Tux Machines

Do you waddle the waddle?

Other Sites

LinuxGizmos.com

FriendlyELEC NAS Kit with 2.5GbE port and up to 16GB RAM

IBASE announces 3.5” SBC with 13th Gen Intel Core CPUs

Elecrow launches LoRaWAN Gateway module for Raspberry Pi

9to5Linux

Nitrux 3.2 Released with Aesthetic FHS, Linux Kernel 6.6 LTS, and Updated Installer

Powered by the latest and greatest Linux 6.6 LTS kernel in the usual Liquorix flavor for uncompromised responsiveness, Nitrux 3.2 is here to introduce a new feature called Aesthetic FHS, which is a new file system hierarchy standard in an attempt to make the Linux FHS (Filesystem Hierarchy Standard) directories in the root directory more human-readable. A future release will replace Linux FHS entirely with Aesthetic FHS.

9to5Linux Weekly Roundup: November 26th, 2023

I want to thank all the people who sent us donations. Your help is very much appreciated! I also want to thank you all for your continued support by commenting, liking, sharing, and boosting the articles, following us on social media, and last but not least for sending tips and suggestions.

PipeWire 1.0 “El Presidente” Officially Released, This Is What’s New

Highlights of PipeWire 1.0 include jackdbus support enabled by default, support for both old and new versions of webrtc-audio-processing, support for on-demand combined streams using metadata, the ability to copy metadata in buffers in all cases, the ability to add nodes to multiple groups and link-groups, and the ability to schedule nodes in the same ISO group.

Tor Project blog

Double your donation now! All gifts matched 1:1, up to $75,000

This match is made possible by the Friends of Tor, an outstanding group of contributors who have made the commitment to advancing privacy online. We're very thankful to the leadership of the Friends of Tor.

Join us for the State of the Onion 2023

Like last year, we are organizing two streams one week apart. So please make sure to save the date for both events!

Never Update Your UEFI “BIOS”, Especially With LVFS on Linux. Also, systemd-boot is a Plot to Overthrow the PC’s Owner.

posted by Roy Schestowitz on Sep 22, 2023

Reprinted with permission from Ryan Farmer.

Why You Should Never Update Your UEFI “BIOS”, Especially With LVFS on Linux.

Also, systemd-boot is a Plot to Overthrow the PC’s Owner.

systemd’s entire purpose is to replace the Linux kernel’s features with something that systemd does itself, incompetently. It’s full of bugs.

One of their latest antics is systemd-oomd, which is going over well (sarcasm) and you can read all about what Fedora users have to say about it on Reddit. I refuse to even think about installing THAT on my PC.

I know to shut down memory hogs before opening a memory hog and I use ZRam so it’s usually not a big issue.

I’ll deal with this before there’s an out-of-memory and a program written by Facebook and IBM is going around randomly murdering, up to and including my entire desktop session, kicking me to a login screen, ruining EVERYTHING.

It’s difficult to even imagine that I was horrified when their first “proposal” was just to handle “mount” or when one of their next ones was to handle DNS.

systemd’s secondary purpose is to kill GNU’s bootloader, GRUB, and replace it with one that can lock down the whole computer per Microsoft’s orders.

To quote Debian on “Secure” Boot:

code must not be subject to GPLv3, “or any license that purports to give someone the right to demand authorization keys to be able to install modified forms of the code on a device.

Code that is subject to such a license that has already been signed might have that signature revoked.

For example, GRUB 2 is licensed under GPLv3 and won’t be signed.

-One of Microsoft’s requirements for signing a bootloader.

systemd-boot is not designed to be better than GRUB 2, but to make it possible to just directly “sign” it with Microsoft and refuse to give the user the right to run an alternative version of systemd-boot which doesn’t lock their computer down and remove a significant amount of access to it.

Shim+GRUB 2 already does this, but the user can just turn off Security Theater Boot in the UEFI setup, and then remove shim and update grub.

mokutil only exists to deal with shim, so you can get rid of that too at the same time.

Debian “supports” Security Theater Boot now, so I’ve removed support for it so I couldn’t even turn it back on like this at the firmware level if I wanted to.

I blogged at least three times about why “UEFI is Trash”.

See; System76 Ditches UEFI Firmware Trash, Ships Coreboot Firmware on Linux Laptops, UEFI is Trash: Part 2 “Destroy the Computer to Continue Using Windows 11!”, and More Work on Debian 12. UEFI is Trash Part 3: Fixing a Lenovo Restart “bug”.

