Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Kolide: Kolide can help you nail third-party audits and internal compliance goals with endpoint security for your entire fleet.

Support Linux Action News

Links:

• A new privilege escalation vulnerability in the Linux kernel — The vulnerability consists of a stack buffer overflow due to an integer underflow vulnerability inside the nft_payload_copy_vlan function, which is invoked with nft_payload expressions as long as a VLAN tag is present in the current skb.
• netfilter: nft_payload: add C-VLAN support · torvalds/linux@f6ae9f1
• CVE-2023-0179
• CVE-2023-0179- Red Hat Customer Portal
• [net,3/3] netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits - Patchwork
• oss-sec: Re: CVE-2023-0179: Linux kernel stack buffer overflow in nftables: PoC and writeup
• libvirt 9.0 Released For Latest Linux Virtualization API — Libvirt 9.0 adds support for external snapshot deletion with QEMU using its existing API, libvirt 9.0 with QEMU now supports PASST as "Plug A Simple Socket Transport" for connecting an emulated network device to the host's network, QEMU external back-end support for SWTPM as a software Trusted Platform Module (TPM), support for passing file descriptors rather than passing files for the QEMU disk, and other additions.
• JFS Filesystem’s Days are Numbered — IBM developed the JFS file-system originally in the 90's for AIX and the second-generation implementation then ported to Linux after it was made open-source.
• Firefox 109.0 Ships Manifest Version 3 — Manifest Version 3 (MV3) extension support is now enabled by default (MV2 remains enabled/supported). This major update also ushers an exciting user interface change in the form of the new extensions button.
• Here’s what’s going on in the world of extensions
• Manage your extensions using the extensions button in the toolbar
• Manifest v3 signing available November 21 on Firefox Nightly
• Google delays start of Manifest V2 Chrome extension deprecation — The original plan called for Chrome Beta, Dev, and Canary builds to start experiments that turned off Manifest V2 extension support. Additionally, Manifest V3 would be required to get the “Featured” badge in the Chrome Web Store. 
• Firefox 109 Adds New Extensions Button, Manifest V3 Support — The biggest new feature is the new Unified Extensions button in the toolbar.
• Chrome’s “Manifest V3” plan to limit ad-blocking extensions is delayed
• Chrome Users Beware: Manifest V3 is Deceitful and Threatening — Manifest V3, or Mv3 for short, is outright harmful to privacy efforts. It will restrict the capabilities of web extensions

Sponsored By:

• Jupiter Network Membership: Support the entire network, and get access to every member's special feed for every show on the network. Promo Code: thesignal
• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.

Support Linux Action News

Links:

• SUSE Linux Enterprise 15 SP4 Released - Switches To NVIDIA’s Open Kernel Driver — Notable with SLE 15 SP4, SUSE is already switching to using NVIDIA's open-source GPU kernel-mode driver that NVIDIA open-sourced last month
• openSUSE Leap 15.4 Released
• Element Call Beta 2 includes lots of exciting new updates! — In a walkie-talkie call, videos are disabled, and everyone is muted by default. To speak, press the ‘push-to-talk’ (PTT) button, either by pressing it on the screen or by holding the spacebar. The catch is that, just like a walkie-talkie or two-way radio, only one person can speak at a time. When someone else is speaking, your PTT button will be disabled, and if you try to push it you’ll hear a warning beep.
• Fedora and Ubuntu EOL announcements — If you are running Fedora 34, the time has come to move on; that distribution will reach the end of its support life on June 7. Users of Ubuntu 21.10 have a little longer, but that release loses support on July 14 and users should update to 22.04.
• Fedora 34 is going EOL in one week
• Ubuntu 21.10 reaches End of Life on July 14 2022
• HP Dev One Now Shipping — Unplug and work from any location. At 3.24 lbs, with up to 12 hours of battery life and an ultra-bright display, HP Dev One was made to perform on the go.
• Managed PostgreSQL and MongoDB are Here | Linode
• Apple will allow Linux VMs to run Intel apps with Rosetta in macOS Ventura — You can even use Rosetta with non-Apple Arm CPUs, though you probably shouldn't.
• Running Intel Binaries in Linux VMs with Rosetta
• Hector Martin on Twitter — “Huh, so Rosetta is now a Linux app. Without Linux kernel patches this can’t use any special M1 features, so if this runs significantly better than FOSS offerings that should help dispel the myth that “the M1 has magic make-Rosetta-fast features”.
• Longhorn on Twitter — Well. Rosetta 2 needs a quite recent CPU (post v8.2) to work because of the instructions used. Does it work on non-Apple arm64 CPUs? 🤔 Yes. (allows to settle the argument once and for all that this needs anything Apple specific outside of TSO support*. Answer is a no.)

Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Ting: Save $25 off your first device, or $25 in service credit if you bring one!

Support Linux Action News

Links:

• Linux has been bitten by its most high-severity vulnerability in years — Dirty Pipe has the potential to smudge people using Linux and Linux derivitives.
• Catalin Cimpanu on Twitter — “DirtyPipe (CVE-2022-0847) is a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit.
• Ron Amadeo on Twitter — “By my count, Dirty Pipe affects only brand-new Android 12 devices like the Pixel 6 and S22. Linux 5.8 and above has only been an Android option for five months."
• Canonical Patches “Dirty Pipe” Vulnerability in Ubuntu 21.10 and 20.04 LTS
• BLASTY on Twitter: “Hacked up a quick Dirty Pipe PoC that spawns a shell by hijacking (and restoring) the contents of a setuid binary.”
• The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
• AMD Posts Some New Linux Job Openings From Client CPU To Server — AMD would need a lot more Linux engineers to achieve the same level of timely Linux support and low-level kernel enhancements that Intel has been focused on for years, especially when it comes to Intel's open-source work beyond just the actual hardware device enablement.
• Introducing Native Matrix VoIP with Element Call! — What’s more, Element Call is built entirely on Matrix: it doesn’t need any additional servers to get going. You can run it against your existing Matrix homeserver to provide complete self-sovereignty… while still being able to talk to anyone else anywhere on the wider Matrix network! We will also be able to automatically use Matrix’s end-to-end encryption to secure all Element Call conferences
• call.element.io
• https://github.com/vector-im/element-call/issues
• Extending Matrix’s E2EE calls to multiparty
• Danielle Foré on Twitter — Okay it’s been a full month and this situation still isn’t resolved, and it sucks for you to just be completely in the dark and it’s pretty obvious something is up and people are asking what’s going on, so here is my side of the story 🧵
• Danielle gives an update on elementary Reddit Thread
• Jupiter Broadcasting East Coast Meetup

Plus, the new tech in SteamOS 3 that might make it a great desktop OS.

Sponsored By:

• Ting: Save $25 off your first device, or $25 in service credit if you bring one!
• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.

Support Linux Action News

Links:

• Raspberry Pi OS hits the bullseye — Raspberry Pi announced the release of a new version of Raspberry Pi OS (formerly Raspbian), which advances to the Debian 11 “bullseye” release.
• What’s new in RHEL 8.5 — Customers running Microsoft SQL Server on RHEL will see a number of enhancements to help configure, manage and operate RHEL more efficiently.
• Major Changes in 8.5
• Red Hat 8.5 released with SQL Server and .NET 6
• AlmaLinux OS 8.5 Stable Now Available — AlmaLinux OS 8.5 includes features and improvements to container tools to reduce friction and make the build and deploy processes more flexible, support for OpenJDK 17, additional OpenSCAP profiles for hardening and security compliance, new system roles, and Network Time Security (NTS) for NTP, amongst other additions and enhancement.
• Canonical Makes It Easier to Run Ubuntu VMs on Apple M1 Macs with Multipass — Multipass promises to offer Apple M1 MacBook developers interesting in developing apps for the Linux/Ubuntu desktop the fastest way to run Linux cross-platform, running a Ubuntu VM in as little as 20 seconds.
• Hector Martin on Twitter — Say hi to an M1 Pro 14" MacBook Pro running KDE Plasma 5 on Arch Linux ARM! Notch compatible! I made NVMe work today and decided it's time to properly install a distro ;)
• Hector Martin on Twitter: “It’s been running the glxgears demo (60% all-core CPU usage) all night, lid closed, no display sleep. It’s barely warm to the touch, and I can only hear the fan if I put my ear 15cm away from the vents. This is why I’m putting Linux on these machines :-) https://t.co/HPBDskirSf” / Twitter
• Big Btrfs Changes in the Works — I’m working on a large set of on-disk format changes to address some of the more painful parts of Btrfs’s design. There’s a lot of discrete changes here, but they’ll all go under the single umbrella of “extent-tree-v2.”
• On-Disk Format Changes Ahead To Improve “Painful” Parts Of Btrfs Design
• Steam Deck Release Pushed Back To February 2022 — For those that pre-ordered the Steam Deck your position in the queue remains, but is now all shifted back by approximately two months.
• Valve Shares New Steam Deck Details, Proton Update Available For Testing — Steam Deck will use an immutable root file-system, albeit can be changed for developers/enthusiasts wanting more control over the system state. The immutable root file-system approach is similar to the likes of Fedora Silverblue.
• Valve Says SteamOS 3.0 Will Be Available for Everyone to Download and Install
• Steam Deck Development Live Stream - YouTube
• Valve adds documentation for Steam Deck development, suggests Manjaro Linux for now

Plus, the essential RISC-V code landing in the Linux kernel.

Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Ting: Save $25 off your first device, or $25 in service credit if you bring one!

Support Linux Action News

Links:

• Asahi Linux On The Apple M1: “Usable As A Basic Linux Desktop” — With the progress made over the past month, "Asahi Linux is usable as a basic Linux desktop (without GPU acceleration)!"
• Progress Report: September 2021 - Asahi Linux
• Asahi Linux emits usable basic desktop on Apple’s M1
• Linux 5.16 KVM To Land RISC-V Hypervisor Support — Given that it's taken a while to freeze, there isn't yet any performant RISC-V processors out there actually implementing the complete extension and so for now and during development, it's been a function of running it on simulators.
• Canonical launches Ubuntu Frame, the foundation for embedded displays — Canonical announces the release of Ubuntu Frame, a solution that allows developers to easily build and deploy graphical applications for interactive kiosks, digital signage solutions, or any other products that require a graphical output.
• Ubuntu Frame is a secure display server for embedded systems
• Building graphical applications in embedded devices
• Software Engineer - Toolbox (containers / desktop / golang) — The Red Hat Desktop team is looking for a Software Engineer to join us. In this role, you will develop and maintain containerization technologies for software development like toolbox.
• SUSE Working on a CentOS Clone? — I like looking in dnf countme data to see the various distros requesting EPEL repos. There are often many weird distro names showing up in the single digits. But this one jumped out at me with 38 hits last week
• DNF Better Counting
• Index of /csv-reports/countme
• Extra Packages for Enterprise Linux (EPEL) — High-quality packages that have been developed, tested, and improved in Fedora available for RHEL and compatible derivatives such as CentOS and Scientific Linux.
• SUSE Has been Rebuilding RHEL Packages for Years
• Will Furnass on Twitter — “Interesting that CERN are proposing to adopt @CentOS Steam 8 for new systems"
• PowerPoint Presentation