pnutzh4x0r

joined 1 year ago
sorted by: new top controversial old
103
Linux Mint 22.1 Slated for Release in December with Revamped Cinnamon Theme (9to5linux.com)
 

The Linux Mint 22.1 distribution was slated for release in December 2024 with a revamped Cinnamon theme and better package management.

Slated for release in December 2024, near the Christmas holidays, Linux Mint 22.1 will ship with the soon-to-be-released Cinnamon 6.4 desktop environment featuring a revamped theme that’s much darker and contrasted than before, rounded elements, redesigned dialogs, and a gap between the applets and the panel.

More from the Mint Monthly News: September 2024

The transition towards Aptkit and Captain is now finished. Starting with Linux Mint 22.1, set to be released this December, none of our projects will depend on aptdaemon, synaptic, gdebi or apturl anymore.

Ok guys, who games on an IoT version of Ubuntu? in c/linuxmemes@lemmy.world
[–] pnutzh4x0r@lemmy.ndlug.org 159 points 4 days ago (3 children)

I think the "Ubuntu Core 22" means it is the snap based version of Steam rather than the deb version.

If you look at the snapcraft.yaml for the Steam snap, it uses core22 as its base.

54
OpenPrinting News Flash - cups-browsed Remote Code Execution vulnerability (openprinting.github.io)
 

Exploit of a combination of several bugs - Overhyped but not that severe - Fixes already available

...

Canonical’s security team has acted immediately to quickly apply the patches which Michael Sweet (author and maintainer of CUPS) had already prepared for CUPS, cups-browsed, libcups-filters, libppd, and cups-filters (in the time from the first report until then I was some days off and I was also on the Open Source Summit Europe, thanks, Michael Sweet, for stepping in, also thanks to Zdenek Dohnal from Red Hat) to the appropriate in all supported Ubuntu versions, so that at the time of disclosure most fixes were already in place. They also reported in an Ubuntu blog. They tell users what to do, from turning off cups-browsed or at least its legacy CUPS browsing support to updating their systems as the fixes were already available. Thanks a lot to Seth Arnold, Marc Deslauriers, Diogo Sousa, Mark Esler, Luci Stanescu, and more.

...

The X post really overhyped the vulnerability. Attacks from the internet are not very probable due to the fact that servers on the internet do not have cups-browsed and CUPS installed and CUPS/cups-browsed setups are there usually only in NAT-protected local networks with desktop machines and print servers. And the remote code execution is also rather restricted, as CUPS filters are not running as root, but as the system user “lp” which cannot even read user’s home directories. In addition, the remote code execution only happens when a user actually prints a job on the fake printer. Actually assigned scores ended up between 8.4 and 9.1.

Unauthenticated RCE Flaw With CVSS 9.9 Rating For Linux Systems Affects CUPS in c/linux@lemmy.ml
[–] pnutzh4x0r@lemmy.ndlug.org 9 points 1 week ago* (last edited 1 week ago)

Looks like a number of patches are landing in Ubuntu to address this: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/2082335

Update: CUPS Remote Code Execution Vulnerability Fix Available

116
Unauthenticated RCE Flaw With CVSS 9.9 Rating For Linux Systems Affects CUPS (www.phoronix.com)
 

There's been talk of this unauthenticated RCE vulnerability coming with a CVSS 9.9 rating but none of the technical details were publicly known until it was made public just now at the top of the hour. Simone Margaritelli discovered this vulnerability and has shared a write-up around this potentially very impactful Linux vulnerability.

This vulnerability, fortunately, doesn't affect the Linux kernel but rather CUPS... The print server commonly used on Linux systems and other platforms.

...

From Attacking UNIX Systems via CUPS, Part I:

"A remote unauthenticated attacker can silently replace existing printers’ (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer)."

...

This remote code execution issue can be exploited across the public Internet via a UDP packet to port 631 without needing any authentication, assuming the CUPS port is open through your router/firewall. LAN attacks are also possible via spoofing zeroconf / mDNS / DNS-SD advertisements.

Besides CUPS being used on Linux distributions, it also affects some BSDs, Oracle Solaris, Google Chrome OS, and others.

As of writing there is no Linux fix available for this high profile security issue. In the meantime it's recommended to disable and remove the "cups-browsed" service, updating CUPS, or at least blocking all traffic to UDP port 631.

130
COSMIC Alpha 2 Released (blog.system76.com)
 

cross-posted from: https://lemmy.ndlug.org/post/1167059

COSMIC’s Alpha 2 release builds upon that work with functionality built out for Files, additional Settings pages, considerable infrastructure work for screen reader support+, and some highly requested window management features. System76 is ecstatic at the level of excitement and collaboration so far with alpha testers and early app & applet developers, and we look forward to seeing what comes from these new additions.

