Other Sites

Tor Project blog

Making new connections: from BridgeDB to Rdsys

Enter Rdsys: the next-generation bridge distribution system. Developed from the ground up, it incorporates the learnings from over 15 years of anti-censorship work to overcome the limitations of its predecessor. In October 2024, Tor completed the migration to Rdsys, retiring Bridge DB. This transition ensures a more flexible, maintainable, and user-friendly approach to bridge distribution, strengthening Tor's ability to counter censorship and making the web more accessible to those who need it most.

Arti 1.3.1 is released: onion services, RPC, relay development, and more

This release continues development on Arti Relay and the RPC subsystem, and adds the initial scaffolding for service-side proof-of-work support. It also contains a number of bugfixes, cleanups, as well as improvements to our CI infrastructure.

LinuxGizmos.com

AAEON Integrates Intel Arc GPU with High-Performance Computing in Edge PC

The MXM-ACMA-PUC is an industrial edge computing system from AAEON that combines 13th Generation Intel Core processors with an embedded Intel Arc GPU. It is designed for machine learning and AI workloads, with applications in smart city infrastructure and industrial workstation management.

NVK Achieves Day-Zero Support for Vulkan 1.4

The Khronos Group recently announced the release of the Vulkan 1.4 specification, and NVK, an open-source Vulkan driver for NVIDIA hardware, has achieved day-zero conformance with the latest API. This support has been integrated into Mesa and will be available in the upcoming Mesa 25.0 release, scheduled for early 2025.

Low-Cost ESP32-PICO-D4 Board with LoRa, Wi-Fi, and BLE Connectivity

Unlike other LILYGO products with LoRa support, such as the T5 E-Paper S3 Pro, the T3 S3 LR1121, and the T-Deck Plus, this device incorporates the ESP32-PICO-D4 SoC, which includes Wi-Fi 802.11b/g/n, Bluetooth v4.2 BR/EDR, Bluetooth LE functionalities, and 4MB Quad-SPI flash memory.

news

Security Lefttovers

posted by Roy Schestowitz on Dec 03, 2024

SANS ☛ Credential Guard and Kerberos delegation, (Mon, Dec 2nd)

The vast majority of red team exercises that I (and my team, of course) have been doing lately are assumed breach scenarios.
Lee Yingtong Li ☛ Investigating a proprietary Android 2FA system

This article concerns an Android app used as part of a proprietary two-factor authentication (2FA) system. Investigation of the app and 2FA protocol reveals some interesting design decisions.

Overview

The 2FA system is similar to well-known offerings such as Duo Security and Okta Verify. When a user initiates a request (e.g. log in request), a push notification is delivered to the 2FA device. The user can then approve or reject the request, and the outcome is directly transmitted to the server. Therefore, the 2FA system is an interactive online protocol requiring internet connectivity to function, rather than an offline protocol like TOTP or HOTP.

The developer of the 2FA system advertises that the system is superior to other 2FA protocols, due to the use of cryptographic features – described as a ‘signature’ – that enable the server to determine not only that the user has approved a request, but also to verify that the user has approved the specific details of that particular request. As we will see, there are some interesting hidden details behind this description.

QR code message signing

Like many similar 2FA apps, the app is initialised by the user scanning a QR code on their mobile device.
Scoop News Group ☛ Small number of vulnerabilities patched in last Android security update of 2024

None of the patched bugs were considered critical.
Bruce Schneier ☛ Details about the iOS Inactivity Reboot Feature

I recently wrote about the new iOS feature that forces an iPhone to reboot after it’s been inactive for a longish period of time.

Here are the technical details, discovered through reverse engineering. The feature triggers after seventy-two hours of inactivity, even it is remains connected to Wi-Fi.
Forbes ☛ Microsoft backdoored Windows Warning—Do Not Install This App On Your PC

Microsoft’s mission to push Chrome users to the Edge has made plenty of headlines. And it now seems that if it can’t convince users to switch browsers, switching search engines is the next best thing. Chrome is clearly less trouble if Bing is being used. That’s the implication behind the latest warning hitting Windows users around the world, as a Microsoft app is accused of secretly decrypting Chrome tracking cookies, installing Bing search, and of course driving users to switch to Edge.
Mobile Systems/Mobile Applications
- Android Open Source Project ☛ Android Security Bulletin December 2024 | Android Open Source Project
  
  The most severe of these issues is a high security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

