Tux Machines

Do you waddle the waddle?

Other Sites

LinuxGizmos.com

YY3588 Development Board with up to 32GB RAM, 2.5GbE Port and Onboard NFC

Youyeetoo has just launched a platform based on Rockchip’s RK3588 SoC with a modular system-on-module design, targeting industrial automation and edge IoT projects that demand high performance and flexible connectivity. Key features include Wi-Fi and Bluetooth support, optional 4G connectivity, and dual RJ45 Ethernet ports, including a 1GbE and an extra 2.5GbE port.

Orange Pi Nova Teased with Loongson 2K3000 as Loongson Expands Product Line

This week, Orange Pi previewed its upcoming Orange Pi Nova, a single-board computer developed in collaboration with Loongson. Announced through Orange Pi’s official channels, the Nova combines the Loongson 2K3000 processor with a range of I/O options and support for up to 32GB of DDR4 RAM.

GPD MicroPC 2 with Intel N250 Brings Multi-Port Connectivity to Ultra-Mobile Design

GPD has shared early information about the MicroPC 2 on Indiegogo, describing it as an updated version of its ultra-compact computer for mobile technical tasks and on-site troubleshooting. The device measures about 171 × 110 × 23.5 mm and includes a full physical keyboard along with a screen that can rotate and flip for tablet-style use.

news

Building secure images with NixOS

posted by Roy Schestowitz on Nov 14, 2024

NixOS

Image-based Linux distributions have seen increasing popularity, recently. They promise reliability and security, but pose packaging problems for existing distributions. Ryan Lahfa and Niklas Sturm spoke about the work that NixOS has done to enable an image-based workflow at this year's All Systems Go! conference in Berlin. Unfortunately, LWN was not able to cover the conference for scheduling reasons, but the videos of the event are available for anyone interested in watching the talks. Lahfa and Sturm explained that it is currently possible to create a NixOS system that cryptographically verifies the kernel, initrd, and Nix store on boot — although doing so still has some rough edges. Making an image-based NixOS installation is similarly possible.

Lahfa started by giving a brief overview of NixOS for those attendees who were unfamiliar with it. He described the distribution as a ""standard systemd-based Linux"", but with some differences mostly centered around the fact that it does not follow the filesystem hierarchy standard. In NixOS, all of the binaries on the system live in /nix/store, and are configured to use a path and library path that are tightly scoped to only their declared dependencies. This has a lot of benefits, Lahfa said, including NixOS's ability to run multiple versions of the same software. But it also has consequences for secure boot.

Lahfa explained that secure boot ""controls who is allowed to run software on your computer"". It relies on using signed binaries; the computer will only boot into the provided kernel if the signature on it is valid. On systemd systems, it is possible to use unified kernel images (UKIs), which package a unified extensible firmware interface (UEFI) boot stub, the kernel, and its initrd together. This has security benefits, because it means that secure boot validates the initrd as well as the kernel. But it causes problems for NixOS, which needs to present many more options in the bootloader than most other distributions in order to support its efficient rollback features.

NixOS's separation of binaries into individual paths under /nix/store — and ability to share libraries between different versions — allows the distribution to keep a large number of previous configurations around. Every time a NixOS system has its configuration changed, from a software update, for example, the complete state of the installed programs is saved as a "generation". In the bootloader, the user can select any previous generation they would like (at least until the old generations are cleaned up to reclaim their storage space), and the kernel will load the appropriate initrd for that generation, which in turn sets up all of the configuration files from that generation. This allows for fearless upgrades, since the previous configuration is available in the boot menu — a value proposition quite similar to image-based distributions. Unfortunately, this ability doesn't work well if the initrd needs to be bundled with the kernel, because that increases both the size of each kernel image, and the number of different kernel images that must be stored. Doing so will quickly fill up the EFI (Extensible Firmware Interface) system partition (ESP).

