Other Sites

9to5Linux

Debian 12.9 “Bookworm” Arrives with 72 Bug Fixes and 38 Security Updates

Coming a little over two months after Debian 12.8 and powered the Linux 6.1 LTS series, Debian 12.9 is the eighth point release of Debian Bookworm. Yes, eighth, because Debian 12.3 was never released due to an issue in the EXT4 file system leading to data corruption so it doesn’t count.

Ubuntu 24.04 LTS Now Works on the HiFive Premier P550 RISC-V Development Board

The HiFive Premier P550 is a RISC-V single-board computer powered by the ESWIN EIC7700X SoC with a SiFive Quad-Core P550 64-bit RISC-V processor running at 1.4 GHz and an integrated Imagination AXM-8-256 GPU supporting hardware accelerated video encoding up to 8K@25fps, hardware accelerated video decoding up to 8K@50fps, and hardware accelerated AI NPU with ~20 TOPS.

Calibre 7.24 Open-Source Ebook Manager Released with New Features and Bug Fixes

Calibre 7.24 introduces several new features like the ability to create rules to transform e-book series names, which you can experiment with in the Bulk metadata editor and Preferences > Metadata download.

Rust-Based COSMIC Desktop Gets 5th Alpha Release with COSMIC Media Player

COSMIC Alpha 5 introduces an early version of COSMIC Media Player, which is now the default media player in Pop!_OS 24.04 LTS. System76 says that COSMIC Media Player uses Vulkan for video rendering and Video Acceleration API (VA–API) for video decoding.

Flatpak 1.16 Linux App Sandboxing and Distribution Framework Officially Released

Coming two and a half years after Flatpak 1.14, the Flatpak 1.16 release introduces USB device listing, support for KDE search completion, support for compiling Flatpak using Meson instead of Autotools, and support for creating a private Wayland socket with the “security context” extension to allow the compositor to identify connections from sandboxed apps as belonging to the sandbox.

KDE Plasma 6.3 Is Now Available for Public Beta Testing, Here’s What’s New

KDE Plasma 6.3 promises new features like the ability to clone a panel, the ability to set keyboard shortcuts to move windows between Custom Tiling tile zones based on directionality, support for remembering the active virtual desktop per activity, revamped Graphics Tablet page in System Settings, and the option to prefer screen color accuracy in KWin.

KDE Frameworks 6.10 Adds Support for Converting Between “Rack Units” in KRunner

KDE Frameworks 6.10 continues the monthly KDE Frameworks releases with new features like support for KRunner and KRunner-powered search fields to convert between “rack units” and other units of length, and a new Breeze open-link icon with the typical “arrow pointing out of the corner of a square” appearance.

KDE Gear 24.12.1 Is Out to Improve Dolphin, Kate, NeoChat, and Other KDE Apps

KDE Gear 24.12.1 is here almost a month after the release of KDE Gear 24.12 to fix a couple of regressions in the Dolphin file manager, fix a crash in the Kleopatra certificate manager that occurred when the output directory for decrypting doesn’t exist, and fix building of the KRDC remote desktop client on Haiku systems.

Tails 6.11 Anonymous Linux OS Released with Critical Security Fixes

Tails 6.11 is mostly here to address several critical security vulnerabilities that have been discovered and disclosed by a group of security researchers from Radically Open Security, a non-profit computer security consultancy company.

Raspberry Pi 5 16GB Model Is Now Available at $120 USD

Raspberry Pi 5 was initially launched at the end of October 2023 in 4GB and 8GB RAM variants, but the people have been asking for a 16GB RAM model and now the Raspberry Pi makers have delivered it thanks to the optimized D0 stepping of the Broadcom BCM2712 application processor in Raspberry Pi 5.

LinuxGizmos.com

Pine64 Starts 2025 with January Community Updates on PineVox and More

As 2025 begins, Pine64 has provided a community update for January. This month’s updates include progress on the PineVox, ongoing developments for the PineNote, and the release of InfiniTime 1.15.

DEEPX iMX8M Mini AI Kit Delivers 25 TOPS for Edge AI Performance

Virtium, in collaboration with Embedded Artists, has introduced the DEEPX iMX8M Mini AI Kit, integrating the DEEPX DX-M1 AI Booster with the NXP iMX8M Mini processor and a carrier board. The kit is designed for evaluating and deploying Edge AI technologies across various applications.

