DistroWatch Weekly |
Tip Jar |
If you've enjoyed this week's issue of DistroWatch Weekly, please consider sending us a tip. (Tips this week: 0, value: US$0.00) |
|
|
|
bc1qxes3k2wq3uqzr074tkwwjmwfe63z70gwzfu4lx lnurl1dp68gurn8ghj7ampd3kx2ar0veekzar0wd5xjtnrdakj7tnhv4kxctttdehhwm30d3h82unvwqhhxarpw3jkc7tzw4ex6cfexyfua2nr 86fA3qPTeQtNb2k1vLwEQaAp3XxkvvvXt69gSG5LGunXXikK9koPWZaRQgfFPBPWhMgXjPjccy9LA9xRFchPWQAnPvxh5Le paypal.me/distrowatchweekly • patreon.com/distrowatch |
|
Extended Lifecycle Support by TuxCare |
|
Reader Comments • Jump to last comment |
1 • Immuatble update (by DC on 2023-07-17 00:56:11 GMT from United States)
Rebooting to update an 'immutable' core filesystem sounds like a Windowsy thing to do. Also, updating the immutable filesystem image instead of individual files would be pretty band-width intensive I should think.
2 • Slackware (by mnrv-ovrf-year-c on 2023-07-17 00:59:53 GMT from Puerto Rico)
HAPPY 30TH ANNIVERSARY! LONG LIVE THE SLACK! 30 YEARS AND BEYOND!
I have 32-bit v15.0 that I'm rarely going into, and my Slackel installation was performing poorly so I had to set it away for now. I still have Porteus MATE v5 though but want something with more "oomph", not necessarily a rolling release. So I'm a wimp...
I wish I were an intermediate-class developer able to produce useful software. I would use Slackware first of all and nothing else. I'd be one of those guys on that official forum of the distribution. :)
3 • KDEConnect does not connect (by Guido on 2023-07-17 01:05:25 GMT from Philippines)
I use iptables on Manjaro KDE. I try to find my phone, but cannot. Nothing is listed.
The KDE site tells in that case: "sudo iptables -I INPUT -i ...". See the link in the text.
But what is my and where can I find it? Any help?
4 • Security and immutable distributions (by lincoln on 2023-07-17 03:12:27 GMT from Brazil)
@Jesse Smith: "The core of the operating system is typically treated as a single, whole piece. This core can be tested, transferred, and installed as one atomic component. This helps with quality assurance because everyone using the same version of the distribution should be running the same software with the same configuration."
From an attacker's perspective, isn't an immutable distribution preferable? I make an analogy to target shooting: isn't it easier to aim/focus/hit a fixed, immobile, and immutable target than a shapeless (unfixed libraries), moving (smaller, faster updates delivered as soon as available) target like a traditional distribution?
@Jesse Smith: "People who have run most mobile operating systems, such as Android or UBports, will have seen this approach to updating the operating system in action. Typically, once a month, a new version is released with fixes and security patches."
Doesn't this scenario of monthly updates imply that the system is vulnerable for an average of three weeks each month? Considering that, on average, the Linux kernel receives bug fixes weekly (considering the changelog at https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ and semantic versioning at https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html/managing_osgi_dependencies/versioning).
I believe that monthly updates for immutable systems should be applied more in the developed world. For example, in Brazil, Android phone manufacturers often release only two or three security updates, or sometimes no security updates at all (the legal warranty mainly covers hardware, and I have never heard of a cell phone manufacturer in Brazil being legally held accountable as a co-responsible party for intrusions due to lack of security updates).
5 • Couldn't use KDEConnect (by Brandon on 2023-07-17 03:33:17 GMT from United States)
I tried KDEConnect a little while ago, but my phone wouldn't show up on the devices list. Oh well, I'll just use my computer the old fashioned way.
