Language Selection

English French German Italian Portuguese Spanish

July 2020

Systemd 246 Released With Many Changes

Filed under
Linux
Red Hat

Systemd 246 is out today as the newest version of this dominant Linux init system and system/service manager. Systemd 246 has a lot of new functionality in time for making it into at least some of the autumn 2020 Linux distributions.

Read more

Free software in business: Success stories

Filed under
GNU

Even though the vast majority of software development and news articles on technology still predominantly focus on proprietary software, public pressure is increasingly shifting the conversation to include ethical considerations. Whenever you feel that free software is not making strong enough waves, I urge you to look at the LibrePlanet conference video collection (or listen to the talks), to strengthen your belief. Making free software a kitchen table issue in every home can at times seem like an insurmountable challenge, but there are so many community members doing incredibly inspiring work driving user freedom forward.

This is why we have been updating our "Working Together for Free Software" pages in the last few weeks, with new testimonials from activists and enthusiasts. We have heard why people believe in free software, and how free software can make a difference in all industries. This third blog post in the series inspired by interviews with community members will bring some attention to the success that people have had advocating for free software through their occupations. It manifests how appeals to user freedom, and successful free software implementations, are driving forces behind the advancement of businesses all over the world.

Read more

The Rust Programming Language Blog: Announcing Rust 1.45.1

Filed under
Development
Moz/FF

The Rust team is happy to announce a new version of Rust, 1.45.1. Rust is a programming language that is empowering everyone to build reliable and efficient software.

Read more

New Security Patches and New UEFI 'Secure' Boot Catastrophe

Filed under
Server
Security
  • Security updates for Thursday

    Security updates have been issued by Arch Linux (webkit2gtk), CentOS (GNOME, grub2, and kernel), Debian (firefox-esr, grub2, json-c, kdepim-runtime, libapache2-mod-auth-openidc, net-snmp, and xrdp), Gentoo (chromium and firefox), Mageia (podofo), openSUSE (knot and tomcat), Oracle (grub2, kernel, postgresql-jdbc, and python-pillow), Red Hat (firefox, grub2, kernel, and kernel-rt), SUSE (grub2), and Ubuntu (firefox, grub2, grub2-signed, and librsvg).

  • Grub2 updates for Red Hat systems are making some unbootable

    As reported in the comments on the Grub2 secure-boot vulnerabilities report, the updates for grub2 for RHEL 8 and CentOS 8 are making some systems unbootable. The boot problems are seemingly unrelated to whether the system has secure boot enabled. It may be worth waiting a bit for that to shake out.

  • Servers at risk from “BootHole” bug – what you need to know

    That’s our tongue-in-cheek name for a cybersecurity vulnerability that not only gets assigned an identifier like CVE-2020-10713, but also acquires an impressive name plus a jaunty logo (and even, in one intriguing case, a theme tune).

    This month’s bug with an impressive name (see what we did there?) is called BootHole, and its logo rather cheekily shows a boot with a worm sticking out of a hole in the toecap.

    The bad news is that this bug affects the integrity of bootup process itself, meaning that it provides a way for attackers to insert code that will run next time you restart your device, but during the insecure period after you turn on the power but before the operating system starts up.

    The good news for most of us is that it relies on a bug in a bootloader program known as GRUB, short for Grand Unified Boot Loader, which is rarely found on Windows or Mac computers.

  • Why the GRUB2 Secure Boot Flaw Doesn’t Affect Purism Computers

    To understand why this flaw does not affect Purism computers, it helps to understand why UEFI Secure Boot exists to begin with, and how it and the security exploit works. Attacks on the boot process are particularly nasty as they occur before the system’s kernel gets loaded. Attackers who have this ability can then compromise the kernel before it runs, allowing their attack to persist through reboots while also hiding from detection. UEFI Secure Boot is a technology that aims to protect against these kinds of attacks by signing boot loaders like GRUB2 with private keys controlled ultimately by Microsoft. UEFI Firmware on the computer contains the public certificate counterparts for those private keys. At boot time UEFI Secure Boot checks the signatures of the current GRUB2 executable and if they don’t match, it won’t allow the executable to run.

    If you’d like to understand the GRUB2 vulnerability in more detail, security journalist Dan Goodin has a great write-up at Ars Technica. In summary, an attacker can trigger a buffer overflow in GRUB2 as it parses the grub.cfg configuration file (this file contains settings for the GRUB2 menu including which kernels to load and what kernel options to use). This buffer overflow allows the attacker to modify GRUB2 code in memory and execute malicious code of their choice, bypassing the protection UEFI Secure Boot normally would have to prevent such an attack.

