Fedora on the PinePhone: Pipewire Calling!

https://odysee.com/@linmob:3/fedora-on-the-pinephone-pipewire-calling:1

#linux #fedora #pinephone #pipwire #video
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

‘Windows is sh*t:’ Linux Users and The Technical Superiority Problem

“Windows is shit.” “That’s garbage, don’t use it.” “I don’t understand why anyone uses that crap.” ~Toxic nerds on the internet, since forever.

https://medium.com/linuxforeveryone/windows-is-sh-t-linux-users-and-the-technical-superiority-problem-196a597aa860

#linux #windows #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Researcher finds 5 privilege escalation vulnerabilities in Linux kernel

A researcher at Positive Technologies found five similar vulnerabilities in the kernel of Linux operating systems that can allow an attacker to escalate local privileges on a victim’s network.

The flaws, discovered by security researcher Alexander Popov, could allow an attacker to potentially steal data, run administrative commands or install malware on operating systems or server applications. Popov was able to successfully test an exploit of one of the vulnerabilities on Fedora Server 33, notifying the Linux Foundation, a non-profit consortium designed to standardize support for the open-source Linux system, and other parties through email on February 5.

“Hello! Let me inform you about the Linux kernel vulnerabilities that I’ve found in AF_VSOCK implementation. I managed to exploit one of them for a local privilege escalation on Fedora Server 33 for x86_64, bypassing SMEP and SMAP,” Popov wrote to the group, adding he planned to share more details about the exploit techniques with them “later.”

Popov said in the email that he had already developed a patch and followed responsible disclosure guidelines throughout the process. He submitted his findings to the National Institute of Standards and Technologies’ National Vulnerability Database, which developed them into CVE-2021-26708.

The vulnerabilities received a 7.0 out of 10 for severity by the Common Vulnerability Scoring System. According to Popov, the vulnerable kernel modules are race conditions that are present in all major GNU/Linux distributions and automatically load when creating a socket through the AF_VSOCK core, which is designed to communicate between guest virtual machines and their host.

https://www.scmagazine.com/home/security-news/vulnerabilities/researcher-finds-5-privilege-escalation-vulnerabilities-in-linux-kernel/

#linux #kernel #vulnerabilities #privilege #escalation
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

7-Zip developer releases the first official Linux version

An official version of the popular 7-zip archiving program has been released for Linux for the first time.

Linux already had support for the 7-zip archive file format through a POSIX port called p7zip but it was maintained by a different developer.

As the p7zip developer has not maintained their project for 4-5 years, 7-Zip developer Igor Pavlov decided to create a new official Linux version based on the latest 7-Zip source code.

Pavlov has released 7-Zip for Linux in AMD64, ARM64, x86, and armhf versions, which users can download at the following links:

👉🏼 7-Zip for 64-bit Linux x86-64 (AMD64)
👉🏼 7-Zip for 64-bit Linux ARM64
👉🏼 7-Zip for 32-bit Linux x86
👉🏼 7-Zip for 32-bit Linux armhf

This first version of 7-Zip for Linux is released as a console application and has similar, but not identical, command-line arguments as p7zip.

https://sourceforge.net/p/sevenzip/discussion/45797/thread/cec5e63147/

https://www.bleepingcomputer.com/news/software/7-zip-developer-releases-the-first-official-linux-version/

#7zip #sevenzip #official #linux #tools
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Linux, macOS, and Windows running simultaneously on a 1st generation Core i5 and 8GB RAM

This is my Thinkpad T410 with a 1st generation Intel Core i5 and 8 GB of RAM. It runs Arch Linux with Xfce.

The macOS Mojave (chosen over Catalina or Big Sur for it’s lower resource usage) VM works surprisingly well with 3GB RAM, but even when the Windows VM was allocated that much, it was very sluggish.