6 • Immutable systems (by Bobbie Sellers on 2023-07-17 05:03:28 GMT from United States)
Well truly immutable systems may have their place as does Easy OS 5.4 which I have on a 32 GB Flash Drive which is reconfigured on First Boot. It can be plugged into x86 computers if you have access to the BIOS and to the Boot List and runs on the chosen computer and has persistent storage so that you can do useful work securely. That strikes me as really great though I am perfectly happy with PCLinuxOS 64. Other systems that claim Immutable File System but which are subject to updates are just another word for "Rolling Releases" which I happen to prefer to iso updates. I used that system on Mandriva as long as it would run on my computer of the time until 2011 when I could not get it work nor find competent advice at my then relatively low level of expertise. I am much happier with PCLinux 64 which is of course a Rolling Release system. Back in the days when Mandriva had failed and I moved to PCLOS 64 it was sort of rough but a few months later and I found that for me system failures of any sort are now quite rare. The very excellent PCLinux User Forum is more like the BBSes I started using with my Amiga 1000 and BBS terminal programs but even better. The people who stand behind the system are there every day with wise and sound advice as well as the jokers with their wittiness. look at my sig file below and you may have an idea why I like it. All my working computers are presently Dell Latitudes. Shortly I will either move to a larger display or more cores.
bliss - Dell E7450- PCLinuxOS 64- Linux 6.4.3- KDE Plasma 5.27.6
7 • Immutable systems (by Robin on 2023-07-17 05:35:02 GMT from United Kingdom)
If you want to see an immutable system done well - take a look at Endless OS.
8 • Immutable OS, on android device (by Hank on 2023-07-17 06:37:52 GMT from France)
People who have run most mobile operating systems, such as Android or UBports will have seen this approach to updating the operating system in action. Typically once a month a new version is released with fixes and security patches. The phone downloads the new version, reboots, and applies the new core image over top of the old one. When you finish booting the phone your root filesystem is read-only.
A phrase is missing, actually 2 If you are lucky, Not for long if at all.
My Huawei 9X Pro has never received an update ever despite a lot of promises. The hardare is top quality, the OS Locked.
In India updates are provided, they are blocked by OEM for rest of world devices.
I loved Huawei device Quality, the service and support is abominable...
9 • Slackware 30 ! (by eb on 2023-07-17 07:10:11 GMT from France)
@2 : off topic, I apologize, but thank you to celebrate this remarkable birthday of Slackware ; I have been using it since 2005, and never was disappointed. I can do with it *all* what I want, even recycle my old hardware : I have just transformed a 2006 Mac-mini_core-duo in a server that runs fine on the last release !
10 • @4 • Immutable (by lincoln from Brazil) (by Cubehead on 2023-07-17 08:34:16 GMT from Netherlands)
"From an attacker's perspective, isn't an immutable distribution preferable?"
No. The immutable files are impossible to change during runtime.
"I make an analogy to target shooting: isn't it easier to aim/focus/hit a fixed, immobile, and immutable target than a shapeless (unfixed libraries), moving (smaller, faster updates delivered as soon as available) target like a traditional distribution?"
No. The name "immutable" is misleading if you try to use "common logical reasoning." It is actually a "layered" system. The basic, core system is "immutable," and the applications are in another layer, each in its own container. Most security holes are usually in the applications, and nothing stops Firefox from bringing the updates 221.0.1, 221.0.2, 221.0.3, and 221.0.4 in one day—if necessary. Only the "core" system is replaced in one single step during a reboot.
"Shapless target" is the biggest misconcept since there is an OS, and it makes Linux basically the worst OS ever made and unsuitable for desktop computing. It is conceptually wrong to pull single files (dependencies) from the repository and combine them together into a working system. That misconcept also has another huge issue because installation and uninstallation require different dependencies to be added or removed.
There have been many examples in the past. There were times when removing Xawtv would also uninstall Xorg. Then the user reboots and lands on the prompt. Upon installing Steam, the installer "forgot" to install 32-bit support. One could theoretically still be playing games if only so many of them were not dependent on 32-bit libraries. Recently, someone came to me "crying" because auto-removing Steam left him on the "black screen of death."
