Tux Machines

Do you waddle the waddle?

Other Sites

Internet Society

Today’s US Executive Order is a Serious Win for Cybersecurity

The United States government is taking a major leap forward for cybersecurity. The newly released Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity calls on the US government to improve the security of its own systems. New cybersecurity procurement requirements for federal contractors will have a broad impact by leveraging the “power of the purse” to drive market demand for strong cybersecurity.

LinuxGizmos.com

LLM630 Compute Kit with Wi-Fi 6, GbE, and LLM Support for Edge AI

The M5Stack LLM630 Compute Kit is a development platform targeting edge computing and intelligent applications. It features Gigabit Ethernet, Wi-Fi 6, camera support, and expansion interfaces, designed to handle tasks such as computer vision, large language model processing, and other embedded applications.

PocketBeagle 2 Offers Compact Design with AM6232 Processor

The PocketBeagle 2 from the BeagleBoard.org Foundation introduces a compact design paired with enhanced performance and connectivity features. Built on the AM6232 processor, this board provides a 64-bit platform within the established PocketBeagle form factor.

Orbbec Unveils Gemini 215 Stereo 3D Camera and Pulsar SL450 at CES 2025

At CES 2025, Orbbec introduced the Gemini 215 Stereo 3D Camera and the Pulsar SL450 dToF Single-Line LiDAR. The Gemini 215, designed for high-precision scanning, features depth measurement accuracy of less than 0.5 millimeters, multi-camera synchronization, and a lightweight build, making it suitable for various short-range 3D scanning applications.

ASRock Industrial Introduces 4X4 BOX AI300 Series with AMD Ryzen AI Processors

ASRock Industrial has introduced the 4X4 BOX AI300 Series, a compact system built around AMD’s Ryzen AI 300 Series processors. This fanned system includes features such as 2.5GbE and 1GbE ports, support for four displays, and flexible storage options.

RISC-V Based Milk-V Oasis Gets Canceled and Refunds Are Issued to Supporters

The Milk-V Oasis, a highly anticipated RISC-V-based Mini-ITX motherboard, has been officially put on hold. Despite its promising features and bold vision, the project was suspended indefinitely due to development challenges and uncontrollable factors, according to the Milk-V team.

Luckfox Brings Linux to Stamp Form Factor with Rockchip RV1106 Processor

The Luckfox Core1106 is a compact development board built around the Rockchip RV1106 chip. Designed to simplify hardware integration, it allows developers to efficiently verify designs or embed the board into products. With dimensions of 30 × 30 mm, the Core1106 is suitable for applications such as edge computing, IoT devices, and video processing.

Never Update Your UEFI “BIOS”, Especially With LVFS on Linux. Also, systemd-boot is a Plot to Overthrow the PC’s Owner.

posted by Roy Schestowitz on Sep 22, 2023

Reprinted with permission from Ryan Farmer.

Why You Should Never Update Your UEFI “BIOS”, Especially With LVFS on Linux.

Also, systemd-boot is a Plot to Overthrow the PC’s Owner.

systemd’s entire purpose is to replace the Linux kernel’s features with something that systemd does itself, incompetently. It’s full of bugs.

One of their latest antics is systemd-oomd, which is going over well (sarcasm) and you can read all about what Fedora users have to say about it on Reddit. I refuse to even think about installing THAT on my PC.

I know to shut down memory hogs before opening a memory hog and I use ZRam so it’s usually not a big issue.

I’ll deal with this before there’s an out-of-memory and a program written by Facebook and IBM is going around randomly murdering, up to and including my entire desktop session, kicking me to a login screen, ruining EVERYTHING.

It’s difficult to even imagine that I was horrified when their first “proposal” was just to handle “mount” or when one of their next ones was to handle DNS.

systemd’s secondary purpose is to kill GNU’s bootloader, GRUB, and replace it with one that can lock down the whole computer per Microsoft’s orders.

To quote Debian on “Secure” Boot:

code must not be subject to GPLv3, “or any license that purports to give someone the right to demand authorization keys to be able to install modified forms of the code on a device.