Read on

Other Recent Tux Machines' Posts

Steam Client Now Enables Proton by Default for Games without Native Linux Builds
Valve released a new stable Steam Client update today, bringing a few interesting changes for Linux gamers, as well as various other enhancements and bug fixes.
Fedora Linux Won't Kill 32-Bit Software, for Now
A proposal to drop all support for 32-bit software in the distant Fedora 44 release has been withdrawn after backlash from the community
Ubuntu 24.10 Support Ends July 10th – Upgrade Soon
Time is nearly up on Ubuntu 24.10 ‘Oracular Oriole’, which goes End of Life (EOL) on July 10, 2025
 
Linux 6.16-rc4
new RC is out
today's howtos
another batch for today
KDE Plasma 6.4.2 Improves the Kicker App Menu Widget, Spectacle, and More
KDE Plasma 6.4.2 is now available as the second maintenance update to the latest KDE Plasma 6.4 desktop environment series with more fixes.
TUXEDO Stellaris 16 Gen7 Linux Laptop Now Ships with AMD Ryzen 9 CPUs
Linux hardware vendor TUXEDO Computers announced that their TUXEDO Stellaris 16 Gen7 laptop can now be purchased with an AMD processor too, namely the AMD Ryzen 9 9955HX and 9955HX3D.
Hardware With GNU/Linux and ARM, non-x86
some hardware picks
5 underrated Linux apps I can't live without
I recently made the switch to using Linux full time, leaving Windows behind
Steam and Linux gaming is safe: Fedora will not drop 32-bit support after all — dev says proposal was 'not some conspiracy to break the gaming use case'
Maintaining 32-bit support will allow Steam to keep functioning on popular Linux distribution
9 Great Linux Apps to Try on Your Chromebook
Are you looking for some Linux apps to install on your Chromebook
Choose the GPL instead of a "no attribution" license for your next program
Just because a license is free does not mean it serves the goals of the free software movement well
Ubuntu 25.10 Raises RISC-V Profile Requirements
Canonical is bullish in promoting Ubuntu for RISC-V devices
Free software can strengthen the US healthcare system
Few people who have interacted with the US healthcare system can report a stress-free and cost-effective experience, no matter as a patient or provider
Defending Savannah from DDoS attacks
Savannah is under heavy attack, likely from one or more organizations using a massive botnet to build a dataset for training large language models (LLMs)
Ubuntu and Tuxedo duke it out for Linux on Snapdragon X Elite laptops
So far, Snapdragon X Elite laptops with super-long battery life have only been able to run Windows
I didn't get free software until I became a reverse engineer
Free software can remain an abstract concept until you're staring down the barrel of a 10MB executable in a hex editor
There is no collective freedom without you
This quote is taken from the GNU Manifesto, which was published a few months before the Free Software Foundation's (FSF) founding (forty years ago this October)
Free and Open Source Software, and Review
This is free and open source software
Games: SteamOS 3.7.13, Half-Life, Bubbits, and More
10 stories from GamingOnLinux
Where is it possible to purchase the new Fairphone 6 in the USA?
This is a frequent question we’re getting at Murena
PI(M)P Your Clock
You may have read about my new-found fondness for Plasma’s Clock app
This Week in KDE Apps: Improvements in Photos, KRetro and better keyboard navigation
Welcome to a new issue of "This Week in KDE Apps"! Every week (or so) we cover as much as possible of what's happening in the world of KDE apps
GE-Proton 10-7 and Wine 10.11
Windows compat layer
YY3588 Development Board with up to 32GB RAM, 2.5GbE Port and Onboard NFC
The YY3588 supports Android 14, Debian 12, Ubuntu 22.04, Buildroot
This Debian-based Linux distro is an overlooked and user-friendly gem
This operating system can serve users of all types
New to Linux? Seven things every beginner should know
I can still remember the moment I switched from Windows to Linux
Corporate best practices for upstream open source contributions
When I started getting into Linux and open source over 25 years ago
Today in Techrights
Some of the latest articles
today's leftovers
GNU/Linux, BSD, and more
GNOME and IBM Leftovers
some of the latest work
Open Hardware/Modding: Arduino, Raspberry Pi, and More
hardware leftovers
Programming Leftovers
Development related picks
Software: Incus 6.14, Wireplumber, GNU Health Hospital Information System 5.0, App Center, and More
Some software updates
digiKam 8.7 Adds New Tool to Perform Auto-Rotation Based on Content Analysis
digiKam 8.7 has been released today as the latest stable version of this open-source, free, and cross-platform dynamic digital asset manager and image editor, providing professional-grade photo management.
today's leftovers
3 more stories
today's howtos
many howtos for today
