Sponsored By:

• Kolide: Kolide can help you nail third-party audits and internal compliance goals with endpoint security for your entire fleet.
• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.

Support Linux Action News

Links:

• GNOME 44 Released — GNOME 44 is code-named “Kuala Lumpur”, in recognition of the work done by the organizers of GNOME.Asia 2022.
• GNOME 44 Released With Many Desktop Enhancements
• GNOME 44 Getting New Background Apps UI
• Ubuntu Touch OTA-1 Focal Release — This is the first OTA for Ubuntu 20.04 (Focal) with major features, this is an Opt-In and not mandatory update.
• First Ubuntu Touch OTA Release Based on Ubuntu 20.04 LTS Is Out Now
• Ubuntu Cinnamon Flavor Status Announcement — Ubuntu Cinnamon started as a small idea in my head, in 2019. I was ELEVEN.
• ItzSwirlz (Joshua Peisach)
• Ubuntu Cinnamon Remix Becomes Official Ubuntu Flavor
• Microsoft’s CBL-Mariner Linux Distribution Continues Cultivating More Packages — With today's CBL-Mariner 2.0.20230321 they have continued cultivating more packages for the distribution.
• CBL-Mariner GitHub
• We’re no longer sunsetting the Free Team plan — After listening to feedback and consulting our community, it’s clear that we made the wrong decision in sunsetting our Free Team plan.
• Google discloses CentOS Linux kernel vulnerabilities following failure to issue timely fixes — Google Project Zero's security researcher Jann Horn learned that kernel fixes made to stable trees are not backported to many enterprise versions of Linux.
• Google Security Researchers Accuse CentOS of Failing to Backport Kernel Fixes
• Project Zero Mailing List Thread on CentOS Kernel Patches
• CVE-2023-0590
• kernel-5.14.0-277.el9
• CVE-2023-1249
• CVE-2023-1252
• Berlin Meet Up #2 - Nextcloud Hackfest & Dev Community Introduction, Fri, Mar 31, 2023 — NOTE: the time detailed on Meetup.com is strictly set to PST, so don't be confused by the interface!

Plus Pwned Passwords goes open source, the public release of Fuchsia, and Valve's rumored Linux handheld.

Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Ting: Save $25 off your first device, or $25 in service credit if you bring one!

Support Linux Action News

Links:

• After staff revolt, Freenode management takes over hundreds of IRC channels for ‘policy violations’ — All told, it appears something like 700 Freenode channels have been seized and re-permissioned, supposedly because the channels mentioned Libera Chat in violation of Freenode's advertising policy.
• Freenode IRC staff resign en masse after takeover by Korea’s “crown prince”
• IRC Announcement - Fedora Magazine
• Ubuntu, Wikimedia jump ship to the Libera Chat IRC network after Freenode channel confiscations
• One week of Libera Chat — It’s been an exciting first week, and we’d like to say a massive thank you for your support, enthusiasm, and patience as we continue to work to bring Libera.Chat up to full capacity. In these first few days, we’ve been able to reach 16,500 simultaneous connections and 20,000 registered accounts.
• kline󠁧󠁢󠁳󠁣󠁴󠁿 on mastodon: “andrew lee just seized over 700 channels on freenode”
• PSA: Ubuntu’s IRC Channels Have Moved from Freenode to Libera Chat
• Gentoo Freenode channels have been hijacked — Today (2021-05-26) a large number of Gentoo channels have been hijacked by Freenode staff, including channels that were not yet migrated to Libera.chat. We cannot perceive this otherwise than as an open act of hostility and we have effectively left Freenode.
• Pwned Passwords, Open Source in the .NET Foundation and Working with the FBI
• Pwned Passwords is now open source!
• Troy Hunt on Twitter RE: the news
• The FBI will feed compromised passwords to Have I Been Pwned — As Hunt explained, the FBI is involved into all sorts of investigations into digital crimes, such as botnets, ransomware, online child sexual exploitation and terrorism. The compromised passwords they find are often being used by crime rings, so the passwords' quick addition to the HIBP database would be extremely helpful. That said, the website doesn't have a way for the feds to quickly feed passwords into its database yet.
• Google is releasing Fuchsia OS, starting w/ 1st-gen Nest Hub — Google’s long-in-development, from-scratch operating system, Fuchsia, is now running on real Made by Google devices, namely, the first-generation Nest Hub.
• Here’s an easier way to try Fuchsia OS on your computer
• Linux Action Show 431
• Valve is making a Switch-like portable gaming PC — On Tuesday, SteamDB operator Pavel Djundik spotted the change in Steam's code, which pointed to a new device named "SteamPal".
• New Audacity Owners Want a CLA — For those not yet aware, we are introducing a Contributor License Agreement (CLA), which contributors to Audacity will need to sign in order to contribute code to the project.
• Information About Our New Contributor License Agreement
• Nextcloud iOS app Open Sourced
• GitHub: nextcloud/ios/COPYING.iOS
• Nextcloud iOS app License Guidelines
• List of Open-Source iOS Apps
• Jami on the Mac App Store
• mediaU on the App Store
• Linux Game Development at Tesla? — Some of you might have heard, our dear technoking is bullish on games and making an awesome platform for all gamers in Tesla vehicles. The latest Model S on our website can give you a hint of what we're aiming for in terms of platform capability (sorry, can't divulge much more for now). The Tesla infotainment OS and platform software are based on a standard Linux, so of course, we're interested in helping the gaming community make Linux gaming excellent.