Code that is subject to such a license that has already been signed might have that signature revoked.

For example, GRUB 2 is licensed under GPLv3 and won’t be signed.

-One of Microsoft’s requirements for signing a bootloader.

systemd-boot is not designed to be better than GRUB 2, but to make it possible to just directly “sign” it with Microsoft and refuse to give the user the right to run an alternative version of systemd-boot which doesn’t lock their computer down and remove a significant amount of access to it.

Shim+GRUB 2 already does this, but the user can just turn off Security Theater Boot in the UEFI setup, and then remove shim and update grub.

mokutil only exists to deal with shim, so you can get rid of that too at the same time.

Debian “supports” Security Theater Boot now, so I’ve removed support for it so I couldn’t even turn it back on like this at the firmware level if I wanted to.

I blogged at least three times about why “UEFI is Trash”.

See; System76 Ditches UEFI Firmware Trash, Ships Coreboot Firmware on Linux Laptops, UEFI is Trash: Part 2 “Destroy the Computer to Continue Using Windows 11!”, and More Work on Debian 12. UEFI is Trash Part 3: Fixing a Lenovo Restart “bug”.

It is not even plausible that UEFI, like it is, could enforce Security Theater Boot, because it’s got thousands of CVEs (security holes) and unless people flash their firmware every month most of them will all work.

Lenovo has updated this PC over 30 times.

Many times you flash it, it will do something to ruin Windows Boot Manager or Bitlocker, if you use Windows.

Each month they “fix” 6-12 CVEs.

So you tell me how well this was designed.

Also, nobody wants to brick their computer, especially if it’s not under warranty, so they don’t even install the UEFI updates. Like I don’t.

If you flash it and it goes so wrong it kills the hardware, you’ll be paying for this mess yourself. (A new computer.)

When I had Windows 10 on this machine, I followed Lenovo’s instructions, to the letter. Windows was ruined twice. Wow. UEFI is terrific.

TPMs, which is how Windows Bitlocker “encrypts” (it’s backdoored for the government) your storage, are just too twitchy to ever use for anything serious. You will lose all of the data you haven’t backed up at some point, if you provoke it enough times.

Updating the UEFI isn’t supposed to change the state of the TPM, but when has anyone at Intel, Microsoft, and the BIOS industry ever followed their own documentation?

So when it DOES change the state of the TPM and the TPM refuses to unlock your Bitlocker drive, then “Microsoft Fastboot” (which turns off the keyboard until you get to Windows, only you can’t get to Windows now) prevents you from typing in the recovery key.

You DID write down the recovery key? No, well, that’s fine.

At this point, you couldn’t type it in even if you wanted to.

So to deal with firmware updates, under Windows, you need to (1) backup your data, (2) make sure the computer is under warranty in case the flash destroys it (5% chance each flash), (3) write down the Bitlocker recovery key (or just go to your Microsoft account because they have it in case the police ask for it), (4) disable Fast Boot in the UEFI setup for when the TPM gets pissed about the Flash, and (5) learn how to use Recovery Mode to re-install Windows Boot Manager, or possibly all of Windows.

Very simple, and elegant!

Otherwise, have fun while the CVEs pile up in the UEFI. Security Theater Boot will be REAL real enforceable now!

Since there is a 5% chance of wrecking the UEFI’s flash memory each time you use a flasher, then if you installed every update Lenovo released for the Thinkbook, you’d have destroyed the laptop almost twice in the last 3 years, statistically.

Since this is the situation under Windows, I have no confidence in fwupd/LVFS and uninstalled it from Debian.

I’d recommend everyone just uninstall fwupd/LVFS, or at least disable the repo on every machine before you give that machine Internet access, even if your OEM puts anything meaningful there.

(Lenovo doesn’t, so it’s just Microsoft dbx blacklists for Security Theater Boot.)

OEMs BARELY test their computers under Windows, which is what’s up with those “Unsupported Processor” BSoDs lately.