"Doesn't this scenario of monthly updates imply that the system is vulnerable for an average of three weeks each month?"
It comes down to what part of the "layered system" is affected. If there is no serious threat to the core system, then updating it once a month (as a general rule) would work fine. If there is a serious vulnerability issue, that schedule can be changed, and an "unplanned emergency update" can be issued—just like Microsoft is doing it too.
It is also important to understand that "immutable" doesn't mean "absolute security," but that it just minimizes the attack surface and improves security and reliability. It doesn't solve all the problems on its own.
That said, if there is some unpatched Xorg vulnerability over the course of 20 years and you build one new immutable Linux image with it every month, the security issue still won't be solved despite updating it every month.
However, there is an important "immutable" advantage. If the core OS gets compromised, one reboot later, and it is clean again—still vulnerable though, but the attacker has to start all over again.
The only drawback is that it needs little bit more space on your harddrive. I say little, because that's how btrfs and zfs work, and nothing else should be used in 2023. The feature is called "deduplication", and that's also the reason why most file-size utilities "lie".
Imagine having three images installed, each of them 30 GB in size. Most utilities would show 90 GB used, where in reality, only 35 GB are used--because of deduplicated files.
https://kairos.io/blog/2023/03/22/understanding-immutable-linux-os-benefits-architecture-and-challenges/
11 • clipboard sharing (by Tobias on 2023-07-17 09:53:26 GMT from Czechia)
I wonder how KDE Connect (and other similar solutions) implement clipboard sharing. Namely, do they propagate a deletion of a clipboard item? Because e.g. KeePassXC can be set to delete copied credentials after a set amount of seconds; if KDE Connect does not propagate the deletion, then the phone's clipboard will be full with credential information... Not very privacy-conscious.
12 • KDE Connect and clipboard (by Jesse on 2023-07-17 11:16:34 GMT from Canada)
@11: "I wonder how KDE Connect (and other similar solutions) implement clipboard sharing. Namely, do they propagate a deletion of a clipboard item? Because e.g. KeePassXC can be set to delete copied credentials after a set amount of seconds; if KDE Connect does not propagate the deletion, then the phone's clipboard will be full with credential information... Not very privacy-conscious."
You don't need to worry about this, at least not with KDE COnnect. KDE Connect does implement deletion of data when a clipboard item is removed. For example, if you copy a password in KeePass then it is available on KDE Connect linked devices for 12 seconds. However, after that 12 seconds the linked devices can no longer paste the password. It's removed automatically.
KDE Connect links are also encrypted so the clipboard data (along with other information) is not exposed to the network.
13 • KDE connect (by Dr.J on 2023-07-17 11:26:43 GMT from Germany)
I do not use KDE. Never again. The guys kicked themselves out when they switched from version 4 to 5 (later Plasma) back then. So many bugs over such a long time. Not possible at all. Also, every KDE installation is accompanied by a mountain of dependencies; one small program, but 40 additional dependencies. They're nuts. It looks like KDE connect is just another superfluous tool. File sharing between desktop and phone? You can do that via all sorts of protocols, like FTP, via the browser and so on. Many Android File Manager can do that. In Linux you can mount your phone. With other PCs?? via Samba or NFS etc. So who needs KDE connect?
14 • Linking devices (by Bob McConnell on 2023-07-17 12:34:30 GMT from United States)
I use something else here as well. I have a dedicated computer running Apache2 with Nextcloud, on Slackware64 15.0. I use F-Droid on the tablets and phones to install DAVx5, Notes, etc. The F-Droid search function makes it simple to find apps that work with Nextcloud (or ownCloud). The only significant issue I have is that when an F-Droid update fails, due to an older kernel or library on the device, it does not leave the previous working version of the app installed. Nor is there any way to revert to an older release. That means that half of my usable tablets will no longer stay in sync, because the vendors no longer exist or update those devices. I particularly miss my two ten inch tablets, an Emerson EM1000B and a Polaroid P10. Even after cataract surgery, I am more comfortable with the larger screens. Also, in about two months, I will have been running almost exclusively on Slackware for 30 years. It replaced my first Linux installation from Soft Landing Systems, a year after they folded their tents. I am also testing Slackware-ARM for my three Raspberry Pi. On a sadder note, Lightlink, the mail sever I currently use, will be closing down at the end of August, after 28 years of operation, due to the death of the owner. I am still negotiating for an account on an alternate server.
15 • linked devices (by Otis on 2023-07-17 13:45:46 GMT from United States)
For that portion of my computing world I'm in the iOS/Mac ecosystem; MacBook Pro Max, iPhone 14 Pro Max, Apple Watch Ultra, and iPad Pro. Everything that one sees the rest of them see, from texts and emails to web history and bookmarks, etc.
Linux efforts to do similar things seems like a great direction for distros to explore and implement, but I don't need that for my distros as they serve other purposes for me that don't have much at all to do with inter-device compatibility.
16 • KDE Connect (by Robert on 2023-07-17 15:23:10 GMT from United States)
I used KDE Connect in the past mostly to use my phone as a remote control for my PC. Somewhere along the line that stopped working.
One problem was that the link wasn't stable devices would disconnect and unpair rather frequently. Might have been network issues on my end, but still if it isn't working, it's no use.
Secondly, even with the devices paired, that remote control function doesn't work. This I think is down to Wayland's security model inconveniently blocking it.
17 • Immutable OS (by Charlie on 2023-07-17 15:54:50 GMT from Hong Kong)
I have tried different immutable systems (MicroOS, Silverblue & Kinoite) for months.
So far I must say I'm still not enjoying the benefits of an immutable system. I am a CJK users which needs input methods to be utilized, and certainly I would prefer my system to support codecs. for playing media. In a traditional system I can simply pull the packages I want, many of them even take effect before I log out-and-in. But for immutable OS I better need to do this once and all because for every change I made to take effect, I need to reboot my OS. So it's really inconvenient. Also, in my use case I broke GRUB after an update under Kinoite, and I found no way to recover or simply reinstall it from a live system like what I usually did. I guess MicroOS would be better under this situation because they can boot into a read-only snapshot but it seems it's not the case for Fedora,
But I understand what a properly set-up immutable OS would bring.
Yesterday was my first time to taste the good side of immutable OS. I found the system update is more swift with rpm-ostree than dnf, esp the speed of post-installation.
18 • cp * /please/be/the/right/mount/ (by Cheker on 2023-07-17 17:57:06 GMT from Portugal)
I am a firm believer in cables and pen drives but lately I've found myself using Warpinator pretty much everywhere.
The ire that IBM/RHEL have invoked has been fun to witness.
19 • Slackware (by Semiarticulate on 2023-07-17 18:08:33 GMT from United States)
Happy 30th Slackware! I installed that mountain of floppies all those years ago, and I still run it on one desktop and on my favorite laptop. My gratitude and thanks to the development team for the years of hard work and dedication. Slack on!
20 • immutability (by GrumpyGranpa on 2023-07-18 00:34:14 GMT from Australia)
I love the development work regarding immutable linux distros. In a short time we now have MicroOs from OpenSuse, Fedora has Silverblue with every desktop available, not juat Gnome, Vanilla OS which is rebasing to Debian, BlendOS, Endless and a few others.
That is a lot of choice in a very short period of time.
The desktop user who wants an immutable OS is looking for security and stability. From the choices available, and the approach taken, some are better than others. They are not the same.
I am also interested jn testing this and would like to make it my daily driver, but i am looking for string development and long term support, so Fedora with its short cycle releases doesn't work for me nor their decision for telemetry. The others are small projects with a small dev team, so, MicroOs is probably the way to go for me.
