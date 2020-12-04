Linux Weekly Roundup: Manjaro 20.2, KDE Plasma 5.20.4, Chromium as Flatpak
Here's this week's roundup series, curated for you from the Linux and open-source world on application updates, new releases, distribution updates, major news, and upcoming highlights. Have a look.
today's howtos
Review: Pop!_OS 20.10 and FuguIta 6.8
During the third week of October, immediately following the release of Ubuntu 20.10, I found myself downloading and testing, not only Canonical's flagship distribution, but also the various community editions of Ubuntu. One thing which kept drawing my attention, as I tested software and took screenshots, was that most of the community editions ran faster, smoother, and required less memory than Ubuntu's Desktop edition. Ubuntu MATE and Lubuntu in particular offered great performance, nice themes, and some friendly tools. At the time I was tempted to do a side-by-side comparison with Ubuntu 20.10 and one of its snappier community editions, but I was pressed for time and I wasn't sure any one-on-one comparison would be entirely fair since Ubuntu uses the comparatively heavy GNOME Shell desktop while most community editions use lighter desktops. Later on though I thinking about Ubuntu again and realized there was an opportunity to do a fair comparison with one of its close relatives, Pop!_OS. The Pop!_OS distribution (or "Pop" as I will refer to it in this review) is based on Ubuntu, uses most of the same software, and ships with the same GNOME 3.38 desktop environment. The differences are almost entirely in the configurations of the two distributions - which extensions are enabled, the front-end applications for managing software, themes, and installers. The underlying nuts and bolts are the same and I believed this would make for a fair and straight forward comparison. Pop!_OS does not list many changes on its website for version 20.10. It includes the ability to stack windows and to mark exceptions to make some windows free-floating. This provides users with a sort of hybrid tiling and free-floating window manager. The release announcement also mentions there is no need to reboot into NVIDIA graphics mode when in Hybrid Graphics mode if we wish to use an external monitor. Otherwise it does not look a though much has changed since we reviewed the distribution six months ago. In an attempt to keep this overview of Pop brief I will be focusing mostly on the differences between Ubuntu 20.10 and Pop!_OS 20.10 with the assumption most components and options will be the same. [...] Another project which interests me and I wanted to take a quick look at this week was FuguIta. FuguIta is a live operating system designed to be run from a DVD or USB thumb drive in order to test or rescue systems. The operating system ships with an optional graphical user interface. The FuguIta project is unusual in that it uses OpenBSD as its base. OpenBSD is commonly used in areas where lightweight computing and security are the primary focus and it is not often we see live utilities or platforms with graphical interfaces based on this hardened operating system. FuguIta is available in 32-bit (x86) and 64-bit (x86_64) builds. The project provides separate downloads for optical media and USB thumb drives. I downloaded the 64-bit build for both targets. The images are compressed and about 310MB in size when initially downloaded. Once the builds are unpacked they expand to around 960MB.
Garuda Linux "Imperial Eagle" (201205)
This time we focused on fixing some bugs & inconveniences as well as providing a more consistent, fresh look to some parts of the "Garuda experience". In order, you will find a refreshed look browsing our website, two new themes & improved existing ones for our forum, a sweetified Cinnamon & MATE theme while i3 is returning to its old look with Conky. Garuda network assistant and Garuda boot options were previously unthemed, now they correctly use the existing Kvantum theme. As some of you might have noticed, our garuda-* metapkgs were replaced by *-support packages. Since the plan was to move them to AUR rather than our GitLab the names had to be adjusted accordingly. Also, some of them were dropped entirely due to MWHD being responsible for VAAPI/VDPAU packages now too. As part of this update the standard kernel was changed from Linux-zen to Linux-tkg-bmq as this one has some advantages (read more here: https://github.com/Frogging-Family/linux-tkg) and performed better. There are also CPU specific versions of this one available on Chaotic-AUR. Along with the kernel change, the ISO names are now less confusing as the Lite tag was dropped (these are regular versions right now). As there were 2 KDE versions in the last release, KDE dr460nized became the new KDE standard edition.
The hypervisor advantage
Operating Systems (OSs) like Linux and Android are widely used in embedded systems but being large, complex and inevitably containing numerous flaws once compromised, an attacker can violate the security and take control of the whole system. A method for improving the security of these systems is to use a hypervisor based on a secure microkernel that guarantees separation between the system software components. The microkernel is a secure layer of software below the OS that runs at a higher privilege level than the OS and virtualizes the hardware resources, the hypervisor allows the guest OS to run as it would directly on hardware. Because of the higher privilege level, the integrity of the system remains intact even if the guest OS is compromised. A hypervisor that is designed to be secure and reliable from the ground up offers significant advantages over hardware for implementing low-level security. Also, it can provide multiple levels of privilege so that a service with sensitive data could run in an isolated “compartment”, or partition, alongside a service with less sensitive information. Since it is virtually impossible to test millions of lines of code, it is inevitable that Linux and Android will continue to contain security vulnerabilities and software bugs. Also, the increasingly interconnected nature of embedded systems allows hackers to exploit those vulnerabilities. To make such systems more secure, the first requirement is to lockdown and control capabilities of the whole device. Using a multilevel protection approach like Multiple Independent Levels of Security (MILS) is one way to ensure systems, running vulnerable operating systems, remain secure.
