pnutzh4x0r

Whether you just downloaded Firefox, or you’ve been with us since the beginning, you are a vital part of helping us make the internet a better place. Here's a sneak peak at what's coming next!

Community driven applications and extensions written to extend the power of the COSMIC™ Desktop made by System 76.

COSMIC Utils Projects are all open source and as such welcome the spirit of open collaboration. Head over to the source code of any of the projects listed above and help however you feel necessary!

This is a collection of third party utilities designed for COSMIC. The organization is open to welcoming new projects and contributors.

Runescape has been a game near and dear to my heart since I was a child. Though I do not actively play anymore, it still functions as an interesting programming project substrate. Most recently, I created a bot that automatically executes trades on the Grand Exchange in order to conduct market making via common machine learning techniques. This blog post will explain the individual components of the bot, the various trading algorithms used, and the results of an experiment comparing the various trading algorithms' performance.

A while back COSMIC entered its Alpha 1 and then Alpha 2 and now we have the CEO of System76 Carl Richell back on the show to talk about the project.

One notable comment (around minute 49) by Carl is that there will "soon" be a development option available for Pop!_OS 22.04 users to upgrade to 24.04 where some GNOME applications will be replaced by their COSMIC equivalents.

Also, Carl says he hopes Beta 1 will be released in January 2025. Until then, there will be a new Alpha every last Thursday of the month.

If you love exploit mitigations, you may have heard of a new system call named mseal landing into the Linux kernel’s 6.10 release, providing a protection called “memory sealing.” Beyond notes from the authors, very little information about this mitigation exists. In this blog post, we’ll explain what this syscall is, including how it’s different from prior memory protection schemes and how it works in the kernel to protect virtual memory. We’ll also describe the particular exploit scenarios that mseal helps stop in Linux userspace, such as stopping malicious permissions tampering and preventing memory unmapping attacks.

Memory sealing allows developers to make memory regions immutable from illicit modifications during program runtime. When a virtual memory address (VMA) range is sealed, an attacker with a code execution primitive cannot perform subsequent virtual memory operations to change the VMA’s permissions or modify how it is laid out for their benefit.

...

mseal digresses from prior memory protection schemes on Linux because it is a syscall tailored specifically for exploit mitigation against remote attackers seeking code execution rather than potentially local ones looking to exfiltrate sensitive secrets in-memory.

...

From the disallowed operations, we can discern two particular exploit scenarios that memory sealing will prevent:

• Tampering with a VMA’s permissions. Notably, not allowing executable permissions to be set can stop the revival of shellcode-based attacks.
• “Hole-punching” through arbitrary unmapping/remapping of a memory region, mitigating data-only exploits that take advantage of refilling memory regions with attacker-controlled data.

...

There are likely many other use cases and scenarios that we didn’t cover. After all, mseal is the newest kid on the block in the Linux kernel! As the glibc integration completes and matures, we expect to see improved iterations for the syscall to meet particular demands, including fleshing out the ultimate use of the flags parameter.

Drivers passing through San Francisco have a new roadside distraction to consider: billboards calling out businesses that don't cough up for the open source code that they use.

The signs are the work of the Open Source Pledge – a group that launched earlier this month. It asks businesses that make use of open source code to pledge $2,000 per developer to support projects that develop the code. So far, 25 companies have signed up – but project co-founder Chad Whitacre wants bigger firms to pay their dues, too.

Over the past 3 years the pace of development in APS has steadily fallen off as maintainers including myself have moved on to other things. I no longer have time and motivation to dedicate to this project, and in the absence of significant external contributions there is no-one else I can offer the project's stewardship to.

To that effect, I will be archiving the repository on Monday, October 14th 2024 at 7AM GST. In the situation that a serious and viable fork emerges, I will help them as much as I can with the transition. The criteria for what counts as "serious and viable" is entirely vibes-driven for now, and may become more specific in the future. In case I determine that a fork does not live up to my made up standard, they will have to come up with a slightly more creative name than "Android Password Store" and watch low 4 figures of cash wither away in OpenCollective's bank account.

Pull request #10974 introduces the @bitwarden/sdk-internal dependency which is needed to build the desktop client. The dependency contains a licence statement which contains the following clause:

You may not use this SDK to develop applications for use with software other than Bitwarden (including non-compatible implementations of Bitwarden) or to develop another SDK.

This violates freedom 0.

