Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Ting: Save $25 off your first device, or $25 in service credit if you bring one!

Support Linux Action News

Links:

• Linux has been bitten by its most high-severity vulnerability in years — Dirty Pipe has the potential to smudge people using Linux and Linux derivitives.
• Catalin Cimpanu on Twitter — “DirtyPipe (CVE-2022-0847) is a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit.
• Ron Amadeo on Twitter — “By my count, Dirty Pipe affects only brand-new Android 12 devices like the Pixel 6 and S22. Linux 5.8 and above has only been an Android option for five months."
• Canonical Patches “Dirty Pipe” Vulnerability in Ubuntu 21.10 and 20.04 LTS
• BLASTY on Twitter: “Hacked up a quick Dirty Pipe PoC that spawns a shell by hijacking (and restoring) the contents of a setuid binary.”
• The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
• AMD Posts Some New Linux Job Openings From Client CPU To Server — AMD would need a lot more Linux engineers to achieve the same level of timely Linux support and low-level kernel enhancements that Intel has been focused on for years, especially when it comes to Intel's open-source work beyond just the actual hardware device enablement.
• Introducing Native Matrix VoIP with Element Call! — What’s more, Element Call is built entirely on Matrix: it doesn’t need any additional servers to get going. You can run it against your existing Matrix homeserver to provide complete self-sovereignty… while still being able to talk to anyone else anywhere on the wider Matrix network! We will also be able to automatically use Matrix’s end-to-end encryption to secure all Element Call conferences
• call.element.io
• https://github.com/vector-im/element-call/issues
• Extending Matrix’s E2EE calls to multiparty
• Danielle Foré on Twitter — Okay it’s been a full month and this situation still isn’t resolved, and it sucks for you to just be completely in the dark and it’s pretty obvious something is up and people are asking what’s going on, so here is my side of the story 🧵
• Danielle gives an update on elementary Reddit Thread
• Jupiter Broadcasting East Coast Meetup

Sponsored By:

• Ting: Save $25 off your first device, or $25 in service credit if you bring one!
• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.

Support Linux Action News

Links:

• Nvidia is reportedly preparing to abandon its $40 billion takeover of Arm — The deal has faced close scrutiny from regulators around the world, who worry it would give Nvidia an unfair advantage in the semiconductor industry.
• SiFive Shifting Production Focus To Next-Gen HiFive Development Board — "With such great ecosystem adoption, demand has exceeded our already high expectations, and we’re close to selling out our production inventory. Given the challenge of supply chain issues that we overcame for the first run of these boards (issues that we continue to face), we’ve decided to focus on the next generation SiFive HiFive development systems rather than trying to put together another build of the HiFive Unmatched platform in 2022."
• Linux system service bug gives root on all major distros, exploit released — Qualys has uncovered a truly dangerous memory corruption vulnerability in polkit's pkexec, CVE-2021-4034. Polkit, formerly known as PolicyKit, is a systemd SUID-root program.
• Major Linux PolicyKit Security Vulnerability Uncovered: Pwnkit
• KDE-Powering Qt’s New Framework Lets Developers Bring Ads Into Their Apps — Qt, the framework that powers the KDE desktop, is announcing support for ads in client-side applications.
• Qt Digital Advertising Platform
• Steam Deck launches February 25, weekly purchase invites planned — Valve has today officially announced their Steam Deck handheld will launch officially on February 25.
• Steam Dynamic Cloud Sync — Dynamic Cloud Sync is now live on Steam, and it's a first for any gaming platform currently in operation. It appears to be inspired by a specific use case: playing your favorite PC game on the go via the Steam Deck, then resuming that same game later on your home PC.
• Valve sponsors more work to improve Linux graphics drivers

Plus the facts around RMS’s return to the FSF board, and our analysis of the situation.

Special Guest: Neil McGovern.

Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Ting: Save $25 off your first device, or $25 in service credit if you bring one!

Support Linux Action News

Links:

• GNOME 40 Release Notes — GNOME 40 is the latest version of GNOME, and is the result of 6 months’ hard work by the GNOME community. It contains major new features, as well as many smaller improvements and bug fixes. In total, the release incorporates 24571 changes, made by approximately 822 contributors.
• Feeling brave? GNOME 40 is here and you can have a poke around in the Fedora 34 beta
• GNOME 40
• GNOME 3.38.5 Released with Support for Handling Monitor Changes During Screencasts — Coming a month after the GNOME 3.38.4 point release the GNOME 3.38.5 update is here with more bug fixes and various improvements to make the GNOME 3.38 desktop environment series more stable, secure, and reliable.
• Forthcoming OpenSSL release — This release will be made available on Thursday 25th March 2021 between 1300-1700 UTC.
• CVE-2021-3450: CA certificate check bypass with X509_V_FLAG_X509_STRICT — Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check.
• Cloud CPU Benchmarking Report | Linode
• Run Windows on Linode
• RMS is Back — Free software advocate Richard Stallman is rejoining the board of the Free Software Foundation.
• An open letter to remove Richard M. Stallman from all leadership positions
• An open letter in support of Richard M. Stallman
• Free software advocates seek removal of Richard Stallman and entire FSF board | Ars Technica
• Statement on the Re-election of Richard Stallman to the FSF Board | Electronic Frontier Foundation
• Free Software Community Condemns Richard Stallman’s Reinstatement to FSF Board of Directors
• Richard Stallman returns to the Free Software Foundation
• SUSE joins open source bodies calling for Stallman to go
• From PS5 to Ford F-150: How a global chip shortage is 'impacting everything' — The biggest news in the automotive industry right now isn't new electric vehicles or Tesla CEO Elon Musk's latest comments. It's a major semiconductor shortage that's hurting automakers across the globe.
• [Video] How The Global Computer Chip Shortage Happened