Search
Items tagged with: Linux
Hello fedi! I'm making my own immutable distro, and I've got some questions:
- what should I use to build? I was thinking bluebuild hut it might be more trouble than it saves, as I need to do stuff like add an extra btrfs subvolume on install, and I'd like a custom gtk4 installer.
- other than that, assuming I use bluebuild for now, would a structure like this work?
- core - has core system stuff, like kernel, bootloader, etc. Included in image, needs reboot to apply
- other/system - has other stuff like system flatpaks, config files, anything that doesn't need a reboot to change
Each would be cached so only core or other would be rebuilt depending on the last value. - other would use an overlay inside a btrfs sub volume. I was thinking I apply changes directly to the subvolume and rollback if they interrupt or an error occurs, but now I'm thinking a power cut or other force shutdown might mess that up.
Any thoughts would be appreciated, thanks! You're helping to shape QuadOS! QuadOS currently has the following devs: Me, @Heliguy, and @winsdominoes. It aims to be like NixOS, but using flatpaks, and hopefully less janky.
A Windows user, a Mac user, and a Linux user walk into a bar.
➡️ The #Windows user orders a beer and gets into a fight over how bloated the selection is.
➡️ The #Mac user orders the most expensive single-origin craft cocktail and smugly admires its minimalist design.
➡️ The #Linux user installs a whole brewery in the corner and declares free drinks for everyone, but then spends the rest of the night explaining why their homemade brew is objectively superior.
Are you experienced with GTK and Rust ? 
❤️ 
We are looking to contract someone to work on the new GNOME Password Manager 🔑
We want it to become a core/default app and help secure millions of users.
You'll be working with the GNOME Foundation, a non-profit dedicated to building emancipatory technologies for everyone.
Please send resume / portfolio to stf@gnome.org
Boosts welcome 
#GTK #Rust #rustlang #GNOME #Linux #Ubuntu #Linux #Fedora #OpenSUSE #Debian
Junction 1.8 is out ✨
Junction pops up automatically when you open a file or link to let you choose which app to open with.
https://flathub.org/apps/re.sonny.Junction
The highlight of this version is better mobile and touch support 
📱
Plus, the app is now verified on Flathub and has a "High quality app data" rating.
#GNOME #GTK #Flatpak #Flathub #LinuxMobile #Linux
Witnessing @cas getting OnePlus 8 display working on Linux 📱
This is magic 🧙
#postmarketOS #Linux #hardwareEnablement #deGrowth
I am now a very responsible Linux app developer who verified their apps on @flathub 
#theFutureIsNow #betterLateThanNever
😎
#Flathub #Flatpak #Linux #development
I think a LOT of people are missing the fact that we got LUCKY with this malicious backdoor.
The backdoor was created by an Insider Threat - by a developer / maintainer of various linux packages. The backdoor was apparently pushed back on March 8th (I believe) and MADE IT PAST all QA checks.
Let me state that again. Any quality assurance, security checks, etc., failed to catch this.
This was so far upstream, it had already gotten into the major Linux distributions. It made it into Debian pre-release, Fedora rolling, OpenSUSE rolling, Kali rolling, etc.
This is an example of Supply Chain Security that CISOs love to talk and freak out about. This is an example of an Insider Threat that is the boogey man of corporate infosec.
A couple more weeks, and it would have been in many major distributions without any of us knowing about it.
The ONLY reason we know about it is because @AndresFreundTec got curious about login issues and some benchmarking checks that had nothing to do with security and ran the issue down and stumbled upon a nasty mess that was trying to remain hidden.
It was luck.
That's it. We got lucky this time.
So this begs the question. Did the malicious insider backdoor anything else? Are they working with anyone else who might have access to other upstream packages? If the QA checks failed to find this specific backdoor by this specific malicious actor, what other intentional backdoors have they missed?
And before anyone goes and blames Linux (as a platform or as a concept), if this had happened (if it HAS happened!!!) in Windows, Apple, iOS, etc.... we would not (or will not) know about it. It was only because all these systems are open source that Andres was able to go back and look through the code himself.
Massive props and kudos and all the thank yours to Andres, those who helped him, to all the Linux teams jumping on this to fix it, and to all the folks on high alert just before this Easter weekend.
I imagine (hope) that once this gets cleaned up, there will be many fruitful discussions around why this passed all checks and what can be changed to prevent it from happening again.
(I also hope they run down any and all packages this person had the signing key for....)
I learnt something important about Linux audio last night.
I noticed that I had no sound in X-Plane 12 (a flight simulator) while also being in a Discord call in Firefox. Apparently, certain FMOD applications check if PulseAudio is installed and fall back to ALSA if it isn't. Now, I have PipeWire installed to fix the mess that is Linux audio once and for all. So TECHNICALLY PulseAudio is not installed. And that's exactly what X-Plane detected, which then tried to gain complete control over the sound hardware through ALSA, which it couldn't.
The "fix" was to symlink `/bin/pulseaudio` to `/bin/true` to make it look like PulseAudio is available which tricked X-Plane into going through PulseAudio (and therefore through PipeWire) instead.
That was one of the weirdest problems I've ever encountered.
#linux #audio #xplane #xplane12 #discord #firefox #alsa #pulseaudio #pipewire #fmod #flightsim
https://boehs.org/node/everything-i-know-about-the-xz-backdoor
I have begun a post explaining this situation in a more detailed writeup. This is updating in realtime, and there is a lot still missing.
Everything I know about the XZ backdoor
Please note: This is being updated in real time. The intent is to make sense of lots of simultaneous discoveriesboehs.org
Unfolding now: https://news.ycombinator.com/item?id=39865810
- https://www.openwall.com/lists/oss-security/2024/03/29/4
- https://github.com/tukaani-project/xz/commit/cf44e4b7f5dfdbf8c78aef377c10f71e274f63c0
An incredibly technically complex #backdoor in xz (potentially also in libarchive and elsewhere) was just discovered. This backdoor has been quietly implemented over years, with the assistance of a wide array of subtly interconnected accounts:
- https://github.com/tukaani-project/xz/commit/ee44863ae88e377a5df10db007ba9bfadde3d314
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067708
- https://github.com/jamespfennell/xz/pull/2
The timeline on this is going to take so long to unravel
feat: update vendored xz to 5.6.1 by jaredallard · Pull Request #2 · jamespfennell/xz
Updates the vendored version of xz to be 5.6.1. Also updates the vendor script to support the addition of SPDX-License-Identifier headers into some files.GitHub
🚨 ⚠️ Emergency PSA: A critical security exploit was discovered in the xz package recently, used for compression and decompression on nearly all Linux distributions.
Rawhide users ARE impacted and should immediately STOP using Rawhide until the package update is fully rolled back. (1/3)
Security Advisory: https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users
#Fedora #Linux #OpenSource #Security #Privacy
Urgent security alert for Fedora Linux 40 and Fedora Rawhide users
Red Hat Information Risk and Security and Red Hat Product Security learned that the latest versions of the “xz” tools and libraries contain malicious code that appears to be intended to allow unauthorized access., (Red Hat)
Upgrade your systems now!
The xz package has been backdoored
https://archlinux.org/news/the-xz-package-has-been-backdoored/
You may have seen the “Verified” badge on apps from Flathub which shows that the developer has proven ownership of their app, e.g. via their website or code host.
With great adoption (nearly 1,000 verified apps!), we’re trying something out to help with transparency:
⚠️ Unverified
If you see this, it flags that the app has not been verified by its developer—it’s effectively a community-maintained package.
As of yesterday, I am officially maintaining the XDG Specifications (yes, yes, I make questionable choices ^^).
This means, if there's anything I should have a look at, or if you want to propose any addition/change, you know who to ping now! (even better if a MR/patch is attached, of course)
Thanks to everyone working on Freedesktop integration and projects, you rock!
#xdg #freedesktop #linux
https://lists.freedesktop.org/archives/xdg/2024-March/014687.html
Am I late for the Xenia bandwagon? 
#furry #furryart #anthro #anthroart #linux #xenialinux #transrights #foss
Neue Matrix-Clients: Element-X und SchildiChat Next
Element X und SchildiChat Next bieten viele spannende Neuerungen!
#Matrix #Element #SchildiChat #Linux
https://gnulinux.ch/neue-matrix-clients-element-x-und-schildichat-next
After backing up my files, I decided to do a clean install of the KDE spin of Fedora 40 on to the Surface Pro 3.
Everything went smoothly and starting to get everything restored.
More info on how I set up my Fedora machines and the fun that had been getting the installer of Fedora 39 working on the Surface, checkout the two articles on my blog at: https://blog.linh.social/tag/fedora/
Linh Pham Blog
Writings and musings about technology, programming, and other random topics.Linh Pham (Linh Pham Blog)
GNOME Workbench
Die Workbench bietet ca. 100 Code-Beispiele für GNOME-Anwendungen. Die kleinen Apps sind vollständig und ausführbar.
Should there be a desktop font service for the libre desktop? https://barefootliam.blogspot.com/2024/03/desktop-font-server.html
Thinking especially of graphic design and page layout uses.
#fonts #linux #gnome #kde #gimp #krita #inkscape #libreGraphics #scribus #openType
Fonts Across the Libre Desktop: Design and Graphics Focus
Today, each application, and each toolkit, offers font selection. But fonts have become gradualy more complex, and none of the interfaces se...barefootliam.blogspot.com
Anyone in my network interested in research and prototype network portal for Flatpak?
In the long run we are interested in:
• Give more control to users over app network access
• Allow apps that need network access to be considered “Safe”
We expect something like unsharing the network namespace and a bridge on the host for permissions / monitoring.
Boost welcome
1/2 🧵
#FediHire #Flatpak #Flathub #Linux #Snap #containers #Docker #freedesktop #Ubuntu #Fedora
Check out the latest blog post on the #swiftlang website about the #adwaita for #swift package!
https://www.swift.org/blog/adwaita-swift/
You can find the repo on GitHub: https://github.com/AparokshaUI/adwaita-swift
#linux #libadwaita #gnome #gtk
GitHub - AparokshaUI/adwaita-swift: A framework for creating user interfaces for GNOME with an API similar to SwiftUI
A framework for creating user interfaces for GNOME with an API similar to SwiftUI - AparokshaUI/adwaita-swiftGitHub
A new @DestinationLinux has hit the road! (363) 😎🐧▶️ https://tuxdigital.com/dl363
Check out #DestinationLinux 363: PipeWire Interview with Wim Taymans, Revolutionizing Audio & Video on Linux
#linux #podcasts #opensource #tech
363: PipeWire Interview with Wim Taymans, Revolutionizing Audio & Video on Linux - Destination Linux - TuxDigital
Download as MP3 On this week’s episode, we have a special guest joining us to discuss his work with making our lives better in Linux audio. Of course, this...TuxDigital
I've seen a few app maintainers lately mentioning that bleeding edge libraries are required and that distro X in version Y isn't supported.
This is why you should have a Flatpak manifest in your repository; not just on Flathub.
It lets contributors easily build and test the development version without having to worry about the host.
Upgrading or downgrading your OS shouldn't stop anyone from working on your app.
Friends of energy efficiency - the Light Video 0.1.0 #Flathub update is out, build with #gtk4 4.14 and #GStreamer 1.24.1.
This should be the first app targeting the #linux / FDO desktop enabling Wayland video offloading (think zero-copy playback) by default. In many cases (actually more than I expected) this can improve battery lifetime - and on low-end devices even playback performance - significantly.
https://flathub.org/apps/org.sigxcpu.Livi
Someone in the IT department of my bank (Komerční banka) is acting smarter than they should be.
When I tried to log in to the Internet banking, I got a message saying that "OS Linux is no longer secure" and recommending that I use an up-to-date OS, e.g. Windows 11.
I thought we were past these times. 🤦
Time to let the cat out of the bag.
I've been working on a new app to use your #Linux phones and tablets as secondary wireless "side displays" (not mirrors). This is based on #GStreamer, x264, #Mutter APIs, and low-latency UDP streaming, and will be designed to work on both ARM and Intel, regardless of hardware acceleration support. (Testing on a #librem5)
This is still at an early stage, and will take some time to become usable. Thoughts and feedback?
#gnome #linuxphones #apps #mobilelinux
Missed @lea@ordinary.cafe and @jaiden@ordinary.cafe's panel at @socallinuxexpo@social.linux.pizza about the future of the Linux desktop?
Here’s a recording to satisfy your curiosity :3
https://www.youtube.com/watch?v=hNDJDyef_UQ
Featuring:
- @lea@ordinary.cafe, Fyra Labs
- @jaiden@ordinary.cafe, Fyra Labs (Moderator)
- @zana@sfba.social, @gnome@floss.social Foundation
- @technobaboo@tech.lgbt, @stardustxr@fosstodon.org
- @communiteatime@fosstodon.org, @thunderbird@mastodon.online- @mattdm@hachyderm.io, @fedora@fosstodon.org & Red Hat
- @druonysus@mstdn.io, @kde@floss.social & @opensuse@fosstodon.org
#tech #linux #foss #oss #scale21x
Where Does the Linux Desktop Go from Here?
It's no lie that the Linux desktop has been changing greatly. Through technological and social shifts, the desktop and community we know today is a far cry f...YouTube
Dear #Linux friends. How do you talk about new versions of DEs to non-Linux friends?
Like #Gnome 46 has been released and you want to tell someone how much better their Linux experience will be now if they try, or there's a specific feature you feel they would appreciate that you want to tell them about. Or something. How do you talk about it?
"Gnome is, like, this way for Linux to look and feel and now it's got this new..." is reeeal clunky. Not sure you'll win anybody over like that, or?
Workbench 46 is out! 🛠️
https://flathub.org/apps/re.sonny.Workbench
Actually it was a couple of hours ago before GNOME 46 but I didn't want to steal the show 😎
Here are the highlights 💡
Inline diagnostics for #Rust and #Python 
New Library demos: 📚
"Snapshot" to demonstrate one of GTK4 coolest feature.
"Dialog" and "Message Dialogs" to demonstrate libadwaita 1.5 new responsive dialogs.
26 demos ported to Python
5 demos ported to Vala
#GNOME #GTK #development #Linux #Python #Rust
You know it's interesting that I think @thunderbird is probably the one piece of software I have been using since Windows XP as a kid and still use it to this day. I even pay $10/year for a plugin to make Thunderbird work with my Office365 I use for my content creation so I can use it seamlessly on #Linux for contacts, calendar, and mail integration.
Despite all the email providers I have hopped between I still have used Thunderbird since around 2005 or 2006 #infosec #cybersecurity #opensource