...

The second COSMIC alpha will be released on September 26th. Those participating in Alpha 1 on Pop!_OS can simply update through the COSMIC App Store to transition. This alpha will be followed by monthly alpha releases until all core features have been built out.

More coverage:

36
COSMIC Alpha 2 Released (blog.system76.com)
 

COSMIC’s Alpha 2 release builds upon that work with functionality built out for Files, additional Settings pages, considerable infrastructure work for screen reader support+, and some highly requested window management features. System76 is ecstatic at the level of excitement and collaboration so far with alpha testers and early app & applet developers, and we look forward to seeing what comes from these new additions.

...

The second COSMIC alpha will be released on September 26th. Those participating in Alpha 1 on Pop!_OS can simply update through the COSMIC App Store to transition. This alpha will be followed by monthly alpha releases until all core features have been built out.

More coverage:

31
Mozilla’s brand update gives its old T-Rex logo a fresh new look (www.theverge.com)
 

Mozilla has overhauled its branding to pay homage to its Netscape roots and better distinguish the wider organization from its Firefox web browser. The most notable change is to the company’s logo: what was previously a sans-serif wordmark styled as “Moz://a” has been updated to correctly spell out the Mozilla name, featuring a new customized typeface and an M-shaped flag.

According to Mozilla, the flag symbolizes the brand’s “activist spirit.” That fits with the image that the Mozilla Foundation, which is leading the company, is attempting to build: describing itself as “a non-profit organization that promotes openness, innovation, and participation on the Internet” and regularly releasing privacy reports that investigate tech companies’ policy and security practices.

44
The more maintainers are paid, the more improvements they make to their projects (blog.tidelift.com)
 

cross-posted from: https://lemmy.ndlug.org/post/1153465

In the second finding of the 2024 Tidelift state of the open source maintainer survey, we found that the more maintainers are paid, the more improvements they make to their projects.

...

In the previous finding, we reported that 60% of maintainers describe themselves as unpaid hobbyists, and 36% of maintainers describe themselves as paid (professional or semi-professional) maintainers, earning some or all of their income from their open source work.

...

When you break down the paid maintainers into professional (earning most or all of their income from their maintenance work) and semi-professional (earning some of their income from maintaining projects), it becomes clear that the amount of money a maintainer is making for their work has a large impact on the types of improvements they are able to make. Across nearly all major categories, professional maintainers are on average over 20 percentage points more likely to make key improvements to their projects than semi-professional maintainers.

...

In the previous study, 81% percent of professional maintainers earning most or all of their income from maintaining projects spend more than 20 hours a week maintaining their projects. This year, the percentage was nearly identical (82%).

Conversely, in last year’s survey, we found that the vast majority of unpaid hobbyists spend ten hours or less per week on their maintenance work (81%). This percentage also stayed consistent in this year’s survey, with 78% of unpaid hobbyist maintainers working ten hours or less per week.

...

We’ve heard from many maintainers that how they are paid for their work also matters. For many maintainers there is a huge difference between getting a one-time “airdrop” of money, perhaps right after a high profile incident where people are paying attention to their projects, compared to ongoing recurring income that they can count on. So this year for the first time we asked maintainers to tell us whether they would prefer to get predictable monthly income or a one-time lump payment.

An overwhelming majority of maintainers prefer to receive predictable monthly income, with 81% choosing that option.

95
The more maintainers are paid, the more improvements they make to their projects (blog.tidelift.com)
 

In the second finding of the 2024 Tidelift state of the open source maintainer survey, we found that the more maintainers are paid, the more improvements they make to their projects.

...

In the previous finding, we reported that 60% of maintainers describe themselves as unpaid hobbyists, and 36% of maintainers describe themselves as paid (professional or semi-professional) maintainers, earning some or all of their income from their open source work.

...

When you break down the paid maintainers into professional (earning most or all of their income from their maintenance work) and semi-professional (earning some of their income from maintaining projects), it becomes clear that the amount of money a maintainer is making for their work has a large impact on the types of improvements they are able to make. Across nearly all major categories, professional maintainers are on average over 20 percentage points more likely to make key improvements to their projects than semi-professional maintainers.

...

In the previous study, 81% percent of professional maintainers earning most or all of their income from maintaining projects spend more than 20 hours a week maintaining their projects. This year, the percentage was nearly identical (82%).

Conversely, in last year’s survey, we found that the vast majority of unpaid hobbyists spend ten hours or less per week on their maintenance work (81%). This percentage also stayed consistent in this year’s survey, with 78% of unpaid hobbyist maintainers working ten hours or less per week.

...

We’ve heard from many maintainers that how they are paid for their work also matters. For many maintainers there is a huge difference between getting a one-time “airdrop” of money, perhaps right after a high profile incident where people are paying attention to their projects, compared to ongoing recurring income that they can count on. So this year for the first time we asked maintainers to tell us whether they would prefer to get predictable monthly income or a one-time lump payment.

An overwhelming majority of maintainers prefer to receive predictable monthly income, with 81% choosing that option.

303
Element X, Call and Server Suite are production ready (element.io)
 

Element is launching the world’s first communications platform based on the upcoming Matrix 2.0 release. The result is blazing performance which outperforms the mainstream alternatives - across a decentralised system that enables self-hosting and end-to-end encryption - as well as open standard interoperability to revolutionise real time communication between large organisations.

Built on Matrix 2.0, Element X now rivals the performance of centralised consumer messaging apps, empowering organisations to address the shadow IT issues caused by consumer-grade messaging apps in the workplace.

The new Element communications solution consists:

  • Element X, our next-gen app with an array of new features
  • Element Call fully integrated into Element X, for native Matrix-encrypted voice and video
  • Element Server Suite, our backend hosting solution for powerful admin control and Matrix 2.0 performance
9
GNOME 46.5 Released with Mutter and GNOME Shell Improvements (9to5linux.com)
submitted 2 weeks ago* (last edited 2 weeks ago) by pnutzh4x0r@lemmy.ndlug.org to c/gnome@discuss.tchncs.de
0 comments fedilink
 

GNOME 46.5 is now available as the fifth maintenance update to the GNOME 46 desktop environment series with more bug fixes and improvements.

...

GNOME 46.5 is here five weeks after the GNOME 46.4 release and fixes smartcard logins, adds user permissions to new Wi-Fi connections for restricted users, fixes the showing of pending PAM messages on the login screen, and fixes the “Locate Pointer” accessibility option when the “Reduce Animation” option is turned on.

It also fixes several issues in the Mutter window and composite manager, including drag and drop between X11 and Wayland clients, drag and drop from grabbing pop-ups, EGLDevice support, frozen cursor on some hybrid machines, tablet input in maximized windows, frozen cursor after suspend, using modifiers on multi-GPU setups, propagating tablet device removals to clients, and touch window dragging with pointer lock enabled.

Linus Torvalds: Speaks on the Rust vs C Linux Divide in c/linux@lemmy.ml
[–] pnutzh4x0r@lemmy.ndlug.org 67 points 2 weeks ago

This is a great summary. Thanks!

283
Linus Torvalds: Speaks on the Rust vs C Linux Divide (www.youtube.com)
submitted 2 weeks ago* (last edited 2 weeks ago) by pnutzh4x0r@lemmy.ndlug.org to c/linux@lemmy.ml
96 comments fedilink
 

Linus Torvalds Speaks on the the divide between Rust and C Linux developers an the future Linux. Will things like fragmentation among the open source community hurt the Linux Kernel? We'll listen to the Creator of Linux.

For the full key note, checkout: Keynote: Linus Torvalds in Conversation with Dirk Hohndel

The Register's summary: Torvalds weighs in on 'nasty' Rust vs C for Linux debate

37
COSMIC Alpha 2 is landing on September 26th (fosstodon.org)
 

COSMIC Alpha 2 is landing on September 26th. Repositories will be tagged with the new release for distribution packagers.

Pop!_OS 24.04 Alpha 2 ISO's will also be available for download! #COSMICdesktop #COSMICDE

After upgrading from Ubuntu Jellyfish to Numbat, my desktop seems broken? Super key doesn't open menu, dark theme/settings doesn't work. How can I fix this? in c/linux@lemmy.ml
[–] pnutzh4x0r@lemmy.ndlug.org 19 points 2 weeks ago (6 children)

It looks like you are running XFCE instead of GNOME (the normal Ubuntu desktop). I'm not sure how that happened... but you an always just install another desktop.

For instance, you can try to make sure you have the ubuntu-desktop or ubuntu-desktop-minimal metapackage installed:

sudo apt install ubuntu-desktop-minimal

After that, the login manager should allow you to select the Ubuntu session rather than the XFCE one.

Best Email Client in c/linux@lemmy.ml
[–] pnutzh4x0r@lemmy.ndlug.org 6 points 3 weeks ago

Still using mutt after two decades (with isync for fetching).