These are PCs that were “designed for Windows”, and they are as horrible as that sounds.

So, why on Earth would a Linux user be flashing the thing (UEFI) the PC can’t work without using something written by IBM Red Hat, using systemd?

At least without systemd poking around and flashing firmware in shoddy ways, all IBM Red Hat’s software can really do is screw up your operating system.

That is, at least, recoverable by re-installing the OS, worst case.

Other Recent Tux Machines' Posts

Linux Mint 22.1 “Xia” Is Now Available for Download, Here’s What’s New
The wait is finally over as the Linux Mint team has published the final ISO images of the Linux Mint 22.1 “Xia” release, which are available for download from the official mirrors.
MX Linux 23.5 Released with Xfce 4.20 and Linux 6.12 LTS, Based on Debian 12.9
MX Linux 23.5 has been released today as the newest ISO snapshot in the MX Linux 23 “Libretto” series of this lightweight Debian-based GNU/Linux distribution for everyday use.
GNOME 48 Expands Core Apps With New Audio Player
When GNOME 48 is released in March it will debut with a brand-new audio player
Apple Wants People to Use Proprietary Software to Run "Linux"
Parallels Desktop
 
Open Hardware: Raspberry Pi and System76
and more
today's howtos
Instructionals/Technical post
Programming Leftovers
Geolytica and more
Deepin 25 Preview: A Sleek Redesign with Major Under-the-Hood Changes
Deepin 25 changes direction
Stable kernels: Linux 6.12.10, Linux 6.6.72, and Linux 6.1.125
All users of the 6.12 kernel series must upgrade
Android Leftovers
The Most Expensive Phones Aren't iPhones—They Run Android
LibreOffice 25.2 RC2 is available for testing
LibreOffice 25.2 will be released as final at the beginning of February, 2025
10 Linux apps I install on every new machine (and why you should, too)
If you're wondering which apps take priority on your new Linux machine
Klassy for development version of Plasma
You might have seen the awesome Klassy theme by Paul McAuley for Qt applications and window decorations for KWin
Security and Windows TCO
Windows TCO and more
Games: Cubic Odyssey, THREAT VECTOR, and More
7 articles from GamingOnLinux
Android Leftovers
Your Android-Powered Car is About To Get a Lot More Apps
PureOS Crimson Development Report: December 2024
It’s a new year, and we are excited for the developments coming this year to Librem devices
3 reasons Pop!_OS might be the best Linux distro for gamers
There are some excellent Linux distros available
Sponsored Puff Piece, Microsoft Openwashing by OSI, and Programming
today's leftovers
Best Free and Open Source Software
We recommend the best free and open source alternatives for Linux
Raspberry Pi for BBS and All The Attacks On The RP2350
A pair of Raspberry Pi stories
today's howtos
4 howtos for now
GNU/Linux Applications: apt Clean Up Utilities, Libvirt 11.0.0, Bottles 51.18, Stacer, and More
Applications for BSD and GNU/Linux in particular
ExTiX – Ubuntu-based Linux distribution
ExTiX is a Linux distribution based on Ubuntu
Kirigami Addons 1.7.0
Kirigami Addons is a collection of additional components for Kirigami applications
Security and Windows TCO
patches, Windows TCO, and more
EasyOS Daedalus-series 6.5.5 and More
EasyOS news
Today in Techrights
Some of the latest articles
GNU/Linux and Free, Libre, and Open Source Software Leftovers
today's leftovers
Games: UID changes coming to Godot 4.4, Valve on SteamOS, and More
gaming picks
Mozilla and Spidermonkey
Mozilla off topic again
Programming Leftovers
Development links
today's howtos
many howtos
Release of Ghostty 1.0
Ghostty 1.0 is out
Microsoft change removed from Linux over Intel CPU issues
Intel and AMD engineers have stepped in at the eleventh hour to deal with a code contribution from a Microsoft developer that could have broken Linux 6.13 on some systems.
Programming Leftovers
