fork.
Fedora KDE Plasma Spin Gains Equal Footing With Gnome Edition: Fedora has made a major change to its project, elevating the version running KDE Plasma from an Spin to an official Edition, alongside Fedora Workstation with Gnome
RIP Jérémy Bobbio (Lunar): Longtime Debian and Tor developer, Jérémy Bobbio—perhaps better known as "Lunar"—died on November 8
Arch Linux Adopts 0BSD License for Package Sources: Breaking News: Arch Linux adopts the liberal 0BSD license for all package sources, ensuring freedom and flexibility
NVIDIA 550.135 Graphics Driver Released with Better Linux Kernel 6.11 Support: NVIDIA released today the NVIDIA 550.135 graphics driver as the latest “Production Branch” version for users who want to stay on the stable side of things and not use the NVIDIA 560 “New Feature Branch” series.
Linux Kernel 6.12 Officially Released, This Is What’s New: Linus Torvalds announced today the release and general availability of Linux kernel 6.12, the latest stable version of the Linux kernel that introduces several new features and improvements.
today's leftovers: IBM and more
Programming Leftovers: Development related, mostly Python
today's howtos: today's first long batch
Linux Devices and Open Hardware: Raspberry Pi, Arduino, and More: hardware related news
Android Leftovers: Android phones see major battery life improvements with Snapdragon 8 Elite in early tests
Rocky Linux 9.5 Released, Here’s What’s New: Rocky Linux 9.5 is now available for download, packed with updates like Podman 5.0, GCC 11.5, Node.js 22, and more
I Always Keep a Linux Live USB Handy for These 4 Reasons: A Live Linux USB is one of the best rescue tools every computer user should have
Windows TCO Leftovers: cost of Microsoft
What It’s Like to Be a Linux Sysadmin: Daily Wins and Woes: What’s it like to be a Linux sysadmin? Dive into a day filled with solving challenges, celebrating wins, and keeping servers running smoothly
Free and Open Source Software: Only free and open source software is eligible for inclusion
Security Leftovers: Security related picks
Free, Libre, and Open Source Software Leftovers: FOSS and coding
Google Turning Gentoo-Based Chrome OS Into Android Drop-in: Some technical changes
Openwashing: OSI is Promoting the "AI" Scam (for Microsoft et al), as Does Mozilla (Funded and Controlled by GAFAM): sad developments, behaviour
Canonical/Ubuntu: Ubuntu Weekly Newsletter and More: 3 assorted updates/news
today's howtos: 7 picks for this morning
A Look at AnyTXT Searcher and Newspipe 11.1.0 Released: some software news
Open Hardware/Modding: RISC-V, Banana Pi, Raspberry Pi, and More: Linux-centric hardware picks
Fedora / Red Hat / IBM Leftovers: sadly many puff pieces, not journalism
Red Hat is Working for Microsoft, Windows, and Azure (Proprietary, Surveillance, Back Doors): Description: Sellout big time
Games: Castlevania Dominus Collection, Proton Experimental, and GamingOnLinux's latest: coverage about gaming
Today in Techrights: Some of the latest articles
Winter holidays are coming: Time for a free software tale: The winter holidays are coming. Here's a free software fairy tale for you to watch, enjoy, and share with your loved ones in front of a cozy fireplace while roasting s'mores
OpenELA Publishes Code for Devs Who Want to DIY RHEL 9.5: Wanna build your own RHEL clone? OpenELA’s got all the source code you need, ready to download for free
Blender 4.3 Open-Source 3D Graphics App Introduces Experimental Vulkan Backend: The Blender Foundation announced today the release and general availability of Blender 4.3 as a major update to this powerful, free, cross-platform, and open-source 3D graphics and modeling software.
FreeCAD 1.0 Open-Source 3D Parametric Modeler Released, Here’s What’s New: FreeCAD 1.0 has been released today as a major milestone for this open-source, free, and cross-platform parametric 3D computer-aided design (CAD) modeler software for GNU/Linux, macOS, and Windows systems.