The Windows installation was very easy. All you have to do is download the ISO from Microsoft, and fill in your username, password, and product key in the “Express Installation” feature of Gnome Boxes.

https://lukesempire.com/2021/04/11/vms

#linux #macos #windows #installation
📡 @nogoolag 📡 @blackbox_archiv

Servicing the Windows Subsystem for Linux (WSL) 2 Linux kernel

Note: This blog post is co-authored by the awesome WSL dev Pierre Boulay. Thanks Pierre! 😊

We’ve just shipped the 5.10.16.3 WSL 2 Linux kernel version to Windows Insiders which brings exciting new changes: Support for the LUKS disk encryption, and some long-awaited bug fixes. We’d like to seize this opportunity to highlight these improvements and show you how these changes land on your Windows machine no matter your Windows version.

New feature addition: Support for LUKS disk encryption

This kernel update adds support for LUKS disk format. Such disks can now we accessed using wsl –mount.

LUKS disks can be mounted through the following steps: (Refer to distro specific instructions to install cryptsetup if needed).

https://devblogs.microsoft.com/commandline/servicing-the-windows-subsystem-for-linux-wsl-2-linux-kernel/

#microsoft #linux #kernel #wsl
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Firefox and Chromium - Madaidans-Insecurities (Last edited: April 26, 2021)

Chromium is vastly more secure than Firefox. Firefox's sandboxing and exploit mitigations are much weaker than Chromium's. This article is not blindly hating on Firefox but is a factual analysis of its weaknesses.

https://madaidans-insecurities.github.io/firefox-chromium.html

💡 read this as well:
https://t.iss.one/BlackBox_Archiv/831

#madaidan #insecurities #information #android #linux #ff #chrome #chromium #bsd #vpn #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

Report on University of Minnesota Breach-of-Trust Incident

On April 20, 2021, in response to the perception that a group of University of Minnesota (UMN) researchers had resumed sending compromised code submissions to the Linux kernel, Greg Kroah-Hartman asked the community to stop accepting patches from UMN and began a re-review of all submissions previously accepted from the University.

This report summarizes the events that led to this point, reviews the "Hypocrite Commits" paper that had been submitted for publication, and reviews all known prior kernel commits from UMN paper authors that had been accepted into our source repository.

https://lwn.net/ml/linux-kernel/202105051005.49BFABCE@keescook/

#linux #kernel #university #minnesota #breach #trust
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

30 Years Of Linux - An Interview With Linus Torvalds: Open Source And Beyond - Part 2

The Linux kernel is celebrating its thirtieth anniversary this year. In part two of our interview, we conclude our conversation with Linux creator Linus Torvalds. If you haven't already, check out part one to learn all about Linux kernel development and the creation of the Git version control system.

In this second part, Linus offers insight and perspective gained from managing a large open source project for three decades. He also talks about his employment at the Linux Foundation, and describes what he does with his spare time when he's not focused on kernel development.

As to what makes an open source project successful, Linus admits, "I don't really know what the key to success is. Yes, Linux has been very successful, and clearly Git too started on the right foot, but it's always very hard to really attribute that to some deeper cause. Maybe I've just been lucky?" He goes on to offer three practical recommendations he's followed himself: be there for other developers, be open, and be honest.

https://www.tag1consulting.com/blog/interview-linus-torvalds-open-source-and-beyond-part-2

💡 read as well: An Interview With Linus Torvalds: Linux and Git - Part 1
https://www.tag1consulting.com/blog/interview-linus-torvalds-linux-and-git

#interview #torvalds #linux
📡 @nogoolag 📡 @blackbox_archiv

Improving Firefox stability on Linux

Roughly a year ago at Mozilla we started an effort to improve Firefox stability on Linux. This effort quickly became an example of good synergies between FOSS projects.

Every time Firefox crashes, the user can send us a crash report which we use to analyze the problem and hopefully fix it:

https://hacks.mozilla.org/2021/05/improving-firefox-stability-on-linux/

#ff #firefox #stability #linux
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv