Language Selection

English French German Italian Portuguese Spanish

Linux

Sailfish OS Sipoonkorpi is now available

Filed under
OS
Linux

The release of Sailfish 3 has been a gratifying milestone for Jolla. Each new update completes the circle of the Sailfish 3 era, step by step, delivering new features and adding value to Sailfish OS.

This time, our name pick fell upon the woodlands of Sipoonkorpi. Sipoonkorpi is a 19 km² Finnish National park located in the municipalities of Helsinki, Vantaa and Sipoo. Sipoonkorpi is well known for its peaceful settings that combine nature and small villages to create an astonishing view.

Read more

Also: Sailfish OS "Sipoonkorpi" Brings Firewall Improvements, Redesigned Image Editing

LWN's Latest Linux Kernel Articles (Paywall Has Expired)

Filed under
Linux
  • The rest of the 5.0 merge window

    Linus Torvalds released 5.0-rc1 on January 6, closing the merge window for this development cycle and confirming that the next release will indeed be called "5.0". At that point, 10,843 non-merge change sets had been pulled into the mainline, about 2,100 since last week's summary was written. Those 2,100 patches included a number of significant changes, though, including some new system-call semantics that may yet prove to create problems for existing user-space code.

  • A setback for fs-verity

    The fs-verity mechanism, created to protect files on Android devices from hostile modification by attackers, seemed to be on track for inclusion into the mainline kernel during the current merge window when the patch set was posted at the beginning of November. Indeed, it wasn't until mid-December that some other developers started to raise objections. The resulting conversation has revealed a deep difference of opinion regarding what makes a good filesystem-related API and may have implications for how similar features are implemented in the future.
    The core idea behind fs-verity is the use of a Merkle tree to record a hash value associated with every block in a file. Whenever data from a protected file is read, the kernel first verifies the relevant block(s) against the hashes, and only allows the operation to proceed if there is a match. An attacker may find a way to change a critical file, but there is no way to change the Merkle tree after its creation, so any changes made would be immediately detected. In this way, it is hoped, Android systems can be protected against certain kinds of persistent malware attacks.

    There is no opposition to the idea of adding functionality to the kernel to detect hostile modifications to files. It turns out, though, there there is indeed some opposition to how this functionality has been implemented in the current patch set. See the above-linked article and this documentation patch for details of how fs-verity is meant to work. In short, user space is responsible for the creation of the Merkle tree, which must be surrounded by header structures and carefully placed at the beginning of a block after the end of the file data. An ioctl() call tells the kernel that fs-verity is to be invoked on the file; after that, the location of the end of the file (from a user-space point of view) is changed to hide the Merkle tree from user space, and the file itself becomes read-only.

  • Pressure stall monitors

    One of the useful features added during the 4.20 development cycle was the availability of pressure-stall information, which provides visibility into how resource-constrained the system is. Interest in using this information has spread beyond the data-center environment where it was first implemented, but it turns out that there some shortcomings in the current interface that affect other use cases. Suren Baghdasaryan has posted a patch set aimed at making pressure-stall information more useful for the Android use case — and, most likely, for many other use cases as well.

Systemd 241 Paired With Linux 4.19+ To Enable New Regular File & FIFO Protection

Filed under
Linux
Red Hat

The Linux 4.19 kernel brought the ability to disallow the opening of FIFOs and regular files not owned by the user in world-writable sticky directories in the name of security. Had this ability been around previously it could have prevented a number of CVEs going back a long time. In helping ensure this functionality gets utilized, Systemd 241 will now set these sysctl options to enable the behavior by default.

The restricted O_CREAT of FIFOs and regular files is not enforced by the kernel by default as it could be considered a breaking change but with systemd 241+ it sets the fs.protected_regular and fs.protected_fifos sysctls to enabled for having said functionality, similar to systemd's enforcing of hardlink/symlink protection. This protection is for avoiding unintentional writes to an attacker-controlled FIFO or regular file. That Linux 4.19 kernel commit notes at least a handful of security vulnerabilities that could have been prevented by this functionality with those CVEs going back to at least the year 2000.