    Unfortunately, UEFI Secure Boot doesn’t extend its signature checks into configuration files like grub.cfg. This means you can change grub.cfg without triggering Secure Boot and the attack exploited that limitation to modify grub.cfg in a way that would then exploit the running GRUB2 binary after it had passed the signature check.

    Further complicating the response to this vulnerability is the fact that it’s not enough to patch GRUB2. Because the vulnerable GRUB2 binaries have already been signed by Microsoft’s certificate, an attacker could simply replace a patched GRUB2 with the previous, vulnerable version. Patching against this vulnerability means updating your UEFI firmware (typically using reflashing tools and firmware provided by your vendor) so that it can add the vulnerable GRUB2 binary signatures to its overall list of revoked signatures.

Want to run Mac OS 8 on Linux as an Electron app? Well, you can anyway

Filed under
GNU
Linux
Mac

After creating Electron-based version of Windows 95 in 2018, Felix is back with a new virtual machine package (and a new apology for creating it).

Called macintosh.js, Felix brings Apple’s ancient Mac OS 8 system to the masses via the medium of JavaScript and everyone’s favourite app creation framework¹ Electron.

His free-to-use-but-don’t-ask-me-if-Apple-approve version of Mac OS 8 runs like a champ on Windows, macOS and Linux (I tested it on the latter). It runs as a standalone app that boots the OS up directly, i.e. there’s no need to fuss around with installers or set up dialogs).

“The virtual machine is emulating a 1991 Macintosh Quadra 900 with a Motorola CPU, which Apple used before switching to the PowerPC architecture (Apple/IBM/Motorola) in the mid 1990s,” Felix says of his effort.

A suite of era-specific software and games is bundled inside as trials, demos, or shareware. This includes Adobe Photoshop 3, Adobe Premiere 4, Netscape Explorer, Duke Nukem 3D, and plenty more.

While there’s no working internet connectivity (meaning the bundled copy of Internet Explorer must go unloved) this is a functional version of Mac OS 8. All of the apps work; this isn’t a superficial reconstruction with the veneer of usability — it works.

Read more

Kangaroo on protest

Filed under
Humor

How to Play Android Games on Linux

Filed under
Android
GNU
Linux
Gaming
HowTos

Fancy playing Android games on your desktop? We have shown you how to do so in Windows, but what about Linux? If you want to play Android games on Linux, we have the solution.

Read more

Intel Celeron G5900 + Pentium Gold G6400 Benchmarks - Low-Price Comet Lake CPUs

Filed under
Graphics/Benchmarks

While we have looked a lot at how the Core i9 10900K performs at the top-end of Intel's Comet Lake line-up as well as with the likes of the i5-10600K and i3-10100, here is our first look at the very bottom of the stack with the new Celeron and Pentium processors. Benchmarked today are the Celeron G5900 as a ~$40 processor and the Pentium Gold G6400 that retails for around $60 and compared against other low-end Intel and AMD processors as well as older Intel Core i3 CPUs.

The Intel Celeron G5900 is one of the lowest-end Comet Lake processors offered. For $42 USD (indeed was able to purchase it for that price) is a dual-core processor with a 3.4GHz clock frequency. The CPU has just a 2MB cache, no turbo frequency, support for dual channel DDR4-2666 memory, no form of AVX support, 2MB L3 cache, UHD Graphics 610 that clock up to 1.05GHz, and a 58 Watt TDP. It's a CPU quite at the bottom of the gutter by 2020 standards.

Read more

today's leftovers

Filed under
Misc

  • Intel Celeron G5900 + Pentium Gold G6400 Benchmarks - Low-Price Comet Lake CPUs

    While we have looked a lot at how the Core i9 10900K performs at the top-end of Intel's Comet Lake line-up as well as with the likes of the i5-10600K and i3-10100, here is our first look at the very bottom of the stack with the new Celeron and Pentium processors. Benchmarked today are the Celeron G5900 as a ~$40 processor and the Pentium Gold G6400 that retails for around $60 and compared against other low-end Intel and AMD processors as well as older Intel Core i3 CPUs.

  •        

  • Mageia 8 Artwork Contest

    As with every release, the artwork for Mageia 8 will come from you, the great community that supports and makes Mageia possible. With development well underway, Alpha 1 has just been released, it’s time to start getting the artwork ready. As in previous years, we’re looking for your contributions and ideas, but not just images and photos – if you have icons and logos, or ideas on how login screens or animations should look, then it’s time to discuss or show them off.