Getting Hot in Here [original]
There will be some good news this week regarding Microsoft's rapid demise
Microsoft "Too Big to Save" (Bailouts), Not "Too Big to Fail" [original]
2025 will be remembered as a significant year not just for GNU/Linux growth but also a rapid fall of Microsoft
Android Leftovers
I slashed my screen time by changing these underrated Android settings
Switching From Desktop Linux To FreeBSD
People have been talking about switching from Windows to Linux since the 1990s
Our Static Site Builder at 3 [original]
If you're still using some PHP stuff to build a site (e.g. WordPress or MediaWiki), consider moving to an SSG
Free and Open Source Software
Minicom is a text-based modem control and terminal emulation program
Review: AxOS 25.06 and 25.01, AlmaLinux OS 10.0
AxOS is an Arch-based, rolling release Linux distribution for the desktop
Orange Pi Nova Teased with Loongson 2K3000 as Loongson Expands Product Line
supported by an expanding Linux-based ecosystem
Microsoft Layoffs This Week (July 2, 2025) [original]
we can expect Microsoft to try to 'hijack' GNU/Linux one way or another
GNU/Linux Leftovers
GNU/Linux focus, 4 stories
Hardware: Espressif, 3D Printing, and Firefox Phones
hardware news
Running a Pi-hole and Self-Hosting a Site
technical articles
Homelab With NixOS and 5 NAS Accessories
self-hosting and maintaining a home lab
today's howtos
Instructionals/Technical articles
Applications: Free Software Alternatives, VirtualBox 7.2.0 Beta 2, and OBS Studio 31.0.4 Hotfix
some software news
Docker-CLI, Portainer, LXCs, VMs, and More
Recent articles about instance management
Today in Techrights
Some of the latest articles
9to5Linux Weekly Roundup: June 29th, 2025
The 246th installment of the 9to5Linux Weekly Roundup is here for the week ending on June 29th, 2025.
Microsoft Will Collapse in July [original]
Microsoft isn't doing well
I Left Windows for Linux—and I’m Never Looking Back
Windows is a great operating system, and depending on your requirements, might be your only choice
5 More Beginner-Friendly Linux Distros
One great thing about Linux is that it's not homogeneous
Free and Open Source Software
This is free and open source software
today's leftovers
GNU/Linux and more
Programming Leftovers
Development news and picks
This Week in Linux and Linux Out Loud
2 new episodes
Open Hardware/Modding: "Open-Source Knob Packed With Precision", "Restoring a ZX Spectrum+ Toastrack", and Refurb
hardware stories
today's howtos
some howtos for Sunday
Standards: ODF and Plain Text E-mail
some standards-related picks
This Week in Plasma: inertial scrolling, RDP clipboard syncing, and more session restore
Probably the biggest one is the next piece of the Wayland session restore puzzle clicking into place...
Android Leftovers
Gmail for Android starts rolling out ‘mark as read’ button in notifications
Bcachefs may be headed out of the kernel
2 stories
Linux Phones, the New HDMI, and More: Weekly Roundup
Dell's XPS replacement laptops, an exciting update for Linux phones, and much more
5 reasons I prefer this distro over Ubuntu as a Windows-to-Linux convert
When transitioning from Windows to Linux, it's essential to select the proper distribution that best suits your needs
Linux Desktop: What Makes KDE Plasma So Appealing?
KDE Plasma offers an exceptional balance of aesthetics and practicality
Floating Mini Panel GNOME Shell Extension
GNOME Shell extensions make it easy to reshape the standard desktop layout in novel new ways
Best Free and Open Source Software
This is free and open source software
Dolphin - An Intro to the Kubuntu File Manager
Dolphin is the default Kubuntu file manager application
SUSE Linux Enterprise 15 SP7 and Weekly GNU-like Mobile Linux Update
a pair of leftovers
openKylin Presented Kaiming Format at LAS 2025!
Shuoqi Yu, maintainer of the Kaiming SIG in the openKylin community, delivered a keynote
Security Onion 2.4.160 now available including Playbooks, Guided Analysis, MCP Server, and more!
Security Onion 2.4.160 is now available
RefreshOS 2.5 Launches with a Smoother, Smarter Desktop Experience
RefreshOS 2.5 is here
Escuelas Linux 8.12: Lightweight, Educational OS
The latest version, Escuelas Linux 8.12, is now available
IPFire Linux Firewall Now Ships with Support for the WireGuard VPN Protocol
IPFire 2.29 Core Update 195 has been released today as a new stable update to this open-source hardened Linux firewall distribution that introduces long-awaited WireGuard support.
Clonezilla / News: Stable Clonezilla live 3.2.2-15 Released
This release of Clonezilla live (3.2.2-15) includes major enhancements and bug fixes.
EXTON OpSuS Tumbleweed LXQt 2.2.0-1.1 64 bit UEFI Linux Live System with Refracta Snapshot – Build 250621
a rolling distribution
Today in Techrights
Some of the latest articles