Ubuntu 24.10 to Introduce User-Controlled Permissions Prompts in c/linux@lemmy.ml
[–] pnutzh4x0r@lemmy.ndlug.org 4 points 3 weeks ago

Yes, based on the diagrams on their blog, it looks like this only impacts Snaps.

Ubuntu 24.10 to Introduce User-Controlled Permissions Prompts in c/linux@lemmy.ml
[–] pnutzh4x0r@lemmy.ndlug.org 12 points 3 weeks ago (2 children)

From the Discourse Blog:

The Linux desktop provides XDG Desktop Portals as a standardised way for applications to access resources that are outside of the sandbox. Applications that have been updated to use XDG Desktop Portals will continue to use them. Prompting is not intended to replace XDG Desktop Portals but to complement them by providing the desktop an alternative way to ask the user for permission. Either when an application has not been updated to use XDG Desktop Portals, or when it makes access requests not covered by XDG Desktop Portals.

Since prompting works at the syscall level, it does not require an application’s awareness or cooperation to work and extends the set of applications that can be run inside of a sandbox, allowing for a safer desktop. It is designed to enable desktop applications to take full advantage of snap packaging that might otherwise require classic confinement.

So this looks like it complements and not replaces the XDG Desktop Portals, especially for applications that have not implemented the Portals. It allows you to still run those applications in confinement while providing some more granular access controls.

Switching to Timeshift (LM) in c/pop_os@lemmy.world
[–] pnutzh4x0r@lemmy.ndlug.org 6 points 3 weeks ago (1 children)

From what I can tell, Pop!_OS does not ship their own version of timeshift. Instead, it comes directly from Ubuntu. So if there is a change in maintainers, it should be reported to Ubuntu:

https://launchpad.net/ubuntu/+source/timeshift

How to feature or unfeature (pin/unpin) a post in Photon? in c/photon@lemdro.id
[–] pnutzh4x0r@lemmy.ndlug.org 1 points 3 weeks ago (1 children)

As a moderator, you should see a "shield" on a post and from that sub-menu, you can choose to feature or unfeature a post:

Shield menu

Bringing attention to a music player and two eBook readers for Android in c/privacy@lemmy.ml
[–] pnutzh4x0r@lemmy.ndlug.org 4 points 3 weeks ago

I used to use VLC for music, but these days I use Symphony to play local files on my phone. VLC tended to struggle when scanning or indexing large folders (which it did all the time...), while Symphony is a bit better at that. That said, I still use VLC for video and for casting things from my DLNA server (VLC supports Chromecast).

For ebooks, I've used Librera FD and that has been mostly OK. I'll checkout the two you mentioned though. Thanks!

Will there be 24.04 with gnome Cosmic ?? in c/pop_os@lemmy.world
[–] pnutzh4x0r@lemmy.ndlug.org 6 points 3 weeks ago (1 children)

All my servers moved to 24.04 and I wanted my desktop to keep in line with them (so they all had the same packages). Likewise, I've been following the development of GNOME and I really liked what they have done with versions 45 and 46, so I wanted to try a more modern version of that desktop environment (Pop 22.04 is still on GNOME 42 and is now missing out on some cool features like the quick settings menu).

Finally, I wanted to try out Wayland and the experience on Pop 22.04 is not great with Wayland, especially since it is missing out on the more recent fixes and updates in Ubuntu 24.04.

If you are happy with Pop 22.04 and willing to wait for COSMIC to stabilize and become feature complete, then that is what you should do. For me, I used this delay in releasing Pop 24.04 as an opportunity to try out something different and for the most part, I'm pretty happy with the experience.

Will there be 24.04 with gnome Cosmic ?? in c/pop_os@lemmy.world
[–] pnutzh4x0r@lemmy.ndlug.org 12 points 3 weeks ago (3 children)

Unfortunately, there will not be a release of Pop 24.04 with GNOME before COSMIC is released. In fact, System76 has stopped development of Pop-shell as referenced here:

https://reddit.com/r/pop_os/comments/1eo59wj/will_xorg_still_be_an_option_in_2404/

Once, Pop 24.04 is released, you will be able to install gnome-session to get GNOME, but it will be the version from Ubuntu and not Pop-shell (though you can install the unsupported extension yourself).

Basically, the development of COSMIC is delaying the release of Pop 24.04... which means the whole distro update probably won't come until 2025 as the desktop matures.

For this reason, among others, I've decided to switch to Ubuntu until COSMIC matures and Pop 24.04 is released.

view more: next ›