Support us on Patreon
PayPalLatest Comments by BlackBloodRum
Ubuntu flavours to drop Flatpak by default and stick to Snaps
23 Feb 2023 at 5:10 pm UTC Likes: 2
23 Feb 2023 at 5:10 pm UTC Likes: 2
Just Canonical being Canonical to be honest. It's usual game for them.
Lest we forget:
Wayland vs Mir
Unity vs Gnome
Upstart etc and so on
Really this is nothing new. Canonical has always made a product and project while excluding the other distributions in the design process just to avoid adding code upstream and then thrown their teddy out the cot when people don't use it.
Nothing to see here folks, move along :grin:
Give it a few years, they'll have flatpak again.
Lest we forget:
Wayland vs Mir
Unity vs Gnome
Upstart etc and so on
Really this is nothing new. Canonical has always made a product and project while excluding the other distributions in the design process just to avoid adding code upstream and then thrown their teddy out the cot when people don't use it.
Nothing to see here folks, move along :grin:
Give it a few years, they'll have flatpak again.
Mesa 23.0 out now improving open source graphics drivers
23 Feb 2023 at 4:58 pm UTC
So far as I'm aware most rolling distro's already rolled in with it.
My desktop, running OpenSUSE for example, got it 9 days ago:
https://www.reddit.com/r/openSUSE/comments/112581o/new_record_kde_plasma_527_has_already_arrived_on/ [External Link]
And my laptop running Fedora 38 already has it also.
23 Feb 2023 at 4:58 pm UTC
Quoting: JarmerStill waiting for KDE 5.27? Really?Quoting: KuduzkehpanLong Live Rolling Distro,LOL! I agree ... but even us rolling distros will need to wait a bit.
Praise Be Manjaro!
https://packages.manjaro.org/?query=mesa [External Link]
The current stable release of Mesa as listed on their site (https://mesa3d.org/) is 22.3.6 which is in unstable branch on Manjaro ... so it needs to get into testing, then stable. THEN Mesa 23 can enter into unstable and start testing.
I'm moreso waiting on plasma 5.27!
So far as I'm aware most rolling distro's already rolled in with it.
My desktop, running OpenSUSE for example, got it 9 days ago:
https://www.reddit.com/r/openSUSE/comments/112581o/new_record_kde_plasma_527_has_already_arrived_on/ [External Link]
And my laptop running Fedora 38 already has it also.
Wreckfest is a smashing good time on Steam Deck
21 Feb 2023 at 5:55 pm UTC Likes: 1
21 Feb 2023 at 5:55 pm UTC Likes: 1
Nice, but I wonder how it compares to the classic [External Link], and loved [External Link] and last of the real set [External Link] FlatOut Games? :grin:
You may want to run system updates, after a recent sudo security flaw
17 Feb 2023 at 1:58 am UTC Likes: 1
To be clear, I'm not in disagreement here.
While the view of "you need to chain it" is true. You have to consider that in relation to GOL users, that's not such a hard task since most readers are probably using Linux as a desktop (as in user, not laptop vs desktop etc). This means chained attacks are the most likely in any situation.
The security implications are much more significant when you consider it from a user perspective. As a server? Sure it's in most cases not a big deal and would be difficult to exploit.
As a desktop user? well it could be exploited easily.
We should not forget that most users are using the software from a "I download this game, I think it's safe" perspective. What that means is, they are trusting the game to run legit code that doesn't try to exploit another binary. But the fact remains we can't be sure of this, particularly with proprietary software.
I used itch.io as an example previously, not because it's a bad store, but rather from my understanding it generally promotes developers uploading their own binaries without checking the binaries the user downloads for potential issues. This in itself is a potential threat to the user if said developer is not the most ethical of people.
As a desktop user, every day we perform actions we hope won't attack our system, whether it's downloading a game, a music file or just browsing a website. All of these, could lead to an attack on a vulnerable sudo if it is not updated.
Thus I feel my point stands, local only attack or not - it should be patched ASAP.
(Thankfully we're heading to more sandboxing, which makes most of these points moot, thankfully!)
17 Feb 2023 at 1:58 am UTC Likes: 1
Quoting: scaineNote: Before I write this post, I should mention I'm about half a bottle of rum down.. so don't expect it to be entirely coherent!Quoting: BlackBloodRumThis is the wrong way to look at local attacks. Hear me out.No, that's exactly the right way to look at a local attack - as Liam notes in the article, you should still patch it, but a local attack absolutely is limited in how it can affect your system. A second attack is needed to chain to this one.
The messaging couldn't be clearer in the article.
Of course, not really saying you're wrong... just that you're repeating the same message.
To be clear, I'm not in disagreement here.
