Jump to content

Search the Community

Showing results for tags 'linux'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station


  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions


  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

  1. Two-for-Tuesday vulnerabilities send Windows and Linux users scrambling Both OSes have flaws that allow attackers with a toehold to elevate access. The world woke up on Tuesday to two new vulnerabilities—one in Windows and the other in Linux—that allow hackers with a toehold in a vulnerable system to bypass OS security restrictions and access sensitive resources. As operating systems and applications become harder to hack, successful attacks typically require two or more vulnerabilities. One vulnerability allows the attacker access to low-privileged OS resources, where code can be executed or sensitive data can be read. A second vulnerability elevates that code execution or file access to OS resources reserved for password storage or other sensitive operations. The value of so-called local privilege escalation vulnerabilities, accordingly, has increased in recent years. Breaking Windows The Windows vulnerability came to light by accident on Monday when a researcher observed what he believed was a coding regression in a beta version of the upcoming Windows 11. The researcher found that the contents of the security account manager—the database that stores user accounts and security descriptors for users on the local computer—could be read by users with limited system privileges. That made it possible to extract cryptographically protected password data, discover the password used to install Windows, obtain the computer keys for the Windows data protection API—which can be used to decrypt private encryption keys—and create an account on the vulnerable machine. The result is that the local user can elevate privileges all the way to System, the highest level in Windows. “I don’t know the full extent of the issue yet, but it’s too many to not be a problem I think,” researcher Jonas Lykkegaard noted. “Just so nobody is in doubt what this means, it’s EOP to SYSTEM for even sandboxed apps.” People responding to Lykkegaard pointed out that the behavior wasn’t a regression introduced in Windows 11. Instead, the same vulnerability was present in the latest version of Windows 10. The US Computer Emergency Readiness Team said that the vulnerability is present when the Volume Shadow Copy Service—the Windows feature that allows the OS or applications to take "point-in-time snapshots" of an entire disk without locking the filesystem—is turned on. The advisory explained: If a VSS shadow copy of the system drive is available, a non-privileged user may leverage access to these files to achieve a number of impacts, including but not limited to: Extract and leverage account password hashes Discover the original Windows installation password Obtain DPAPI computer keys, which can be used to decrypt all computer private keys Obtain a computer machine account, which can be used in a silver ticket attack Note that VSS shadow copies may not be available in some configurations; however, simply having a system drive that is larger than 128GB in size and then performing a Windows Update or installing an MSI will ensure that a VSS shadow copy will be automatically created. To check if a system has VSS shadow copies available, run the following command from a privileged command prompt: vssadmin list shadows Researcher Benjamin Delpy showed how the vulnerability can be exploited to obtain password hashes of other sensitive data: Currently, there is no patch available. Microsoft representatives did not immediately have a comment on the report. Et tu, Linux kernel? Most versions of Linux, meanwhile, are in the process of distributing a fix for a vulnerability disclosed on Tuesday. CVE-2021-33909, as the security flaw is tracked, allows an untrusted user to gain unfettered system rights by creating, mounting, and deleting a deep directory structure with a total path length that exceeds 1GB and then opening and reading the /proc/self/mountinfo file. “We successfully exploited this uncontrolled out-of-bounds write and obtained full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation,” researchers from Qualys, the security firm that discovered the vulnerability and created proof-of-concept code that exploits it, wrote. “Other Linux distributions are certainly vulnerable, and probably exploitable.” The exploit Qualys described comes with significant overhead, specifically roughly 1 million nested directories. The attack also requires about 5GB of memory and 1 million inodes. Despite the hurdles, a Qualys representative described the PoC as “extremely reliable” and said it takes about three minutes to complete. Here’s an overview of the exploit: 1/ We mkdir() a deep directory structure (roughly 1M nested directories) whose total path length exceeds 1GB, we bind-mount it in an unprivileged user namespace, and rmdir() it. 2/ We create a thread that vmalloc()ates a small eBPF program (via BPF_PROG_LOAD), and we block this thread (via userfaultfd or FUSE) after our eBPF program has been validated by the kernel eBPF verifier but before it is JIT-compiled by the kernel. 3/ We open() /proc/self/mountinfo in our unprivileged user namespace and start read()ing the long path of our bind-mounted directory, thereby writing the string "//deleted" to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated buffer. 4/ We arrange for this "//deleted" string to overwrite an instruction of our validated eBPF program (and therefore nullify the security checks of the kernel eBPF verifier) and transform this uncontrolled out-of-bounds write into an information disclosure and into a limited but controlled out-of-bounds write. 5/ We transform this limited out-of-bounds write into an arbitrary read and write of kernel memory by reusing Manfred Paul's beautiful btf and map_push_elem techniques from: https://www.thezdi.com/blog/2020/4/8/cve-2020-8835-linux-kernel-privilege-escalation-via-improper-ebpf-program-verification Qualys has a separate writeup here. People running Linux should check with the distributor to determine if patches are available to fix the vulnerability. Windows users should await advice from Microsoft and outside security experts. Two-for-Tuesday vulnerabilities send Windows and Linux users scrambling
  2. REvil ransomware's new Linux encryptor targets ESXi virtual machines The REvil ransomware operation is now using a Linux encryptor that targets and encrypts Vmware ESXi virtual machines. With the enterprise moving to virtual machines for easier backups, device management, and efficient use of resources, ransomware gangs increasingly create their own tools to mass encrypt storage used by VMs. In May, Advanced Intel's Yelisey Boguslavskiy shared a forum post from the REvil operation where they confirmed that they had released a Linux version of their encryptor that could also work on NAS devices. Today, security researcher MalwareHunterTeam found a Linux version of the REvil ransomware (aka Sodinokibi) that also appears to target ESXi servers. Advanced Intel's Vitali Kremez, who analyzed the new REvil Linux variant, told BleepingComputer it is an ELF64 executable and includes the same configuration options utilized by the more common Windows executable. Kremez states that this is the first known time the Linux variant has been publicly available since it was released. When executed on a server, a threat actor can specify the path to encrypt and enable a silent mode, as shown by the usage instructions below. Usage example: elf.exe --path /vmfs/ --threads 5 without --path encrypts current dir --silent (-s) use for not stoping VMs mode !!!BY DEFAULT THIS SOFTWARE USES 50 THREADS!!! When executed on ESXi servers, it will run the esxcli command line tool to list all running ESXi virtual machines and terminate them. esxcli --formatter=csv --format-param=fields=="WorldID,DisplayName" vm process list | awk -F ""*,"*" '{system("esxcli vm process kill --type=force --world-id=" $1)}' This command is used to close the virtual machine disk (VMDK) files stored in the /vmfs/ folder so that the REvil ransomware malware can encrypt the files without them being locked by ESXi. If a virtual machine is not correctly closed before encrypting its file, it could lead to data corruption, as explained by Emsisoft CTO Fabian Wosar. By targeting virtual machines this way, REvil can encrypt many servers at once with a single command. Wosar told BleepingComputer that other ransomware operations, such as Babuk, RansomExx/Defray, Mespinoza, GoGoogle, DarkSide, and Hellokitty have also created Linux encryptors to target ESXi virtual machines. "The reason why most ransomware groups implemented a Linux-based version of their ransomware is to target ESXi specifically," said Wosar. File hashes associated with the REvil Linux encryptor have been collected by security researcher Jaime Blasco and shared on Alienvault's Open Threat Exchange. REvil ransomware's new Linux encryptor targets ESXi virtual machines