It is not possible to build desktop-v2024.10.0 (or, likely, current master) without removing this dependency.

We are excited to announce the launch of a dedicated fund aimed at providing financial assistance to Free/Libre and Open Source Software (FOSS/FLOSS) projects globally, with an annual commitment of $1 million. I will use the FOSS acronym in this post hereafter.

...

For us, FLOSS/fund is about hacker goodwill, reciprocity, and common sense business strategy. We invite you to apply for funding. If you would like to understand the motivations behind this, a bit of storytelling lies ahead.

...

To initiate and give this experiment a serious shot, FLOSS/fund will accept funding requests from projects through a publicly accessible funding.json file hosted on their respositories or websites. This file is not meant to convey everything there is to know—an impossible task—but to solicit interest and communicate enough to ensure discoverability which would not be possible otherwise. Refer to the funding.json docs to know more.

Applications that come through to the FLOSS/fund will be indexed and published on the dir.floss.fund directory / portal, making them publicly discoverable by anyone interested in supporting projects. This is going to be an interesting experiment. Fingers crossed!

In a now-viral TikTok video, Dr. Daniel McKeown, a professor at UCLA, claims low pay has left him homeless, shocking many of his followers.

“Hi everyone, my name is Daniel, and I’m an astrophysics professor at UCLA. I’m only being paid $70,000 for this academic year,” McKeown says in the video.

...

McKeown, listed as a lecturer on UCLA’s website, says he had to move out of his apartment because he could no longer afford the rent.

...

When asked why he doesn’t teach elsewhere, McKeown said, “I refuse to stop teaching. Teaching my students is my absolute passion. UCLA is a top university for physics.”

McKeown holds a Ph.D. in astrophysics.

“I teach full-time. I teach six classes a year, yet I’m being paid about half of what the average physics professor in California makes. It’s not fair,” he told KTLA.

Google is developing a Terminal app for Android that'll let you run Linux apps. It'll download and run Debian in a VM for you.

...

Engineers at Google started work on a new Terminal app for Android a couple of weeks ago. This Terminal app is part of the Android Virtualization Framework (AVF) and contains a WebView that connects to a Linux virtual machine via a local IP address, allowing you to run Linux commands from the Android host. Initially, you had to manually enable this Terminal app using a shell command and then configure the Linux VM yourself. However, in recent days, Google began work on integrating the Terminal app into Android as well as turning it into an all-in-one app for running a Linux distro in a VM.

...

Google is still working on improving the Terminal app as well as AVF before shipping this feature. AVF already supports graphics and some input options, but it’s preparing to add support for backing up and restoring snapshots, nested virtualization, and devices with an x86_64 architecture. It’s also preparing to add some settings pages to the Terminal app, which is pretty barebones right now apart from a menu to copy the IP address and stop the existing VM instance. The settings pages will let you resize the disk, configure port forwarding, and potentially recover partitions.

...

If you’re wondering why you’d want to run Linux apps on Android, then this feature is probably not for you. Google added Linux support to Chrome OS so developers with Chromebooks can run Linux apps that are useful for development. For example, Linux support on Chrome OS allows developers to run the Linux version of Android Studio, the recommended IDE for Android app development, on Chromebooks. It also lets them run Linux command line tools safely and securely in a container.

cross-posted from: https://lemmy.ndlug.org/post/1225458

Powered by the latest Linux 6.11 kernel series, Ubuntu 24.10 features the latest and greatest GNOME 47 desktop environment for the Ubuntu Desktop flavor with additional patches for Mutter and GNOME Shell to enhance stability and performance. In addition, the Ubuntu Dock now visualizes Snap refreshes and includes better handling for PWAs installed via the Chromium Snap.

...

Under the hood, Ubuntu 24.10 comes with an updated toolchain that includes GCC 14.2, GNU Binutils 2.43.1, GNU C Library 2.40, LLVM 19, Rust 1.80, Go 1.23, OpenSSL 3.3, systemd 256.5, Netplan 1.1, and .NET 8. The Ubuntu Desktop installer was also updated with support for local file paths for autoinstall import.

...

Ubuntu 24.10 will be supported for only nine months, until July 2025. If you’re looking for long-term support, you should download and install Ubuntu 24.04 LTS (Noble Numbat), which is supported until at least 2029.

Official Website: Ubuntu 24.10 (Oracular Oriole)