Other Recent Tux Machines' Posts

EasyOS Scarthgap and Daedalus 6.4.4 releases: Bringing both of these to the same version number
Elementary OS 8 continues the tradition of a beautiful, user-friendly desktop: If you're a fan of Elementary OS, then get excited because the latest major version has arrived with extra privacy and more
I think the donation notification works: A few months ago, I blogged about a change for Plasma 6.2 to show a once-a-year system notification asking for a donation, starting on December 1st
Cinnamon Desktop 6.4 Released with New Look: A new version of the Cinnamon desktop environment has been tagged for release – a sure-fire sign that the Linux Mint 22.1 beta is on the way
Nitrux 3.8 “db” Released Packed with Performance Boosts: The immutable systemd-free distro Nitrux 3.8 is out, featuring Linux kernel 6.12, improved boot time, enhanced NVIDIA support, and more
Armbian 24.11 Released with Support for OrangePi 5 Max and Radxa ROCK 5B+: The Armbian team announced today the release and general availability of Armbian 24.11 as a major update aimed at enhancing functionality and expanding hardware support of this Debian and Ubuntu-based distribution for ARM devices.
Games: Vulkan Upgraded, Discord With Wayland, Lutris Release: Latest 8 articles from GamingOnLinux
Linus Torvalds Announces First Linux Kernel 6.13 Release Candidate: Linus Torvalds announced today the general availability for public testing of the first Release Candidate (RC) development milestone of the upcoming Linux 6.13 kernel series.
NixOS 24.11 Released with GNOME 47 and KDE Plasma 6.2, PipeWire by Default: The developers of the independent distro NixOS, whose set of packages can be used on other GNU/Linux distributions, released today NixOS 24.11, a major update that introduces support for recent technologies and other changes.
IPFire 2.29 - Core Update 190 is available for testing: The upcoming release of IPFire is ready to be tested by you, our awesome community
In The Chair | CENSOR*ED: How our schools are ruled by fear and BigTech decides what kids can learn
Red Hat Leftovers: latest in redhat.com
Web Browsers, Mozilla, and Tor: Some Web related or Net links
Programming Leftovers: R, Python, and more
Security and Windows TCO: Windows TCO for the most part
today's howtos: many howtos for this day
Open Hardware: ESP32, Arduino, Raspberry Pi, and More: some hardware picks
This Is the Default Theme of Debian GNU/Linux 13 “Trixie”: The Debian Project unveiled today the default theme of the next major Debian operating system release, Debian GNU/Linux 13 “Trixie,” made by Elise Couper.
10 Ways To Harden Your Linux Containers Against Attacks: Learn practical strategies for protecting containerized applications on Linux
The best way to make a decision is to decide: Making decisions in an open source community is hard
"Ceratopsian" will be the default theme for Debian 13: The theme "Ceratopsian" by Elise Couper has been selected as the default theme for Debian 13 "trixie"
Games: The best GNU/Linux distribution for gaming in 2025 and many gaming news: Latest from GamingOnLinux
Android Leftovers: Xiaomi 15 and 15 Pro are the most popular newly launched Android flagships
Free Software Supporter -- Issue 200, December 2024: Welcome to the Free Software Supporter, the Free Software Foundation's (FSF) monthly news digest and action update
The Licensing and Compliance Team is fighting for freedom and we need your help: The Licensing and Compliance Lab has been diligently serving the free software community
RustDesk 1.3.3 Introduces Mobile Clipboard Support: RustDesk 1.3.3 open-source remote desktop adds mobile clipboard
December Steam Client Update Enhances Game Recording: December Steam Client Update
Lernstick – secure and mobile learning and working environment: Lernstick offers secure and mobile learning and working environment so that private devices can also be used for school purposes
Dolphin Emulator Will Get Faster Updates on Linux With Flatpak: Dolphin now maintains official Flatpak repositories, making it far easier for Linux gamers to install and run the latest versions of the Dolphin emulator
Best Free and Open Source Software: Kobold aims to offer easy declarative web interfaces
Br OS – Brazilian Linux distribution: Br OS is a Brazilian Linux distribution based on Kubuntu, sporting the KDE Plasma desktop
SUSE Renames Several Products for Better Name Recognition: SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick
You can test all the best Linux distros right in your web browser with this site: If you've ever wanted to see what Linux was all about but didn't want to go through the steps of installing it
openSUSE Empowers Creative Professionals: For many creatives, Photoshop is the go-to application for photo editing and graphic design
Fedora Linux Flatpak cool apps to try for December: This article introduces projects available in Flathub with installation instructions
Today in Techrights: Some of the latest articles
today's leftovers: applications and more
Audiocasts/Shows: LINUX Unplugged, This Week in Linux, and More: 3 new shows/episodes
Games: Dolphin Emulator, Godot, and NES: gaming related news
Free, Libre, and Open Source Software Leftovers: FOSS picks for today
Security Lefttovers: Security related links
Programming Leftovers: Development related picks
Red Hat and Fedora Leftovers: Red Hat mostly
Latest Canonical/Ubuntu Announcements: Canonical/Ubuntu leftovers
Open Hardware: ESP32, Raspberry Pi, SparkFun, and More: some hardware picks
Arduino and Elektrobit Boost Proprietary AWS: not so good
today's howtos: very large batch for today
Nitrux 3.8 Released with Linux Kernel 6.12, Better Support for NVIDIA Users: Nitrux developer Uri Herrera announced today the release and general availability of Nitrux 3.8 as the latest stable version of this immutable and systemd-free distribution derived from Debian GNU/Linux and built on top of the KDE Plasma desktop environment.
Repairability Isn't Enough: Why I'm No Longer Supporting Software Freedom Conservancy: As a result, I have decided not to renew my membership
Android Leftovers: YouTube TV for Android gets resizable PiP-style miniplayer
Why Copyleft Matters: Have you ever wondered who controls the software you use? In a world increasingly reliant on software, the answer to this question is more crucial than ever and has profound implications for our freedom
Zoo elephants get a musical toy to enrich their lives | Arduino Blog: An Arduino Mega 2560 board plays the tones through a DY-SV5W media player module, which outputs an audio signal to an outdoor speaker system
Security Leftovers: and more
HandBrake 1.9 Adds Support for Lossless VP9 Encoding, Intel QSV VVC Decoder: HandBrake 1.9 was released today as a major update to this open-source, cross-platform video transcoder application that brings new features and improvements.
ClamAV: The Best Malwarebytes Alternative for Linux: Malwarebytes isn’t available for Linux, but ClamAV is a reliable alternative
DreamQuest N100 Mini PC Running Linux: Power Consumption: For this instalment in the series, we examine the power consumption of the DreamQuest N100 Mini PC and compare it to four other machines
Free and Open Source Software: This is free and open source software
Qt Creator 15 Open-Source IDE Released with Axivion Support, New Themes: The Qt Project released today Qt Creator 15 as the latest stable version for this open-source, free, and cross-platform IDE (Integrated Development Environment) for GNU/Linux.
Kate - 1500 accepted merge requests!: I just looked at our GitLab page today and thought
5 Linux commands for locating system slowdowns fast: If you've ever experienced a system slowdown on Linux
Today in Techrights: Some of the latest articles
today's leftovers: BSD, Debian, and FOSS
Applications and HowTos: not only FOSS
Open Hardware and Mobile Stuff: on the hardware side of things
GNU gettext 0.23 and Unifont 16.0.02 Released: Two GNU releases
Programming Leftovers: Development picks, a handful for now
EasyOS 5.8.2 released: I have uploaded version 5.8.2
9to5Linux Weekly Roundup: December 1st, 2024: The 216th installment of the 9to5Linux Weekly Roundup is here for the week ending on December 1st, 2024.
Android Leftovers: What Happened to the Android One Program
Clapgrep: An Easy-to-Use Open Source Linux App To Search Through Your PDFs and Text Documents: Want to look for something in your text documents? Use Clapgrep to quick search for it
Not Sure If You'll Like Linux? Try It From Your Browser: As a long-time Linux user, I enjoy encouraging others to try it
25 Must-Have Apps for Fedora Linux Users: Maximize your Fedora experience with this comprehensive guide to the top 25 apps
Free and Open Source Software: This is free and open source software
Review: AnduinOS 1.0.1: AnduinOS is an Ubuntu-based distribution featuring the GNOME desktop environment
Audiocasts: Free Software Security Podcast and Banned C++ Contributor Andrew Tomazos Speaks Out: A pair of new picks
Debian Developers'/Development Updates: Guido Günther, Colin Watson, Sandro Knauß, and Junichi Uekawa: or IRL updates
today's howtos: some howtos for Monday
Xfce 4.20 Pre2 Released: Dear Xfce community, I am happy to announce the release of Xfce4.20 pre2
Games: Proton 9.0-4 Beta, Steam Deck-Compatible Titles, and Veloren: 3 picks for now
Today in Techrights: Some of the latest articles
GNU/Linux, SUSE, and Oracle: today's leftovers

Tux Machines

Other Sites

Tor Project blog

Making new connections: from BridgeDB to Rdsys

Arti 1.3.1 is released: onion services, RPC, relay development, and more

LinuxGizmos.com

AAEON Integrates Intel Arc GPU with High-Performance Computing in Edge PC

NVK Achieves Day-Zero Support for Vulkan 1.4

Low-Cost ESP32-PICO-D4 Board with LoRa, Wi-Fi, and BLE Connectivity

news

Security Lefttovers

SANS ☛ Credential Guard and Kerberos delegation, (Mon, Dec 2nd)

Lee Yingtong Li ☛ Investigating a proprietary Android 2FA system

Overview

QR code message signing

Scoop News Group ☛ Small number of vulnerabilities patched in last Android security update of 2024

Bruce Schneier ☛ Details about the iOS Inactivity Reboot Feature

Forbes ☛ Microsoft backdoored Windows Warning—Do Not Install This App On Your PC

Mobile Systems/Mobile Applications

Android Open Source Project ☛ Android Security Bulletin December 2024 | Android Open Source Project

Other Recent Tux Machines' Posts