Development picks
today's hows
Instructionals/Technical posts
Free, Libre, and Open Source Software and Openwashing
FOSS and fakes
Windows TCO and Incidents
Security links
Gaming on Linux, How openSUSE Stacks Up for Gamers
Millions of gamers are facing a critical decision; upgrade their operating system
Tuxedo OS 20250115 launches with KDE Plasma 6.2.5, Vim 9.1, and more
Although it comes with the same Linux kernel as its predecessor
Games: SteamOS, WebScreen, Steam Deck, and More
latest 9 articles from GamingOnLinux
Android Leftovers
These hotels just added support for room keys on Android through Google Wallet
Free and Open Source Software
This is free and open source software
TigerOS – Portuguese Fedora remix
TigerOS is a Fedora based operating system
Windows 11 - There's still nothing worth my time
It is time to bring another jolly article to its end
Luckfox Brings Linux to Stamp Form Factor with Rockchip RV1106 Processor
The Luckfox Core1106 is supported by the Luckfox Pico SDK, optimized for Ubuntu LTS systems
The “O” in “FOSS” does not stand for “obligation”
This post is inspired by the months-long temper tantrum thrown by Matt Mullenweg
Free, Libre, and Open Source Software Leftovers
FOSS picks
Hardware: RISC-V in China, Android and Linux-based Smart TFT Displays
Hardware picks (a pair)
Red Hat's Debuginfod project update 2024 and Adam Williamson's (Red Hat) new laptop and Silverblue
Fedora / Red Hat / IBM leftovers
“SteamOS on a PC" and Android vs Linux for Gaming Handhelds
gaming picks
Security and FUD
a little FUD, indeed
Ubuntu Studio: Why you need this open-source Adobe alternative
running through some of the reasons to download Ubuntu Studio
LWN predictions and timeline
Just released from the paywall
Today in Techrights
Some of the latest articles
Important Day for Us [original]
We're going to pursue justice
A sad day for the Firebird Project
Helen Borrie, a key figure in the Firebird relational database project and a longtime contributor at IBPhoenix, passed away on January 2, 2025
GNU/Linux and Development Leftovers
today's leftovers
Free, Libre, and Open Source Software and GNU/Linux Applications
FOSS leftoverss
Open Hardware/Modding: Hackaday, OpenSCAD, Raspberry Pi, Fairphone, and More
Open Hardware bits
Security Leftovers
patches and more
Canonical/Ubuntu Leftovers
Canonical/Ubuntu news and more
Notepad Next 0.10 Brings Better Bookmark Operations
Notepad Next 0.10, a cross-platform reimplementation of Notepad++
This Week in Plasma: Final Plasma 6.3 Features
This week the focus was on landing final Plasma 6.3 features and UI changes
Flatpak 1.16 Linux App Sandboxing and Distribution Framework Officially Released
Flatpak, the popular Linux application sandboxing and distribution framework, has been updated today to version 1.16, a major release that comes with new features and improvements.
today's leftovers
Fedora, Ubuntu, Haiku, and more
today's howtos
many howtos
Linux Foundation On Chromium browser
How will this work
Open Hardware/Modding: Raspberry Pi, ESP32, and More
Hardware-related news
today's leftovers
mostly GNU/Linux
Programming Leftovers
Development news
Kdenlive 24.12.1 and KDE in "Tech Over Tea"
Some KDE news
Slackware-Based Absolute Linux Has Been Discontinued
Absolute Linux, the Slackware-based distro, ends its journey as Paul Sherman announces its termination
Security Leftovers
Security news
Free and Open Source Software
This is free and open source software
Crunchbangplusplus – minimalist Linux distribution
Crunchbangplusplus is a Linux distribution based on Debian
risiOS – Fedora based Linux distribution
risiOS is a Fedora based OS designed to make it easier to setup, and modernize the experience
Games: Heroes of the Seven Islands, Stop Killing Games, vkQuake, and More
half a dozen stories from GamingOnLinux
Today in Techrights
Some of the latest articles