• Home
• About
• Contact
• Disclaimer
• Privacy Policy

DistroWatch Weekly, Issue 1071

Posted: 2024-05-20 00:47:00
Source: https://distrowatch.com/12150

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. This week in DistroWatch Weekly:
Review: Archcraft 2024.04.06
News: ReactOS improves functionality and stability, Haiku makes it easier to switch themes, NetBSD sets a policy against accepting AI-generated code, Canonical outlines plans for Ubuntu 24.10
Questions and answers: Common command line mistakes
Released last week: Manjaro Linux 24.0, Rescuezilla 2.5, Endless....

Why a 'Frozen' Distribution Linux Kernel Isn't the Safest Choice for Security

Posted: 2024-05-19 01:04:00
Source: https://linux.slashdot.org/story/24/05/19/0030248/why-a-frozen-distribution-linux-kernel-isnt-the-safest-choice-for-security?utm_source=atom1.0mainlinkanon&utm_medium=feed

Jeremy Allison — Sam (Slashdot reader #8,157) is a Distinguished Engineer at Rocky Linux creator CIQ. This week he published a blog post responding to promises of Linux distros "carefully selecting only the most polished and pristine open source patches from the raw upstream open source Linux kernel in order to create the secure distribution kernel you depend on in your business." But do carefully curated software patches (applied to a known "frozen" Linux kernel) really bring greater security? "After a lot of hard work and data analysis by my CIQ kernel engineering colleagues Ronnie Sahlberg and Jonathan Maple, we finally have an answer to this question. It's no." The data shows that "frozen" vendor Linux kernels, created by branching off a release point and then using a team of engineers to select specific patches to back-port to that branch, are buggier than the upstream "stable" Linux kernel created by Greg Kroah-Hartman. How can this be? If you want the full details the link to the white paper is here. But the results of the analysis couldn't be clearer. - A "frozen" vendor kernel is an insecure kernel. A vendor kernel released later in the release schedule is doubly so. - The number of known bugs in a "frozen" vendor kernel grows over time. The growth in the number of bugs even accelerates over time. - There are too many open bugs in these kernels for it to be feasible to analyze or even classify them.... [T]hinking that you're making a more secure choice by using a "frozen" vendor kernel isn't a luxury we can still afford to believe. As Greg Kroah-Hartman explicitly said in his talk "Demystifying the Linux Kernel Security Process": "If you are not using the latest stable / longterm kernel, your system is insecure." CIQ describes its report as "a count of all the known bugs from an upstream kernel that were introduced, but never fixed in RHEL 8." For the most recent RHEL 8 kernels, at the time of writing, these counts are: RHEL 8.6 : 5034 RHEL 8.7 : 4767 RHEL 8.8 : 4594 In RHEL 8.8 we have a total of 4594 known bugs with fixes that exist upstream, but for which known fixes have not been back-ported to RHEL 8.8. The situation is worse for RHEL 8.6 and RHEL 8.7 as they cut off back-porting earlier than RHEL 8.8 but of course that did not prevent new bugs from being discovered and fixed upstream.... This whitepaper is not meant as a criticism of the engineers working at any Linux vendors who are dedicated to producing high quality work in their products on behalf of their customers. This problem is extremely difficult to solve. We know this is an open secret amongst many in the industry and would like to put concrete numbers describing the problem to encourage discussion. Our hope is for Linux vendors and the community as a whole to rally behind the kernel.org stable kernels as the best long term supported solution. As engineers, we would prefer this to allow us to spend more time fixing customer specific bugs and submitting feature improvements upstream, rather than the endless grind of backporting upstream changes into vendor kernels, a practice which can introduce more bugs than it fixes. ZDNet calls it "an open secret in the Linux community." It's not enough to use a long-term support release. You must use the most up-to-date release to be as secure as possible. Unfortunately, almost no one does that. Nevertheless, as Google Linux kernel engineer Kees Cook explained, "So what is a vendor to do? The answer is simple: if painful: Continuously update to the latest kernel release, either major or stable." Why? As Kroah-Hartman explained, "Any bug has the potential of being a security issue at the kernel level...." Although [CIQ's] programmers examined RHEL 8.8 specifically, this is a general problem. They would have found the same results if they had examined SUSE, Ubuntu, or Debian Linux. Rolling-release Linux distros such as Arch, Gentoo, and OpenSUSE Tumbleweed constantly release the latest updates, but they're not used in businesses. Jeremy Allison's post points out that "the Linux kernel used by Android devices is based on the upstream kernel and also has a stable internal kernel ABI, so this isn't an insurmountable problem..."

Read more of this story at Slashdot.

