Sponsored By:

• Kolide: Kolide can help you nail third-party audits and internal compliance goals with endpoint security for your entire fleet.
• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.

Support Linux Action News

Links:

• Android Gets RISC-Y — Google's keynote at the RISC-V Summit promises official, polished support.
• Keynote: The Android Open Source Project and RISC-V - Lars Bergstrom, Google Director of Engineering
• New Google Tool Goes Open — The OSV database is a distributed, open-source database that stores vulnerability information in the OSV format. The OSV-Scanner assesses a project's dependencies against the OSV database showing all vulnerabilities relating to the project.
• Ubuntu’s New Installer Milestone — With Ubuntu 23.04 "Lunar Lobster" in April that new desktop installer is poised to finally be used by default.
• HDR Beginning To Work For Linux Gaming — "New Linux gaming milestone: with the latest work from Josh Ashton, HDR can now be enabled for real games! Tested it tonight on my AMD desktop with Halo Infinite, Deep Rock Galactic, DEATH STRANDING DC. Very early and will still need some time to bake to be useful to most."
• Red Hat Planning HDR Hackfest
• GNOME Shell + Mutter 43 Alpha Released
• VKD3D-Proton 2.7 Released With Eight Months Worth Of Changes
• Google Home speakers allowed hackers to snoop on conversations — A bug in Google Home smart speaker allowed installing a backdoor account that could be used to control it remotely and to turn it into a snooping device by accessing the microphone feed.

Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Kolide: Kolide can help you nail third-party audits and internal compliance goals with endpoint security for your entire fleet.

Support Linux Action News

Links:

• Announcing the GNU Toolchain Infrastructure Project — Linux Foundation IT services plans for the GNU Toolchain include Git repositories, mailing lists, issue tracking, web sites, and CI/CD, implemented with strong authentication, attestation, and security posture. Utilizing the experience and infrastructure of the LF IT team that is already used by the Linux kernel community will provide the most effective solution and best experience for the GNU Toolchain developer community.
• Sourceware.org
• GNU Toolchain Plans Move To The Linux Foundation’s Infrastructure
• Two visions for the future of sourceware.org
• Plasma Mobile Gear Update — The Plasma Mobile team is happy to announce the developments integrated into Plasma Mobile between July-September 2022.
• The Work-In-Progress Rust-Written Apple DRM Driver Manages To Start Wayland’s Weston — After passing the initial spinning cube milestone this past weekend, Asahi Lina has been working on bringing up more of this reverse-engineered kernel DRM/KMS driver.
• Asahi Lina on Twitter — 🚀 Weston/Wayland works!!! 🚀 KDE doesn’t start all the way yet, but on X at least it showed the splash screen ^^
• Upgrade now to address E2EE vulnerabilities in matrix-js-sdk, matrix-ios-sdk and matrix-android-sdk2 — Two critical severity vulnerabilities in end-to-end encryption were found in the SDKs which power Element, Beeper, Cinny, SchildiChat, Circuli, Synod.im and any other clients based on matrix-js-sdk, matrix-ios-sdk or matrix-android-sdk2.
• Akamai Turns Linode Up Past 11
• Over the weekend, #MarsHelicopter successfully completed Flight 33 — The rotorcraft reached an altitude of 10 meters (33 ft) and traveled 111.24 meters (365 ft) in 55.2 seconds.
• There will be up to five flights in the 31-day test period. — The NASAPersevere rover will attempt to capture video of those flights.
• NASA’s Asteroid-Striking DART Mission Team Has JPL Members — JPL’s navigation section is experienced at getting spacecraft to faraway locations accurately.
• How JPL’s role in NASA’s DART asteroid impact could save the earth one day – Pasadena Star News
• DART’s Impact with Asteroid Dimorphos (Official NASA Broadcast)

Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Kolide: Kolide can help you nail third-party audits and internal compliance goals with endpoint security for your entire fleet.

Support Linux Action News

Links:

• Shikitega - AT&T Alien Labs — New stealthy malware targeting Linux
• LINUX Unplugged 474: Linux’s Malware Inevitability
• New Linux malware combines unusual stealth with a full suite of capabilities — "Threat actors continue to search for ways to deliver malware in new ways to stay under the radar and avoid detection," AT&T Alien Labs researcher Ofer Caspi wrote.
• New Linux malware evades detection using multi-stage deployment
• Shape-shifting cryptominer savaging Linux endpoints and IoT — The malware was dubbed "Shikitega" for its extensive use of the popular Shikata Ga Nai polymorphic encoder, which allows the malware to "mutate" its code to avoid detection. Shikitega alters its code each time it runs through one of several decoding loops that AT&T said each deliver multiple attacks, beginning with an ELF file that's just 370 bytes.
• Next-Gen Linux Malware Takes Over Devices With Unique Tool Set
• OpenWrt 22.03 Released With Updated Firewall, Support For 180+ New Devices - Phoronix
• [OpenWrt Wiki] OpenWrt 22.03.0 - First Stable Release - 6 September 2022
• Linux Foundation Announces Open Wallet Foundation — The Linux Foundation, a global nonprofit organization enabling innovation through open source, today announced the intention to form the OpenWallet Foundation (OWF), a new collaborative effort to develop open source software to support interoperability for a wide range of wallet use cases.
• Linux Foundation announces the OpenWallet Foundation to develop interoperable digital wallets
• Welcoming PyTorch to the Linux Foundation
• Facebook Transfers PyTorch AI Framework to Linux Foundation for Governance — Today we are more than thrilled to welcome PyTorch to the Linux Foundation. Honestly, it’s hard to capture how big a deal this is for us in a single post but I’ll try.
• PyTorch strengthens its governance by joining the Linux Foundation
• Google Pixelbook is no more, proving the world wasn’t ready for premium Chromebooks | TechRadar
• Linux Plumbers Conference - YouTube
• LPC 2022: Rust Linux Drivers Capable Of Achieving Performance Comparable To C Code - Phoronix
• IO_uring Continues To Prove Very Exciting: Promising io_uring_spawn Announced — It also continues to be relentlessly optimized by Jens Axboe and others for maximum performance potential. The latest innovation around IO_uring that was announced this week at Linux Plumbers Conference 2022 in Dublin is io_uring_spawn.
• An io_uring-based user-space block driver
• A pair of Rust kernel modules
• Compiling Rust with GCC: an update
• Mesa’s Rust OpenCL Implementation Merged
• Adding rusticl (!15439) · Merge requests · Mesa / mesa · GitLab
• LPC 2022 - Kernel Summit - Lansdowne - YouTube

