Linux Lite 4.4 Slated for Release on April 1st, Based on Ubuntu 18.04.2 LTS
Based on the Ubuntu 18.04.2 LTS (Bionic Beaver) operating system, Linux Lite 4.4 will be released in a month from the moment of writing and promises to offer users an up-to-date live and installation media that also brings various minor changes to artwork with an updated Papirus icon theme and to software selection with the addition of the Sound Juicer CD ripper app.
However, the biggest change of this new development cycle for Linux Lite is the move from Beta releases to RC (Release Candidate) releases to match the build quality of pre-release images much better. The RC build number will be displayed on the default wallpaper, login screen, and boot splash screen, which will be removed in the final release.
7 of The Best Linux Distros in 2019
If you’re fresh to this whole Linux business, then it’s natural to feel a little overwhelmed if you’re migrating over from Windows or Mac OS. For that reason, you may want to start simple, and Linux Mint is just what you need. Mint comes packed with much of the software you need to get straight back into your workflow, such as LibreOffice and some decent onboard media software. You have a choice of four main desktop environments, with Cinnamon being the most Windows-like with its pseudo-Start menu (though MATE remains a popular choice too). It’s pretty light resource-wise, too, loading faster and using less memory than the all-popular Ubuntu. Mint is always in sync with the latest Ubuntu LTS releases, meaning you don’t need to worry about being left vulnerable during zero-day scares or malware outbreaks (well, no more so than the Ubuntu crew anyway). Keeping this in mind, some people might also recommend Ubuntu or Elementary OS, but we will stick with Linux Mint.
today's howtos
Thunderclap and Linux
Thunderbolt security has been in the news recently: researches presented a set of new vulnerabilities involving Thunderbolt which they named Thunderclap1. The authors built a "fake" network card2) and performed various DMA attacks and were able to temper with memory regions that their network card should have no access to whatsoever. In some way this is not all that surprising because the foundation of Thunderbolt are PCIe tunnels to external hardware and one of the reasons that PCIe is fast is because it can do direct memory access (DMA). The current primary defense against DMA attacks for Thunderbolt 3 are the security levels: if enabled (the default on most systems) it gives the software the ability to decide on a per device level to allow or deny PCIe tunnels (and with that potentially access to the all the memory via DMA)3. While not protecting from DMA attacks per se it protects from some — maybe the most — prominent threat scenarios4: 1) somebody plugging that evil device into your computer while you are away or 2) you have to plug in a device into your computer that you don't trust, i.e. a projector at a conference. On GNU/Linux boltd will authorize a plugged-in device only if an admin user is logged in and the screen is unlocked. For untrusted environments the authorization by boltd can be disabled, i.e. when you go to a conference, via the GNOME settings panel. The toggle is called "Direct Access" (see screenshot below).
