Tux Machines

Do you waddle the waddle?

Other Sites

9to5Linux

KDE Plasma 6.3.6 Released with Numerous Improvements and Bug Fixes

KDE Plasma 6.3.6 comes two months after KDE Plasma 6.3.5 with improved keyboard navigation of the System Tray widget’s pop-up, improved Power And Battery widget to no longer prompt users to install the power-profiles-daemon if the system doesn’t support it, and improved support for the Environment Canada provider in the Weather Report widget.

Amarok 3.3 Open-Source Music Player Is Out as First Release Fully Ported to Qt 6

Amarok 3.3 comes six months after Amarok 3.2 as the first release based on the latest Qt 6 and KDE Frameworks 6 application frameworks to provide users with a more modern user interface. This is also the first release of Amarok to drop support for the older Qt 5 and KDE Frameworks 5 frameworks.

GNOME 48.3 Adds Support for More Video/Audio Types in Nautilus’ Search Filter

Coming a month after GNOME 48.2, the GNOME 48.3 release adds support for more video/audio types in Nautilus’ search filter, adds a limit to the number of visual alerts displayed by Mutter to comply with the European Accessibility Act (EAA), and adds missing accessibility labels in various components across the GNOME Shell.

LinuxGizmos.com

Arduino and Red Pitaya Learning Lab Connects Makers with Real-World Engineering

Arduino and Red Pitaya have partnered on a hardware bundle and structured curriculum that helps students, educators, and hobbyists advance from basic electronics projects to practical signal analysis and system prototyping. Combining the Arduino Uno R4 WiFi with the Red Pitaya STEMlab 125-14, the kit supports hands-on experiments that link simple interfacing with engineering-grade measurement.

Radxa CM5 Gets Adapted for Use with uConsole Pocket Terminal

The ClockworkPi uConsole is designed for Raspberry Pi CM4 or CM5 modules, but a growing group of users has been working to run the Radxa CM5 inside this pocket terminal. By using the Radxa CM5, they gain higher RAM capacity, more storage options, and a faster GPU for processing tasks.

ADLINK 3.5” SBCs Accommodate Intel Core Ultra (Series 1) Processors

ADLINK Technology has introduced two new 3.5-inch single board computers designed for edge computing and industrial applications. The SBC35-MTL and SBC35-ASL, launched this week, offer DDR5 memory support, dual RJ45 ports, and a fanless design.

Collabora Advances Rust-for-Linux with New Tyr DRM Driver for Mali GPUs

Collabora has introduced Tyr, a new Rust-based Direct Rendering Manager (DRM) driver for CSF-based Arm Mali GPUs. This step strengthens Rust integration within the Linux kernel community. Tyr is a port of Panthor, a mature C driver for the same hardware, and is developed through a collaboration between Collabora, Arm, and Google to modernize GPU driver development using Rust.

Tor Project blog

Arti 1.4.5 is released: Continued work on xon-based flow control, Conflux.

This release of Arti continues our development efforts towards supporting xon-based (proposal 324) flow control and multi-legged tunnels in Arti via our Conflux feature.

Internet Society

How the Technical Community Runs the Internet

The Internet can often feel invisible and intangible—even the power lines on nearly every street can start to feel invisible because we are so used to seeing them!  

Community Snapshot—June

Around the world, our 130 chapters and special interest groups work locally, regionally, and globally to keep the Internet a force for good: open, globally connected, secure, and trustworthy. Each month, we provide a brief overview of just some of the things they have achieved in the previous month. 

Never Update Your UEFI “BIOS”, Especially With LVFS on Linux. Also, systemd-boot is a Plot to Overthrow the PC’s Owner.

posted by Roy Schestowitz on Sep 22, 2023

Reprinted with permission from Ryan Farmer.

Why You Should Never Update Your UEFI “BIOS”, Especially With LVFS on Linux.

Also, systemd-boot is a Plot to Overthrow the PC’s Owner.

systemd’s entire purpose is to replace the Linux kernel’s features with something that systemd does itself, incompetently. It’s full of bugs.

One of their latest antics is systemd-oomd, which is going over well (sarcasm) and you can read all about what Fedora users have to say about it on Reddit. I refuse to even think about installing THAT on my PC.

I know to shut down memory hogs before opening a memory hog and I use ZRam so it’s usually not a big issue.

I’ll deal with this before there’s an out-of-memory and a program written by Facebook and IBM is going around randomly murdering, up to and including my entire desktop session, kicking me to a login screen, ruining EVERYTHING.

It’s difficult to even imagine that I was horrified when their first “proposal” was just to handle “mount” or when one of their next ones was to handle DNS.

systemd’s secondary purpose is to kill GNU’s bootloader, GRUB, and replace it with one that can lock down the whole computer per Microsoft’s orders.

To quote Debian on “Secure” Boot:

code must not be subject to GPLv3, “or any license that purports to give someone the right to demand authorization keys to be able to install modified forms of the code on a device.

Code that is subject to such a license that has already been signed might have that signature revoked.

For example, GRUB 2 is licensed under GPLv3 and won’t be signed.

-One of Microsoft’s requirements for signing a bootloader.

systemd-boot is not designed to be better than GRUB 2, but to make it possible to just directly “sign” it with Microsoft and refuse to give the user the right to run an alternative version of systemd-boot which doesn’t lock their computer down and remove a significant amount of access to it.

Shim+GRUB 2 already does this, but the user can just turn off Security Theater Boot in the UEFI setup, and then remove shim and update grub.

mokutil only exists to deal with shim, so you can get rid of that too at the same time.

Debian “supports” Security Theater Boot now, so I’ve removed support for it so I couldn’t even turn it back on like this at the firmware level if I wanted to.

I blogged at least three times about why “UEFI is Trash”.

See; System76 Ditches UEFI Firmware Trash, Ships Coreboot Firmware on Linux Laptops, UEFI is Trash: Part 2 “Destroy the Computer to Continue Using Windows 11!”, and More Work on Debian 12. UEFI is Trash Part 3: Fixing a Lenovo Restart “bug”.

It is not even plausible that UEFI, like it is, could enforce Security Theater Boot, because it’s got thousands of CVEs (security holes) and unless people flash their firmware every month most of them will all work.

Lenovo has updated this PC over 30 times.

Many times you flash it, it will do something to ruin Windows Boot Manager or Bitlocker, if you use Windows.

Each month they “fix” 6-12 CVEs.

So you tell me how well this was designed.

Also, nobody wants to brick their computer, especially if it’s not under warranty, so they don’t even install the UEFI updates. Like I don’t.

If you flash it and it goes so wrong it kills the hardware, you’ll be paying for this mess yourself. (A new computer.)

When I had Windows 10 on this machine, I followed Lenovo’s instructions, to the letter. Windows was ruined twice. Wow. UEFI is terrific.

TPMs, which is how Windows Bitlocker “encrypts” (it’s backdoored for the government) your storage, are just too twitchy to ever use for anything serious. You will lose all of the data you haven’t backed up at some point, if you provoke it enough times.

Updating the UEFI isn’t supposed to change the state of the TPM, but when has anyone at Intel, Microsoft, and the BIOS industry ever followed their own documentation?

So when it DOES change the state of the TPM and the TPM refuses to unlock your Bitlocker drive, then “Microsoft Fastboot” (which turns off the keyboard until you get to Windows, only you can’t get to Windows now) prevents you from typing in the recovery key.

You DID write down the recovery key? No, well, that’s fine.

At this point, you couldn’t type it in even if you wanted to.

So to deal with firmware updates, under Windows, you need to (1) backup your data, (2) make sure the computer is under warranty in case the flash destroys it (5% chance each flash), (3) write down the Bitlocker recovery key (or just go to your Microsoft account because they have it in case the police ask for it), (4) disable Fast Boot in the UEFI setup for when the TPM gets pissed about the Flash, and (5) learn how to use Recovery Mode to re-install Windows Boot Manager, or possibly all of Windows.