Primarily, with malware becoming increasingly common in Linux, an immutable system makes sense to me for the maximum protection and security.
21 • KDE Connect (by Jack on 2023-07-18 10:52:59 GMT from Australia)
On my Debian (testing) desktop, files sent from my phone end up in the user's Download directory.
22 • Defense of KDE (by Bobbie Sellers on 2023-07-18 20:09:17 GMT from United States)
Yes there are a lot of dependencies but on PCLinuxOS 64, Synaptic finds them reliably.
I don't like the changes from Plasma 4 to Plasma 5 but KDE Plasma 5 remains the most adaptable of Desktop Environments. Even KDE 3.xx showed the same characteristics when I started using it in 2006 and I was able to essentially give myself an environment similar to my AmigaOS 3.9. Plus in Mandriva 2006 there were plenty of tools to help me explore the Filesystem especially Midnight Commander and Dolphin, as there were in AmigaOS after I paid for SID 2. Those tools are present today in PCLinuxOS 64 so despite KDE's Plasma version changes the useful tool remain.
bliss - Dell E7450- PCLinuxOS 64- Linux 6.4.3- KDE Plasma 5.27.6
23 • File sharing (by Martin on 2023-07-19 00:29:17 GMT from Czechia)
I share files using an FTP server on my phone.
24 • @10 • Immutable (by Cubehead from Netherlands) (by lincoln on 2023-07-19 22:08:55 GMT from Brazil)
You may be right, Cubehead, but let me raise some points.
"No. The immutable files are impossible to change during runtime."
Data/instructions from immutable files can indeed be altered when they are in RAM. In fact, even in secondary memory if the attack compromises the kernel and hardware privilege system.
"No. The name "immutable" is misleading if you try to use "common logical reasoning.""
Logical reasoning can still be used in an immutable universe/scope/domain/group. What basis claims it as misleading?
"It is actually a "layered" system. The basic, core system is "immutable," and the applications are in another layer, each in its own container. Most security holes are usually in the applications."
Layers or containers are also code, meaning they are subject to security holes as well. Some relevant quotes:
"Some people make the mistake of thinking of containers as a better and faster way of running virtual machines. From a security point of view, containers are much weaker." –Dan Walsh (Mr. SELinux)
"You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write operating systems or applications without security holes can then turn around and suddenly write virtualization layers without security holes." Theo de Raadt, OpenBSD project lead
"It is also important to understand that "immutable" doesn't mean "absolute security," but that it just minimizes the attack surface and improves security and reliability."
Minimizing the attack surface? By adding layers and containers? Or just by introducing a standardized and fixed attack vector/hole?
"It comes down to what part of the "layered system" is affected. If there is no serious threat to the core system, then updating it once a month (as a general rule) would work fine. If there is a serious vulnerability issue, that schedule can be changed, and an "unplanned emergency update" can be issued"
In the core immutable Android system, just in this month of July, numerous vulnerabilities were found https://source.android.com/docs/security/bulletin/2023-07-01. Now, tell me how many Android users received an "unplanned emergency update"? By 2020, over a billion vulnerable devices were already reported due to lack of security updates, and that number keeps increasing https://www.bbc.com/news/technology-51751950.
"However, there is an important "immutable" advantage. If the core OS gets compromised, one reboot later, and it is clean again—still vulnerable though, but the attacker has to start all over again."
Eureka, the solution to vulnerability for Android or immutable systems in general is to keep rebooting the system every few hours or milliseconds?
""Shapeless target" is the biggest misconception since there is an OS, and it makes Linux basically the worst OS ever made and unsuitable for desktop computing. It is conceptually wrong to pull single files (dependencies) from the repository and combine them into a working system."
Incredible, immutable systems don't gather simple compiled source code files from a repository to create a working system.