(Updated) Upcoming I-Pi SMARC Embedded Prototype Kit Adopts Intel Amston Lake CPU

The I-Pi SMARC Amston Lake is a prototyping kit built on Intel’s Amston Lake architecture, designed to accelerate embedded system development. Key features include dual 2.5GbE LAN ports with Time-Sensitive Networking support and CAN interfaces for industrial applications.

Pandora Compact AI Computer Powered by NVIDIA Jetson Orin NX Super

Palit Microsystems has introduced Pandora, a compact AI computer designed for high-performance edge AI applications. Powered by the NVIDIA Jetson Orin NX Super module, Pandora is available in 8GB and 16GB configurations, providing 117 TOPS and 157 TOPS, respectively, for demanding computational tasks.

AAEON Unveils $556 GAR-A750E Graphics Card with Intel Arc GPU Architecture.

The GAR-A750E features 28 Xe-Cores, a graphics turbo frequency of 2400MHz, and 448 Intel XMX Engines. It includes Intel Deep Link Technology, enabling features such as Hyper Compute, Hyper Encode, and Stream Assist to enhance processing efficiency and workflow optimization. With a memory size of 16GB GDDR6 and a bandwidth of 512 GB/s over a 256-bit interface, the card is designed for high-performance computing tasks. It also supports a graphics high frequency of 2050MHz, further boosting computational capabilities.

Project DIGITS Brings Grace Blackwell AI Capabilities to the Desktop

NVIDIA recently introduced Project DIGITS, a personal AI supercomputer powered by the GB10 Superchip. Built on the Grace Blackwell architecture, it delivers high-performance computing for prototyping, fine-tuning, and running large AI models on a desktop.

(Updated) Pilet: A Portable Cyber-Deck Powered by Raspberry Pi 5 and Dual 8000mAh Batteries

Pilet is an upcoming open-source portable mini-computer powered by Raspberry Pi 5, offering both versatility and portability. Initially named Consolo, it will be available in two models: a 5-inch and a 7-inch, to suit different needs.

SpacemiT Announces Development of Vital Stone V100 Server CPU Platform Based on RISC-V

The 64-bit RISC-V CPU core, X100, achieves single-core performance exceeding 9 points per GHz on the SPECINT2006 benchmark at 2.5 GHz. Fabricated using a 12nm process, the X100 core incorporates the RVA23 Profile and features full virtualization, advanced interrupt handling, vector encryption and decryption, and a 64-core interconnect. The design also includes support for the Vector 1.0 extension and RAS (Reliability, Availability, and Serviceability) features, making it compatible with a range of server applications.

Tor Project blog

New Release: Tails 6.11

These vulnerabilities can only be exploited by a powerful attacker who has already exploited another vulnerability to take control of an application in Tails.

Internet Society

The Global Impact of a US TikTok Ban

A potential TikTok ban is on the horizon as the United States Supreme Court considers an important decision this week. This case has implications that extend beyond the US and a single app. It affects the security and livelihoods of millions and raises concerns about the future of a free and open Internet. This action could establish a troubling precedent, undermining the principles of a globally connected Internet—one that is open, secure, and trustworthy.

news

Security and Windows TCO Leftovers

posted by Roy Schestowitz on Jan 11, 2025

APNIC ☛ First penguin advantage in cryptography?

Deprecating SHA-256, RSA, ECDSA, and ECDH key usage ahead of quantum computing?
Pen Test Partners ☛ The unexpected effects of GPS spoofing on aviation safety

GPS is one service in the Global Navigation Satellite System (GNSS). Others include Russia’s GLONASS and the EU’s Galileo constellations.
Bruce Schneier ☛ Zero-Day Vulnerability in Ivanti VPN

It’s being actively exploited.
Silicon Angle ☛ Ivanti discloses critical VPN vulnerability being actively targeted by hackers

Hackers are actively targeting deployments of some Ivanti Inc. software products using a newly discovered security vulnerability. The company disclosed the exploit, which is tracked as CVE-2025-0282, on Wednesday. Ivanti is a major provider of infrastructure management and cybersecurity software with more than 40,000 customers.
Scoop News Group ☛ New zero-day exploit targets Ivanti VPN product

After Ivanti detected the activity, Mandiant says it found malware in impacted devices associated with a Chinese-linked threat group.
Securepairs ☛ CES: TP-Link Earns The Worst In Show For Cyber

Secure Repairs had the honor (?) of awarding the CES Worst In Show for cybersecurity at this year's ceremony. The winner: Chinese SOHO router giant TP-Link.
Citizen Lab ☛ Sweet QuaDreams or Nightmare before Christmas? Bill Marczak on Dissecting an iOS 0-Day

In a talk at the Objective by the Sea – security conference in Hawaii, Bill Marczak, a senior researcher at The Citizen Lab, and Microsoft’s Christine Fossaceca provided an in-depth analysis of the discovery of QuaDreams’ spyware technology.
Windows TCO / Windows Bot Nets
- A hole to China
  
  China-backed hackers access Treasury Department computers.
- Scoop News Group ☛ What is ‘security theater’ and how can we move beyond it?
  