  3. DeadHash is an open-source file hashing utility for Windows and Linux Do you use a file hashing program? It can be useful to check the integrity of files that you've downloaded from the internet, or to verify the integrity of backed up files. I use it whenever possible to avoid broken or corrupted downloads, though this isn't always possible, as it depends on the availability of the file hash. Not every developer provides one. DeadHash comes in an optional portable self-extracting archive. Unzip it to any folder and it's ready-to-use. The application has a modern interface with a toolbar at the top, that has a nice accent color. The File tab is the first step in verifying your files. Click it and on the next screen, you can enter the file path box or use the select button, to navigate to the folder which contains the files that you want to verify. The utility does not have a Shell extension for adding files from the Windows Explorer context menu. To make up for this, DeadHash supports drag-and-drop. The caveat here is that the program does not support batch file processing, that means you can't use it with folders either. When you have selected the file, hit the Calculate button and DeadHash will process it. The time taken for the task depends on the file size, if you're checking a very large file, it might take a quarter of a minute or so. The program doesn't tell you that it is done hashing the files. You'll need to scroll down the window to see the list of hash values of the file. If you are cross-verifying the hash value with one that has been provided on the download page of a website, you should enable the Compare button, before hitting the Calculate option. DeadHash displays a checkmark next to the result to indicate a match. The symbol won't be displayed when no matches were found, nor does the tool alert you about the same. The hash values are selectable, so it's easy to copy the data and paste it to/from other applications. You can export the data to a CSV file for future use. This is the faster way to get all the data. DeadHash supports the following hashing algorithms: MD4, MD5, SHA1, SHA-224, SHA-256, SHA-384, SHA-512, RIPEMD160, and CRC32. It has four additional options that are not enabled by default. If you only want a specific hash algorithm, you may toggle the other options off from the program's settings page. Click the gear icon at the top of the window to switch the light and the dark mode. DeadHash has a dozen themes that you can pick from, which changes the accent color of the interface. The Text tab in DeadHash can be used to calculate text hashes. This is not something the average person may use, it's usually used for verifying whether some text content that you received is unmodified. DeadHash is an open source utility. The Electron app is available for Windows, Linux, and Android. The installer version of the program is a bit buggy, it starts with a white screen and takes about half a minute for the interface to appear. The portable version does not suffer from this problem. That said, I think OpenHashTab is a better program overall. Landing Page: https://codedead.com/software/deadhash DeadHash is an open-source file hashing utility for Windows and Linux
  4. YAFFplayer is a simple video player which has some cool filters and can download videos What's your favorite media player? VLC, PotPlayer, MPC? I like testing new players, and the one that I've been using recently is YAFFplayer. The name stands for Yet Another FFmpeg Video Player, you know because a lot of media players rely on the open source encoding library. YAFFplayer's interface is minimal, it doesn't have a right-click menu or a fancy toolbar. To play a video, drag and drop it onto the interface. The program is portable, but you can add it to the context menu from the settings page, it helps open files a bit easier. Right-click on the window to pause or play the video, or use K or the Spacebar. Use the arrow keys to rewind or fast-forward the playback, or click the seek bar. The program supports incremental fast-forward (and rewind) like YouTube does. Hit the keys from 0 - 9 to move the timeline by 10%. The media player displays the fps (frame rate per second) count of the video, on the title bar. If you'd like to view more information about the video, press I. This panel tells you the video's name, folder location, the total number of frames, the video's resolution, and the video and audio codec that it was encoded with. YAFFplayer does more than just play media: click the Download Video button and the program will start downloading the video from the URL that's in the clipboard. The application uses the popular open source tool, youtube-dl to download videos. Alternatively, you may click the Video++ button, which brings up the Settings page, from which you can paste the URL in the box under the video download section. There are a couple of advantages in this method, as this page has shortcuts to open the download folder, open the video's page on YouTube. Check the first box in the section to add the current timestamp to the downloaded video's name. Optionally, you can use YAFFPlayer to extract the MP3 audio from a video. I tested the downloader with several sites, and it works fine. The Colors & Effects settings allows you to enable filter effects for the video. The available filters are: Sketch which is sort of a pencil drawing, Displacement, Electric, Dot Screen, CRT, Halftone, and Gray (monochrome). The media player places a vertical slider on the screen, similar to ones you may have seen in before and after image comparisons. You can move the slider to apply the filter over the part of the video that it is on, and it's kind of cool. YAFFplayer is available for Windows, Linux and Raspberry Pi devices. The program had trouble playing AC3 audio, but had no issues with AAC. It's a little strange because the application could handle H.265 and H.264 videos without a hiccup. There is no volume controller in the media player, so you'll need to stick with the Windows audio slider, or use something like EarTrumpet to control the application's sound output levels. If you're coming from something like VLC, MPC or PotPlayer, I don't think you may like YAFFplayer, because it is way too simple. The lack of support for basic features like subtitles, full screen toggle, etc., is holding the program back. I liked using it to download videos and test the resultant media. Landing Page: https://www.geeks3d.com/yaffplayer/ YAFFplayer is a simple video player which has some cool filters and can download videos
  5. Nvidia and Valve are bringing DLSS to Linux gaming… sort of Nice, but we'd prefer significantly greater investment in native driver quality. Linux gamers, rejoice—we're getting Nvidia's Deep Learning Super Sampling on our favorite platform! But don't rejoice too hard; the new support only comes on a few games, and it's only on Windows versions of those games played via Proton. At Computex 2021, Nvidia announced a collaboration with Valve to bring DLSS support to Windows games played on Linux systems. This is good news, since DLSS can radically improve frame rates without perceptibly altering graphics quality. Unfortunately, as of this month, fewer than 60 games support DLSS in the first place; of those, roughly half work reasonably well in Proton, with or without DLSS. What’s a DLSS, anyway? Enlarge / Nvidia's own benchmarking shows well over double the frame rate in Metro Exodus. Most third-party benchmarks "only" show an improvement of 50 to 75 percent. Note the DLSS image actually looks sharper and cleaner than the non-DLSS in this case! nvidia If you're not up on all the gaming graphics jargon, DLSS is an acronym for Deep Learning Super Sampling. Effectively, DLSS takes a low-resolution image and uses deep learning to upsample it to a higher resolution on the fly. The impact of DLSS can be astonishing in games that support the tech—in some cases more than doubling non-DLSS frame rates, usually with little or no visual impact. Upsampling itself isn't a new technology; the difference lies in the deep learning. A trained neural network does a better job of identifying the portions of a frame most relevant to human perception than older, classical logic algorithms could—and it's even better at figuring out just how to redraw a janky, pixellated downsample into something the human eye expects to see. Unfortunately, Nvidia DLSS is proprietary and requires special hardware in the newer Nvidia cards (RTX 2000 series and up). So far, Nvidia has not enabled the feature in its native Linux drivers—which are also proprietary. AMD vs. Nvidia on Linux On Windows, DLSS is one of several Nvidia features that makes a switch to Radeon graphics difficult to contemplate, even when the price is right and the card is powerful. On Linux, the tables are turned, and choosing Nvidia is a much tougher sell. AMD famously open sourced its Radeon drivers for Linux in 2015, rebasing on a free and open source (FOSS) AMDGPU kernel module. This was more than just a politically correct move for the target audience—it drastically improved driver quality, turning Radeon graphics into the best high-performance GPU option on Linux. Prior to AMD's open source drivers, Linux users had a challenging decision to make when building a new rig—they could either get "just works" simplicity and lack of bugs from Intel integrated graphics, or they could get much higher performance burdened with artifacts, screen tearing with video playback, and even outright system crashes. AMDGPU changed all that by marrying the openness and quality Intel GPUs offered with the performance of true consumer gaming cards. Switching from Nvidia to AMD has, since at least 2019, been an incredible experience for a Linux gamer: drivers in distro repositories are up to date—no need to go download code directly from the vendor no proprietary code needed in kernelspace—so no tainted kernel and no silly UEFI tricks necessary to boot on Secure Boot systems screen tearing completely gone—videos are smooth in local video apps, as well as in-browser in either Chrome or Firefox no crashing, no artifacts, no weird bugs no conflicts between a vendor-written control panel and the distro's native display management tools Even if DLSS was supported in all games, instead of only 50 or 60, we'd be hard-pressed to give all that up for a frame-rate bump. AMD’s own DLSS-like tech is on the way, too Enlarge / AMD's benchmarks show FSR tripling Godfall frame rates on this RX 6800 XT-powered system. AMD At Computex 2021, AMD announced its own version of AI-powered upsampling—which it's calling FidelityFX Super Resolution (FSR). We don't know much about how FSR works, other than the company hinting at AI under the hood—and letting us know that it's open source. Interestingly, FSR can also run on Nvidia GPUs—even the ones that don't support Nvidia's own DLSS. AMD claims that FSR took Godfall on a GTX 1060-powered system from 27 fps to 38 fps—a 41 percent improvement. Unfortunately, FSR is still just a promise for now—it doesn't launch until June 22, and there's no word whether it will be immediately available for Linux on launch day. We also don't have as many samples of before-and-after image quality as we'd like—if FSR can't hang with DLSS in terms of quality, it won't much matter if FSR meets or even beats its boost in raw frame rate. Nvidia and Valve are bringing DLSS to Linux gaming… sort of