Plus the imminent problem KDE solved this week, and more.

Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Ting: Save $25 off your first device, or $25 in service credit if you bring one!

Support Linux Action News

Links:

• Initial Apple M1 SoC Support Aims For Linux 5.13 Kernel — This initial Apple M1 Linux port gets the UART, interrupts, SMP, and DeviceTree bits in place for offering basic functionality.
• “Challenge accepted”
• Ars: Apple M1 hardware support merged into Linux 5.13
• Official support for Linux on the M1 Macs could come as soon as June
• [GIT PULL] Apple M1 SoC platform bring-up for 5.13
• Asahi Linux on Twitter — Initial M1 support has been merged into the Linux SoC tree and will be coming to Linux 5.13!
• SiFive FU740 PCIe Support Queued Ahead Of Linux 5.13 — The HiFive Unmatched has a FU740 RISC-V SoC that features four U74-MC cores and one S7 embedded core, 16GB of RAM, USB 3.2 Gen 1, one PCI Express x16 slot (operating at x8 speeds), an NVMe slot, and Gigabit Ethernet.
• How to Secure phpMyAdmin
• Firefox Is Making WebRender The Default Rendering Engine On Linux This Month And There Is A Facelift Coming In May — The Firefox web browser is finally making the long-anticipated WebRender rendering engine the default on GNU/Linux when Firefox 88 is released later this month.
• uBlock Origin works best on Firefox — The Firefox version of uBO makes use of WebAssembly code for core filtering code paths. This is not the case with Chromium-based browsers because this would require an extra permission in the extension manifest which could cause friction when publishing the extension in the Chrome Web Store.
• Wayland Is Driving Fragmentation Around EDID Parsing - A Call To Fix That — Currently there is no de facto EDID parsing library for Linux but many different choices and most Wayland compositors rolling their own. Rather than exposing all of the parsed information from the kernel, there is now a call to have a more unified Linux EDID parsing library.
• vgpu_unlock — Unlock vGPU functionality for consumer-grade GPUs.
• Hacker figures how to unlock vGPU functionality intentionally hidden from certain NVIDIA cards for marketing purposes
• Announcing KDE’s Qt 5 Patch Collection — As Qt 5 support is drawing to a close, and we shift to Qt 6, we need to ensure that KDE products are as reliable as ever. To this end, KDE will be maintaining a set of patches with security and functional fixes so that we can enjoy good KDE Software still based on Qt5 until our software is reliably based on Qt 6.
• Mars Helicopter Flight Delayed to No Earlier than April 14 — During a high-speed spin test of the rotors on Friday, the command sequence controlling the test ended early due to a “watchdog” timer expiration.
• LUP 400 Beer Stein

Plus our rundown of the feature-packed 5.11 release, a Fuchsia surprise, exciting hardware news, and more.

Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Ting: Save $25 off your first device, or $25 in service credit if you bring one!

Support Linux Action News

Links:

• Dev creeped out after he fired up Ubuntu VM on Azure, was immediately approached by Canonical sales rep — "The creepiest thing," he said, "[was] the direct contact on my private LinkedIn account" – which he noted did not share "the same corporate email.
• ＣｙｂｅｒＡｎｔａｎｉ on Twitter
• KDE Plasma 5.21 is Packed with New Features — KDE Plasma 5.21 is going to be released on February 16 and when it arrives it’ll bring a barrel load of changes and enhancements with it.
• This week in KDE — Plasma 5.21 approaches!
• Linux 5.11 Is Heavy On New Features, Improvements For 2021 — There are a ton of Intel and AMD changes, Syscall User Dispatch for helping some newer Windows games run under Wine, continued IO_uring advancements, many Btrfs file-system improvements, Lenovo contributed ThinkPad palm sensor detection support, and much more.
• Linux 5.11 - Linux Kernel Newbies
• Syscall User Dispatch Appears Destined For Linux 5.11 To Help Windows Games On Linux
• AMD Ryzen, EPYC 5~6% Faster Out-Of-The-Box With Linux 5.11
• Intel Xe Graphics Are Looking Great On Linux 5.11 With Nice Performance Uplift
• OpenLiteSpeed WordPress Server | Linode Marketplace
• System76 Begins Detailing Their Open-Source “Launch Configurable Keyboard” — Like the Thelio computers, System76 is going to be manufacturing their own keyboards at their facility in Denver, Colorado.
• Keyboards Go Open Source With System76’s ‘Launch Configurable Keyboard’
• system76/launch on GitHub — System76 Launch Configurable Keyboard
• System76 on Twitter — “The Launch keyboard PCB! #system76 #launch #keyboard #linux #comingsoon #sneakpeek"
• AMD Is Currently Hiring More Linux Engineers — Several of these new job descriptions do begin with, "step up into a new organization built to engage more strategically and deeply with the technical teams of our commercial customers."
• AMD “Green Sardine” Firmware Published For Linux Users
• Google Fuchsia OS could run Android & Linux apps ‘natively’ — This week, a proposal has been put forward for an alternative solution for Fuchsia to run programs meant for Linux and Android. Instead of running Linux itself, Fuchsia would gain a system called “Starnix,” which would act as a translator between instructions for the Linux kernel and instructions for Fuchsia’s Zircon kernel.
• [rfc] Running unmodified Linux programs on Fuchsia
• Fuchsia - Starnix Proposal
• Hacker News Comments — Running unmodified Linux programs on Fuchsia
• Homework: Uncovering a 24-year-old bug in the Linux Kernel
• Homework: Visual guide to SSH tunnels
• Homework: FOSDEM 2021 Videos

Plus, the major re-architecture work underway for Chrome OS with significant ramifications for Desktop Linux.

Sponsored By:

• Ting: Save $25 off your first device, or $25 in service credit if you bring one!

Support Linux Action News

Links:

• Introducing GNOME 3.38: “Orbis” — GNOME 3.38 is the latest version of GNOME 3, and is the result of 6 months’ hard work by the GNOME community. It contains major new features, as well as many smaller improvements and bug fixes. In total, the release incorporates 27896 changes, made by approximately 901 contributors.
• LINUX Unplugged 370: PipeWire Progress
• New GNOME versioning scheme — The next version of GNOME, due to be released in March 2021, will be GNOME 40.
• GNOME Extensions Rebooted Initiative — Extensions Rebooted is a collaborative effort to address the issues around the GNOME Shell extension ecosystem.
• Wiki · extensions-rebooted · GitLab
• What is LaCrOS for Chromebooks and why does it matter? — Google is decoupling the Chrome browser from Chrome OS on Chromebooks. And it’s using Linux to do this.
• Update on Firefox Send and Firefox Notes — today we are announcing the end of life for two legacy services that grew out of the Firefox Test Pilot program: Firefox Send and Firefox Notes.
• Firefox for Android LAN-Based Intent Triggering — The SSDP engine in Firefox for Android (68.11.0 and below) can be tricked into triggering Android intent URIs with zero user interaction. This attack can be leveraged by attackers on the same WiFi network and manifests as applications on the target device suddenly launching, without the users' permission, and conducting activities allowed by the intent.
• Mozilla rolls out Firefox 81 on Android
• Microsoft submits Linux kernel patches for a 'complete virtualization stack' with Linux and Hyper-V — Linux on Azure might no longer need Windows
• All Jupiter Broadcasting Shows

Plus a new report about open source security, and more.

Support Linux Action News

Links:

• Microsoft: Linux Defender antivirus now in public preview — We're aiming to protect the modern workplace environment across everything that it is, being Microsoft or non-Microsoft.
• Microsoft Threat Protection stops attack sprawl and auto-heals enterprise
• Microsoft's Word, Excel and PowerPoint now live under one App
• Microsoft Works - Wikipedia
• Firefox releases an Android app for its VPN service — The Firefox Private Network VPN is powered by Mullvad VPN. Mullvad VPN claims that it won’t log and monitor user data, unlike many other VPN services.
• The Private Internet Access Android app is being open sourced
• IVPN applications are now open source
• Tom Scott video about VPNs
• Android 11 Developer Preview — All the changes we found from Android 10 so far.
• npm struggling to fund FOSS devs — Funding free software is 'still a very unsolved problem' says co-founder
• The Linux Foundation and Harvard’s Lab for Innovation Science Release Census for Open Source Software Security — New analysis identifies most widely used software and uncovers critical questions for the future of securing one of the world’s greatest shared resources
• The Linux Foundation identifies most important open-source software components and their problems — In its latest study, the Linux Foundation's Core Infrastructure Initiative discovered just how prevalent open-source components are in all software and their shared problems and vulnerabilities.
• Most-used libraries revealed
• The Linux Foundation and Harvard’s Lab for Innovation Science release census for open-source software security — Census II (run by Harvard) wanted to look at language-level packages. Their report discusses some of the challenges. One challenge of many is that the JavaScript environment strongly encourages tiny modules, with around 1/2 of all JavaScript packages having at most one function. As a result, when you start counting dependencies, there are *far* more dependencies in JavaScript (because each module does so little), and so JavaScript tends to dominate.

Plus why Ubuntu is taking the Windows Subsystem for Linux so seriously.

Support Linux Action News

Links:

• Canonical announces Ubuntu Pro for Amazon Web Services — New premium Ubuntu images with extended security, kernel live patching and more
• Introducing the Ubuntu AWS Rolling Kernel
• Canonical Announces "Ubuntu Pro" For AWS
• Canonical makes Ubuntu for Windows SubSystem for Linux a priority
• Amazon Announces Graviton2 SoC Along With New 64-Core Arm Instances — The new Graviton2 SoC is a custom design by Amazon’s own in-house silicon design teams and is a successor to the first-generation Graviton chip. The new chip quadruples the core count from 16 cores to 64.
• Graviton pulse - Memory Alpha
• AWS Goes All In On Arm-Based Graviton2 Processors
• Firefox 71 Released — Native MP3 decoding on Windows, Linux, and macOS
• Firefox 71 Linux Performance Isn't Looking All That Great
• Firefox Private Network Beta
• Firefox VPN Sign Up
• Mozilla launches the next phase of its Firefox Private Network VPN beta
• Avast Online Security and Avast Secure Browser are spying on you
• Mozilla updates DeepSpeech with an English language model that runs 'faster than real time'

Plus Google argues that keeping Huawei on their Android is better for all, and Chris gets sucked into Stadia.

