Other Sites

LinuxGizmos.com

Pilet: A Portable Cyber-Deck Powered by Raspberry Pi 5 and Dual 8000mAh Batteries

Pilet is an upcoming open-source portable mini-computer powered by Raspberry Pi 5, offering both versatility and portability. Initially named Consolo, it will be available in two models: a 5-inch and a 7-inch, to suit different needs.

LILYGO to Launch ESP32-Based Gizmo with E-Paper Display, LoRa, and MagSafe Charging

The T5 E-Paper S3 Pro is a compact development board featuring the ESP32-S3-WROOM-1 microcontroller alongside advanced capabilities. Designed for low-power applications, it integrates wireless connectivity, e-paper technology, and peripheral support

Waveshare Development Boards Feature RP2350 with 100 Mbps Ethernet or 1.14-Inch LCD

Waveshare has introduced a series of microcontroller development boards based on the RP2350 chipset designed by Raspberry Pi. These boards cater to diverse development needs, offering features such as GPIO expandability, 100 Mbps Ethernet, and compact LCD displays.

TANGO-7010 Series Featuring Intel 12th Gen i3 to i9 Cores and Triple 2.5GbE Ports

ICP Deutschland recently introduced the TANGO-7010 series, a compact mini PC powered by Intel 12th-generation Core processors. Designed for demanding applications, the series features efficient thermal management with a system fan and supports various storage interfaces.

9to5Linux

elementary OS 8 “Circe” Officially Released, Based on Ubuntu 24.04 LTS

Based on Ubuntu 24.04 LTS (Noble Numbat) and powered by Linux kernel 6.8, elementary OS 8 introduces a new Secure Session to ensure apps respect your privacy and require your consent, a brand new dock with productive multitasking and window management features, and PipeWire as the default media server.

Firefox 134 Enters Beta, Promises Support for Touchpad Hold Gestures on Linux

Firefox 134 looks like a very small release promising only support for touchpad hold gestures on Linux, allowing users to interrupt kinetic (momentum) scrolling by placing two fingers on the touchpad. This feature was initially planned for Firefox 133, but it was delayed as it was needed for testing.

KDE Plasma 6.2.4 Re-Enables HDR Mode for Users on NVIDIA 565 and Linux 6.11

One of the most interesting changes in KDE Plasma 6.2.4 is support for enabling the HDR mode on GNU/Linux distributions using the NVIDIA 565.57.1 (beta) or later graphics driver for NVIDIA GPU users and Linux kernel 6.11 or later for Intel GPU users. Using previous versions of the NVIDIA graphics driver and Linux kernel results in an unstable HDR experience.

Mozilla Firefox 133 Is Now Available for Download, Here’s What’s New

Highlights of Mozilla Firefox 133 include the ability to show tabs from other devices in the Tab overview menu, GPU-accelerated Canvas2D enabled by default for Windows users, and Bounce Tracking Protection, a new anti-tracking feature enabled in ETP (Enhanced Tracking Protection)’s Strict mode.

Fwupd 2.0.2 Firmware Updater Adds Support for ASUS ROG Ally, Raspberry Pi Pico

Coming five weeks after fwupd 2.0.1, the fwupd 2.0.2 release adds support for checking AMD hardware configuration MSR (Machine Status Register), support for enumerate-only device emulation to increase test coverage, support for passing a JSON file for emulation instead of ZIP, and new get-version-formats and vercmp commands for fwupdtool.

9to5Linux Weekly Roundup: November 24th, 2024

I want to thank all the people who sent us donations. You guys are awesome and your help is very much appreciated! I also want to thank you all for your continued support by commenting, liking, sharing, and boosting the articles, following us on social media, and last but not least thank you for sending us feedback.

news

Security Leftovers

posted by Roy Schestowitz on Oct 30, 2024

LWN ☛ Coker: The CUPS vulnerability

Debian Developer Russell Coker has written up an analysis of the remote exploit of CUPS announced in September:

He seems to have a different experience to me of reporting bugs, I have had plenty of success getting bugs fixed without hyping them. I just report the bug, wait a while, and it gets fixed. [...] I was quite confident that my systems wouldn't be at any risk.