How to Install Free VMware Workstation Pro 17 on Windows 10/11

Posted: 2024-05-18 16:17:37
Source: https://linuxhint.com/how-to-install-free-vmware-workstation-pro-17-on-windows-10-11/

VMware by Broadcom discontinued the VMware Workstation Player product line completely and released the VMware Workstation Pro 17 (and later versions) for free for personal use. In this article, I will show you how to download and install the free VMware Workstation Pro 17 on the Windows 10/11 operating system.       Table of […]

How to Download Free VMware Workstation Pro 17 and VMware Fusion 13 Pro Installer from Broadcom

Posted: 2024-05-18 15:58:11
Source: https://linuxhint.com/how-to-download-free-vmware-workstation-pro-17-and-vmware-fusion-13-pro-installer-from-broadcom/

After VMware was acquired by Broadcom, they made a lot of changes to the licensing model of VMware products. One of those changes is the release of the free VMware Workstation/Fusion Pro versions for personal use. VMware by Broadcom decided to release the VMware Workstation/Fusion Pro desktop virtualization software (Type-II hypervisor) for free for personal […]

How to install Manjaro 24.0 "Wynsdey'" Xfce Desktop

Posted: 2024-05-17 13:59:16
Source: https://www.youtube.com/watch?v=xf0vw1x21J0

6.9.1: stable

Posted: 2024-05-17 10:18:19
Source: http://www.kernel.org/

6.8.10: stable

Posted: 2024-05-17 10:16:37
Source: http://www.kernel.org/

6.6.31: longterm

Posted: 2024-05-17 10:03:51
Source: http://www.kernel.org/

6.1.91: longterm

Posted: 2024-05-17 09:58:20
Source: http://www.kernel.org/

5.15.159: longterm

Posted: 2024-05-17 09:51:13
Source: http://www.kernel.org/

5.10.217: longterm

Posted: 2024-05-17 09:49:35
Source: http://www.kernel.org/

5.4.276: longterm

Posted: 2024-05-17 09:45:32
Source: http://www.kernel.org/

4.19.314: longterm

Posted: 2024-05-17 09:42:50
Source: http://www.kernel.org/

next-20240517: linux-next

Posted: 2024-05-17 03:37:31
Source: http://www.kernel.org/

Manjaro 24.0 "Wynsdey'" Xfce Desktop overview | Manjaro Empowering Devices and Users

Posted: 2024-05-16 16:38:03
Source: https://www.youtube.com/watch?v=YZEuLOzlQ2w

Understanding Ownership and Access Control for Enhanced Security

Posted: 2024-05-16 16:00:00
Source: https://www.linuxjournal.com/content/understanding-ownership-and-access-control-enhanced-security

by George Whittaker

Introduction

In the digital age, securing files and controlling access to them is paramount. File permissions play a crucial role in maintaining the integrity and confidentiality of data. This article delves into the intricacies of file permissions, ownership, and access control, providing a guide to understanding and managing these aspects effectively.

In today's interconnected world, the ability to manage who can access and modify files is essential. Whether you are a system administrator, a developer, or an everyday computer user, understanding file permissions is vital to ensure the security and proper management of your data. This article will explore the fundamentals of file permissions, the concepts of file ownership, and the mechanisms of access control, equipping you with the knowledge to navigate and control file systems effectively.

Basics of File Permissions

Definition of File Permissions: File permissions determine the level of access granted to users for specific files and directories. They define what actions a user can perform, such as reading, writing, or executing a file. Properly set file permissions are crucial for maintaining security, preventing unauthorized access, and protecting sensitive data.

Common File Systems: Different operating systems use various file systems, each with its method of handling file permissions. Common file systems include NTFS (used by Windows), ext4 (common in Linux), and HFS+ (used by macOS). Understanding how these file systems manage permissions is essential for effective file management across different platforms.

Ownership of Files

File Owner: Every file and directory on a system has an owner, typically the user who created it. The file owner has control over the file's permissions and can grant or restrict access to other users. Understanding file ownership is fundamental to managing permissions effectively.

Groups: In addition to individual ownership, files can be associated with a group. A group is a collection of users, allowing permissions to be set for multiple users simultaneously. By assigning files to groups, administrators can streamline access control, making it easier to manage permissions for users who need similar access.

Types of Permissions

Read, Write, and Execute: File permissions are generally divided into three types: read, write, and execute.

Go to Full Article

Distribution Release: Br OS 24.04

Posted: 2024-05-16 14:17:03
Source: https://distrowatch.com/12149

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. Anderson Marques has announced the release of Br OS 24.04, a brand-new version of this Brazilian project's Kubuntu-based Linux distribution with Calamares as the system installer and built-in artificial intelligence (AI) features. After a heap of last-minute changes in the internal structure of Kubuntu, which delayed the....

Endless OS 6 Now Available

Posted: 2024-05-16 14:14:36
Source: http://www.linux-magazine.com/Online/News/Endless-OS-6-Now-Available

After more than a year since the last update, the latest release of Endless OS is now available for general usage.

Enterprise Linux Security Episode 89 - Debunking Security Myths

Posted: 2024-05-16 05:29:59
Source: https://www.youtube.com/watch?v=icViq88Wx_Q

next-20240516: linux-next

Posted: 2024-05-16 04:54:24
Source: http://www.kernel.org/