GNU/Linux and Free, Libre, and Open Source Software Leftovers

posted by Roy Schestowitz on Jan 16, 2025

• GNU/Linux

  • It's FOSS ☛ Don't Believe These Myths About Dual Booting GNU/Linux and Windows

    Don't listen to what you hear. I tell you the reality from my dual booting experience.

  • It's FOSS ☛ FOSS Weekly #25.03: Mint 22.1 Released, Hey Hi (AI) in VLC, Dual Boot Myths, Torvalds' Guitar Offer and More

    Minty fresh GNU/Linux Mint 22.1 is here

  • Audiocasts/Shows

    • Software Freedom Conservancy ☛ Karen Sandler interviews Cory Doctorow

      A blog post from Software Freedom Conservancy.

      
      
      

      Our Executive Director Karen Sandler recently sat down with Cory Doctorow to talk about software right to repair, the utility and history of DMCA exemptions, and some of the differences between the way laws take effect in different places around the world. Doctorow is widely known for his speculative fiction touching on issues of technology, activism, and post-scarcity economics. We were so excited for this conversation, many on SFC staff are fans and had a great time preparing for the conversation.

      Covering a range of topics, it was great to hear from Cory about how proprietary platforms can actually lead to conversations with loved ones about interoperability. Of particular note was a discussion about the similarities to the accessibility rights movement. Interoperability and accessibility are fundamental rights that technology should empower us to have, but often times we need to advocate and fight for those rights.

    • Bryan Lunduke ☛ 1980's Computers on the Modern Internet with FujiNet

      Because the Fashion Company Apple Il, 8 Bit Atari, Tandy Color Computer, and DOS PCs all deserve to be Online.

  • Graphics Stack

    • Collabora ☛ The state of GFX virtualization using virglrenderer

      With VirGL, Venus, and vDRM, virglrenderer offers three different approaches to obtain access to accelerated GFX in a virtual machine. Here are the latest updates around each of these approaches.

  • Applications

    • Thomas Lange: FAI 6.2.5 and new ISO available

      The new years starts with a FAI release. FAI 6.2.5 is available and contains many small improvements. A new feature is that the command fai-cd can now create ISOs for the ARM64 architecture.

  • Desktop Environments/WMs

    • Ruben Schade ☛ Random news for week 3, 2025

      This is a collection of random, unrelated things I read this week.

      I fell into the trap last year of wanting to comment on individual stories, but they never left my drafts because I already exceeded my self-imposed daily post limit. This format will let me post stuff that interests me, and avoids the drafts folder trap where they lose timeliness.

      [ ...]

      I haven’t tried LXQt in a long time. I know Allan Jude of FreeBSD and OpenZFS fame runs it, and it could be a nice Qt-flavoured stepping stone from KDE. I’ll add it to my neverending list of things to try.

    • K Desktop Environment/KDE SC/Qt

      • Tellico 4.1 Released

        Tellico 4.1 is available, with some improvements and bug fixes. This release and any subsequent bugfix dot releases (such as 4.1.1) will be the last ones that build with Qt5.

• Distributions and Operating Systems

  • Fedora Family / IBM

    • Red Hat Official ☛ Introducing Red Hat OpenShift Virtualization Engine: OpenShift for your virtual machines

      Learn about OpenShift Virtualization Engine

  • Canonical/Ubuntu Family

    • Ubuntu ☛ A comprehensive guide to NIS2 Compliance: Part 1 – Understanding NIS2 and its scope

      In this first part, I’ll provide an introduction on what NIS2 is, the differences from its predecessor NIS and its applicability so you can understand it and conclude if it is relevant for your company.

    • OMG Ubuntu ☛ Ubuntu Patches Major Security Vulnerabilities in Rsync

      Doing anything right now? Oh, you’re reading this – appreciated – but once you’re done go and install the pending update to Rsync, pushed out to all supported versions of Ubuntu desktop and server this week. Rsync is a command-line tool preinstalled in all versions and flavours of Ubuntu. It’s used for data-efficient copying and synchronising of files between locations, be it local or remote. You might not (knowingly) use it (it’s not a GUI app) it’s there, on your system. And the fact it’s there is important.

