As its name suggests, LogoFAIL involves logos, specifically those of the hardware seller that are displayed on the device screen early in the boot process, while the UEFI is still running. Image parsers in UEFIs from all three major IBVs are riddled with roughly a dozen critical vulnerabilities that have gone unnoticed until now. By replacing the legitimate logo images with identical-looking ones that have been specially crafted to exploit these bugs, LogoFAIL makes it possible to execute malicious code at the most sensitive stage of the boot process, which is known as DXE, short for Driver Execution Environment.
So, does disabling the boot logo prevent the attack, or would it only make the attack obvious?
Not necessarily, I guess. They’re talking about a firmware upgrade of sorts, and, at least on the machines I own(ed), performing it didn’t reset user settings (which disabling the logo is)
I use systemd mount files instead of fstab, that way I can specify a network dependency in the off chance there’s no network connection. Plus I can have other services like jellyfin depend on that mount file so it starts after the share is available.
It’s from the phrase “big wheel”, meaning a person with a lot of power/influence. Similar to “big cheese”… It would have been better to use “cheese” instead of “wheel” IMO.
Pretty sure it’s not. I saw something on this topic a few weeks ago but can’t quite remember. Iirc, it was a term in an early early OS, where a bit in memory was the privilege but and could be set or unset by turning a real wheel on the computer. This Stück with some people developing UNIX, so they called the wheel group wheel, but none of them are sure who came up with this.
Maybe you want to migrate a PostgreSQL database to a newer version without starting PostgreSQL server.
Maybe you installed OpenSSH but don’t want sshd to run yet, because you haven’t hardened the configs.
Maybe you installed Nginx as a part of a migration from Apache httpd, but httpd is already running.
In addition, Arch hardly configures your system in a custom way, too. When you install a package, most of the time, it responds with “here are the files from the developer that you asked for.”
If you don’t like this philosophy, then your feelings are perfectly valid, and this is a textbook example of why different distributions exist 👍
The application needs to speak a protocol to be able to use it. If you use a X wm your apps need to be able to talk X’s protocol to work, if you use a Wayland compositor your apps need to be able to talk Wayland’s protocol (or run on Xwayland, which is basically an X server that runs inside Wayland).
The wm/compositor abstractions only work if your apps know how to use them via the correct protocol
They are themselves abstraction layers for the apps that are made for them. Software has many levels of abstraction from what you see on the screen all the way down to hardware.
Typically the abstraction to draw elemnts inside a app window is in the application framework, like GTK, Qt, Electron (chromium), etc.
This is also why apps built with the same framework typically have the same problem on wayland (looking at you, electron).
The abstractions you are thinking of is not in the window manager, which only controls things outside of the main app window, like tiling, border, window top bar, etc.
Yes, part of my confusion was simply mixing up the job of the app frameworks/gui toolkits for the wm. It was weird to me that some apps like firefox had to provide wayland support by themselves and couldn’t simply rely on abstraction layers from whathever they’re coded in. However, I looked for some info, and found out that firefox renders some widgets on its own, and now it makes sense that they need to provide wayland support.
If you’ve ever had your WM crash, then you may lose the decorations on your windows, the ability to minimize/maximize them or move them around, but the windows themselves still stick around. Restarting the WM brings that all back as well
For X there was only one protocol, so they all wrote for x.
This also allowed some hacky things to be done that are questionable from a security standpoint afaik.
Everyone is making jokes but the thought has occurred to me: Yes, we have an organisation in place that is ready to replace him. But, from what I understand, he IS the benevolent dictator, and he has used his power a few times to stop some changes that otherwise would be in the kernel right now. And I think that’s a good thing.
You can just downlaod any linux iso, e.g. fedora fedoraproject.org/workstation/download , and install it in a virtual machine. This way you can play with linux.
You can also write it to an USB and boot from the USB, nothing grts written on any other storagr device and you can test if everything works, check for compatibility, play around and once you’re done, you shut down, remove the USB and your PC is like nothing has happened. Getting to know how to download an iso, write it to usb and boot from it is a common and easy task.
I’ve never heard of a common video format not playing on linux
Some old video codecs were proprietary and had to be installed afterwards from a separate repository or package, that might be where that notion is coming from. That being said once the relevant codecs are installed (open-source or proprietary) things just work fine, or you could install VLC or mpv and just call it a day.
Some legal software only runs on Windows, including some of the proprietary video software used by courts and police departments. There’s a ton of reason they should move towards interoperability in the legal system, but a lot of this software is contract-bound and carries lofty promises of security and privacy.
That being said, I would try to run those on Wine if it’s possible.
Well because of money. You certainly have to pay to get Ubuntu certificated. And you only do this to have a Linux system with support from the manufacturer.
It’s an enterprise problem with an enterprise solution.
The normal personal systems are not in the same segment.
Precisely. It’s not just “it works”, it’s third-party hardware that Canonical tests, certifies and commits to support as fully compatible. They’ll do the work to make sure everything works perfectly, not just when upstream gets around to it. They’ll patch whatever is necessary to make it work. The use case is “we bought 500 laptops from Dell and we’re getting a support contract from Canonical that Ubuntu will run flawlessly on it for the next 5 years minimum”.
Otherwise, most Linux OEMs just focus on first party support for their own hardware. They all support at least one distro where they ensure their hardware runs. Some may or may not also have enterprise support where they commit to supporting the hardware for X years, but for an end user, it just doesn’t matter. As a user, if an update breaks your WiFi, you revert and it’s okay. If you have 500 laptops and an update breaks WiFi, you want someone to be responsible for fixing it and producing a Root Cause Analysis to justify the downtime, lost business and whatnot.
In addition, the “Search Bar” settings in Settings > Search, which let you choose between using the address bar for search and navigation or add the search bar in the toolbar, is also gone in Firefox 122.
This doesn’t affect me, but I’m sure there’s going to be a vocal tiny percent that absolutely hate this news.
A quick look at the documentation seems to indicate that they have not removed or officially deprecated the feature, only made it more complicated to configure it.
linux
Top
This magazine is from a federated server and may be incomplete. Browse more on the original instance.