25 • @24 (by GrumpyGranpa on 2023-07-20 00:42:15 GMT from Australia)
So to clarify your position, you are stating that any immutable system is not anymore secure than a normal system because 1) the OS runs in ram and 2) dockers/containers may have vurnerabilities that permit exploitation to gain root (i assume).
Your conclusion therefore is that immutable systems are nothing more than a gimmick to lull users into a false sense of security.
What then, in your opinion would be a more secure system than a standard updated installed os?
26 • Slackware (by Werewolfc on 2023-07-20 05:58:05 GMT from Romania)
Happy birthday Slackware! Was my first distro that I've used .... long time ago! Then I quit Linux all together and when I got back on the wagon I joined the Arch Linux band.
27 • @25 (by lincoln on 2023-07-20 07:19:18 GMT from Brazil)
"Your conclusion therefore is that immutable systems are nothing more than a gimmick to lull users into a false sense of security."
Exactly.
"What then, in your opinion would be a more secure system than a standard updated installed os?"
An operating system whose implementation has been completely proven and formally verified (mathematically) as secure. This means the system never performs an unsafe operation. Its proofs validate the following propositions:
"P1: There shall be no unauthorized alteration of information. P2: There shall be no unauthorized acquisition of information. P3: There shall be no unauthorized denial of service. P4: There shall be no unauthorized leakage of information."
https://apps.dtic.mil/sti/tr/pdf/ADA088601.pdf
An example of such an approach would be the microkernel seL4. https://sel4.systems/ Thus, we can even read sentences like: "Theorem shows that subsystems can neither exceed their authority over physical memory nor their authority over communication channels to other subsystems." https://www.trustworthy.systems/publications/nicta_full_text/1474.pdf
Other interesting articles:
https://www.cse.unsw.edu.au/~kleing/papers/sosp09.pdf https://www.trustworthy.systems/publications/nicta_full_text/6464.pdf https://dl.acm.org/doi/pdf/10.1145/2517349.2522720 https://sel4.systems/About/seL4-whitepaper.pdf https://www.usenix.org/legacy/events/hotos11/tech/final_files/Klein.pdf
28 • @24 RAM (by lincoln from Brazil) (by Cubehead on 2023-07-20 10:47:01 GMT from Netherlands)
In the old days, there were fixed addresses in RAM. Hackers learned them. Then address randomization was implemented. Hackers soon learned how to predict or even change it.
If one thinks of Rawhammer and RAMBleed, an attacker could theoretically steal confidential data from RAM. But is that practicable?
What data and how much? Only the data that temporarily resides in RAM. It ain't your private data—your documents, music, or videos—they don't reside in RAM.
Even if there were a way for the attacker to force your 2 TB of data to load in the processor cache piece by piece, memory would have to be allocated in a predictable manner (see “Foreshadow”), and the reading memory rate is around 3–4 bits/sec.
Let's suppose that we have 16 MB of cached data; transferring them at a speed of 3 Kbps (note 'kilo') would take 12 hours, 25 minutes, and 39 seconds at 375 B/sec. How long does it take with a speed of 3 bps instead of 3 Kbps and with 2 TB instead of 16 MB of data? So, your private data won't be stolen through RAMBleed. If you are not using faulty memory but memory with targeted row refresh (TRR) enabled, the attack won't work at all.
That means, RAM attacks will stay reduced on functions such as obtaining root privileges, compromising Linux virtual machines on cloud servers, evading sandboxes, and remotely attacking Android devices to name a few.
All in all, this isn’t a real threat and is safe to ignore.
https://www.hackread.com/rambleed-attack-steals-data-from-computer-memory/ https://downloadtimecalculator.com/
29 • @27 "Immutable Linux" vs. "microkernel" (by lincoln from Brazil) (by Cubehead on 2023-07-20 11:04:28 GMT from Netherlands)
“An operating system whose implementation has been completely proven and formally verified (mathematically) as secure. This means the system never performs an unsafe operation. Its proofs validate the following propositions:
P1: There shall be no unauthorized alteration of information. P2: There shall be no unauthorized acquisition of information. P3: There shall be no unauthorized denial of service. P4: There shall be no unauthorized leakage of information.
