Linux & Tech news 📰

You called it:

While this is a remote code execution chain, it should be noted from the start that attackers must overcome some obstacles to exploit the vulnerabilities and actually achieve remote code execution.

The first is that the targeted systems must have the cups-browsed daemon enabled, which is usually not enabled by default, to expose their UDP ports on a network. Then, the attacker has to trick a user into printing from a malicious printer server on their local network that suddenly appears on their machine.

As of writing there is no Linux fix available for this high profile security issue. In the meantime it’s recommended to disable and remove the “cups-browsed” service, updating CUPS, or at least blocking all traffic to UDP port 631.

The feature, called “Privacy-Preserving Attribution” (PPA) and jointly developed with Meta (formerly Facebook), was announced in February 2022 and was automatically enabled in Firefox version 128, released in July.

NOYB’s complaint claims that, despite its name, Mozilla uses the feature to track Firefox user behavior across websites.

“Contrary to its reassuring name, this technology allows Firefox to track user behaviour on websites. In essence, the browser is now controlling the tracking, rather than individual websites,” the privacy advocate group said.

“While this might be an improvement compared to even more invasive cookie tracking, the company never asked its users if they wanted to enable it. Instead, Mozilla decided to turn it on by default once people installed a recent software update.”

Latest Mullvad beta adds support for WireGuard over Shadowsocks obfuscation, love to see it

Shadowsocks is an intriguing name, I’ll read up on this .

Arch and Valve collab?

Click here to view Source

Valve helping out Arch is great news considering there’s been a lot of other good news around Valve recently:

I am all for companies finally learning that forced arbitration is not the way to go about disputes. Having an arbiter payed by the company it is defending is problematic to say the least…

I think we all know that something needs to happen to get proposed Wayland protocols out of a potential review deadlock* . Adding an official experimental stage to the staging system is a good idea as it gets things moving.

* pun maybe intended as Deadlock is a new game from Valve

YES!
https://lists.archlinux.org/archives/list/arch-dev-public@lists.archlinux.org/thread/RIZSKIBDSLY4S5J2E2STNP5DH4XZGJMR/
Sorry, I wake up late

That’s the end of M$

Windows 11 Enterprise and Education, Version 21H2
Windows 11 Home and Pro, Version 22H2
End of Servicing October 8, 2024

https://www.reddit.com/r/linux/comments/1fvrfl9/we_just_podiumed/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

image1080×972 73.3 KB

and for India it is 17.32% linux users

does the indian goverment use linux for desktop professional computing or some other large org that has a roll in those numbers maybe?

Well, yeah there are some OS powered or backed by government like

https://www.reddit.com/r/linux/comments/15lm3eo/indian_defence_ministry_to_switch_to_locally/
and
https://bosslinux.in/

I just don’t my math teacher’s choice (ubuntu)

And all our lab computer is powered by linux mint , soo… Now linux is getting very much well known I guess

Plasma 6.2 will be out on Tuesday barring any last minute issues.

Fwupd 2.0 clears out a lot of long deprecated and legacy bits while adding new features and shipping many fixes.

Admins are advised to deploy CVE-2024-47176 patches or disable the cups-browsed service from running to block potential attacks to mitigate the risk of having their servers added to a botnet or used in DDoS attacks.

Copilot from M$

India has a huge IT industry, and a lot of companies do use Linux with Ubuntu as the most common distro

As of writing the latest response is from Linus Torvalds encouraging Kent to “WORK WITH OTHERS” and then ended with:

"I’m contemplating just removing bcachefs entirely from the mainline tree. Because you show again and again that you have no interest in trying to make mainline work.

You can do it out of mainline. You did it for a decade, and that didn’t cause problems. I thought it would be better if it finally got mainlined, but by all your actions you seem to really want to just play in your own sandbox and not involve anybody else.

So if this is just your project and nobody else is expected to participate, and you don’t care about the fact that you break the mainline build, why the hell did you want to be in the mainline tree in the first place?

Linus"

Does this mean in time this shall happen to all chromium based browsers including Brave? or will this only affect chrome?

Forks can only diverge for so long before the maintenance cost is too big. Brave uses their own ad blocker primarily, so it won’t hit them as much even if uBO is removed by force tomorrow. I still view Brave as a very poor browser choice, even with their own adblocker. I don’t like crypto jank, and they’ve never earned my trust back after they made bad privacy choices by default, and after they shamelessly injected referral links to make money and track users.

How long will Brave maintain MV2 compatibility? Probably a few (couple) months longer than Chrome has the cutoff date set. I would imagine once more extensions have migrated to MV3 they won’t be able to justify the maintenance burden, and nobody will have room to complain since MV2 extensions are going to be delisted from the Chrome Web Store. If there’s nothing to download directly from the store, then there’s no “reason” for them to put in continued support effort. Likewise people will give up writing and maintaining MV2 extensions. It will be as slow of a death as Google allows, and they’re in a rush to swing the axe.

To quote Chromium:

Now, over 85% of actively maintained extensions in the Chrome Web Store are running Manifest V3 […]

\ Chromium Blog: Manifest V2 phase-out begins