  Another common fallacy is to believe that just because an organization made an investment into a cybersecurity solution, it can consider itself secure. But is it actually used by their employees? This is particularly common in engineering, when an access management solution procured by IT/security is simply ignored by engineers due to real or perceived inconvenience and a belief that such measures will inhibit productivity. For example, only 23% of IT professionals said they have visibility into their team’s tool usage. Advertisement
  
  Alert fatigue and shadow access are just two examples of “security theater.” The broader problem is that most organizations are being swept up in security theatrics instead of adopting meaningful security measures.
- Tech Central (South Africa) ☛ Cell C was hit by ransomware gang
  
  A ransomware group called RansomHouse appears to have been responsible for an attack on Cell C that compromised the data of some of its clients, TechCentral has established.
- Cyble Inc ☛ HexaLocker V2 Reveals New Stealth Features And Tactics
  
  HexaLocker first emerged in mid-2024, quickly capturing the attention of security experts due to its aggressive tactics and effective encryption methods. Initially, it operated using the popular encryption standard TOXID for communication and a straightforward file-encrypting approach. However, by the end of 2024, a new version, HexaLocker V2, began to surface. This updated version incorporates a host of advanced features designed to enhance the ransomware’s effectiveness and persistence.

Other Recent Tux Machines' Posts

The Mecha Comet is made for hackers and makers: Sure, your phone is fun, but if you want the fun and power of a full-fledged Linux computer in your pocket
Remembering and thanking Steve Langasek: Steve Langasek is one of my heroes in open source and in life
Programming Leftovers: Development related links
Paolo Mantegazza is gone: A month ago, Prof. Paolo Mantegazza, the founder of the RTAI project passed away
Linux Foundation On Chromium browser: How will this work
Security Leftovers: Security links
Budgie 10.10 Desktop Will Be Wayland-Only as Work Continues on Budgie 11: Budgie 10.10 desktop environment is slated for release in Q1 2025 as a Wayland-only release defaulting to the Labwc compositor.
Programming Leftovers: Development tools
Audiocasts/Shows: Sudo Show, BSD Now, Hackaday Podcast: 3 new episodes
Games: RetroArch 1.20.0, SteamOS, and "New Steam For Linux Gaming": Gaming news
Devices/Embedded: ESP32, Raspberry Pi, and Linux-Focused Hardware: Open Hardware too
today's howtos: many howtos for today
Security and Windows TCO Leftovers: patches and breaches
Debian 12.9 “Bookworm” Arrives with 72 Bug Fixes and 38 Security Updates: Today, the Debian Project announced the release and general availability of Debian 12.9 as the eighth ISO update to the latest Debian GNU/Linux 12 “Bookworm” operating system series.
Canonical/Ubuntu Explaining Development of Canonical.com and Ubuntu.com: Canonical/Ubuntu technical overview
Games: SteamOS, Proton, and More: 8 stories from GamingOnLinux on Friday
Android Leftovers: When we expect your Galaxy phone to get One UI 7 (Android 15)
Fastfetch 2.34 Brings Long-Awaited Pretty Name Support for Linux Distros: Fastfetch 2.34 system information tool now prints distro pretty names
Anchoring the FSF in its values: We, the founders of the FSF, started the Free Software Foundation (FSF) in 1985
Free and Open Source Software: This is free and open source software
AnduinOS – Debian-based Linux operating system: AnduinOS is a custom Debian-based Linux distribution that aims to facilitate developers
Venom Linux 20250108 launches with the 6.12.8 kernel, Wayland 1.23.1, and more: Targeting experienced users and drawing inspiration from CRUX, Venom Linux has returned with its desktop based on the Openbox window manager alongside a text-mode installer. Version 20250108 sports the 6.12.8 Linux kernel, MESA 24.3.3, Wayland 1.23.1, and more. The list of options now also includes the s6 init system.
Today in Techrights: Some of the latest articles
GNU/Linux and Free, Libre, and Open Source Software Leftovers: remaining links for today
today's howtos: Instructionals/Technical picks