An example of such an approach would be the microkernel seL4. https://sel4.systems/”
This all sounds nice and well, but in the end:
1. The kernel doesn't surf the web or (insert anything people do with their computers). 2. It's just a collection of VMs—see Theo de Raadt quote @24. 3. Who mathematically verifies system implementation? 4. Hackers don't use anything "unauthorized." 5. seL4 could be packed as "immutable."
Also note that the microkernel and immutable OS have absolutely nothing to do with each other, and the microkernel is not a guarantee for security per se.
Your seL4 is basically just the old AmigaOS, Mach QNX, or Minix, or partially macOS or Windows NT. All of them can be packed as mutable or immutable OSes. ;)
In other words, you proved that you completely misunderstood what an "immutable" OS is about.
It isn't necessary that we discuss the advantages or disadvantages of a microkernel vs. a monolithic kernel, as that is completely irrelevant for an "immutable" OS.
https://stackoverflow.com/questions/4537850/what-is-difference-between-monolithic-and-micro-kernel
The main point of "immutable Linux" is that even if the attacker did somehow gain unauthorized access, it wouldn't be able to change any core component of your system as the system files, once set to "immutable," can't be changed by absolutely anybody—not even the one who set up the "immutable" state.
The applications will, of course, still be at risk—there is no way around it—but the attack surface is greatly minimized if they are containerized (Flatpak, Snap) and have only limited access to private data and are well isolated from each other.
In other words, for the end user, the "magic" is in: if KeyPass can't integrate with Firefox because they are Snap's or Flatpak's, the attacker can't steal all of the KeyPass information through the Firefox security issue but can get only one single password that is currently typed in, and on reboot, everything will be clean again.
30 • @24 Android (by lincoln from Brazil) (by Cubehead on 2023-07-20 11:09:20 GMT from Netherlands)
"In the core immutable Android system, just in this month of July, numerous vulnerabilities were found https://source.android.com/docs/security/bulletin/2023-07-01. Now, tell me how many Android users received an "unplanned emergency update"? By 2020, over a billion vulnerable devices were already reported due to lack of security updates, and that number keeps increasing https://www.bbc.com/news/technology-51751950."
Did you mix up "well-thought-out concept" with "proper everyday usage of the well-thought-out concept"?
31 • KDE Connect (by txm0523 on 2023-07-21 01:13:58 GMT from United States)
Does anyone know what the security risks are by connecting a mobile to your Linux PC and syncing it with KDE Connect ? I only connect my Android phone to transfer photos from mobile device to a specific folder on my PC, then I run ClamAV on that folder. With all the malicious files that are placed on mobile apps, is there a remote possibility you can infect your Linux PC ? Thanks
32 • "Immutable Linux" vs. "microkernel" (by Cubehead from Netherlands) (by lincoln on 2023-07-21 02:04:42 GMT from Brazil)
I am not debating "immutable vs microkernel".
My point is to state that immutability does not guarantee safety. What guarantees safety are formal demonstrations (mathematically) of the operating system and hardware implementation. Ideally, it should also contain the compiler implementation, the assembly code and the boot code.
"All in all, this isn’t a real threat and is safe to ignore."
In fact, it is not a threat to read/modify data and instructions in your RAM (including in privileged mode), being able to execute any code over time.
"1. The kernel doesn't surf the web or (insert anything people do with their computers). 2. It's just a collection of VMs—see Theo de Raadt quote @24. 3. Who mathematically verifies system implementation?"
Did you actually read the references? If you can prove that the OS has no security holes, you can use abstractions like subsystems or vms without compromising your hardware (processor/memory) and privileged environment. I only cited seL4 as an example of an OS kernel used in billions of devices worldwide, including safety-critical systems from Boeing and DARPA.