  6. Poddycast is a desktop application that can stream your favorite podcasts Podcasts are a fun way to keep yourself entertained. Some users prefer to play the episodes on their phone, while some opt to listen to podcasts while they work on their computer. Poddycast is a desktop application that can stream your favorite podcasts. The program's interface is divided into two panes. To add a podcast, use the search function on the sidebar. Poddycast supports the iTunes API, which makes it easy to find your favorite show. The results are displayed on the right pane. Click the heart button next to a feed, to subscribe to it. The program displays your subscriptions in the favorites section on the side panel. I think it needs a better name, like podcasts. Poddycast displays a broken chain-link icon on a podcast's cover picture, if the show's URL is broken. Select a podcast to view a list of all available episodes. Click on an episode and the program will start playing it. You can control the playback by using the rewind/fast-forward, play/pause buttons at the bottom, or using the seek bar next. Control the volume and playback speed with the slider and the buttons towards the bottom right corner. Back on the episode list, you can view the title, the airing date, the duration of each episode. Mouse over the i-icon to view the description of the episode. Poddycast lists new episodes in a special tab that you can access from the sidebar. The history tab has a list of all episodes that you listened to. The application places an icon on the system tray, even though it does not run as a tray program. You can create playlists in the program, but the feature is not what you may think it to be. This basically a list of the most recent episodes from your subscriptions. It can be kind of useful if you are subscribed to many feeds, an all-in-one list is better than having to go through the favorites section and each feed to find new episodes. That being said, I'd rather have an option to add individual episodes to create a custom playlist. You can edit a playlist, rename it, or delete it by right-clicking on its name on the side panel. Poddycast has many hotkeys, hit space to play or pause, the left and right arrow keys to rewind or fast-forward the playback. The program has a dark mode, that you can toggle from the View menu. Poddycast is an open source Electron app. It is available for Windows, Linux and macOS. The program is portable. The lack of an option to export or import a list of OPML feeds was a bit disappointing. But that's not the dealbreaker, the major issue with the app is that it cannot download episodes. So, if you're someone who likes to archive episodes, or just prefer to listen to episodes offline (or across devices), you should look elsewhere. Hopefully the program will pick up these features in future releases. The best podcast application, in my opinion, is gPodder. The only thing that it's missing is support for iTunes search. Landing Page: https://github.com/MrChuckomo/poddycast Poddycast is a desktop application that can stream your favorite podcasts
  7. How to fix the Firefox 89 user interface A new interface design, called Proton, will launch in Firefox 89, scheduled for a release on June 1, 2021. Mozilla wants to modernize the user interface of the Firefox web browser with Proton. Firefox 89 ships with address bar, toolbar, tab and menu changes. One common denominator is that everything will be a big larger in the new interface. Proton will remove some options from Firefox, or hide them. The Compact density option won't be displayed anymore on the "customize" page of the browser if it has not been used in the past. While it is possible to restore it, most users won't because it requires editing a configuration preference that cannot be discovered accidentally. Firefox users who want a design that is more compact may use the linked guide above to enable the compact density option in the browser to start using it. Another option is to modify user interface elements with CSS. Firefox UI Fix includes CSS fixes that modify the Firefox 89+ user interface to make the interface more compact. It reduces padding and other design elements to improve the usability for users who prefer light interfaces over large ones. Here are two screenshots of the Firefox 89 interface after the fixes have been made. The first screenshot shows the normal density design, the second the compact density design. Installing Firefox UI Fix Installation is not as straightforward as installing a Firefox add-on, but it is not complicated either. First, you have to prepare Firefox to allow CSS files to modify the user interface: Load about:config in the Firefox address bar. Confirm that you will be careful. Search for toolkit.legacyUserProfileCustomizations.stylesheets. Use the toggle button to set its value to TRUE. Search for svg.context-properties.content.enabled. Use the toggle button to set the value of the preference to TRUE. Once done, download the two CSS files from the project's Github repository. Select userChrome.css first to display it on GitHub, then the RAW button to display it, and right-click on the page and use Save As to download it. The filename should be userChrome.css on your computer. Repeat the steps for the userContent.css file. In Firefox, load about:support and activate the "show folder" button next to Profile Folder; this opens the profile folder in the file browser on the system. You may close Firefox now. Create a "chrome" folder in the profile root if it does not exist. Place the two files, userChrome.css and userContent.css, inside the chrome folder, and start Firefox again. Firefox uses the CSS instructions and the interface is changed noticeably. Note that you may need to check the GitHub repository occasionally for updates. If the files have been updated, download them and replace the older files in the chrome directory. If you do know CSS, you may modify the information to customize the interface further. Landing Page https://github.com/black7375/Firefox-UI-Fix Source: How to fix the Firefox 89 user interface
  8. GDU is a command line tool that helps you find the disk usage of a folder or drive When my computer is running low on storage space, I use a program like TreeSize Free (Martin prefers WizTree) to check what's taking up the most amount of space, and move the content to my external drives. Such applications tend to be heavy on resources, and have a lot of options, some of which you may never use. GDU is a terminal based disk usage analysis tool that is lightweight and easy to use. The program is portable, extract it to a folder after the download to get started. Since it does not have an interface, you will need to open a Command Prompt window and run GDU from it. Let's scan a drive, for this we need to enter GDU <DRIVE NAME>. For example, if we want to scan the C drive, we'll use GDU C:. The program will scan the drive and display the results in just a couple of seconds. GDU has a colorized command window, which makes it easy to distinguish folders from files. There is a monochrome mode that you can activate using GDU -c. E.g. GDU -c C:\. The bar at the bottom of the screen tells you the total disk usage, and the file count. The command to scan a folder is similar to the one we used above, type GDU <FOLDER PATH>. Replace the folder path with the actual path like GDU C:\Users\Ashwin\Documents\. The program will list all directories in the folder, with their file size. The number at the top of the list indicates the total disk usage of the current folder. You can switch between actual usage (size on disk) and apparent usage size, with the a key. Use the up and down arrow keys to navigate the list. Hit the Enter key to open the selected folder. This way you can find the disk usage of sub-folders individually. So, in a way GDU is sort of a file manager. To go back to the previous folder, tap the h key. You may sort the directory by name with the n key, or by size with s. Tap the keys twice to switch between ascending and descending order. Did you notice that I have used lowercase for the key's names? That's because the shortcuts are case-sensitive. e.g. C will sort the items by file count, but c toggles the file count information. GDU can open text files, to do so, select the document and press v. Use the Escape key to exit the file view mode. Pressing the d key will delete the selected file or folder, the program warns you about this and asks for your confirmation before deleting the content. I advise paying attention to this option, else you could lose important data. When you're done with GDU, press the q key to exit the program. You can export the data to a file, like a text document. The command for this is GDU > list.txt C:\. Replace "List" with a file name of your choice, and GDU will save the list of files and folders to a text document in its folder. Type ? to view the help file to view more commands. GDU is an open source utility written in GO. It supports Windows, and Linux. The program's best feature is its speed, thanks to the fact it doesn't have an interface, switching to folders is an instantaneous process. Landing Page: https://github.com/dundee/gdu GDU is a command line tool that helps you find the disk usage of a folder or drive
  9. Sigma File Manager review: open source and cross platform Sigma File Manager was just released. The open source file manager is available for Windows, Mac and Linux devices, and while its version is 1.0.0, it should be considered alpha according to the author. It is an Electron app, and if you don't like these apps, because many are bloated and too large for what they do, then you may want to check out alternatives such as File Commander. Sigma File Managed does have several interesting features that may persuade you to give it a try, even though it is Electron-based. The program has a size of 120 Megabytes for Windows and you may get a SmartScreen prompt when you download it because it is new and unknown to SmartScreen. The startpage looks quite different, as it features a photo at the top and below that links to system directories and drives. The photo can be turned off in the options, and you may pin your own selection of items. The app did not detect drives on the Windows 10 version 21H1 system I tested it on, but threw an error message on start instead. The default test account is a basic user account, but even running it with elevated rights did not display the drives. A test on a Surface Go system, with Windows 10 version 21H1 as well, was successful. The drives were shown and all features worked as intended. A click or tap on a folder or drive displays the files and folders under the selected structure, but you may also use the address bar or breadcrumb navigation to switch directory levels. Strings that you type are auto-completed, e.g. to quickly open a new directory without typing it fully. The default layout