Very simple, and elegant!

Otherwise, have fun while the CVEs pile up in the UEFI. Security Theater Boot will be REAL real enforceable now!

Since there is a 5% chance of wrecking the UEFI’s flash memory each time you use a flasher, then if you installed every update Lenovo released for the Thinkbook, you’d have destroyed the laptop almost twice in the last 3 years, statistically.

Since this is the situation under Windows, I have no confidence in fwupd/LVFS and uninstalled it from Debian.

I’d recommend everyone just uninstall fwupd/LVFS, or at least disable the repo on every machine before you give that machine Internet access, even if your OEM puts anything meaningful there.

(Lenovo doesn’t, so it’s just Microsoft dbx blacklists for Security Theater Boot.)

OEMs BARELY test their computers under Windows, which is what’s up with those “Unsupported Processor” BSoDs lately.

These are PCs that were “designed for Windows”, and they are as horrible as that sounds.

So, why on Earth would a Linux user be flashing the thing (UEFI) the PC can’t work without using something written by IBM Red Hat, using systemd?

At least without systemd poking around and flashing firmware in shoddy ways, all IBM Red Hat’s software can really do is screw up your operating system.

That is, at least, recoverable by re-installing the OS, worst case.

Other Recent Tux Machines' Posts

Amarok 3.3 Open-Source Music Player Is Out as First Release Fully Ported to Qt 6
Today, the Amarok development team released Amarok 3.3, the latest stable version of this open-source music player software that brings various new features and bug fixes.
Red Hat Offers Free RHEL Access for Business Developers
Red Hat’s new dev program, Red Hat Enterprise Linux for Business Developers
Fedora 43 won't drop 32-bit app support – or adopt Xlibre
Community vetoes plans to axe i686 compatibility and switch X11 forks
 
