LWDW 118: System Seventy Drama

Firefox 60 is here! System76 talks LVFS, malware gets Snappy and the Efail hype train has left the station.

Subscribe:

Linux Weekly Daily Wednesday
Linux Weekly Daily Wednesday
LinuxGameCast LLP

A weekly dose of all thing Linux and open source with a slice of Pi for good measure.


Listen:

Download:


Colour key – Venn Pedro Jill


News

76 X Drama
https://blogs.gnome.org/hughsie/2018/05/09/system76-and-the-lvfs/
https://plus.google.com/+CassidyJames/posts/RDKMJtGoX62
http://blog.system76.com/post/173801677358/system76-and-lvfs-what-really-happened

  • Confirmation that System 76 is fully committed to not just open source software, but open hardware as well, as we talked about several weeks ago with their move to Denver Colorado.
  • This quickly devolved into an internet slapfight.
  • 76 wants control over their Desktop to the point of rolling their own so it should be no surprise they want the same for updates.
  • I like how GNOME has completely stopped pretending to give a toss, to the point where they letting one of their devs use the blog to attack a Linux box selling/developing company.
  • Especially one which chose GNOME to base their Ubuntu spin on.

 

Foxfire 60
https://blog.mozilla.org/blog/2018/05/09/firefox-gets-down-to-business-and-its-personal/

  • For enterprise IT choose Firefox Quantum Standard Rapid Release (Updates every six weeks) or Extended Support Release (Updates Annually).
  • Admins can block about:config either by using Group Policy on Windows or a JSON file that works in Linux, Mac or Windows.
  • This security configuration is crucial to get Firefox back its stronghold in the Windows world where Microsoft Edge is primarily used in Windows now for security reasons because its seen as “more” secure.
  • First browser to support WebAuthn, which allows the use of a YubiKey to login to websites instead of using a password.
  • Annoying extra title bar is fixed!  More web real estate.
  • No more need to install extra plugins to fix the title bar.
  • Improved WebRTC audio performance and playback on Linux.
  • Users in the US may now see an occasional sponsored story within Pocket’s recommendation.
  • Ultimately this is not a problem since nobody uses pockets.
    • It’s the first thing I do when I start the Fox fresh.
  • The specific needs of my work place means we either stick with ESR 52 32 bit or Internet Explorer 11.

 

Do no evil
https://github.com/square/sudo_pair

  • SUDOx2
  • Launch codes for production.
  • This could be a great teaching tool but it could also be a workplace grief engine.

 

GS Connect as part of 18.10
https://community.ubuntu.com/t/gs-connect-as-part-of-18-10/5903

  • Annoying desktop notifications for Ubuntu 18.10.
  • Giving people access to KDE connect without the Kitchen sinK is probably a good idea.

 

Crypto Snap
https://www.reddit.com/r/linux/comments/8iupdz/caution_the_are_malware_snaps_in_ubuntu_snaps/
https://blog.ubuntu.com/2018/05/15/trust-and-security-in-the-snap-store

  • All the libs and dependencies the program needs.
  • Is anyone REALLY surprised by this?
  • One of the main reasons that Linux puts files in different directories is for security reasons.
  • I’m actually surprised it hasn’t happened sooner.
  • This has been a problem with self contained portable apps for Windows for many years.
  • Linux Journal says the malware is “Masquerading as a systemd package.”
  • That blog post is a long winded way of saying this will definitely happen again and we have no way of stopping it at the moment.
  • Also, Ubuntu, call this what it is. Malware.
  • Much like Jill, I’m just surprised it took this long.
  • There’s only so much security to be gotten from sandboxing an application.
  • Even if it can’t access your personal files, it’s still going to get access to your hardware for a multitude of other nefarious purposes.

 

PGP FAIL
https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now
https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html

  • Thunderchicken (among others) are scrambling to get this patched.
  • There is no reason for an email which is important enough to encrypt to include html or other “rich formatting” in the first place.
  • So GPG is not as vulnerable as the mainstream media seemed keen on reporting… good!
  • And be careful about Signal.
  • There was a significant bug discovered there, too.
  • Pretty Good Privacy, NOT!  eFail vulnerability, YES!
  • Thanks to mfoxdogg for posting this in Google+.

 

GNOME binaries
https://www.omgubuntu.co.uk/2018/05/nautilus-remove-ability-launch-binaries-apps

  • At this point i’m convinced they are actively trolling us.
  • GNOME is a good example of what happens when your design focus is aimed at potential users… not the people who actually use it.
  • My first reaction on reading this article, “What the heck?! :-(“
  • I use this functionality all the time in all my file managers!  Do you mean I have to remember not to use Nautilus to launch App Images and scripts etc.?
  • There are those of us who don’t use the Gnome Desktop, but use other Window Managers instead, like XFCE4, Fluxbox, WMaker etc., but like to use the Nautilus file manager to launch apps!

 

Watch this
https://asteroidos.org/news/1-0-release/index.html

  • I suppose wearables are playing with the big boys now that there’s a custom, community developed, OS for them.
  • I question its usability, since Android-Wear was supposed to be an extension of your phone/tablet and not a dedicated OS.
  • It still fell short, in my eyes, but I don’t think a dedicated OS is the right way forward.

Slice of Pi

TouchPi
https://hackaday.com/2018/05/10/1960s-console-stereo-gets-raspberry-pi-touch-screen/

 

MiniPi
http://pi0cket.com/projects/behold-the-worlds-smallest-pi-based-gaming-device/#more-41

  • The world’s smallest Pi gaming device using the RasPi Zero W!
  • It uses the Pico 8 game engine.  The same as in the PocketCHIP.
  • Frostclaw in chat let us know about pi0cket’s projects.
  • Twice the length and width of a LEGO minifigure

 

WallPi (Rtheren)
https://www.zeallab.com/2018/05/bashproject-networked-raspberry-pi.html


Feedback

One job
https://linuxgamecast.com/bradley/?IKaV4Vp

  • Sorted, it’s been sorted.
  • I’m more surprised someone watched one of our shows until the end.

 

Startup
https://linuxgamecast.com/bradley/?tzG88Ok

0 Comments

Leave Your Reply