displays folders and then the files, each with dates and either the items they contain or their size. Details about the selection are displayed in a sidebar on the right. Certain file types are previewed, e.g. images, and you get other properties about the selection, e.g. the size of a directory. Sigma File Manager has a built-in archiver to compress or extract common archive formats. You may switch to grid layout if you prefer it, and use controls at the top to filter by what you type, regardless of order and spelling mistakes. The developer states that the program searches through 100 Gigabytes of data in about 2 seconds. The item filter is useful as well, as it enables you to filter by file type, size, year, or other parameters. Sigma File Manager supports tabs and workspaces to improve the manageability of content. You may use the shortcuts Alt-[0-9] to switch between tabs quickly, or click a button to do so. Workspaces are useful to customize access to data further, e.g. when working on multiple projects at the same time or for different tasks. Workstations maintain their own sets of tabs and actions; actions are quite interesting, as you may define actions to open websites or programs, set default directories and more. Another feature that you don't find in many file managers is the ability to download files using the file manager. Drag & drop links onto the app to stat the download. The app supports video streams, but only one site, operated by Google, is supported at the time. Support for more sites is on the way according to the developer. Drag & drop functionality works with local files and folders as well. You may use the feature to copy or move files quickly. The app has a number of other useful features. File Protection is one, it allows you to protect files against accidental renames, moves, deletions or modifications. Closing Words Sigma File Manager is a well thought out app that has several interesting features. It should be considered alpha at this point, the performance on the Surface Go device was not good, but the device is not powerful either, so that certainly plays a role. The developer plans to add more features with every release of the app, and it will be interesting to see how it evolves. It seems unlikely that users who dislike Electron will be convinced to give it a try though. Landing Page https://github.com/aleksey-hoffman/sigma-file-manager Source: Sigma File Manager review: open source and cross platform
  10. Thorium Reader is a cross-platform and open source eBook reader application Do you read eBooks on your computer? If you're bored with your current eBook reader program and want a new one, you maybe interested in Thorium Reader. The open source program is user-friendly, and supports a variety of formats; EPUB, EPUB3, PDF, ZIP, LPF, Audiobook, Webpub, LCPA, LCPDF, LCPL, Divina, Daisy and OPF. Thorium Reader's interface couldn't be simpler, it has two tabs. The My Books tab, is your eBook library. To add your books from the start page of the app, you can either use the + button to browse, or drag and drop an eBook onto the interface. Once you have imported the books to the program's library, they are listed on the home page. Only the recently added books are listed here, switch to the All Books section to browse your entire library. Thorium Reader displays the title, author name, and cover of the books. Hit the three-dot button to delete or export a book, the about section displays the eBook's description, cover, publisher info. It also allows you to add tags. Use the Search bar to find a book. Toggle the view between grid (thumbnail) view and list view using the buttons next to the search bar. Switch to the Catalogs tab in Thorium Reader. You may add an OPDS feed (Open Publication Distribution System) from online services, or your own server, and browse the catalog. I tried it with some Atom feeds, and it works pretty well. Click on a book's cover to start reading it. Thorium Reader has a toolbar at the top with some useful shortcuts. The back arrow button closes the current book and returns the focus to the bookshelf. To view both the book and the library at the same time, click the 3rd icon. The speaker icon toggles the text-to-speech mode, which uses the system's voice accessibility options (Microsoft David and Zira). The book icon lets you view the contents, chapters, and also the bookmarks that you added. Use the arrow buttons/bar at the bottom or the right and left arrow keys to navigate between pages. The buttons toward the right edge of the toolbar are options you commonly find in most reader apps. The search icon is useful for finding content in the book page, that can come in handy if you want to jump to a specific section. Bookmark a page, and you can pick up where you left off. Thorium Reader has three themes Neutral (Light), Sepia, and Night, which you can access from the aa menu > theme. Adjust the font size, type, page layout, alignment, columns, and the spacing settings for margin, word, letter, paragraph and line, from the aa menu. The last option on the toolbar toggles the full screen reading mode. The program supports many keyboard shortcuts, e.g. Ctrl + B toggles the bookmark, Ctrl + F11 jumps to full screen mode, etc. You can find the full list of hotkeys under the settings. Thorium Reader is available for Windows, macOS and Linux. The Electron app can be downloaded from the Microsoft Store and the GitHub Repo, though a portable version is not available. Looking for a comic book reader? You may want to check out YACReader. Landing Page https://www.edrlab.org/software/thorium-reader/ Source: Thorium Reader is a cross-platform and open source eBook reader application
  11. Learn keyboard shortcuts for popular programs and practice the combinations with KeyCombiner Keyboard shortcuts can help you work faster, thus increasing your productivity. I often highlight the importance of hotkeys in my reviews. The thing is, it can take a while to get used to the shortcuts. KeyCombiner is a free desktop program and website that can help you learn the keyboard shortcuts for popular programs, and also practice them. Note: You'll need to sign up for a free account before using the website or the desktop program which is available for Windows, Linux and macOS. KeyCombiner's interface has two panes, a sidebar with various options, and a large pane which displays the contents of the page selected in the side panel. The Dashboard is sort of the home screen, it has one collection for you to get started. A collection is a list of shortcuts for a set of programs, like browsers, editors, mail, Windows, media, etc. The default one, Essential collection, lists the basic shortcuts commonly used by many programs such as Ctrl + O to open files, Ctrl + S to save, Ctrl + Z or Y to undo and redo actions, etc. Click the three-dot button in the top right corner to switch between Windows/Linux and macOS keyboards. You can add or remove your own hotkeys. Once you are familiar with the list, you may want to start practicing the combos. Click the Practice button at the top of the page, to start the test with all shortcuts, or highlight a few shortcuts, and click the Practice Selection button. KeyCombiner will display a set of commands on the screen, and you'll need to use the corresponding shortcut. e.g. if it shows Copy, you have to press Ctrl + C. The program gives you a hint on which key to press if you haven't pressed a key for a few seconds. If you used the wrong keys, it will be taken as an error, but it still lets you fix the mistake. It's okay to get the answers wrong, because it's all part of the learning process. The test runs for a minute, after which you will be scored based on the number of combinations used per minute, the percentage of the combos you got right, etc. Scroll down the screen to see which shortcuts you mistyped, the ones you were most confidant about, etc. There is a cool graph that shows you the details. You can view your past performance from the statistics section (graph bars icon), from the collection's page. Now that you are familiar with the basics, it's time to crank it up a notch. Click on the Public option under Collections (in the sidebar). Scroll the list, or use the search bar to find a program that you use, and add it to your collection. I'm going to go with Firefox for this example. KeyCombiner does not allow you to subscribe to a collection with a single-click. Instead, you will need to select the shortcuts that you want and add them to your personal collection. I found this to be a bit tedious, but it works. The Vim shortcuts for example, can be very handy as they are used in a number of applications and browser extensions. That's not all that KeyCombiner does, it has an Instant Lookup feature that functions like a cheat sheet. Say you're working with a specific program, and you need a list of shortcuts for it. Press the hotkey Win + Alt + C, you may change it from the File menu. It brings up KeyCombiner's Instant Lookup window, it automatically recognizes the program you are working with, and displays the relevant shortcuts. Use the search bar to find a specific keyboard combo that you want. KeyCombiner is an excellent way to get used to keyboard shortcuts, you can use it to learn shortcuts for a ton of programs and services like Explorer, Command Prompt, Edge, Safari, Vivaldi, VLC, Excel, Word, Gmail, etc. A premium tier of the program is available with some extra feature, but the free version should suffice for most people. The program does not work offline, I believe it is a web-wrapper for the website, which is in my opinion the biggest con, that and the mandatory account registration. Landing Page https://keycombiner.com/ Source: Learn keyboard shortcuts for popular programs and practice the combinations with KeyCombiner