When it was published my opinion was proven to be correct, it turned out to be a series of CUPS bugs.
OpenSSF (Linux Foundation) ☛ OpenSSF Adds Minder as a Sandbox Project to Simplify the Integration and Use of Open Source Security Tools

Today, I’m excited to announce that Stacklok is contributing our Minder open source project to the Open Source Security Foundation (OpenSSF). Minder makes it simpler for developers and security teams to adopt a policy-based approach to open source software security; it reduces noise, alerts to risk only when necessary, auto-remediates inconsistencies and spans the entire software development lifecycle.
LWN ☛ Security updates for Tuesday

Security updates have been issued by Debian (exim4) and SUSE (chromium, openssl-1_1, and openssl-3).
PC World ☛ Security flaws found in all Nvidia GeForce GPUs. Update drivers ASAP!

Graphics card manufacturer Nvidia is currently issuing a warning to all owners of GeForce GPUs. According to an Nvidia security bulletin, several security vulnerabilities requiring urgent attention have been discovered in the company’s own display drivers and other software.

A total of eight vulnerabilities are listed, all of them with a “High” severity rating. If you have an Nvidia GeForce GPU, you need to act now.
Dark Reading ☛ Recurring Windows Flaw Could Expose User Credentials

Now a zero-day, the vulnerability enables NTLM hash theft, an issue that Microsoft has already fixed twice before.
Integrity/Availability/Authenticity
- Tech Central (South Africa) ☛ The case for digital identity in South Africa
  
  South Africa has become fertile ground for cybercrime. According to a new report by the CSIR, 47% of organisations reported experiencing between one and five cybersecurity incidents in the past year, “underscoring the persistent threat landscape”.
  
  A key recommendation: improve digital identity management and implement robust solutions to protect users online.
  
  A digital identity is an electronic form of identification, including biometric information, that can be used to interact with governments, businesses and other organisations online. It is a key enabler of digital transformation and offers a range of benefits, from improving service delivery to enhancing security.
- Pierre 'delroth' Bourdon ☛ delroth's homepage - One weird trick to get the whole planet to send abuse complaints to your best friend(s)
  
  Turns out, it’s pretty trivial to send packets to various destinations on the Internet with a fake source IP address (of course, the destination IP needs to be correct, since it determines… the destination). Many ISPs adhere to the Best Current Practice (BCP) 38, which can be summarized by the following: “if you peer with a network, you should only allow them to send IP packets using IP address you expect from them”. Unfortunately, that filtering can often only be done early on in a packet’s route to its destination. Once the packet gets to a large transit provider, their peers expect that provider to carry traffic from the whole internet to them, and thus are not able to do any meaningful filtering.
  
  Which means, if you just find one transit provider which doesn’t do BCP38 filtering… you can send IP packets tagged with any source IP you want! And unfortunately, even though the origins of BCP38 date back to 1998… there are still network providers 25 years later that don’t implement it. APNIC has a great article from last year on the subject.
Transparency/Investigative Reporting
- The Dissenter ☛ Columbus Ends Campaign Against Data Breach Whistleblower
  
  The City of Columbus agreed to a "permanent injunction” with cybersecurity specialist Connor Goodwolf and withdrew a lawsuit against him.