Tails 6.11 Anonymous Linux OS Released with Critical Security Fixes: Tails 6.11 amnesic incognito live system distribution is now available for download with support for detecting partitioning errors and fixes for critical vulnerabilities.
Linux 6.6.71: I'm announcing the release of the 6.6.71 kernel
Rust-Based COSMIC Desktop Gets 5th Alpha Release with COSMIC Media Player: System76’s highly anticipated COSMIC desktop environment written in Rust, continues to develop with the 5th alpha release, which is accompanied by new ISO images of the upcoming Pop!_OS 24.04 LTS distro.
Auto-cpufreq 2.5 Introduces Fedora 41 Support and Bug Fixes: Auto-cpufreq 2.5 CPU speed and power optimizer for Linux introduces EPB support
Calibre 7.24 Open-Source Ebook Manager Released with New Features and Bug Fixes: The weekly Calibre updates continue and developer Kovid Goyal announced today the release and general availability of Calibre 7.24 as the latest stable version of this powerful, cross-platform, free, and open-source suite of e-book software.
Scribus 1.6.3 Open-Source Desktop Publishing App Released with Various Bug Fixes: The development team behind Scribus, an open-source and cross-platform desktop publishing app, released today version 1.6.3 as a minor update to the Scribus 1.6 stable series with various bug and crash fixes.
Latest From IBM's redhat.com: redhat.com posts
Ubuntu 24.04 LTS Now Works on the HiFive Premier P550 RISC-V Development Board: Canonical, the company behind the popular Ubuntu Linux distribution, announced today that they’ve partnered with SiFive and ESWIN Computing to enable Ubuntu 24.04 LTS on the HiFive Premier P550 RISC-V development board.
FSF associate members to decide the logo for the FSF's fortieth anniversary: Thank you so much to everyone who participated in the FSF Anniversary Logo Contest
Release of Ghostty 1.0: Ghostty 1.0 is out
Android Leftovers: Google Starts Tracking All Your Devices In 6 Weeks—Forget Chrome And Android
Web Apps Make Switching to Linux Much Easier: If that's you considering Linux, then web apps are something you should look into
GNU/Linux and BSD Leftovers: mostly GNU/Linux
Windows TCO and Security Leftovers: Security focus
EasyOS Daedalus-series version 6.5.4 and Easy Scarthgap-series version 6.5.4: new release
Fedora and Red Hat Leftovers: mostly Red Hat
Programming Leftovers: Development and education
Free, Libre, and Open Source Software Leftovers: FOSS and DBs
Browsers: Tor Browser 14.0.4, Tor Year in Review, and Midori Browser 11.5: Web and Net news
Best Free and Open Source Software: This is free and open source software
Linux Distributions Mostly Ubuntu or Debian Based: TUXEDO OS is a Linux distribution that’s based on Ubuntu / Kubuntu
Raspberry Pi 5 16GB Model Is Now Available at $120 USD: Raspberry Pi announced today the highly-anticipated 16GB model of the Raspberry Pi 5 single-board computers for those who want their Raspberry Pi with 16GB RAM for a faster and smoother computing experience.
Open Hardware/Modding: Raspberry Pi 5 and More: Raspberry Pi 5 still dominant in news
today's howtos: Instructionals/Technical posts
KDE Frameworks 6.10 Adds Support for Converting Between “Rack Units” in KRunner: The KDE Project released KDE Frameworks 6.10 today as a new monthly update to this collection of more than 70 add-on libraries to Qt, which provide commonly needed functionality for KDE applications and the KDE Plasma desktop.
KDE Gear 24.12.1 Is Out to Improve Dolphin, Kate, NeoChat, and Other KDE Apps: The KDE Project released today KDE Gear 24.12.1 as the first maintenance update to the latest KDE Gear 24.12 open-source software suite series to address various issues in your favorite KDE apps.
Games: Space Invaders, OrangePi Neo, and More: 11 stories, mostly from GamingOnLinux
KDE Plasma 6.3 Is Now Available for Public Beta Testing, Here’s What’s New: The KDE Project released today the beta version of the upcoming KDE Plasma 6.3 desktop environment series, a major update promising numerous new features and improvements.
KDE: Snaps 24.12.1 Release, Kubuntu Plasma 5.27.12 Call for testers: I have released more core24 snaps to –edge for your testing pleasure
OpenSUSE Tumbleweed - Okay, but glory all be from the past: To the best of my memory, and I'm purposefully not checking me own article history, I've never reviewed openSUSE Tumbleweed