  12. Tries to tempt penguins with Ring Crypto 1Password has unveiled a full-featured desktop app for Linux, written in Rust and using the ring crypto library for end-to-end encryption. The release features encrypted browser and desktop integration and, according to the business, "uses the Linux kernel keyring to establish a fully encrypted connection between 1Password in your browser and 1Password for Linux." The upshot is that if one is unlocked, so will be the other. "This is the most advanced browser integration for a password manager available in Linux," trumpeted the company. The beta emerged in October 2020 with support for tiling window managers and biometric unlocking. The release "is available for all major Linux distributions" via signed packages or Ubuntu's Snap Store. A .tar.gz download is on offer otherwise. 1Password is, however, not as open source as penguinistas might like, despite the company insisting that "many libraries of 1Password for Linux have also been shared back to the community, including an Electron hardener and secure defaults package." Alternatives include the likes of KeePass and Bitwarden (although the latter does charge does charge for some teams and enterprise features while still maintaining a free tier.) Yep, it's the non-freemium one 1Password is also not without costs of its own. Subscriptions start with a personal one at $2.99 per month (billed annually) although the company will dole out freebie accounts to the deserving: "If you work on an open-source team that needs a password manager, open a pull request in our 1Password for Open Source Projects repo and we’ll give you and everybody on your team a free account." Still, 1Password does have plenty of toys to attract those Linux Desktop users that sign up. There is integration with Secrets Automation, 1Password's take on the management of company infrastructure secrets, and Watchtower, which keeps an eye out for breaches as well as advising on weak passwords. And, of course, 1Password runs on a variety of devices. With 1Password projecting some impressive growth in Linux OS market size (to $15.6bn in 2027) the arrival of its app in fully featured desktop form is unsurprising. This is particularly so because users might be pondering alternatives to that other big beast in the password management world, LastPass. In February, Lastpass's owner LogMeIn - which has been owned by a private equity outfit since 2019 - limited fans of its freemium password manager to one device type only: computer or mobile. ® Source
  13. Imagine is an open source image compression utility for Windows, macOS,and Linux If you take hundreds of photos or screenshots, and save on them on your computer's hard drive, its gonna get full sooner or later. To avoid this, you can save the images to a cloud service, move it to an external storage device, or just delete the ones you don't need anymore. Sometimes you may want to keep a bunch of pictures because they are irreplaceable, but their file size could be really large, especially if they are in a very high resolution. Imagine can help you recover some disk space by compressing your images. Oh, and don't confuse this with the legacy picture viewer of the same name. Imagine, the photo compressor, has a clean GUI. Click the Add button or drag and drop some images on to the program's interface, it supports JPG, PNG, and JPEG images. While the add button lets you select multiple photos at the same time, it doesn't load an entire folder. But dragging and dropping a folder adds the contents, so you may want to use that for batch image processing. Imagine displays a thumbnail of each image that you add. If you want to remove a picture, use the X button, or the Clear All button in the toolbar if you want to start over. The program doesn't support image editing, all it does is compress the images to a slightly lower quality, to reduce the file size. Adjust the quality by dragging the slider below each image. This allows you to set the quality for the JPG and WebP formats. As for PNG, you can set the color quality. The number next to the slider indicates the chosen value. Select the format you want to convert the image to, by clicking the option in the bottom left corner. Imagine shows you the file size before and after the compression, as well as a percentage represented the reduction in the size. Click the green dot next to an image, and the program loads it in its built-in photo viewer. This gives you a larger preview of the image, has some zoom controls, a color/quality slider. The before and after buttons are useful, to get an idea of what the image will look like, when the compression is done. You can change the background color of the previewer, this does not affect the image. There are a few ways to save the compressed images. Use the arrow button above a picture to save the content individually. Or, for a more convenient approach, click the Save button on the toolbar. You have the option to save the image as a new file, or overwrite the older photo directly. I recommend creating a new image, just in case if the output isn't good enough, you can use the original as a fallback. The button in the top right corner of Imagine's UI opens a modal with three sliders, these are the global quality settings for JPG, WebP and PNG images. This is useful for processing several images at once. Imagine is an Electron program. It is open source, available for Windows, macOS and Linux computers. There is a portable version too. It's up to you to decide what you want, image quality or quantity. The program does not have a way to select a format for all images in a single-click, so you'll need to set it manually. Landing Page https://github.com/meowtec/Imagine/ Source: Imagine is an open source image compression utility for Windows, macOS,and Linux
  14. Imperium is a stylish dual pane file manager for Windows and Linux Many dual-pane file managers that we have reviewed are in some ways, a clone of Total Commander. That's not exactly a bad thing, but there are other file managers out there, e.g. the Terminal-based file manager LF or ExplorerXP, that may work as well for you. Imperium is a dual pane file manager, sans the command bar / function bar. Well, technically there are three panels if you include the sidebar, which is sort of the help file, but it has other uses. For now, toggle the sidebar by clicking the button in the top left corner. The left pane hosts the file tree, which lists folders and files. The right pane isn't another directory tree, instead it displays a preview of the selected image or document. There are many ways to get around in the program, you can use your mouse, or click the drive bar. Hit Ctrl + J to brings up the Jump bar, which allows you to switch between directories or drives. Imperium's left pane has some semi-opaque buttons, the arrow keys can be used to navigate between folders. Of course, you can do the same with the keyboard shortcuts, backspace key to go up a folder, Alt + Left and Alt +Right, to go back or forward. The menu button in the panel is used for basic file operations, as well as to open a command window among other options. The file context menu has some useful shortcuts like copy paths, file names, create archives (ZIP, Tar, GZIP). Imperium file manager supports tabbed browsing. Click on the hamburger button to open the tab menu, which lets you open and close tabs. You may use the hotkeys Ctrl + T, Ctrl + W to open or close a tab. Switch between tabs using the left and right arrow key. The tab list provides another way to jump to the opened tabs. Add your favorite folders to a Tab Group, this gets saved to the tab menu for quick access. Toggle the sidebar after you have created a tab group, and you'll be able to manage them from the panel. You can type the path of a directory in the Jump panel to go to it, like C Downloads, the program will auto-complete the path. If it doesn't, select the folder using arrow keys, hit the Tab key. e.g. C Program Files Mozilla Firefox. To search for a file in the current directory, just type its name or file extension, and Imperium will filter the contents of the folder and display the matched items. Press Ctrl + L to create a filter to only view audio files, executables, folders, images, etc. Ctrl + F opens the built-in search tool, and this supports wild-cards, so you can search for something like *.TXT. Or, you can use regular expressions, if you want to. The search results are displayed in the sidebar (F1). Click the gear cog icon in the top left corner for some additional functions that you can enable. The Command Palette contains handy actions, lets you Swap Panels, Show Clipboard contents (files), Toggle hidden files, full screen and zen mode (single pane UI). There's a light theme available, if you aren't a fan of the dark color scheme. The Settings menu item opens the application's options, where you can configure the hotkeys, toggle some optional features. The travel-as-you-type setting, jumps to folders as you enter the letters, it takes some time getting used to. Imperium is freeware, but not open source. It is available for Windows and Linux, but doesn't come in a portable version. The file manager looks great and works well for the most part, and even though it is mouse-friendly, there are a ton of keyboard shortcuts. The program is a bit slow to start and appears to lag slightly, which I think is because of the animations. The program's resource usage was around 115-125MB of memory and about 5% of CPU, though it jumped up to about 10% for a second or two, when switching to a different drive or a folder with hundreds of files. Landing Page https://www.dreamcrafter.dev/ Source: Imperium is a stylish dual pane file manager for Windows and Linux
  15. Edge for Linux is now available in the Beta channel A Linux version of Microsoft's Chromium-based Edge browser has long been in the works, with the Redmond company first teasing it at Build 2019 and officially announcing it later that year. However, it wasn't until October of last year that the Dev channel of the Edge Insider program debuted on Linux. Over six months later, it's now time for the Beta channel to make its way to Linux users, Microsoft announced today. Since its Linux debut back in October, Edge has gained some new capabilities, including the ability to sign in with a Microsoft account and enable syncing across devices. The availability of Edge Beta for Linux lines up with last week's release of Edge 91 in the Beta channel, and it includes those improvements we've seen over the past few months. It's been a long journey for Linux users so far, and given how long it's taken for the Beta channel to become available, there's no telling when a stable release will happen. Microsoft also doesn't offer the Canary channel of Edge - which gets updated on a daily basis at the expense of stability - for Linux. Either way, a Beta release should offer more stability than what we've had so far. Edge Beta for Linux is available as both a Debian/Ubuntu package and as an .rpm file for Fedora or openSUSE users. If you use the Windows Subsystem for Linux and you're a Windows Insider in the Dev channel, you can also try the Edge browser there, since Microsoft recently added support for Linux GUI apps in Windows 10. Source: Edge for Linux is now available in the Beta channel
