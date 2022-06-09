The 4K Linux laptops are coming and it looks like we will soon be able to buy one from Star Labs, which are known for their powerful StarLite and StarBook Linux notebooks, as well as the Byte mini PC. Today, Star Labs took to Twitter to tease us with an upcoming Linux-powered laptop, the Star Labs StarFighter, which promises to ship with a 15.6-inch 4K 10-bit matte IPS display, 45W AMD or Intel processors, up to 64GB RAM, and up to 2TB SSD storage.

The Linux Kernel is a brilliant piece of software engineering. At more than a million lines of code, it is arguably one of the most complex programs that is still in active development today. Since the late 1990s, the Linux kernel has been used in both computationally intensive projects as well as barebones embedded applications. Despite all of that, the Linux kernel is just a program that serves as a link between the hardware in your computer and the software that you use everyday. It is what allows you to use a wide range of devices for the programs that you use on a daily basis. One example of this hardware-software linking is the Advanced Linux Sound Architecture (ALSA). ALSA is a sound driver framework that is built-in to the Linux kernel. It allows you, among other things, to easily install a sound card and configure it to immediately run with your favorite program.

Security Leftovers Security updates for Friday [LWN.net] Security updates have been issued by Debian (firefox-esr, isync, kernel, and systemd), Fedora (chromium, curl, firefox, golang-github-vultr-govultr-2, and xen), Mageia (openssl, python-bottle, and python-pyjwt), Red Hat (compat-openssl10, curl, expat, firefox, go-toolset-1.17 and go-toolset-1.17-golang, go-toolset:rhel8, kernel, kpatch-patch, libarchive, libgcrypt, libinput, libxml2, pcre2, php:7.4, php:8.0, qemu-kvm, ruby:2.6, thunderbird, and vim), and Ubuntu (curl, libjpeg6b, and vim).

Microsoft Azure FabricScape Bug Let Hackers Hijack Linux Clusters [Ed: Microsoft media operatives and Microsoft-connected sites are quick to blame "Linux" for a Microsoft proprietary software issue; Microsoft hates Linux and constantly defames Linux. Jim Zemlin is in bed with the enemy.]

Analyzing the Swiss E-Voting System [Ed: Voting machines will never work properly or reliably, more so if they run proprietary software in the stack and aren't audited at a binary level by multiple independent auditors. Use traditional paper ballots instead.] Andrew Appel has a long analysis of the Swiss online voting system. It’s a really good analysis of both the system and the official analyses.

How to Assess an E-voting System If I can shop and bank online, why can’t I vote online? David Jefferson explained in 2011 why internet voting is so difficult to make secure, I summarized again in 2021 why internet voting is still inherently insecure, and many other experts have explained it too. Still, several countries and several U.S. states have offered e-voting to some of their citizens. In many cases they plunge forward without much consideration of whether their e-voting system is really secure, or whether it could be hacked to subvert democracy. It’s not enough just to take the software vendor’s word for it. Switzerland is a country that wanted to do it right, fumbled, and in the process learned that an important part of getting it right is a careful (and expensive) study, that’s independent of the vendor selling the system, and independent of the governmental body that’s purchasing the system. The study wasn’t particularly expensive—about half a million Swiss francs, which is about half a million US dollars—but that’s half a million that most U.S. states or other countries have not spent before rushing to deploy a system. After the study, the Swiss government’s conclusion was, “The e-voting system currently being developed by Swiss Post has been significantly improved. However, further developments, some of them substantial, are still required.”

CISA Adds One Known Exploited Vulnerability to Catalog [Ed: This is all about Microsoft, but the page totally fails to name it even once until the third paragraph! The title too could be improved. I saw almost 10 headlines saying CISA warns about "Linux" in the past few days, but: 1) it was patched months ago; 2) it's privilege escalation; 3) they miss the bigger issues listed by CISA; 4) they are Microsoft boosters doing this; 5) it is systemd, not Linux.] Original release date: July 1, 2022 CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.