OpenBSD and FreeBSD News: BSD news and a release
today's leftovers: FOSS and fake FOSS
Audiocasts/Shows: This Week in Linux, GNU World Order, and Destination Linux: 3 new episodes
today's howtos: many howtos for today
Programming Leftovers: Development picks
Windows TCO Leftovers: Microsoft's true cost
Games: Steam Deck, Sorry We're Closed, and More: Latest from GamingOnLinux
Android Leftovers: Samsung Galaxy Tab S10 Ultra review - The biggest Android tablet now relies on MediaTek
Why I Installed Linux on an Old Laptop Instead of a Raspberry Pi: Recently I wanted to start a new tech project building a lightweight, resource-efficient personal computer
Sparky 2024.11 Special Editions: There are new iso images of Sparky 2024.11 Special Editions out there
Free and Open Source Software, howtos and Installations: This is free and open source software written in Go
Announcing Incus 6.7: The Incus team is pleased to announce the release of Incus 6.7
This Week in KDE Apps: Python bindings: Welcome to a new issue of "This Week in KDE Apps"! Every week we cover as much as possible of what's happening in the world of KDE apps
10 lessons I've learned from the open-source community that aren't about tech: You might think the only lessons to learn from the open-source environment are technical, but you'd be mistaken
My Linux predictions for 2025: It's going to be a good year: What's coming for the open-source operating system and why
Ubuntu 25.04 (Plucky Puffin) Daily Build ISOs Are Now Available for Download: Now that Canonical officially opened the development of Ubuntu 25.04 (Plucky Puffin), it has published the first daily build ISO images for early adopters, application developers, and general public testing.
GNU Linux-Libre 6.12 Kernel Released for Those Seeking 100% Freedom for Their PCs: The GNU Linux-libre project announced today the release and general availability of the GNU Linux-libre 6.12 kernel for those who seek 100% freedom for their GNU/Linux computers and software freedom lovers.
10 Best Linux Server Distributions in 2024: Looking for the best GNU/Linux server distributions in 2024?
Debunking Common Linux Myths: Facts vs. Fiction: Think GNU/Linux is too hard to use or lacks software? Think again!
New package manager for OpenWrt: As of November 2024 for snapshots from the main development branch and future stable release builds (possibly also including the upcoming 24.10 series), the package manager in OpenWrt has changed from opkg to apk
Today in Techrights: Some of the latest articles
Games, SUSE, IBM, and More: today's leftovers
Linux Foundation Puff Pieces and Realisation of the Software Patents Issue: 3 stories
today's howtos: many howtos
Linux Devices and Open Hardware: mostly the latter
Programming Leftovers: Development news/picks
Security: TP-Link Backdoor, Cybershow, and Open Source Security Podcast: 3 picks, mostly audio
Variscite DART-MX91 SoM offers dual GbE, WiFi 6, 15 years support: In terms of software support the company mentions that it will support both Yocto and Debian
Shotcut 24.11 Open-Source Video Editor Released with Various Bug Fixes: Shotcut 24.11 open-source, free, and cross-platform video editor written in Qt is now available for download with various bug fixes from previous releases.
9to5Linux Weekly Roundup: November 17th, 2024: The 214th installment of the 9to5Linux Weekly Roundup is here for the week ending on November 17th, 2024.
Shotcut 24.11 Improves Stability and Fixes Transition Bugs: Shotcut 24.11, a free cross-platform video editor, rolls out with fixes for frame rate conversion, transitions, exports, and crashes
Ubuntu vs Debian: Linux Distributions Compared Deep Dive: Debian and Ubuntu are two popular Linux distributions
Free and Open Source Software: This is free and open source software
Review: Chimera Linux vs ChimeraOS: About four years ago DistroWatch received two new distribution submissions, fairly close together
What's the Deal with Raspberry Pi's New SD Card? A Hands-On Review: Raspberry Pi is expanding its ecosystem with official accessories. We tested the official SD card and here's what we found
Today in Techrights: Some of the latest articles
Half a Dozen Instructionals/Technical Articles From HowTo Geek: HowTo Geek's howtos
Missing MS Paint on Linux? Here's 5 Alternatives to Try: Here's a few ways to scratch your Microsoft Paint itch on Linux
SimRacing on Linux: A New Reality: we’ll review the current state of simulators and how Proton has revolutionized gaming on the Linux operating syste