Stable kernels: Linux 6.12.9, Linux 6.6.70, Linux 6.1.124, Linux 5.15.176, Linux 5.10.233, and Linux 5.4.289: All users of the 6.12 kernel series must upgrade
10 Linux apps I always install first - and you should too: If you're just now jumping onto the Linux train
I rescued my dying 2017 MacBook Pro with Ubuntu and it works like a charm (mostly): If you have an older MacOS device lying around, why not install Linux to give it a new life
Today in Techrights: Some of the latest articles
Flatpak 1.16 Linux App Sandboxing and Distribution Framework Officially Released: Flatpak, the popular Linux application sandboxing and distribution framework, has been updated today to version 1.16, a major release that comes with new features and improvements.
Audiocasts/Shows: Cybershow, OpenMandriva, and FLOSS Weekly: 3 new ones
Open Hardware: GNU/Linux on Mobile, RUBIK Pi, OrangePi, and More: Modding and moddable devices
today's howtos: Instructionals/Technical articles
Microsoft Traps and Windows TCO: mostly Windows TCO
Fast Times at Ridgemont Oreon Linux High: Oreon Linux has received a lot of attention for being a desktop OS based on AlmaLinux
Android Leftovers: Google’s Quick Share Reportedly Lets Android Users Scan QR Codes to Transfer Files
Windows 10 Countdown: Make the Switch to Linux for a Fresh Start: Linux desktop developers may see an increase in adoption in 2025 despite the lack of commercial marketing strategies hawking the benefits of running Linux on consumer computers
Qualcomm QCS6490-based Rubik Pi 3 AI SBC supports Android, Linux, and LU operating systems: This device supports Qualcomm Linux, Android, and LU (Canonical Ubuntu for Qualcomm Platforms to be released in early 2025) operating systems that provide developers flexibility across various development platforms
Best Free and Open Source Software: Only free and open source software is eligible for inclusion
Games: Maze Mice, Deadlock, Heroes of Might and Magic II, and More: 7 stories from GamingOnLinux
Debian And Ubuntu Based Linux Distributions: CutefishOS is a Debian– or Ubuntu-based with its own Cutefish Desktop Environment (CDE)
RUBIK Pi 3 Now Available for Ordering at $179 Following Global Launch at CES 2025: Thundercomm has officially launched the RUBIK Pi 3, a Linux-compatible development board powered by the Qualcomm QCS6490 processor
Porteus v5.1 alpha: It's time for a development release: 5.1-alpha, based on a snapshot of slackware current
New Releases of Archcraft: as early as this week
Release of Ditana GNU/Linux 0.9-Beta: Ditana GNU/Linux, a new Arch-based distribution that combines flexibility, user-friendliness, and advanced security features, is now available
Fedora-Based Nobara 41 Gaming Distro Switches to Open-Source NVIDIA Driver: The Nobar Project released today Nobara 41 as the latest version of this Fedora-based Linux distribution for gamers that features unique, in-house tools and lots of performance improvements.
today's leftovers: GNU/Linux and FOSS stories
Programming Leftovers: Development related leftovers
BSD Leftovers: some picks about BSD
Games: SteamOS Spreading and Chess Hacks: Mostly Steam news
PostgreSQL Anonymizer 2.0 and pg_partman 5.2.4: PostgreSQL related releases
Security Leftovers: Security picks for today
Fedora / Red Hat / IBM: Sanctioning Volunteers, Pushing Microsoft SystemD, and Fake 'Security' (User Restrictions/Handcuffs): more of the same
Linux Coverage From Jakub Kicinski, LWN, Mike Blumenkrantz, and Arun Raghavan: Some kernel stuff
Today in Techrights: Some of the latest articles

Tux Machines

Other Sites

news

Security and Windows TCO Leftovers

APNIC ☛ First penguin advantage in cryptography?

Pen Test Partners ☛ The unexpected effects of GPS spoofing on aviation safety

Bruce Schneier ☛ Zero-Day Vulnerability in Ivanti VPN

Silicon Angle ☛ Ivanti discloses critical VPN vulnerability being actively targeted by hackers

Scoop News Group ☛ New zero-day exploit targets Ivanti VPN product

Securepairs ☛ CES: TP-Link Earns The Worst In Show For Cyber

Citizen Lab ☛ Sweet QuaDreams or Nightmare before Christmas? Bill Marczak on Dissecting an iOS 0-Day

Windows TCO / Windows Bot Nets

Scoop News Group ☛ What is ‘security theater’ and how can we move beyond it?

Tech Central (South Africa) ☛ Cell C was hit by ransomware gang

Cyble Inc ☛ HexaLocker V2 Reveals New Stealth Features And Tactics

Other Recent Tux Machines' Posts