  16. Linux Kernel Bug Opens Door to Wider Cyberattacks The information-disclosure flaw allows KASLR bypass and the discovery of additional, unpatched vulnerabilities in ARM devices. An information-disclosure security vulnerability has been discovered in the Linux kernel, which can be exploited to expose information in the kernel stack memory of vulnerable devices. Specifically, the bug (CVE-2020-28588) exists in the /proc/pid/syscall functionality of 32-bit ARM devices running Linux, according to Cisco Talos, which discovered the vulnerability. It arises from an improper conversion of numeric values when reading the file. With a few commands, attackers can output 24 bytes of uninitialized stack memory, which can be used to bypass kernel address space layout randomization (KASLR). KASLR is an anti-exploit technique that places various objects at random to prevent predictable patterns that are guessable by adversaries. Attacks also would be “impossible to detect on a network remotely,” the firm explained. And, “if utilized correctly, an attacker could leverage this information leak to successfully exploit additional unpatched Linux vulnerabilities.” Kernel-Bug Details Proc is a special, pseudo-filesystem in Unix-like operating systems that is used for dynamically accessing process data held in the kernel. It presents information about processes and other system information in a hierarchical file-like structure. For instance, it contains /proc/[pid] subdirectories, each of which contains files and subdirectories exposing information about specific processes, readable by using the corresponding process ID. In the case of the “syscall” file, it’s a legitimate Linux operating system file that contains logs of system calls used by the kernel. An attacker could exploit the vulnerability by reading /proc/<pid>/syscall. “We can see the output on any given Linux system whose kernel was configured with CONFIG_HAVE_ARCH_TRACEHOOK,” according to Cisco’s bug report, publicly disclosed on Tuesday.. “This file exposes the system call number and argument registers for the system call currently being executed by the process, followed by the values of the stack pointer and program counter registers,” explained the firm. “The values of all six argument registers are exposed, although most system call use fewer registers.” The shell commands that trigger the vulnerability are: # echo 0 > /proc/sys/kernel/randomize_va_space (# only needed for a cleaner output) $ while true; do cat /proc/self/syscall; done | uniq (# waits for changes) $ while true; do free &>/dev/null; done (# triggers changes) Security Patch Updates Available Cisco Talos researchers first discovered the issue on an Azure Sphere device (version 20.10), a 32-bit ARM device that runs a patched Linux kernel. It’s been present since v5.1-rc4 of the kernel. “Users are encouraged to update these affected products as soon as possible: Linux Kernel versions 5.10-rc4, 5.4.66 and 5.9.8,” according to the advisory. “Talos tested and confirmed these versions of the Linux kernel could be exploited by this vulnerability.” Linux kernel bugs are rare but do happen. For instance, last October Google and Intel warned of the high-severity “BleedingTooth” flaw in BlueZ, the Linux Bluetooth protocol stack that provides support for core Bluetooth layers and protocols to Linux-based internet of things (IoT) devices. It could be exploited in a “zero-click” attack and potentially allow for escalated privileges on affected devices. Source: Linux Kernel Bug Opens Door to Wider Cyberattacks
  17. FlipFlip displays images as randomized slideshows with cool effects Slideshows are a nice way to browse image folders, especially ones which contain your favorite moments. It's not difficult to create a photo movie, a lot of image viewers come with one built-in. FlipFlip is an open source slideshow generation software that randomizes your image folders, web albums, and displays them with cool effects. The program has a modern interface with a bunch of options on the sidebar. Click the Hamburger menu button in the top left corner, to toggle the names of the sidebar items, it helps to navigate between various sections a tad easier. The first option in the sidebar is called Scenes, it's a fancy name for slideshows. Click on the add button in the bottom right corner, it displays a number of options, select the last one to add a new scene. You can assign a name to a scene by clicking the text at the top of the window. Hit the + button again, and it will show four ways to add media to a scene. You can add local media such as images, videos, playlists, or even an entire directory. FlipFlip also allows you to import remote media via URLs, e.g. a web album from Imgur, Reddit, Twitter, Instagram, etc. Click the play icon in the top right corner of the window, and your scene is ready to play. The playback controls appear at the top of the scene viewer screen, and can be used to switch between images, play/pause the playback, and jump to full screen mode. Now, that's just the basics, let's take a look at some advanced options. The wrench icon in the sidebar takes you to the Scene's options, where you can adjust the time interval, image order, video volume. FlipFlip can fit the images to your monitor's width, height, stretch or center the pictures. Toggle the background blur, adjust its strength for a cool bokeh effect. You can even make the program switch to a different scene at the end of the current slideshow. The right half of the page has options to set the orientation of the image or video, control the video playback speed. If the videos and GIFs that you selected are long, you can configure the program to only play a part of the content, before switching to the next media. Head to the Effects settings in FlipFlip to choose the various transition modes that the program uses when switching between images. The available options include Zoom, Cross-Fade, Strobe, Fade In/Out and Panning. Each of these effects has its own set of controls that you may customize. Give your slideshow a bit of extra life by adding audio playlists. You can also add text overlays to the scene. Before you can add a playlist, you will need to import audio tracks from the library, the program supports MP3, M4A, WAV and OGG formats. Similarly, you can add caption scripts, if that's your thing. FlipFlip can generate random scenes using files from your library as the source, to do this switch to the Scene Generators tab on the sidebar and set the rules for the slideshow generation. The other tab, Scene Grid displays multiple scenes in a grid format, you'll have to create a few scenes to have them show up in the grid selector. Tag a source by clicking on Manage tags on the sidebar, this helps you to quickly find the content you are looking for using the search bar. You can export a scene to a JSON file, or your entire library too. The Settings tab lets you set FlipFlip to stay on top of other programs, toggle full screen mode, set the minimum size for images and videos. The program's interface colors can be customized, and you can optionally enable the program to work in portable mode to make it save the settings in its parent folder. You may backup and restore your settings from this page. FlipFlip is written in Electron. The program is available for Windows, macOS and Linux. It has way more options than you may actually need or use. Check out the built-in tutorial, it's rather extensive. The only issue with it is that sharing a slideshow isn't as easy as with other programs. Landing Page https://github.com/ififfy/flipflip/ Source: FlipFlip displays images as randomized slideshows with cool effects
  18. Fedora 34 is ready for public consumption following beta The Fedora Project has announced the release of Fedora 34 following a little over a month of beta testing. Fedora 34 ships with the new GNOME 40 desktop which comes with a big overhaul of the GNOME interface compared to GNOME 3.38 (the previous version). Additionally, the default BTRFS file system comes with transparent compression enabled which should prolong the life of solid-state disks. Apart from the main Fedora Workstation (which is the version you’ll probably want), Fedora Server, Fedora IoT, and Fedora CoreOS have been updated to version 34 too. Fedora Spins, which provide other desktop environments, and Fedora Labs which are tailored for specific use cases have also been updated to the latest version of Fedora. Notably, the KDE spin of Fedora 34 has finally switched from the X11 window manager to Wayland, this was already the case for the GNOME edition of Fedora since version 25 released in 2016. As more users come over to Wayland, software developers will have to ensure that their programs support Wayland as well as they supported X11. The main body of Linux users will come over to Wayland in 2022 with the launch of Ubuntu 22.04 LTS which should be using Wayland. Other changes in this release include a switch from PulseAudio to PipeWire to better support Flatpaks, systemd-oomd has been enabled on all Fedora variants to better handle out-of-memory situations, several programming language packages have been updated (Ruby 3.0, Golang 1.16), and an i3 window manager Fedora Spin is now available for download. If you’re running Fedora 33 and want to upgrade, make a backup of your data and follow these instructions. If you do not yet have Fedora but would like to download Fedora 34, head over to the Fedora website and download the version you’d like. Source: Fedora 34 is ready for public consumption following beta