Read more

Android-x86 8.1 Officially Released, Lets You Run Android 8.1 Oreo on Your PC

Filed under
Android
GNU
Linux
Google

The Android-x86 Project announced the general availability of the Android-x86 8.1-r1 stable release, a GNU/Linux distribution that lets you run Google's Android mobile operating system on your PC.
After entering development last year in June, the Android-x86 8.1 release, which is based on the latest Android 8.1 Oreo mobile operating system, saw two RC (Release Candidate) builds that allowed testers to try the upcoming OS on their PCs. Three months after the last RC build, the Android-x86 8.1 release is now finally stable and ready for mass adoption.

Software rendering is also possible on unsupported GPU devices with OpenGL ES 2.0 support via SwiftShader, and Android-x86 8.1 also comes with support for hardware accelerated codecs on devices powered by Intel HD and Intel G45 graphics cards series. For newer Intel and AMD GPUs, this release adds experimental Vulkan support available via Advanced options on the boot menu.

Read more

Also: The 15-minute Chromebook tune-up

Steam Play and More From Valve for GNU/Linux

Filed under
GNU
Linux
Gaming
  • Valve put out a new Steam beta client, plenty of Linux fixes and no more Steam Play zero-byte downloads

    Valve have put out their second beta update to the Steam client this year and this is actually a rather nice one.

    Firstly, the big annoyance of Steam Play titles always having a zero-byte download when you first load the Steam client has been solved. It will still do it once but when you update them again now, it won't happen again (confirmed that myself). While in reality it was a really minor issue, it was damn annoying so it's great to see it fixed.

    On top of that, Steam now supports ipv6 for "connections to download servers", DPI and screen size changes bugs were fixed, a new force quit option in the normal Steam Overlay if a game is frozen but the overlay still works that will be handy.

  • Steam Client Beta Updated With Many Linux Fixes, Vulkan Caching Updates

    Valve has just released their biggest Steam client beta update of the year so far for Linux gamers.

CTL Announces $300 Rugged Chromebook Tablet for the Education Market

Filed under
GNU
Linux
Google

The Chromebook Tablet (seriously though, why can’t get rid of the “book” in that title?) education revolution is here. Acer started it, ASUS got in on it, and now CTL is getting in the game. Here’s the skinny.

You’d be forgiven if your first thought was “…who is CTL?,” because honestly, they’re not as well known as some of the other companies that are active in the Chrome OS market. Still, they make some fantastic Chromebooks and Chromeboxes (see, we don’t say “Chromebook Desktop,” so why aren’t they called Chrometabs?) designed to be more robust than the average Chrome OS device.

Read more

Best Audio Editors For Linux

Filed under
GNU
Linux
Software

You’ve got a lot of choices when it comes to audio editors for Linux. No matter whether you are a professional music producer or just learning to create awesome music, the audio editors will always come in handy.

Well, for professional-grade usage, a DAW (Digital Audio Workstation) is always recommended. However, not everyone needs all the functionalities, so you should know about some of the most simple audio editors as well.

In this article, we will talk about a couple of DAWs and basic audio editors which are available as free and open source solutions for Linux and (probably) for other operating systems.

Read more

Deepin Linux 15.9 Released with Support for Touchscreen Gestures, Faster Updates

Filed under
Linux

Packed with all the updates that have been released through the official channels since Deepin 15.8, the Deepin 15.9 update is here to add support for multiple touchscreen gestures, including click, double click, long press to open the context menu, as well as slide up and down, an on-screen keyboard, and faster updates thanks to a new Smart Mirror Switch function.

The Deepin 15.9 release also brings some performance optimizations by making power management more efficient and convenient to laptop and desktop users alike. "Whether your computer is connected to power supply or not, you can easily change the monitor and computer suspend time for different scenarios," explained the devs in today's announcement.

Read more

LG smart TVs running webOS can now be rooted

Filed under
OS
Linux

Our “smart life” tech can be a bit restrictive at times. If you want to get a bit more out of it you can sometimes find a way to “root” or “jailbreak”. Usually when talking about these things we tend to refer to smartphones, tablets, or even a set-top box. Well, now you can root LG Smart TVs running the WebOS Linux-based operating system.

WebOS, a OS that was originally developed by Palm in 2009, is an operating system that LG uses in its consumer electronics portofolio – such as Smart TVs, refrigerators, and projectors.