It is not even plausible that UEFI, like it is, could enforce Security Theater Boot, because it’s got thousands of CVEs (security holes) and unless people flash their firmware every month most of them will all work.

Lenovo has updated this PC over 30 times.

Many times you flash it, it will do something to ruin Windows Boot Manager or Bitlocker, if you use Windows.

Each month they “fix” 6-12 CVEs.

So you tell me how well this was designed.

Also, nobody wants to brick their computer, especially if it’s not under warranty, so they don’t even install the UEFI updates. Like I don’t.

If you flash it and it goes so wrong it kills the hardware, you’ll be paying for this mess yourself. (A new computer.)

When I had Windows 10 on this machine, I followed Lenovo’s instructions, to the letter. Windows was ruined twice. Wow. UEFI is terrific.

TPMs, which is how Windows Bitlocker “encrypts” (it’s backdoored for the government) your storage, are just too twitchy to ever use for anything serious. You will lose all of the data you haven’t backed up at some point, if you provoke it enough times.

Updating the UEFI isn’t supposed to change the state of the TPM, but when has anyone at Intel, Microsoft, and the BIOS industry ever followed their own documentation?

So when it DOES change the state of the TPM and the TPM refuses to unlock your Bitlocker drive, then “Microsoft Fastboot” (which turns off the keyboard until you get to Windows, only you can’t get to Windows now) prevents you from typing in the recovery key.

You DID write down the recovery key? No, well, that’s fine.

At this point, you couldn’t type it in even if you wanted to.

So to deal with firmware updates, under Windows, you need to (1) backup your data, (2) make sure the computer is under warranty in case the flash destroys it (5% chance each flash), (3) write down the Bitlocker recovery key (or just go to your Microsoft account because they have it in case the police ask for it), (4) disable Fast Boot in the UEFI setup for when the TPM gets pissed about the Flash, and (5) learn how to use Recovery Mode to re-install Windows Boot Manager, or possibly all of Windows.

Very simple, and elegant!

Otherwise, have fun while the CVEs pile up in the UEFI. Security Theater Boot will be REAL real enforceable now!

Since there is a 5% chance of wrecking the UEFI’s flash memory each time you use a flasher, then if you installed every update Lenovo released for the Thinkbook, you’d have destroyed the laptop almost twice in the last 3 years, statistically.

Since this is the situation under Windows, I have no confidence in fwupd/LVFS and uninstalled it from Debian.

I’d recommend everyone just uninstall fwupd/LVFS, or at least disable the repo on every machine before you give that machine Internet access, even if your OEM puts anything meaningful there.

(Lenovo doesn’t, so it’s just Microsoft dbx blacklists for Security Theater Boot.)

OEMs BARELY test their computers under Windows, which is what’s up with those “Unsupported Processor” BSoDs lately.

These are PCs that were “designed for Windows”, and they are as horrible as that sounds.

So, why on Earth would a Linux user be flashing the thing (UEFI) the PC can’t work without using something written by IBM Red Hat, using systemd?

At least without systemd poking around and flashing firmware in shoddy ways, all IBM Red Hat’s software can really do is screw up your operating system.

That is, at least, recoverable by re-installing the OS, worst case.

Other Recent Tux Machines' Posts

PipeWire Hits 1.0.0 with Improved JACK and Buffer Optimizations
Revamped PipeWire 1.0.0 delivers memfd/dma-buf leak resolutions, improved JACK port handling, and more
This week in KDE: the Plasma 6 feature freeze approaches
At this point nearly all the planned features for Plasma 6 are done
Nitrux 3.2 Released with Aesthetic FHS, Linux Kernel 6.6 LTS, and Updated Installer
Nitrux 3.2 systemd-free and Debian-based distribution is now available for download with Aesthetic FHS file system implementation, Secure Boot support, and Linux kernel 6.6 LTS.
TUXEDO Sirius 16 Unveiled as TUXEDO’s First All-AMD Linux Gaming Laptop
TUXEDO Sirius 16 announced as TUXEDO Computers’ first all-AMD Linux gaming laptop featuring AMD Ryzen 7 7840HS and AMD Radeon RX 7600M XT.
Linux 6.7-rc3
By Linus Torvalds
MiniDebConf Cambridge Reports
2 repors from Andrew Cater
Rocky Linux 9.3 Brings Back Cloud and Container Images for PowerPC 64-Bit
RHEL clone Rocky Linux 9.3 has been released today and it’s now available for download as a free alternative to Red Hat’s enterprise Linux distributions CentOS Stream and Red Hat Enterprise Linux.
Ultramarine Linux 39 Launches Featuring Fedora’s Latest Innovations
Ultramarine Linux 39 combines the latest kernel 6.5 with Budgie 10.8.2, offering a different Fedora computing experience
Links 27/11/2023: Australian Wants Tech Companies Under Grip
Links for the day
today's howtos
a few howtos for early Monday
 
