Language Selection

English French German Italian Portuguese Spanish

Linux

Red Hat Enterprise Linux and CentOS Now Patched Against Latest Intel CPU Flaws

Filed under
Linux
Red Hat
Security

After responding to the latest security vulnerabilities affecting Intel CPU microarchitectures, Red Hat has released new Linux kernel security updates for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 operating systems to address the well-known ZombieLoad v2 flaw and other issues. The CentOS community also ported the updates for their CentOS Linux 6 and CentOS Linux 7 systems.

The security vulnerabilities patched in this new Linux kernel security update are Machine Check Error on Page Size Change (IFU) (CVE-2018-12207), TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135), Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154), and Intel GPU blitter manipulation that allows for arbitrary kernel memory write (CVE-2019-0155).

Read more

Lenovo X1 Extreme 2nd Generation To Have Better Touchpad Input On Linux 5.4

Filed under
Linux

The Synaptics RMI(4) mode is the modern protocol used by the hardware for touch input handling and should yield a better input experience for users with less quirks.

With the enabling of RMI mode for this laptop just requiring its LEN0402 ID to be added to a list, it was safe for the current Linux 5.4 cycle (and for back-porting to stable series) rather than needing to wait for Linux 5.5.

Read more

AMD OverDrive and EXT4 in Linux 5.5

Filed under
Linux
  • AMD OverDrive Overclocking To Finally Work For Radeon Navi GPUs With Linux 5.5 Kernel

    While most Linux gamers don't appear to be into GPU overclocking, one of the limitations of the Radeon RX 5000 "Navi" series support with the AMD open-source driver to date has been no overclocking support. With the upcoming Linux 5.5 kernel that is set to change.

    With the Linux 5.5 kernel there is slated to be the "OverDrive" overclocking support in place for Navi graphics processors with the AMDGPU kernel driver.

  • EXT4 On Linux 5.5 To Support Encryption On Smaller Block Sizes

    For the past four years going back to Linux 5.5 has been EXT4 native file-system encryption making use of the kernel's FSCRYPT framework that is shared between several file-systems. That support has continued to improve with time and with Linux 5.5 another limitation will be dropped.

    One of the lingering limitations of the EXT4 encryption code is that it hasn't worked where the file-system block size is different from the system's page size. But beginning with Linux 5.5, a different block size compared to the kernel's page size will be supported while still allowing encryption to be enabled. Namely this will help those preferring non-default block sizes for better efficiency on different storage devices or other reasons.

Top 15 Best Security-Centric Linux Distributions of 2019

Filed under
GNU
Linux
Security

Being anonymous on the Internet is not particularly the same as surging the web safely, however, they both involve keeping oneself and one’s data private and away from the prying eyes of entities that may otherwise take advantage of system vulnerabilities in order to harm targeted parties.

There is also the risk of surveillance from the NSA and several other top-level organizations and this is why it is good that developers have taken it upon themselves to build privacy-dedicated distros that host an aggregate of tools that enable users to achieve both online autonomy and privacy.

In as much as these privacy-centric Linux distros are targetted at a niche in the Linux community, many of them are robust enough to be used for general-purpose computing and many more can be tweaked to support requirements for virtually any specific user base.

A common factor across almost all privacy-centric Linux distros is their relationship with Tor given that many of them come with Tor’s solid anonymity network service built-in and this, in turn, gives users an environment for them to live in safely without any data logs whatsoever, unlike most VPN providers that will still log your real IP address while still being able to see whatever data you may be transmitting at the point of exit of VPN servers.

Read more

Fedora, Slackware and OpenSUSE Tumbleweed

Filed under
GNU
Linux
  • Fedora Community Blog: FPgM report: 2019-46

    Here’s your report of what has happened in Fedora Program Management this week. Fedora 29 will reach end of life on 26 November. Elections voting begins next week. Candidates must submit their interviews before the deadline or they will not be on the ballot.