While the view of "you need to chain it" is true. You have to consider that in relation to GOL users, that's not such a hard task since most readers are probably using Linux as a desktop (as in user, not laptop vs desktop etc). This means chained attacks are the most likely in any situation.
The security implications are much more significant when you consider it from a user perspective. As a server? Sure it's in most cases not a big deal and would be difficult to exploit.
As a desktop user? well it could be exploited easily.
We should not forget that most users are using the software from a "I download this game, I think it's safe" perspective. What that means is, they are trusting the game to run legit code that doesn't try to exploit another binary. But the fact remains we can't be sure of this, particularly with proprietary software.
I used itch.io as an example previously, not because it's a bad store, but rather from my understanding it generally promotes developers uploading their own binaries without checking the binaries the user downloads for potential issues. This in itself is a potential threat to the user if said developer is not the most ethical of people.
As a desktop user, every day we perform actions we hope won't attack our system, whether it's downloading a game, a music file or just browsing a website. All of these, could lead to an attack on a vulnerable sudo if it is not updated.
Thus I feel my point stands, local only attack or not - it should be patched ASAP.
(Thankfully we're heading to more sandboxing, which makes most of these points moot, thankfully!)
KDE Plasma 5.27 released with multi-monitor & Wayland upgrades, Steam Deck updater
15 Feb 2023 at 4:38 pm UTC Likes: 1
15 Feb 2023 at 4:38 pm UTC Likes: 1
Nice!
One thing Fedora users may enjoy, if you use Kinoite - ie the KDE version of Silverblue, with KDE 5.27 Discover now officially supports rpm-ostree.
What that means that is if you're using Kinoite, you'll be able to perform full system updates from the GUI; as opposed to needing to use "rpm-ostree update" command for system updates going forward.
This will be available straight away with Fedora 38 and I believe 5.27 is planned to hit Fedora 37 at some point.
One thing Fedora users may enjoy, if you use Kinoite - ie the KDE version of Silverblue, with KDE 5.27 Discover now officially supports rpm-ostree.
What that means that is if you're using Kinoite, you'll be able to perform full system updates from the GUI; as opposed to needing to use "rpm-ostree update" command for system updates going forward.
This will be available straight away with Fedora 38 and I believe 5.27 is planned to hit Fedora 37 at some point.
You may want to run system updates, after a recent sudo security flaw
15 Feb 2023 at 4:12 pm UTC Likes: 3
15 Feb 2023 at 4:12 pm UTC Likes: 3
Again?! :shock: That was fast after the last one way back in January! (this year) :shock: I can rule out my laptop at least as that's currently in progress of upgrading to Fedora 38 :grin:
So let's say you've got a local exploit in Application A, for sake of argument I'll say Application A is sudo in this case. Now we know that application cannot be attacked remotely right?
Well not necessarily. If you also have a non-sandboxed Application B, say a web browser that happens to also have a vulnerability. If an attacker is able to get access to your local account via Application B, the web browser in this case, they can now proceed to perform a local attack on sudo, gaining root on your system.
Another method may be a pirated game, or a game from Itch.io which happens to contain some nasty code which may also try to attack your sudo.
Remember, a proper attack on a system is taking different vulnerabilities and putting them together to get as much access as possible. So local attack or not, it should still be treated with concern and patched as soon as possible.
Quoting: Liam DaweGiving that it needs a local attack, it does limit what people can do with itThis is the wrong way to look at local attacks. Hear me out.
So let's say you've got a local exploit in Application A, for sake of argument I'll say Application A is sudo in this case. Now we know that application cannot be attacked remotely right?
Well not necessarily. If you also have a non-sandboxed Application B, say a web browser that happens to also have a vulnerability. If an attacker is able to get access to your local account via Application B, the web browser in this case, they can now proceed to perform a local attack on sudo, gaining root on your system.
Another method may be a pirated game, or a game from Itch.io which happens to contain some nasty code which may also try to attack your sudo.
Remember, a proper attack on a system is taking different vulnerabilities and putting them together to get as much access as possible. So local attack or not, it should still be treated with concern and patched as soon as possible.
Scan UK to offer SSD upgrades compatible with Steam Deck
13 Feb 2023 at 3:34 pm UTC Likes: 2
13 Feb 2023 at 3:34 pm UTC Likes: 2
I now know which store it is Liam doesn't like, it wasn't the one I thought it might be (eBuyer)! :sick:
With regards to Liams unlicked store, never used it. Always a bit too pricey for my liking. :grin:
With regards to Liams unlicked store, never used it. Always a bit too pricey for my liking. :grin:
Lutris 0.5.13 Beta adds Proton support, itch.io integration, Battle.net integration
12 Feb 2023 at 2:40 pm UTC Likes: 2
12 Feb 2023 at 2:40 pm UTC Likes: 2
Nice! Glad to see it finally got itch.io integration after all this time! I don't think the proton will make much difference to me as my lutris usually runs custom installed dxvk, vk3d and wine versions.