Microsoft, Worthless Chatbots (Misframed as "AI") and Windows Cost of Ownership (TCO)
some Microsoft stuff
Programming Leftovers
5 links for today's coding section
today's leftovers
5 articles/topics
Audiocasts/Shows: Destination Linux, Linux Saloon, Linux in the Ham Shack, Linux User Space, Late Night Linux, WordPress Briefing
half a dozen new episodes
today's howtos
only 4 more for the time being
Games: Poker, Steam, and More
mostly by Liam Dawe
Economic Downturn is Good for (or Favours) BSDs and GNU/Linux
we're likely to witness growing adoption of distros, especially in developing nations
Android Leftovers
Extend the Lifespan of Your Android Phone Battery with These Tips
Plans for Next Month and Next Year
December starts this week
Today in Techrights
Some of the latest articles
LinuxYuck: Openwashing-as-a-Service, Even for Controversial Microsoft Back Doors on Many Computer Boards
For those who don't know what ThreadX is and why it's so notorious (Microsoft merely bought it as a Trojan horse), research the matter
Serving in a Third of a Second (HTTP/S and Gemini)
Latency or overhead boil down to the network (packet transmission)
Oracle Linux 8 Update 9
new release and more
History is Not an Opinion
A wrong history
54 Gemini Clients You Can Use to Browse Gemini Edition (gemini://gemini.tuxmachines.org)
latest list
We've Done Better Since Abandoning Twitter and Other Social Control Networks
Use your own site, not others' (especially not sites controlled by sociopaths for personal gain)
Microsoft's Bing Has Collapsed in Pakistan Since 'ChatGPT' Hype
What is the future of Microsoft if even hundreds of millions in media bribes (for puff pieces) cannot revitalise its search ambitions?
Releases: Data Generator for PostgreSQL, Kiwi TCMS, Notepad++
3 new releases
New or Updated Lists of GNU/Linux Software
3 lists today
today's leftovers
GIMP, kew, and more
Programming Leftovers
PHP and more
Qubes OS 4.2.0-rc5 is available for testing
5th RC for 4.2.0 is now available
OpenZFS Data Loss, Linux Revisionism, and Wayland Conflict
Kernel and graphics
Security Leftovers and Windows TCO
4 stories
today's howtos
only 5 for now
EasyOS Kirkstone-series version 5.6.4 released
and some more news
Android Leftovers
This forgotten Android phone did something incredible 4 years ago
Programming Leftovers
4 links for today
Free, Libre, and Open Source Software Leftovers
Mastodon and curl
today's howtos
7 howtos for the afternoon
Building a NetBSD ramdisk kernel
When I used OpenBSD, I was a big fan of bsd.rd: a kernel that includes a root file system with an installer and a few tools
Audiocasts/Shows: TWIL and LINUX Unplugged
2 new episodes
Nations Where Microsoft Windows Falls to Almost Single-Digit Market Share
In many parts of the world Windows is already becoming a rarer sight
Olimex launches STMicro STM32MP157 SoM and open-source hardware EVB
Olimex provides a minimal Debian 11 image with Linux 6.x for the module and EVB
Anniversary release: KPhotoAlbum 5.12.0
We're happy to announce the new release 5.12.0 of KPhotoAlbum, the KDE photo management program
9to5Linux Weekly Roundup: November 26th, 2023
The 164th installment of the 9to5Linux Weekly Roundup is here for the week ending on November 26th, 2023
Open Hardware/Modding: Hacking and Raspberry Pi in Education
3 stories
Security and Windows TCO
Security podcast and Microsoft incidents
Don't Let the Software Freedom Conservancy (SFC) 'Cancel' the People Who Made GNU/Linux
Corporate money buying influence and agenda
Four Weeks
GNU/Linux and BSD can save them some money, but more importantly, it can help change their perspective on life
today's leftovers
4 more articles for now
Today in Techrights
Some of the latest articles
DistroWatch Archive Shows Declining Interest in Ubuntu, Growing Popularity of Other Rising Stars
It's actually a healthy shift of power, akin to elections
Android Leftovers
Assistant At a Glance widget crashing on various Android phones
10 best Linux App alternatives
If you're moving from Windows to Linux, there are several alternative apps that will boost your computing experience
Radxa ROCK 3B Rockchip RK3568 SBC combines Pico-ITX and Raspberry Pi form factors