  19. Linus Torvalds: Linux 5.12 is a small release but the next one is going to be bigger This latest update to the Linux kernel might be modest but includes some new features, and the next update is likely to be larger. Linus Torvalds announced the arrival of the Linux kernel 5.12 on Sunday, which he flagged as a small update – but one that will be followed by bigger changes in version 5.13. "Both the shortlog (appended) and the diffstat are absolutely tiny, and it's mainly just a random collection of small fixes in various areas," Torvalds noted. With Linux 5.12 out, he's now started the merge window for 5.13 but he's still encouraging developers to test 5.12. "Despite the extra week, this was actually a fairly small release overall. Judging by linux-next, 5.13 will be making up for it," wrote Torvalds. While it might be a relatively modest release in terms of changes, Linux 5.12 does come with a number of notable improvements for various hardware, including better support for Microsoft Surface laptops. As per Phoronx, Linux 5.12 contains work on the Surface's System Aggregator firmware — an embedded controller for managing battery status, thermal reporting, cooling mode and other hardware-related functions. Work has been underway to make the module better for Linux, but it's from an independent developer rather than Microsoft. This kernel version also brings improved support for Lenovo laptop hardware profiles thanks to work from Lenovo and Red Hat engineers. This lets users change a laptop's power and performance levels, which affects thermal and fan-speed behavior. Torvalds notes that some AMD and Intel i915 GPU fixes "stand out" in this release. The Intel GPU fixes in this version of the kernel refer to an option to disable Intel integrated graphics security mitigations for the so-called iGPU leak. Another notable addition is Variable Rate Refresh (VRR) / Adaptive-Sync for Intel Tiger Lake "Gen12" Xe architecture graphics and newer. Linux 5.12 now supports overclocking on the Radeon RX 6000 series chips, as well as support for the Nintendo 64 and the Sony PlayStation 5 DualSense controller driver. On the hypervisor side, Microsoft delivered a Hyper-V patch to allow Linux to boot as the root partition. Additionally, Linux 5.12 includes work on the Kernel-based Virtual Machine (KVM) to bring support for x86/x86_64 to allow user-space to emulate Xen hypercalls. Source: Linus Torvalds: Linux 5.12 is a small release but the next one is going to be bigger
  20. Linux bans University of Minnesota for sending buggy patches in the name of research Greg Kroah-Hartman, who is one of the head honchos of the Linux kernel development and maintenance team, has banned the University of Minnesota (UMN) from further contributing to the Linux Kernel. The University had apparently introduced questionable patches into the kernel of Linux. The UMN had worked on a research paper dubbed "On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits". Obviously, the "Open-Source Software" (OSS) here is indicating the Linux kernel and the University had stealthily introduced Use-After-Free (UAF) vulnerability to test the susceptibility of Linux. So far so good perhaps as one can see it as ethical experimenting. However, the UMN apparently sent another round of "obviously-incorrect patches" into the kernel in the form of "a new static analyzer" causing distaste to Greg Kroah-Hartman who has now decided to ban the University from making any further contributions. Here's the exchange between Aditya Pakki, who is a Ph.D. student of Computer Science and Engineering at UMN, and Greg Kroah-Hartman. Pakki had written: Greg, I respectfully ask you to cease and desist from making wild accusations that are bordering on slander. These patches were sent as part of a new static analyzer that I wrote and it's sensitivity is obviously not great. I sent patches on the hopes to get feedback. We are not experts in the linux kernel and repeatedly making these statements is disgusting to hear. Obviously, it is a wrong step but your preconceived biases are so strong that you make allegations without merit nor give us any benefit of doubt. I will not be sending any more patches due to the attitude that is not only unwelcome but also intimidating to newbies and non experts. To which Greg Kroah-Hartman has responded: You, and your group, have publicly admitted to sending known-buggy patches to see how the kernel community would react to them, and published a paper based on that work. Now you submit a new series of obviously-incorrect patches again, so what am I supposed to think of such a thing? They obviously were _NOT_ created by a static analysis tool that is of any intelligence, as they all are the result of totally different patterns, and all of which are obviously not even fixing anything at all. So what am I supposed to think here, other than that you and your group are continuing to experiment on the kernel community developers by sending such nonsense patches? When submitting patches created by a tool, everyone who does so submits them with wording like "found by tool XXX, we are not sure if this is correct or not, please advise." which is NOT what you did here at all. You were not asking for help, you were claiming that these were legitimate fixes, which you KNEW to be incorrect. A few minutes with anyone with the semblance of knowledge of C can see that your submissions do NOT do anything at all, so to think that a tool created them, and then that you thought they were a valid "fix" is totally negligent on your part, not ours. You are the one at fault, it is not our job to be the test subjects of a tool you create. Our community welcomes developers who wish to help and enhance Linux. That is NOT what you are attempting to do here, so please do not try to frame it that way. Our community does not appreciate being experimented on, and being "tested" by submitting known patches that are either do nothing on purpose, or introduce bugs on purpose. If you wish to do work like this, I suggest you find a different community to run your experiments on, you are not welcome here. Because of this, I will now have to ban all future contributions from your University and rip out your previous contributions, as they were obviously submitted in bad-faith with the intent to cause problems. *plonk* As Greg K-H had stated in his response to Aditya Pakki, the patches introduced by the UMN will indeed be removed and reverted which has been confirmed by this follow-up LKML message. Source: Greg K-H (Twitter) Source: Linux bans University of Minnesota for sending buggy patches in the name of research
  21. Motrix is a cross-platform, open-source download manager for Windows, Linux and macOS Everyone has a favorite download manager. IDM has been my go-to choice for nearly a decade. But as an enthusiast, I test new ones from time-to-time. Motrix has been on my radar for a while, I gave it a fair shot. The program is cross-platform and open-source. Motrix has a dual-pane GUI and a sidebar, and the design is modern. The Tasks tab is the primary screen, it has three tabs of its own, for accessing ongoing, paused and completed downloads. To begin a new file download, click on the + button on the sidebar. The application will automatically pick up a URL that is in the clipboard. The speed meter in the bottom right corner indicates the current download speed, though you can also view this information in the download progress displayed in the right pane of Motrix's interface. You can rename the file, set the folder in which to save the file to. Click on the advanced options button, and you can add a user-agent, referrer and a proxy. The download manager sits in the system tray, and has a menu with options to quickly start a download. Motrix can download torrents too, you may drop a file onto the second tab of the "new download" page to start the process. Or, you can paste a Magnet URI link in the first tab, and the app will recognize it, fetch the torrent's metadata and start downloading the content. The program will seed the torrent automatically. Head to the Stopped tab, which is basically your paused/completed downloads section, and you can interact with the file. It has buttons to restart the download, delete it, and a copy link button. The last option supports normal URLs, as well as magnet links, which I find very useful. Double-click on a downloaded file to open its location in Windows Explorer. Motrix is based on Aria2 like uGet and Persepolis Download Manager. The program does not have official browser extensions, but works with third-party add-ons that support Aria2. Head to the Settings > Lab section, and you will find the recommended extensions. I used YAAW, and set 16800 as the port, and toggled the interception of downloads to Aria2c. The program suggests using the Aria2 Download Manager Integration add-on for Firefox, and while it is no longer being maintained, it does work with Motrix. To use it, go to the RPC Server tab in the extension, and choose the same port, i.e., 16800. Motrix is an open source Electron app, it is available in an optional portable version. The program uses about 125-130 MB of RAM when running in the background. What surprised me was that the resource usage while downloading remained in a similar range, which for an Electron application is not bad at all. I'm guessing that's because Aria2 is doing the heavy lifting here, so the download manager's interface is fairly light on resources. The drawback with Motrix is that you don't have extensive control over torrent downloads (compared to a proper program like qBitTorrent). If you use a magnet link with Motrix, you can't select the contents of the torrents to download specific files. For that, you have to use the torrent file, which then opens the selective download screen. There is no way to view the information about peers, which also means you can't add any either. To add trackers, go to the Advanced settings page and paste the list of URLs. This isn't the most convenient option, but it's better than nothing. If you're looking for more refined controls, I'd say you're better off with qBitTorrent or PicoTorrent. Motrix sets itself as the default torrent downloader without prompting the user, that was a bit annoying for me. The program cannot be used to download videos, which was perhaps what surprised me the most, as nearly every download manager I've used supports this feature. Also, the program does not maintain the download history, so it's like you start fresh every time you close and reopen it. Aside from those issues and the lack of updated add-on for Firefox, Motrix is a decent download manager. The download speeds were excellent, I have no complaints here. If I wanted a lighter one (and wasn't using IDM), I'd go for Neat Download Manager or XDM. PyIDM, HTTP Downloader, AM Downloader are some other good options that you may want to consider. Landing Page https://github.com/agalwood/Motrix Source: Motrix is a cross-platform, open-source download manager for Windows, Linux and macOS