Lutris and Bottles are my two managers though, for launching games however both are more of an "in the background" kind of thing. I use them to setup the games and such, then just stick non-steam game shortcuts in my steam client and add the artwork. Since all of them run through flatpak, it all works nicely together.
I got sick of managing multiple launchers and trying to remember what is in which so I just added everything to one. :unsure:
(Thus, I only need to open Steam in order to launch any given game on my computer)
Lutris and Bottles are my two managers though, for launching games however both are more of an "in the background" kind of thing. I use them to setup the games and such, then just stick non-steam game shortcuts in my steam client and add the artwork. Since all of them run through flatpak, it all works nicely together.
I got sick of managing multiple launchers and trying to remember what is in which so I just added everything to one. :unsure:
(Thus, I only need to open Steam in order to launch any given game on my computer)
Scan UK to offer SSD upgrades compatible with Steam Deck
10 Feb 2023 at 7:41 pm UTC
Now that one, I would never shop with. I stopped a number of years ago because I got tired of DOA drives :tongue:
(I have no idea what stores Liam does, or does not like :tongue:)
10 Feb 2023 at 7:41 pm UTC
Quoting: LoftyI'm just going to have to assume it's the "other one" who packages just like Amazon, ie spinning rust drives just lobbed in a box with almost no padding that are effectively loose in an oversized box :tongue:Quoting: BlackBloodRumWith regards to Nova, I had completely forgotten about them! I just did some "window shopping" there, the customizable rack mount servers are pretty neat, lots of HDD slots! Going to keep it in mind for when I eventually get around to building that "Super NAS" I keep saying I'm going to build. :whistle:Novatech is OG.
I really.. really should not be looking at "computer shop" websites.. it's dangerous! :grin: :grin:
btw i mean, the other, other shop.. that Liam is not fond of right now ;)
Now that one, I would never shop with. I stopped a number of years ago because I got tired of DOA drives :tongue:
(I have no idea what stores Liam does, or does not like :tongue:)
Scan UK to offer SSD upgrades compatible with Steam Deck
10 Feb 2023 at 7:33 pm UTC Likes: 1
With that said, when they did have the parts, packaging has been done well (just like Scan) and it's arrived swiftly. No complaints about them when I am able to get what I need.
With regards to Nova, I had completely forgotten about them! I just did some "window shopping" there, the customizable rack mount servers are pretty neat, lots of HDD slots! Going to keep it in mind for when I eventually get around to building that "Super NAS" I keep saying I'm going to build. :whistle:
I really.. really should not be looking at "computer shop" websites.. it's dangerous! :grin: :grin:
10 Feb 2023 at 7:33 pm UTC Likes: 1
Quoting: LoftyOther? I assume you mean CCL? They're not too bad, but usually not my first choice I will admit as sometimes the selection can be a bit limited as often I have a very specific idea of what I want to buy. (Usually replacement parts, so I need a specific part).Quoting: BlackBloodRumNice!Scan is good.
Scan have always been great in my experience, I've used them many times for computer bits. :smile:
Far better than using Amazon :tongue:
If your in the UK there is another (less blingy looking) but solid shop:
https://www.novatech.co.uk/ [External Link]
it's always been a good one to get PC parts from. They don't have the variety of SCAN (or that other big UK computer shop :whistle: ) but the service is good.
With that said, when they did have the parts, packaging has been done well (just like Scan) and it's arrived swiftly. No complaints about them when I am able to get what I need.
With regards to Nova, I had completely forgotten about them! I just did some "window shopping" there, the customizable rack mount servers are pretty neat, lots of HDD slots! Going to keep it in mind for when I eventually get around to building that "Super NAS" I keep saying I'm going to build. :whistle:
I really.. really should not be looking at "computer shop" websites.. it's dangerous! :grin: :grin:
- GOG now using AI generated images on their store [updated]
- CachyOS founder explains why they didn't join the new Open Gaming Collective (OGC)
- The original FINAL FANTASY VII is getting a new refreshed edition
- GPD release their own statement on the confusion with Bazzite Linux support [updated]
- Bazzite Linux founder releases statement asking GPD to cease using their name
- > See more over 30 days here
How to setup OpenMW for modern Morrowind on Linux / SteamOS and Steam Deck
How to install Hollow Knight: Silksong mods on Linux, SteamOS and Steam Deck