Other Recent Tux Machines' Posts

Mozilla Firefox 133 Is Now Available for Download, Here’s What’s New: Mozilla Firefox 133 open-source web browser is now available for download with the ability to show tabs from other devices in the Tab Overview menu and other changes.
Fwupd 2.0.2 Firmware Updater Adds Support for ASUS ROG Ally, Raspberry Pi Pico: Fwupd 2.0.2 Linux firmware update utiltiy is now available for download with support for checking AMD hardware configuration MSR and other changes.
Canonical wants Ubuntu 20.04 LTS users to upgrade as End of Life approaches: Canonical has issued a warning to users of Ubuntu 20.04 LTS
KDE: Criticism, KUserFeedback (KUF), and Microsoft Outsources: two KDE picks
Review of "How to Make Your Career Suck Less: A Guide to a Less Painful IT Experience" by Igor Ljubuncic [original]: a concise, edited version of the review
elementary OS 8 “Circe” Officially Released, Based on Ubuntu 24.04 LTS: The elementary OS team released today elementary OS 8 (codename Circe) as the latest stable version of their Ubuntu-based distribution featuring the modern Pantheon desktop environment with new features and enhancements.
Firefox 134 Enters Beta, Promises Support for Touchpad Hold Gestures on Linux: With Firefox 133 out the door today as the latest stable version of the open-source web browser used by default on all GNU/Linux distributions, Mozilla promoted the next major release, Firefox 134, to the beta channel.
Ubuntu, Mozilla, and C: today's leftovers
Windows TCO Leftovers: True cost of Microsoft
Android Leftovers: Circle to Search could finally ditch a design element we hated back in the Android 12 days
After 16 Years, Pidgin 3 Takes Its First Steps: A blast from the past: Pidgin 3's pre-alpha debuts Dec 31
PipeWire 1.2.7 Enhances ALSA Driver Handling and Adds Lazy Scheduling: PipeWire 1.2.7 is a stable bugfix release that adds lazy scheduling, improves the v4l2 plugin, fixes module crashes, and enhances resampling performance
7 Tricks to Make Learning the Linux Command Line Easier: The Linux command line can seem impenetrable, with arcane instructions and a focus on text interfaces
Call for volunteers: Help us with the GNU Press shop: People around the world are eagerly waiting to receive their GNU Press shop orders, and we need a little help sending everything out
Best Free and Open Source Software, howtos and Installations: Only free and open source software is eligible for inclusion
Vendefoul Wolf – distro based on Devuan: Vendefoul Wolf Linux is a distro based on Devuan and uses the Calamares Installer
This Week in KDE Apps: Bugfixing Week: Welcome to a new issue of "This Week in KDE Apps"! Every week we cover as much as possible of what's happening in the world of KDE apps
KDE Plasma 6.2.4 Re-Enables HDR Mode for Users on NVIDIA 565 and Linux 6.11: The KDE Project released today KDE Plasma 6.2.4 as the fourth maintenance update to the latest KDE Plasma 6.2 desktop environment series with more improvements and bug fixes.
5 ways to get the best Linux support, no matter your skill level: Where do you turn if you're new to Linux or looking for a solution to a problem? Here are your options
Games: Proton Experimental, Star Fox 64, and More: Latest 9 from GamingOnLinux
Today in Techrights: Some of the latest articles
today's leftovers: Misc. picks
today's leftovers: GNU/Linux and FOSS picks
Programming and Development Tools: Programming leftovers mostly
Security Leftovers: only 3 for now
Linux Devices and Open Hardware Leftovers: misc. picks
EasyOS Development Updates: EasyOS's latest
Applications: Makulu Tools, Hugin, amd Email Client: 4 picks regarding software
today's howtos: first big batch
10 Reasons To Choose Ubuntu Server Over the Competition: When you think of a server's operating system (OS), what comes to mind?
Android Leftovers: Why the Pixel Tablet's cancellation makes sense in light of a possible Android and Chrome OS merge
today's leftovers: security and more
Audiocasts/Shows: Linux Out Loud, GNU World Order, Open Source Security Podcast, This Week in Linux: 4 new episodes
Open Hardware/Modding/Retro: GNU-like Mobile Linux, Old Amigas, and More: gadgets and hacking
Guix/Hurd on a Thinkpad X60: A lot has happened with respect to the Hurd since our Childhurds and GNU/Hurd Substitutes post
Free and Open Source Software: Magpie is used by the Budgie Desktop as its window manager
Review: Linux Lite 7.2: Linux Lite 7.2 is an update from the 7.0 release in June, and it's based on Ubuntu 24.04.1 LTS and will receive five years of support
KDE: UX Insights (that we cannot get right now): After the criticism in the last post about the limitations of KUserFeedback (KUF) for doing data-driven UX work
9to5Linux Weekly Roundup: November 24th, 2024: The 215th installment of the 9to5Linux Weekly Roundup is here for the week ending on November 24th, 2024.
Today in Techrights: Some of the latest articles
TuxCare and Cloudimg Partner to Bring Patches to Dead Linux Cloud Images: TuxCare has partnered with UK-based Cloudimg, to bring its customers TuxCare Endless Lifecycle Support for keeping end-of-life Linux distributions supported
Android Leftovers: Here's what I'll miss about Chrome OS once it turns into Android
Just Starting in the Linux Terminal? Here Are Some Setup Tips: The Linux terminal is useful, but it sometimes gets a bad rap for being boring
Free and Open Source Software: This is free and open source software
today's leftovers: GNU/Linux and FOSS links
dpb (Distributed Ports Builder), Warp and Wireshark: Applications in focus
Games: Humble Bundle, Social Media Card Game, and Snake: With Linux twist
Programming Leftovers: coding related links
Open Hardware Leftovers: ESP32 and more
Audiocasts and Videos: Collection From Invidious and TLLTS: from the past week
today's howtos: many howots for today and some older ones
FreeBSD 14.2-RC1 Now Available: The first Release Candidate build of the 14.2-RELEASE release cycle is now available
Wine 9.22 Released with Display Mode Virtualization Support: Wine 9.22 is now available with Wayland driver enabled by default, DirectPlay network boosts, Unicode CLDR 46 updates, and display virtualization
10 Best Linux FTP Clients for Every User in 2024: Looking for reliable FTP clients on Linux
Moksha – modern iteration of the Enlightenment window manager: This is free and open source software
RELIANOID Load Balancer Community Edition v7.5 Release Notes: We are thrilled to announce the release of RELIANOID 7.5.0 (Community Edition)
AlmaLinux OS 9.5 Is Here as a Free Alternative to Red Hat Enterprise Linux 9.5: The AlmaLinux OS Foundation announced today the release and general availability of AlmaLinux OS 9.5 (codename Teal Serval), as the latest stable version of this free Red Hat Enterprise Linux (RHEL) fork.
GhostBSD 24.10.1 Is Now Available: We’re excited to announce the release of GhostBSD 24.10.1
KaOS 2024.11: More application are now ready to use Qt6 and Frameworks 6 including Freecad, Sqlitebrowser, Cantor, Kalzium, Webacmoid and Liquidshell
Fedora / IBM / Oracle Linux / IBM Leftovers: the Red Hat universe in blogs and news sites
Today in Techrights: Some of the latest articles