  22. IBM creates a COBOL compiler – for Linux on x86 What’s this got to do with Big Blue's hybrid cloud obsession? Cloudifying COBOL ... until you repent and go back to z/OS IBM has announced a COBOL compiler for Linux on x86. News of the offering appeared in an announcement that states: "IBM COBOL for Linux on x86 1.1 brings IBM's COBOL compilation technologies and capabilities to the Linux on x86 environment," and describes it as "the latest addition to the IBM COBOL compiler family, which includes Enterprise COBOL for z/OS and COBOL for AIX." COBOL – the common business-oriented language – has its roots in the 1950s and is synonymous with the mainframe age and difficulties paying down technical debt accrued since a bygone era of computing. So why is IBM – which is today obsessed with hybrid clouds – bothering to offer a COBOL compiler for Linux on x86? Because IBM thinks you may want your COBOL apps in a hybrid cloud, albeit the kind of hybrid IBM fancies, which can mean a mix of z/OS, AIX, mainframes, POWER systems and actual public clouds. COBOL shops have been promised that "minimal customization effort and delivery time are required for strategically deploying COBOL/CICS applications developed for z/OS to Linux on x86 and cloud environments." The new offering does that by linking to DB2 and IBM's Customer Information Control System so that apps on Linux using x86 can chat with older COBOL apps. Big Blue has also baked in native XML support to further help interoperability, and created a conversion utility that can migrate COBOL source code developed with non-IBM COBOL compilers. But the announcement also suggests IBM doesn't completely believe this COBOL on x86 Linux caper has a future as it concludes: "This solution also provides organizations with the flexibility to move workloads back to IBM Z should performance and throughput requirements increase, or to share business logic and data with CICS Transaction Server for z/OS." The new offering requires RHEL 7.8 or later, or Ubuntu Server 16.04 LTS, 18.04 LTS, or later. Source: IBM creates a COBOL compiler – for Linux on x86
  23. Fedora 34 beta released with major GNOME desktop upgrade The Fedora Project has released the beta version of the upcoming Fedora 34. New ISO images are available for Fedora Workstation, Fedora Server, Fedora IoT, Fedora Spins, Fedora Labs, and Fedora for ARM. The biggest change users will notice is the inclusion of GNOME 40 in Fedora Workstation. GNOME 40 is the successor to GNOME 3.38 which shipped with Fedora 33 last year. It has been significantly rewritten and improves the overall experience of the GNOME shell overview. According to Fedora, the new GNOME shell overview makes search, windows, workspaces, and applications more “spatially coherent” – a major change of the overview is that the dock has been moved from the left of the view to the bottom. With Fedora 34, the team have enabled transparent compression in the BTRFS file system, this will free up more disk space and extend the lifespan of solid-state disks. The compression also means larger files read and write quicker than before. Going forward, the developers plan to keep adding enhancements to BTRFS to make it even better. In recent years, the Linux world has made a shift from traditional packaging systems to Flatpaks which are sandboxed from the rest of the system and include their own dependencies making program distribution a little easier. To meet the needs of these programs, Fedora 34 replaces PulseAudio with PipeWire. PipeWire is also better designed for pro-audio use cases with its lower latency. The Fedora Project has made an entry on its wiki outlining all the changes that come with Fedora 34. If you want to try out Fedora 34 beta, head over to the project’s website, find the version you want, and choose to download the corresponding beta release rather than Fedora 33, which is the current stable version. Source: Fedora 34 beta released with major GNOME desktop upgrade
  24. 15-year-old Linux kernel bugs let attackers gain root privileges Three vulnerabilities found in the iSCSI subsystem of the Linux kernel could allow local attackers with basic user privileges to gain root privileges on unpatched Linux systems. These security bugs can only be exploited locally, which means that potential attackers will have to gain access to vulnerable devices by exploiting another vulnerability or using an alternative attack vector. The 15-year old Linux kernel bugs GRIMM researchers discovered the bugs 15 years after they were introduced in 2006 when the iSCSI kernel subsystem was being developed. According to GRIMM security researcher Adam Nichols, the flaws affect all Linux distributions, but luckily, the vulnerable scsi_transport_iscsi kernel module is not loaded by default. However, depending on the Linux distribution attackers might target, the module can be loaded and exploited for privilege escalation. "The Linux kernel loads modules either because new hardware is detected or because a kernel function detects that a module is missing," Nichols said. "The latter implicit autoload case is more likely to be abused and is easily triggered by an attacker, enabling them to increase the attack surface of the kernel." Impact flowchart (GRIMM) "On CentOS 8, RHEL 8, and Fedora systems, unprivileged users can automatically load the required modules if the rdma-core package is installed," Nichols added. "On Debian and Ubuntu systems, the rdma-core package will only automatically load the two required kernel modules if the RDMA hardware is available. As such, the vulnerability is much more limited in scope." Gaining root privileges via KASLR bypass Attackers can abuse the bugs to bypass exploit-blocking security features such as Kernel Address Space Layout Randomization (KASLR), Supervisor Mode Execution Protection (SMEP), Supervisor Mode Access Prevention (SMAP), and Kernel Page-Table Isolation (KPTI). The three vulnerabilities can lead to local elevation of privileges, information leaks, and denials of service: CVE-2021-27365: heap buffer overflow (Local Privilege Escalation, Information Leak, Denial of Service) CVE-2021-27363: kernel pointer leak (Information Leak) CVE-2021-27364: out-of-bounds read (Information Leak, Denial of Service) All three vulnerabilities are patched as of 5.11.4, 5.10.21, 5.4.103, 4.19.179, 4.14.224, 4.9.260, and 4.4.260, and patches became available in mainline Linux kernel on March 7th. No patches will be released for EOL unsupported kernels versions like 3.x and 2.6.23. If you have already installed one of the Linux kernel versions, your device can't be compromised in attacks exploiting these bugs. If you haven't patched your system, you can use the above diagram to find if your device is vulnerable to exploitation attempts. Source: 15-year-old Linux kernel bugs let attackers gain root privileges
  25. This problem usually occurs on computers running both Windows and Linux.This problem occurs when you use Windows' built-in formatting function to delete the Linux system installed on your disk(For details, please see the following figure).If you fit the picture then this article will help you. GNU GRUB (Grand Unified Bootloader "GRUB" for short) is a multi-operating system boot program from the GNU project.GRUB is an implementation of the Multiple Boot Specification, which allows users to have multiple operating systems on a computer at the same time and select which operating system they want to run when the computer is booted.Today's mainstream Linux versions typically use GRUB to boot. However, we used the Windows built-in formatting function to delete Linux which caused the GRUB configuration file to be lost and caused this error. First we have to get into Windows. 1. Begin by typing the following code after "GRUB >" to query the disk and Disk partition that exist on the device. ls Then you can see code similar to the one shown below.(If "BIOS+MBR" format is the first line of code.If the format is "UEFI+GPT", it is the second line of code.) (hd0) (hd0,Msdos3) (hd0, msdos2) (hd0, Msdos1) #BIOS+MBR (hd0) (hd,gpt4) (hd,gpt3) (hd0,gpt2) (hd0,gpt1) #UEFI+GPT "hd0" stands for the computer's first hard disk."hd1", "hd2" and so on will appear if your computer has more hard drives. "Msdos1 (gpt1)" usually represents the first partition of the computer. For example, "hd0, Msdos1" represents the first partition of the first disk. --------------------- 2. We then enter the following code to find out which disk partition the Windows boot file is on.Here I choose to start looking for the boot files on the first partition of the first disk. (Here are two situations, please choose one of them according to your computer) BIOS+MBR: ls (hd0,1)/ bootmgr If you do not receive an error message and instead display "BOOTMGR," the boot file is successfully found on the first partition of the first disk.If you receive an error message, change the disk or partition and try again. Because I find the boot file on the first partition of the first disk on my computer and we continue to type the following command. set root=(hd0, 1) If there is no prompt, the setup is successful, and let's proceed with the following code. chainloader +1 If there is no prompt, the setup is successful, and let's proceed with the following code. boot In general, you can access Windows from here.After success look at the third point. UEFI+GPT: Enter the following code to find out which disk and partition the Windows EFI boot file is on. ls (hd0,1)/efi/microsoft/boot/bootmgfw.efi If you do not receive an error message and instead display "bootmgfw.efi" the boot file is successfully found on the first partition of the first disk.If you receive an error message, change the disk or partition and try again. Because I find the boot file on the first partition of the first disk on my computer and we continue to type the following command. set root=(hd0,1) If there is no prompt, the setup is successful, and let's proceed with the following code. chainloader /efi/microsoft/boot/bootmgfw.efi If you do not receive an error message, the setup is successful. boot In general, you can access Windows from here.After success look at the third point. --------------------- 3. After successfully entering the Windows system we can look for some software on the Internet to change our master boot record.We will change the "GRUB" bootstrap to the "Windows NTLoader" bootstrap.For example, we can use the software "Bootice"(by Pauly).You can find it in a Google search. The above is my experience in solving this error, I hope to help you.If you find this article helpful, please click "I like it". It's very important to me.
  • Create New...