From Open Source User to Fedora Contributor
I started my open-source journey when I got my first laptop
Re-designing signing in Fedora
Over the past few months I’ve spent some time on-and-off working on Sigul and some related tools
Sparky Linux: “Takes the Options Ball and Runs With It!”
Our reviewer dives into Sparky Linux and discovers a distro bursting with choices, flexibility
System76’s Adder WS Linux Laptop Gets Intel Core Ultra i9 and NVIDIA 50 Series
System76 informs 9to5Linux.com today about the availability of a new version of their Adder WS Linux-powered notebook that features newer Intel CPUs and NVIDIA graphics.
Ubuntu 24.10 “Oracular Oriole” Reached End of Life, Upgrade to Ubuntu 25.04
This is your friendly reminder that Ubuntu 24.10 “Oracular Oriole” reached end-of-life today, July 10th, 2025, and it is no longer supported by Canonical with software and security updates.
GNU/Linux Leftovers
Linux-focused picks
Free, Libre, and Open Source Software Leftovers
FOSS and licensing focus
Web Browsers (Slop Nonsense) and Content Management Systems (CMS)
Some WWW-centric additions
Programming and Standards
Development centric stuff
Security Leftovers
Security related picks
Open Hardware/Modding: Raspberry Pi, Arduino
retro also
Fedora and Red Hat Leftovers
from the official site mostly
Android Leftovers
This new setting in Android ensures core Google services are always up to date
Miracle-WM 0.6 Released with Rounded Corners Support
Miracle-WM 0.6.0 tiling Wayland window manager lands with rounded corners
today's howtos
Instructionals/Technical posts, mostly idroot
Thunderbird ESR: Fresh functions for Mozilla's email client and monthly development update
some Thunderbird news
Krita 5.2.10 Rolls Out with Bug Fixes Ahead of Major Feature Releases
Krita 5.2.10, a free and open-source digital painting app
Pull yourself up by your bootstraps
The way Ubuntu boots on the Raspberry is changing in questing
PANZER-LITE93 Ubuntu 24.04 Box PC puts FRDM-IMX93 development board into a 3D printed case
MayQueen Technologies PANZER-LITE93 is an NXP i.MX 93-powered box PC running a customized Ubuntu 24.04 LTS distribution
The Licensing and Compliance Lab, not just holding it down, but pushing back
Hello, my fellow and soon-to-be fellow free software activists and Free Software Foundation (FSF) associate members
Shotcut 25.07 Beta Added Scrub While Dragging to Timeline trimming
Shotcut, the free open-source Qt-based video editor, released the Beta for next 25.07 few days ago
Free and Open Source Software
This is free and open source software
KWallet to SecretService, a client application: name wanted
Another pain point is the application used to look inside the wallets
Wayland Fedora Gnome vs KDE neon Plasma, plus X11 data!
I showed you Plasma idle desktop figures, two separate articles
This Linux distro makes openSUSE accessible to all - even newbies should take a look
Linux Kamarada 15.6 does an outstanding job of making openSUSE more user-friendly
Security and Windows TCO Leftovers
Security related news
Games: Minigalaxy, STEEL HUNTERS, and More
10 stories from GamingOnLinux
LWN on Injecting Hype Into Linux Kernel and More
Kernel picks
Today in Techrights
Some of the latest articles
GNU/Linux and BSD Leftovers
various picks
Free, Libre, and Open Source Software and Standards
mostly FOSS picks
Hardware and GNU/Linux Migrations
some more stories
Danish Ministry switching from Microsoft Office/365 to LibreOffice
Following the example of the German state of Schleswig-Holstein
Games: Godot, FEX, and Lossless Scaling Frame Generation
Games-related picks
SUSE to roll out Sovereign Premium Support
as Microsoft takes a fall
Web Browsers: Curl, Chrom*, and Mozilla/Firefox
mostly Firefox
Open Hardware: Radxa, Pi, RISC-V, and More
Linux centric hardware
Ubuntu Pro, Ubuntu Weekly Newsletter, and More
Some Ubuntu news
Debian Leftovers
Some Debian stories
Software: OCR, PhotoPrism, Blender, and syslog-ng
some software news
today's howtos
mostly idroot
Programming Leftovers
Development picks for today
Security Leftovers
patches and breaches
Windows TCO Tales
Windows very expensive to use
Google Outsources Agent2Agent to Microsoft Proprietary Jail (GitHub), Linux Foundation is Openwashing Dangerous Hype
Some LF openwash
DXVK 2.7 Improves Support for God of War, Watch Dogs 2, and Final Fantasy XIV
DXVK 2.7, a Vulkan-based implementation of D3D9, D3D10, and D3D11 for Linux / Wine, is now available for download with new features and other improvements for various games.
Welcome to Thunderbird 140 “Eclipse”
The wait is over! Thunderbird 140 “Eclipse” has reached totality
Security and Windows TCO Leftovers
mostly Windows TCO
PCLinuxOS and Open Hardware Leftovers
GNU/Linux and more
today's howtos
half a dozen howtos
Android Leftovers
Google Pixel Phones Receiving Android 16-Based Monthly Software Update for July 2025: What’s New
I run these 4 commands first on every fresh Linux install