Support Linux Action News

Links:

• Firefox Now Available with Enhanced Tracking Protection by Default — At Firefox, we’re doing more than that. We believe that in order to truly protect people, we need to establish a new standard that puts people’s privacy first.
• Relicensing CockroachDB — But our past outlook on the right business model relied on a crucial norm in the OSS world: that companies could build a business around a strong open source core product without a much larger technology platform company coming along and offering the same product as a service. That norm no longer holds.   
• Microsoft and Oracle link up their clouds — Microsoft and Oracle announced a new alliance today that will see the two companies directly connect their clouds over a direct network connection so that their users can then move workloads and data seamlessly between the two.
• Google is fighting to keep doing business with Huawei — Three sources told the Financial Times that Google's argument is that cutting ties with Huawei could pose a national security risk.
• Stadia details announced — Stadia games run on custom Linux-based server hardware maintained by Google, promising "10.7 teraflops of power in each instance." Game audio and video is streamed from those servers to a user's device, and inputs are streamed from the user to the server over a network of what Google says are "7,500 edge nodes" around the world.

Plus more good work by Mozilla, and the Chinese crackdown on Bitcoin mining.

Support Linux Action News

Links:

• The 6 most important announcements from Google Cloud Next 2019 — Anthos is the new name of the Google Cloud Services Platform, Google’s managed service for allowing enterprises to run applications in their private data center and in Google’s cloud.
• PowerShell growth fueled by Linux use — PowerShell Core usage has grown significantly in the last two years. In particular, the bulk of our growth has come from Linux usage
• Teaching machines to triage Firefox bugs
• Mozilla still on track to enable DNS-over-HTTPS by default in Firefox
• Protections Against Fingerprinting and Cryptocurrency Mining Available in Firefox Nightly and Beta
• Matrix suffers security breach — An attacker gained access to the servers hosting Matrix.org. The intruder had access to the production databases, potentially giving them access to unencrypted message data, password hashes and access tokens.
• Archive of deleted GitHub Issues lodged by the hacker
• Chinese government proposes ban on bitcoin mining — A Chinese ban on cryptocurrency mining would be a huge deal for the global bitcoin community.

Plus a new release of our favorite non-distro, GPL revoking debunking, and Android turns 10.

Support Linux Action News

Links:

• Android turns 10 — This was an era in which Android devices were responding to Apple, and not vice versa as we find today.
• Google's Project Zero criticises Linux distros for tardy kernel patches — Project Zero accuses Linux distributions of leaving users exposed to known kernel vulnerabilities for weeks.
• CVE-2018-17182 in Ubuntu — As of 2018-09-26, fixes for this issue are applied to all kernels uploaded to RELEASE-proposed today. and should be released around Monday, Oct 1, 2018.
• No, GPL can't be revoked — For anybody who has been concerned by the talk from a few outsiders about revoking GPL licensing, this new section in the Software Freedom Conservancy's copyleft guide is worth a read. Thus, anyone downstream of the contributor (which is anyone using the contributor’s code), has an irrevocable license from the contributor. A contributor may claim to revoke their grant, and subsequently sue for copyright infringement, but a court would likely find the revocation was ineffective and the downstream user had a valid license defense to a claim of infringement.
• KDE neon Rebased on Ubuntu 18.04 LTS — The KDE neon team is proud to announce the rebase of our packages onto Ubuntu 18.04 LTS "Bionic Beaver". We encourage all users to upgrade now. The installable ISOs and Docker images have also been updated to run on 18.04.
• At least half of Azure is running Linux — "it's about half now, but it varies on the day because a lot of these workloads are elastic, but sometimes slightly over half of Azure VMs are Linux." Microsoft later clarified, "about half Azure VMs are Linux."
• Firefox can now tell you when you get pwned — Mozilla is taking this a step further by also letting you sign up for alerts for when your accounts appear in any (known) breaches in the future.
• Mintcast needs new hosts — Rob and Isaac talk about ending their time doing the podcast and ask who would like to take over.
• Linux Academy Job Openings