Radxa currently provides Debian 11 “Bullseye” and Ubuntu 22.04 “Jammy” images for the Rock 5B board
Blue Recorder, Linux Screencast App, Ported to GTK4
GNOME Shell’s built-in screen recording feature is perfect at capturing short clips but when you need to record longer sessions you should use a dedicated screen recording app
FriendlyELEC CM3588 NAS Kit comes with four M.2 Key-M 2280 PCIe Gen 3 x1 sockets
FriendlyELEC provides Debian 11, Ubuntu 22.04, Android 12 TV, FriendlyWrt 21.02/23.05 (OpenWrt forks), and OpenMediaVault images, all based on a fairly recent Linux 6.1 LTS kernel
Review: GhostBSD 23.10.1
GhostBSD is a desktop-oriented operating system based on FreeBSD
PipeWire 1.0 Arrives as First Major Release
PipeWire 1.0 is here! Explore the significant updates and improvements to this modern Linux audio solution for creators and users.
Meet LACT: Linux AMDGPU Controller Tool for AMD GPU Users
Check out the LACT - Linux AMDGPU Controller Tool with features like overclocking, fan curve control, and more for a seamless experience.
Tux Machines Turns 19.5 a Fortnight From Now
June 10 will be our anniversary. The next one is 20.
Data Breaches and Windows TCO
Mostly Windows incidents
OpenSSL 3.2
The major changes and known issues for the 3.2 branch of the OpenSSL toolkit are summarised
Linux Kernel 6.6 Officially Confirmed as an LTS
Last month saw the release of the Linux 6.6 kernel, a big update jam-packed with new features, hardware support, security enhancements, and performance improvements
Android Leftovers
Cyber Monday Phone Deals: Google Pixel 8, Android, and More
GPL and Whistleblowers
Eben Moglen stands with Snowden
BSD Stories and News
Including Wayland assessment
Free, Libre, and Open Source Software Leftovers
Net and FOSS links
Likely Back Doors and Microsoft Windows TCO
half a dozen links
Kernel IPIs and Linux Security Summit 2023 Videos
linux stories
Games: Humble's Skybound Games Bundle and Godot 4.2 RC 2
2 gaming stories
Software: LACT, Burp Suite, and WhatsApp for GNU/Linux
Some FOSS picks
today's howtos
not so many today
Programming Leftovers
Python, shell, and more
Retro and Open Hardware: Motorola and Raspberry Pi Copycats
modding heavens?
Container Curse and Update on Incus
2 posts containers
PipeWire 1.0 “El Presidente” Officially Released, This Is What’s New
PipeWire 1.0 has been released today as a major update to this modern software for handling audio and video streams and hardware on Linux systems.
Android Leftovers
Every Google app updated for Android tablets, foldables
Holidays Almost Over (Slow News)
The holiday in the US (or the long weekend) is almost over, so we expect news to pick up pace again some time around Tuesday morning
What It Takes To Make A Raspberry Pi Killer
The folks at Raspberry Pi are riding on a bit of a wave at the moment, with the launch of the Pi 5 with its PCIe and RP1 peripheral chip
OpenMandriva Lx 5.0 Is Out as the Last KDE Plasma 5 Release, Powered by Linux 6.6 LTS
OpenMandriva Lx 5.0 distribution is now available for download as the last major OpenMandriva Lx release featuring the KDE Plasma 5 desktop environment.
20 Best Free and Open Source Python Visualization Packages
All of them are released under an open source license
Today in Techrights
Some of the latest articles
Security Leftovers
only 4 stories for now
Proprietary Software and Openwashing
Some misc. links
FFmpeg 6.1 “Heaviside” Released with VAAPI AV1 Encoder, HW Vulkan Decoding
FFmpeg 6.1 open-source multimedia framework has been released today as a major update that brings new features, new decoders, new filters, and many other changes.
Security Leftovers
4 new reports/posts
mesa 23.3.0-rc5
almost there now
Fedora Status Update and PipeWire Camera Support in Firefox
Some Fedora news
Debian's Jonathan Dowland on bndcmpr and Dockerfile ARG footgun
a pair of new blog posts
Arduino Projects and Adventures
Latest 3 posts from Arduino
Wireshark 4.2.0 Released with Dark Mode, ARM64 Support
Learn what's new in Wireshark 4.2.0 release which brings updated base with dark mode, performance improvements and more.
GIMP 3.0 Release Plan
May next year