  • This Week in Glean: Automated end-to-end tests for Glean

    Last year at the Mozilla All-Hands in Whistler, Canada I went for a walk with my colleague Mark Reid who manages our Data Platform team. We caught up on personal stuff and discussed ongoing projects as well as shared objectives for the next half-year. These in-person conversations with colleagues are my favorite activity at our semi-annual gatherings and are helpful in ensuring that my team is working on the most impactful projects and that our tests create value for the teams we support.

    [...]

    For Mozilla, getting reliable data from our products is critical to inform our decision making. Glean is a new product analytics and telemetry solution that provides a consistent experience and behavior across all of our products. Mark and I agreed that it would be fantastic if we had automated end-to-end tests to complement existing test suites and alert us of potential issues with the system as quickly as possible.

  • Reading Impractical Python Projects

    If you experienced the home and personal computing revolution of the early 1980s, you may have read some books that got you hooked up with programming. These books led you through the intellectual adventure of using computing to explore interesting problem domains.

  • A Hundred Days of Code, Day 022 - Getting into the Groove
  • PSF GSoC students blogs: Weekly Check In - 8

    Next week I plan to continue working on ScrapyTunnelingH2Agent.

  • PSF GSoC students blogs: Weekly Check-in #9
  •        

  • The Future of Linux Security: Securing Linux-Based Systems in 4 Steps

    The world is increasingly interconnected and, as a result of this, the exposure to security vulnerabilities has dramatically increased as well. The intricacies of maintaining today’s Linux-based platforms make it very challenging for developers to cover every potential entry point. In 2019 there was an average of more than 45 Common Vulnerabilities and Exposures (CVEs) logged per day.

    How does a development organization keep up with that? In order to stay on top of this, developers must increasingly spend more time and effort integrating CVE patches into their solutions, at the cost of spending time developing their applications.

  • The 10 Best RSS News Readers [Ed: How on Earth did a site called "FOSSMint" manage to miss just about every RSS reader that is actually FOSS?]

    The RSS newsreaders may not be much in fashion these days but they have surely not been discontinued. They are still being used, plenty of people still rely upon them to pull together various news stories from different websites.

    RSS news readers provide a great way to stay current and updated. Though many websites do not keep an updated RSS feed anymore, there are still some great RSS readers available online.

    Through this article, we will introduce you to some of the best and top listed RSS newsreaders which will always keep you up to date.

  • Happy 30th Birthday, ADA. What’s Next?

    We need a system where people with disabilities are universally included by design—not “accommodation.”

More in Tux Machines

today's howtos

  • How To Install WordPress on Debian 11 - idroot

    In this tutorial, we will show you how to install WordPress on Debian 11. For those of you who didn’t know, WordPress is an open-source CMS (Content Management System) that allows you to create a website that is tailored to your specific requirements. With WordPress, you can create a blog, a company website, a portfolio, an online store, or anything else you can think of. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of WordPress cms on a Debian 11 (Bullseye).

  • How to Download & Install Ubuntu 21.10 Impish Indri - LinuxCapable

    Ubuntu has officially released the Ubuntu 21.10 codenamed Impish Indri. This has seen the introduction of GNOME 40 as the default desktop, and sadly GNOME 41 did not make the final cut. The release also introduces Linux Kernel 5.13 among new applications and other back-end performance improvements. Some of the other features.

  • How to Install Docker Engine on Debian 11 (Bullseye)

    Docker is an open platform tool which provides container run time environment. With the help of docker, developers can build, ship and run their code as a container anywhere like on-prem or public cloud. Docker makes use of OS-level virtualization to spin up the containers. The host on which docker is installed and containers are spun are called as ‘Docker Engine’. In this post, we will cover how to install Docker Engine (Community Edition) on Debian 11 (Bullseye) step by step.

  • How to Install GNOME 41 Desktop Unstable on Debian 11 Bullseye - LinuxCapable

    Many Debian 11 users know that Gnome 38 is the default version that ships with the codename Bullseye operating system. However, as much hype has been built around the new Gnome 41 desktop, many would be looking for an opportunity to install and test or permanently use the latest on offer from GNOME. GNOME 41 introduces many changes from visual changes, new apps, and overhaul back-end changes to improve performance. Overall, it is vastly different from what previous GNOME versions have looked before. In the following tutorial, you will learn how to install the new GNOME 41 desktop from the unstable (sid) repository on your Debian 11 Bullseye operating system.