Tux Machines

Other Sites

LinuxGizmos.com

Pilet: A Portable Cyber-Deck Powered by Raspberry Pi 5 and Dual 8000mAh Batteries

LILYGO to Launch ESP32-Based Gizmo with E-Paper Display, LoRa, and MagSafe Charging

Waveshare Development Boards Feature RP2350 with 100 Mbps Ethernet or 1.14-Inch LCD

TANGO-7010 Series Featuring Intel 12th Gen i3 to i9 Cores and Triple 2.5GbE Ports

Tor Project blog

New Release: Tor Browser 14.0.3

9to5Linux

elementary OS 8 “Circe” Officially Released, Based on Ubuntu 24.04 LTS

Firefox 134 Enters Beta, Promises Support for Touchpad Hold Gestures on Linux

KDE Plasma 6.2.4 Re-Enables HDR Mode for Users on NVIDIA 565 and Linux 6.11

Mozilla Firefox 133 Is Now Available for Download, Here’s What’s New

Fwupd 2.0.2 Firmware Updater Adds Support for ASUS ROG Ally, Raspberry Pi Pico

9to5Linux Weekly Roundup: November 24th, 2024

news

Security Leftovers

LWN ☛ Coker: The CUPS vulnerability

OpenSSF (Linux Foundation) ☛ OpenSSF Adds Minder as a Sandbox Project to Simplify the Integration and Use of Open Source Security Tools

LWN ☛ Security updates for Tuesday

PC World ☛ Security flaws found in all Nvidia GeForce GPUs. Update drivers ASAP!

Dark Reading ☛ Recurring Windows Flaw Could Expose User Credentials

Integrity/Availability/Authenticity

Tech Central (South Africa) ☛ The case for digital identity in South Africa

Pierre 'delroth' Bourdon ☛ delroth's homepage - One weird trick to get the whole planet to send abuse complaints to your best friend(s)

Transparency/Investigative Reporting

The Dissenter ☛ Columbus Ends Campaign Against Data Breach Whistleblower

Other Recent Tux Machines' Posts