  • Slackware November ’19 release of OpenJDK 8

    Today, icedtea-3.14.0 was released. IcedTea is a software build framework which allows easy compilation of OpenJDK.

    The new IcedTea release will build you the latest Java8:  OpenJDK 8u232_b09. This release syncs the OpenJDK support in IcedTea to the official October 2019 security fixes that Oracle released for Java. The release announcement in the mailing list for distro packagers has details about all the security issues and vulnerabilities that are addressed.

    I have built Slackware packages for the new Java 8 Update 232 and uploaded them already. Please upgrade at your earliest convenience. Java is still widespread which makes it a popular target for vulnerability attacks.

  • Dominique Leuenberger: openSUSE Tumbleweed – Review of the week 2019/46

    This has been a busy week, with 5 successfully tested snapshots delivered to you, the users (1107, 1109, 1110, 1111 and 1112).

Linux and Graphics: Kernel Headers, Linux 5.5, NUVIA and Wayland

Filed under
Graphics/Benchmarks
Linux
  • What's a kernel headers package anyway

    I've written before about what goes into Fedora's kernel-devel package. Briefly, it consists of files that come out of the kernel's build process that are needed to build kernel modules.

    In contrast to kernel-devel, the headers package is for userspace programs. This package provides #defines and structure definitions for use by userspace programs to be compatible with the kernel. The system libc comes with a set of headers for platform independent libc purposes (think printf and the like) whereas the kernel headers are more focused on providing for the kernel API. There's often some overlap for things like system calls which are tied to both the libc and the kernel. Sometimes the decision to support them in one place vs the other comes down to developer choices.

    While the in-kernel API is not guaranteed to be stable, the userspace API must not be broken. There was an effort a few years ago to have a strict split between headers that are part of the userspace API and those that are for in-kernel use only.

    Unlike how kernel-devel gets packaged, there are proper make targets to generate the kernel-headers (thankfully). make headers_install will take care of all the magic. These headers get installed under /usr/include

  • Linux 5.5 To Finally Kill The Async Block Cipher API In Favor Of SKCIPHER

    The crypto code within the Linux kernel for the upcoming 5.5 cycle finishes converting the drivers to making full use of the four-year-old SKCIPHER interface so that the old ABLKCIPHER code can be removed.

    SKCIPHER was introduced in 2015 to the mainline kernel to ultimately replace BLKCIPHER/ABLKCIPHER. This "symmetric key cipher" interface is a generic encrypt/decrypt wrapper for ciphers.

  • NUVIA To Make Serious Play For New CPUs In The Datacenter, Hires Linux/OSS Veteran

    Making waves this afternoon is word of the NUVIA server CPU start-up landing its series A funding round and thus making more information known on this new silicon start-up.

  • WXRC Is The Wayland XR Compositor For VR Headsets

    Drew DeVault of Sway/WL-ROOTS notoriety and longtime Wayland developer Simon Ser have started development on WXRC, a new Wayland compositor.

    WXRC is the Wayland XR Compositor and is based on OpenXR and the open-source Monado implementation. This is better than the past Linux VR desktop efforts we've recently seen that relied on SteamVR. As of this week, WXRC has working 3D Wayland clients.

Events: The Linux App Summit (LAS), Capitole du Libre and Lakademy

Filed under
GNU
Linux
  • LAS 2019, Barcelona

    The Linux App Summit (LAS) is a great event that bring together a lot of linux application developers, from the bigger communities, it's organized by GNOME and KDE in collaboration and it's a good place to talk about the Linux desktop, application distribution and development.

  • Capitole du Libre 2019

    The Capitole Du Libre is a french event that takes place at INP-ENSEEIHT in Toulouse. It is an event dedicated to free and open source softwares. The Capitole Du Libre 2019 will happen this weekend on 16th-17th November.

    There will be a Debian booth with the DebianFrance team, I will be there to help them. A lot of interesting talks will be presented, see the schedule here.

  • First Day of Lakademy

    Next day, we got up early to move to the Universidade Federal da Bahia and began the Lakademy. Some members went to buy some groceries and some went directly and prepared the room. After a round of presentations, Lakademy was declared online! I spent most of the time reviewing ROCS code and wrote some fixes for redundant code and a problem with the interface that was introduced in the last commits. After that, I listed some tasks that could be done this week. We ended the first day with some good drinks in some fun places in Salvador. Smile

Audiocasts/Shows: Linux Journal People, Linux Headlines and Python Bytes

Filed under
GNU
Linux

Updates on Librem 5 Shipping and Development

Filed under
GNU
Linux
Gadgets
  • Librem 5 Birch’s 10kΩ Resistor Fun, Devices Prepping for Shipping

    Purism is working to solve no shortage of problems; making a phone with a never-before used CPU for mobile, to authoring an entire mobile OS, to designing the hardware from scratch. Not to forget forging a social purpose company, avoiding toxic funding, and solving digital civil rights by creating products that are convenient to use and look good. All because of your continued support.

    Many of our customers are interested in what goes on behind the scenes when making a phone, so we wanted to share for transparency the kinds of issues that can come up. For instance, with our Birch batch, we sent our hardware engineers the very first phones off of the line ahead of schedule so they could perform quality control testing. We discovered a 10kΩ resistor was missing from the PCBA!

  • The Librem 5 "Birch" Batch Was Missing A Resistor But Now Fixed

    Librem 5 "Birch" batch was supposed to be shipping from 29 October to 26 November. They are now preparing to start shipping this second iteration of the Librem 5 Linux smartphone after early units in this batch were missing a resistor.

    The missing resistor on the Librem 5 phone PCB led to a non-working USB port. It's not clear how the resistor ended up missing from this batch or if it had been in place for the Aspen batch or not.

  • Librem 5 October 2019 Software Update

    The Librem 5 software team were busy in October, improving power consumption and heat generation through kernel and driver changes. The team also refactored and improved integration between various apps by using libfolks as a common foundation, added new features to keyboard, Settings, Shell and Compositor and squashed many bugs.

  • Purism Outlines Librem 5 Software Work During October - Including Battery / Thermal

    Purism has finally published their blog post outlining the software work they accomplished during October on bringing up the Librem 5 smartphone.

    October's software efforts included kernel items like working to improve the battery life and reduce the heat output of the work-in-progress Librem 5 as well as maturing their user-space components.

Security Leftovers

Filed under
Linux
Security
  • How the Linux kernel balances the risks of public bug disclosure

    Last month a serious Linux Wi-Fi flaw (CVE-2019-17666) was uncovered that could have enabled an attacker to take over a Linux device using its Wi-Fi interface. At the time it was disclosed Naked Security decided to wait until a patch was available before writing about it.

    Well, it’s been patched, but the journey from discovery to patch provides some insights into how the Linux open-source project (the world’s largest collaborative software development effort) manages bug fixes and the risks of disclosure.

  • New NextCry Ransomware Encrypts Data on NextCloud Linux Servers
  • Using Nmap For Port Scanning + Other Tools to Use

    Nmap is a well-known utility that is bundled with many Linux distributions and that is also available for Windows and several other platforms. Essentially a scanning and mapping tool, there’s a lot that Nmap can do for you.

    Today, we’re having a look as using Nmap for port scanning which, incidentally, is the tool’s primary usage. Port scanning is an essential task of network management as it ensures that no backdoors are left unaddressed. It is one of the most basic forms of securing the network.

    Before we get into the how-to part of this post, we’ll sidetrack a little and first introduce Nmap and its GUI cousin Zenmap. We’ll then explain what ports are and how you need to be careful not to leave unused ports open on your devices. Then, we’ll get to the essence of this post and show you how to use Nmap for port scanning. And since there are quite a few other tools that can be viable alternatives to Nmap for port scanning—some of them much better or easier to use tools—we’ll finally review some of the very best Nmap alternatives for port scanning.

Syndicate content