  • How to Install Odoo 15 on Ubuntu 20.04 - SpeedySense

    In this article, we explain you how to install Odoo 15 on Ubuntu 20.04 LTS. Follow 8 easy steps for install Odoo 15 on Ubuntu. Odoo 15 was released on Oct 06, 2021. It is very easy to install Odoo in Ubuntu 20.04 Focal Fossa. Odoo is a most extensive open-source ERP that provides all business related application. Such as Accounting, CRM, Sales, Purchase, Project, Point of Sale, E-Commerce and many more. So Let’s start how to install and configure Odoo 14 in Ubuntu. Every year Odoo comes up with more new features and make platform more user-friendly.

  • How to Install Slack on Fedora 35 - LinuxCapable

    Slack is one of the most popular collaboration communication platforms in the world. From it was initial launch in 2013, it has grown. It is now favored amongst development teams and corporations to integrate many services, run groups, meetings, etc. The way Slack works is to create channels for your teams, topics, customers, or co-workers. Slack also features voice and video calls, file sharing. In the following tutorial, you will know how to install the Slack communication platform on Fedora 35.

  • How to Install and Configure Postgres 14 on Debian 11

    In this guide we are going to install Postgresql 14 in Debian 11. Postgresql is an open source object-relational database system with over 30 years of active development that has earned it a strong reputation for reliability, feature robustness, and performance. Postgres, is a free and open-source relational database management system emphasizing extensibility and SQL compliance. It was originally named POSTGRES, referring to its origins as a successor to the Ingres database developed at the University of California, Berkeley. PostgreSQL is used as the primary data store or data warehouse for many web, mobile, geospatial, and analytics applications. PostgreSQL can store structured and unstructured data in a single product.

  • How to Perform a Remote Linux Backup Using SSH

    Secure Shell or SSH is responsible for successful network communication between two remote computers. For a Linux system administrator, this networking tool is the perfect solution for remote server/machine access over unsecured networks.

  • How to manage wireless connections using iwd on Linux

    Iwd is the acronym of “iNet wireless daemon”. As the name suggests, it is a free and open source wireless management daemon written by Intel for Linux. It is designed to avoid the usage of external libraries it just relies on the functionalities integrated into the kernel. It can be used together with NetworkManager as a substitute for wpa_supplicant, or in standalone mode. In this tutorial we will explore the latter option.

  • Linux Uptime Command with Examples

    The uptime command displays how long the system has been up (running) along with the current time, number of logged-in users, and the system load averages for the past 1, 5, and 15 minutes. In this tutorial, we learn the Linux uptime command.

Android Leftovers

Ubuntu 21.10 Radeon Gaming With KDE Plasma vs. GNOME Shell + Wayland vs. X.Org

With last week's release of Ubuntu 21.10, here are some fresh benchmarks looking at the Linux gaming performance on this new release while testing both the GNOME Shell 40 default desktop to that of its KDE Plasma 5.22 based option. Both the X.Org and Wayland sessions for KDE and GNOME were benchmarked for seeing how the Linux gaming performance compares with the Radeon open-source GPU driver stack. In the past we've seen the GNOME Shell Wayland-based Linux gaming experience to be in very good shape and in some games performing even better than the X.Org based environment. With GNOME / Mutter continuing to mature as well as running the latest open-source Radeon drivers, now with the Ubuntu 21.10 release it's a good time to re-test the performance. Additionally, the KDE Plasma Wayland experience has matured a heck of a lot this year and is now in much better shape for day-to-day use so it's been also included for this comparison. Read more

Juno’s Linux laptops now available with Intel Tiger Lake-H or AMD Ryzen 5000H

Juno Computers sells a line of desktop and laptop computers that ship with Ubuntu Linux pre-installed, and this month the company updated its lineup with several new high performance models sporting 11th-gen Intel Core “Tiger Lake H” or AMD Ryzen 5000H processors. They don’t come cheap, with starting prices ranging from $1,150 to $2,250. But the new laptops pack a lot of horsepower. The most affordable, least powerful of the bunch is the Juno Nyx 15″ AMD V2, a 3.64 pound laptop with an AMD Ryzen 7 5700U processor, a 15.6 inch, 1920 x 1080 pixel display, a 49 Wh battery, support for WiFi 6 and Bluetooth 5.0, and a selection of ports including HDMI, Ethernet, and USB Type-C and Type-A. Read more