Read more

Zipping files on Linux: the many variations and how to use them

Filed under
Linux
HowTos

Some of us have been zipping files on Unix and Linux systems for many decades — to save some disk space and package files together for archiving. Even so, there are some interesting variations on zipping that not all of us have tried. So, in this post, we’re going to look at standard zipping and unzipping as well as some other interesting zipping options.

Read more

Syndicate content

More in Tux Machines

Security: ThreadX, Kali Linux, Rocke and Data Loss

  • Vulnerabilities Found in Highly Popular Firmware for WiFi Chips
    WiFi chip firmware in a variety of devices used mainly for gaming, personal computing, and communication comes with multiple issues. At least some of them could be exploited to run arbitrary code remotely without requiring user interaction. The security flaws were discovered in ThreadX, a real-time operating system (RTOS) developed by Express Logic. The vendor claims on their website that ThreadX has over 6.2 billion deployments, being one of the most popular software powering Wi-Fi chips. The firmware is also powering the Avastar 88W8897 SoC (Wi-Fi + Bluetooth + NFC) from Marvell, present in Sony PlayStation 4 (and its Pro variant), Microsoft Surface (+Pro) tablet and laptop, Xbox One, Samsung Chromebook and smartphones (Galaxy J1), and Valve SteamLink.
  • Wolf Halton on what’s changed in tech and where we are headed
    The tech industry is changing at a massive rate especially after the storage options moved to the cloud. However, this has also given rise to questions on security, data management, change in the work structure within an organization, and much more. Wolf Halton, an expert in Kali Linux, tells us about the security element in the cloud. He also touches upon the skills and knowledge that should be inculcated in your software development cycle in order to adjust to the dynamic tech changes at present and in the future. Following this, he juxtaposes the current software development landscape with the ideal one.
  • Rocke coinminer disables cloud protection agents
    A group of hackers that specializes in infecting servers with cryptocurrency mining software has started disabling security software agents used in cloud environments to evade detection. Known as Rocke in the security industry, the group has been active since at least April 2018 and is known for exploiting critical vulnerabilities in web application frameworks and servers like Apache Struts, Oracle WebLogic and Adobe ColdFusion.
  • Malware used by “Rocke” group evolves to evade detection by cloud security products
  • Malware uninstalls cloud security products from Linux machines
    After removing the cloud security, the malware then proceeded to mine the monero cryptocurrency on its hosts.
  • I Nearly Lost All Of My Data!

    At this point I’m really worried. You see, I cancelled my off-site Amazon Glacier backups around 6 months ago. What are the chances of both a 4 disk RAID failing AND a USB drive at the same time? Not likely, I thought. Boy was I wrong

Solving the Year 2038 problem in the Linux kernel

Because of the way time is represented in Linux, a signed 32-bit number can't support times beyond January 19, 2038 after 3:14:07 UTC. This Year 2038 (Y2038 or Y2K38) problem is about the time data type representation. The solution is to use 64-bit timestamps. I started working on the problem while working as an Outreachy intern for kernel developer Arnd Bergmann. Outreachy is a benevolent program that helps new programmers get into kernel development. The mentors for the kernel projects are usually experienced kernel developers like Arnd. Read more

Booting Linux faster

Of all the computers I've ever owned or used, the one that booted the quickest was from the 1980s; by the time your hand moved from the power switch to the keyboard, the BASIC interpreter was ready for your commands. Modern computers take anywhere from 15 seconds for a laptop to minutes for a small home server to boot. Why is there such a difference in boot times? A microcomputer from the 1980s that booted straight to a BASIC prompt had a very simple CPU that started fetching and executing instructions from a memory address immediately upon getting power. Since these systems had BASIC in ROM, there was no loading time—you got to the BASIC prompt really quickly. More complex systems of that same era, such as the IBM PC or Macintosh, took a significant time to boot (~30 seconds), although this was mostly due to having to read the operating system (OS) off a floppy disk. Only a handful of seconds were spent in firmware before being able to load an OS. Read more

Akira: The Linux Design Tool we’ve always wanted?

Akira wants to create an awesome design tool for Linux that could compete with the likes of Figma, Sketch and Adobe XD. They need your help to achieve this goal. Read more