Plus, some good news for the Desktop and systemd-homed gets one step closer.

Sponsored By:

• Ting: Save $25 off your first device, or $25 in service credit if you bring one!
• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Jupiter Network Membership: Support the entire network, and get access to every member's special feed for every show on the network. Promo Code: thesignal

Support Linux Action News

Links:

• GNOME 42 To Finally Allow Input Events To Happen Full-Rate — Up to now GNOME Shell has been compressing pointer motion events so they are synchronized to the monitor refresh rate, which can be anywhere from around 30 to 144 events per second depending upon display.
• An Eventful Instant – GNOME Shell & Mutter
• Do not throttle input in wayland event delivery
• FreeBSD 12.3-RELEASE Announcement — The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 12.3-RELEASE. This is the fourth release of the stable/12 branch.
• systemd 250 Is Coming With A Boat Load Of New Features — systemd 250 is packing a rather large number of new features and changes across the board for this dominant Linux init system and service manager.
• Log4Shell — RCE 0-day exploit found in log4j2, a popular Java logging package
• Apache - The ASF on Twitter — “Did you know that Ingenuity, the Mars 2020 Helicopter mission, is powered by Apache Log4j? https://t.co/gV0uyE1ylk #Apache #OpenSource #innovation #community #logging #services
• Tom (^-^) on Twitter
• Kevin Beaumont on Twitter — “Starting a new thread for log4j security vulnerability and fallout. Spoiler: although this emerged as a Minecraft issue (lol) there is going to be impacts across a wide range of enterprise software for some time.”
• Log4jAttackSurface MEMES

Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.

Support Linux Action News

Links:

• Element suspended on Google Play Store — At 2021-01-29 at 21:35 UTC Google suspended Element from the Play Store without warning or notification
• Element sees fivefold increase in signups after Whatsapp privacy debacle — After Whatsapp’s announcement, rival app Telegram reported a 500% increase in users and Signal saw an 18-fold increase in download numbers, putting it on track to cross 1m new users each day.
• Element team waiting hours — Update: we’re still waiting for a response from Google to our explanatory mail sent ~8 hours ago. Thanks all for your patience while we get this sorted...
• New Linux SUDO flaw lets local users gain root privileges — The issue is a heap-based buffer overflow exploitable by any local user (normal users and system users, listed in the sudoers file or not), with attackers not being required to know the user's password to successfully exploit the flaw. The vulnerability was introduced in the Sudo program almost 9 years ago, in July 2011.
• 10-year-old Sudo bug lets Linux users gain root-level access
• Buffer overflow in command line unescaping
• Sudo vulnerability allows attackers to gain root privileges on Linux systems (CVE-2021-3156) - Help Net Security — "This vulnerability is perhaps the most significant sudo vulnerability in recent memory (both in terms of scope and impact) and has been hiding in plain sight for nearly 10 years."
• New Linux Kernel Vulnerabilities Patched in All Supported Ubuntu Releases
• Mitre - CVE-2020-28374
• Red Hat Customer Portal: CVE-2020-28374
• Debian: CVE-2020-28374
• Ubuntu: CVE-2020-28374
• The killing of CentOS Linux: ‘The CentOS board doesn’t get to decide what Red Hat engineering teams do’ — Brian Exelbierd, responsible for Red Hat liaison with the CentOS project and a board member of that project, has told The Register that CentOS Linux is ending because Red Hat simply refused to invest in it.
• Rocky Linux gets a new sponsor—Gregory Kurtzer’s startup, Ctrl IQ — Rocky Linux is to be a beneficiary of Ctrl IQ's revenue, not its source—the company describes itself in its announcement as the suppliers of a "full technology stack integrating key capabilities of enterprise, hyper-scale, cloud and high-performance computing."
• Linux maintainer says long-term support for 5.10 will stay at two years unless biz world steps up and actually uses it — Linux kernel maintainer Greg Kroah-Hartman has responded to complaints that the current promise of two years for 5.10 is not enough, explaining that support is not automatic but requires commercial help.
• Rust Game Server One-Click App Linode — A free-for-all battle in a harsh open-world environment.