  • Open Hardware/Modding

    • CNX Software ☛ Jetway MTX-MTH1 thin Mini-ITX SBC features defective chip maker Intel Core Ultra 5/7 SoC, three 2.5GbE, four HDMI 2.1, PCIe Gen5 x8 slot

      Jetway MTX-MTH1 is a thin industrial Mini-ITX SBC built around defective chip maker Intel Core Ultra 5/7 Meteor Lake processors with defective chip maker Intel Arc Graphics and support for up to 96GB of DDR5 memory. The most interesting features of this compact board are the three 2.5GbE jacks and four HDMI 2.1 video outputs for 4K and 8K displays.

    • CNX Software ☛ FlipMods Combo is a 3-in-1 Flipper Zero expansion module with ESP32, GPS, and CC1101 modules

      Sacred Labs’ FlipMods Combo is a 3-in-1 expansion module for the Flipper Zero that combines an ESP32 WiFi and Bluetooth SoC, Texas Instruments CC1101 Sub-GHz wireless microcontroller, and an unnamed GPS module.

    • CNX Software ☛ Siflower SF21H8898 is a quad-core 64-bit RISC-V SoC for industrial gateways, routers, and controllers

      Siflower SF21H8898 SoC features a quad-core 64-bit RISC-V processor clocked at up to 1.25 GHz and a network processing unit (NPU) for handling traffic and is designed for industrial-grade gateways, controllers, and routers. The chip supports up to 2GB DDR3, DDR3L, or DDR4 memory, offers QSGMII (quad GbE), SGMII/HSGMII (GbE/2.5GbE), and RGMII (GbE) networking interfaces, and USB 2.0, PCIE 2.0, SPI, UART, I2C, and PWM interfaces.

• Free, Libre, and Open Source Software

  • Security

    • nixCraft ☛ Critical Rsync Vulnerability Requires Immediate Patching on GNU/Linux and Unix systems

      Rsync is a opensource command-line tool in Linux, macOS, *BSD and Unix-like systems that synchronizes files and directories. It is a popular tool for sending or receiving files, making backups, or setting up mirrors. It minimizes data copied by transferring only the changed parts of files, making it faster and more bandwidth-efficient than traditional copying methods provided by tools like sftp or ftp-ssl. Rsync versions 3.3.0 and below has been found with SIX serious vulnerabilities. Attackers could exploit these to leak your data, corrupt your files, or even take over your system. There is a heap-based buffer overflow with a CVSS score of 9.8 that needs to be addressed on both the client and server sides of rsync package. Apart from that info leak via uninitialized stack contents defeats ASLR protection and rsync server can make client write files outside of destination directory using symbolic links.

    • SUSE/OpenSUSE

      • pam-u2f: problematic PAM_IGNORE return values in pam_sm_authenticate() (CVE-2025-23013)

      • 5) Possible Workaround

      The pam-u2f module allows to use U2F (Universal 2nd Factor) devices like YubiKeys in the PAM authentication stack. The hardware tokens can be used as a second authentication factor, or to allow password-less login.

      We have been checking all PAM modules in the openSUSE code base for bad return values. During this effort we found that improper use of PAM_IGNORE return values in the pam-u2f module implementation could allow bypass of the second factor or password-less login without inserting the proper device.

• Productivity Software/LibreOffice/Calligra

  • Document Foundation ☛ Czech translation of LibreOffice Getting Started Guide 24.8

    Zdeněk Crhonek (aka “raal”) from the Czech LibreOffice community writes: The Czech team has finished its translation of the LibreOffice Getting Started guide 24.8. As usual it was a team effort, with translations by Petr Kuběj, Zdeněk Crhonek and Radomír Strnad; localized pictures from Roman Toman; and technical support from Miloš Šrámek.