When installing Linux for the first time
I Left Windows 11 for Linux—Here’s the Best Distro to Start With
Switching from Windows to Linux can feel daunting
Games: Rhythm of Resistance, Bazzite, and More
Only 4 stories from GamingOnLinux for now
OBS Studio 31.1 Released with Multitrack Video Support on Linux
OBS Studio 31.1 has been released today for this powerful, open-source, cross-platform, and free software for video recording and live streaming on Linux.
Floating Mini Panel GNOME Extension Adds Auto Mode
The Floating Mini Panel GNOME Shell Extension I wrote about recently now includes an option to automatically activate the compact
Celebrating 20 Years of openSUSE
To celebrate the project’s vibrant history
GIMP Tutorial: GIMP 3.0 Review
GIMP 3.0.4 is out!
Today in Techrights
Some of the latest articles
GNU/Linux Leftovers
3 more stories
Raspberry Pi Leftovers
some Raspberry Pi projecta and news
KDE Plasma 6.3.6 Released with Numerous Improvements and Bug Fixes
Delayed by one week to avoid sharing the same release date as KDE Plasma 6.4.2, KDE Plasma 6.3.6 is here as the last maintenance update to the KDE Plasma 6.3 desktop environment series.
GNOME 48.3 Adds Support for More Video/Audio Types in Nautilus’ Search Filter
The GNOME Project announced today the release and general availability of GNOME 48.3 as the third maintenance update to the latest GNOME 48 “Bengaluru” desktop environment series.
Free and Open Source Software
This is free and open source software
Trump T1 Phone Android OS vs. PureOS
As noted by Purism often in the past, Purism authors and maintains PureOS, which is a secure and privacy–respecting distribution of Debian GNU/Linux
KDE Plasma 6.3.6 Desktop Environment Released
KDE Plasma 6.3.6 enhances tablet and multi-monitor support,
Debian on Framework 12
For some time now I was looking for a device to replace my Thinkpad
GNOME 49 Alpha Is Now Available for Public Testing, Disables X11 Session by Default
Today, the GNOME Project announced the alpha version of the upcoming GNOME 49 desktop environment series for public testing, giving us a first taste of the new features and enhancements.
GNU/Linux Leftovers
news based around GNU/Linux
Free, Libre, and Open Source Software/Collaboration Leftovers
FOSS picks
Programming Leftovers
Development picks
Security and Windows TCO
Security leftovers
Open Hardware/Modding: Arduino, Raspberry Pi, and More
open hardware leftovers
Red Hat Official Site's Leftovers
all from Red Hat for Monday
Kernel: U-Boot v2025.07, Bootlin, and More
kernel picks
Audiocasts/Shows: Late Night Linux and Destination Linux
2 new episodes
today's howtos
quite a few for now
Bash 5.3 Release Adds ‘Significant’ New Features
A new version of the GNU project’s Bourne Again SHell (better known to most of us as Bash) has been released, nearly 3 years after the last
Ethical Hacking Distro Parrot OS 6.4 Is Out with Linux Kernel 6.12 LTS, New Tools
Parrot Security released Parrot OS 6.4 today as a new ISO snapshot of this Debian-based, security-oriented GNU/Linux distribution for penetration testing and ethical hacking.
Android Leftovers
Here's what I like and dislike about Android's new Expressive design
Kdenlive 25.04.3 released
The last maintenance release of the 25.04
NanoPi R76S dual 2.5GbE SBC and router supports up to 16GB LPDDR5, M.2 WiFi module, HDMI 2.0 video output
FriendlyELEC provides a long list of supported OS and software tools
Ubuntu 25.10 release to mandate RVA23 profile, obsoleting most RISC-V hardware
That’s why for Linux and Android support, the RVA (RISC-V Application) profiles were created
Free and Open Source Software, and Review
While there are enterprising Linux developers that code drivers for some of these devices
Wayland vs X11, AMD graphics, KDE neon, 4K and WebGL data
I didn't really have any idea how much time I was going to invest into actually testing and benchmarking Wayland and X11 performance
Linux Kernel and Graphics Drivers
some kernel level updates
Android Leftovers
Android Auto just got a big Spotify upgrade – here's what's new
Two weeks of wayback
A poorly kept secret is that the X11 graphics stack is under-maintained as resources shift towards the maintenance of Wayland’s graphics stack instead
Allwinner A527, T527, and A733 datasheets, user manuals, and Linux SDK released
The datasheets, user manuals, and Linux SDK for the Allwinner A527, T527, and A733 SoCs
b3sum – implementation of the BLAKE3 hash function
This is free and open source software
July Software Releases: Plasma Camera & Plasma Settings
A new version of Plasma Camera and Plasma Settings have been released
Outreachy Update: Two Weeks of Configs, Word Lists, and GResource Scripting
It has been a busy two weeks of learning as I continued to develop the GNOME Crosswords project
Games: SteamOS, Adorable Adventures, and More
7 new stories from GamingOnLinux
Today in Techrights
Some of the latest articles