"Your seL4 is basically just the old AmigaOS, Mach QNX, or Minix, or partially macOS or Windows NT."
You must be joking.
"In 2009, seL4 became the world’s first OS kernel with a machine-checked functional correctness proof at the source-code level. This proof was 200,000 lines of proof script at the time, one of the largest ever (we think it was the second largest then). It showed that a functionally correct OS kernel is possible, something that until then had been considered infeasible"
"We then extended the verification down to the binary and up to security-enforcement properties"
Field testing:
"A great example is the work our HACMS project partners did on cyber-retrofitting the Boeing ULB autonomous helicopter. The original system ran on Linux, and in a first step, the team put seL4 underneath. The next step broke out two components: The particularly untrusted camera software was moved to a second VM, also running Linux, with the two Linux VMs communicating via CAmkES channels. At the same time, the network stack was pulled out of the VM and converted to a native CAmkES component, also communicating with the main VM. The final step pulled all other critical modules, as well as the (untrusted) GPS software, into separate CAmkES components, removing the original main VM. The final system consisted of a number of CAmkES components running seL4-native code, and a single VM running just Linux and the camera software. The upshot was that while the initial system was readily hacked by the professional penetration testers hired by DARPA, the end state was highly resilient. The attackers could compromise the Linux system and do whatever they wanted with it, but were unable to break out and compromise any of the rest of the system. The team was confident enough to demonstrate an attack in-flight."
33 • @32 (by GrumpyGranpa on 2023-07-21 05:23:50 GMT from Australia)
I understand what you saying as well as the other people, well maybe not the part about Sel4 being an Amiga box, but the other points yes
This is essentially the famous "compiler issue", which could be compromised with a backdoor and asit is the building block could insert the backdoor into all other programs during compilation, compromising the entire system regardless of what security measures are used.
What about using an additional layer on immutable os's such as hashes for key files or directories, which are checked on boot to verify integrity?
I wonder though, as Edward Snowden is satisfied with using Cubes or Tails, should we also not be satisfied with security in its current form, or should we live like Ted in the woods using old hardware and compiling everything ourselves from scratch?
34 • @32 (by Cubehead on 2023-07-21 10:29:20 GMT from Netherlands)
Trying to build a secure system on a kernel that is not secure is a hopeless effort; we know that, but that is also not the main goal behind the immutable Linux concept. What we need is reasonable and affordable security with improved reliability and versatile usability for everybody and for everyday computing. Your HACMS example is the wrong example to use as an argument against the immutable Linux concept. It is a millitary project where the bunch of specialists ensured that the bunch of VMs were running well isolated from each other, built upon a trusted platform, and where some monitoring thread rebooted the system to insure integrity... "... we are working on proving that these mechanisms are effective on SUITABLE hardware ... we have not yet solved the problem of verifying seL4 for multicore platforms ..." Verified platforms and configurations might work for some use cases, but what might work for medical devices, space flight, or a military project wouldn't necessarily help Joe Average, at least not in its present state. "Verification of the multicore kernel is in progress (but presently as an unfunded background activity). The multicore kernel uses a big-lock approach, which makes sense for tightly-coupled cores that share an L2 cache. It is not meant to scale to many cores ... is presently not supported, though." An OS kernel with a machine-checked functional correctness proof alone does not guarantee system safety. Is the entire system secure if one uses sel4 kernel? There would still be a userland built atop of it, with the applications running in it, and that's also where the drivers would be, which still means that any exploit in the driver code or the application would result in total system compromise. Immutability does not guarantee safety, and nobody ever claimed that. It is an additional layer that adds to security and reliability. Proven-no-security-holes-OS can also be mutable or immutable, and immutability would further add to its security and reliability. Immutability is just a state something is in. Immutability says nothing about the quality of the code itself. The idea behind "immutable Linux" is to improve security and reliability through layering, isolation, and simple rollover if things go wrong.
https://docs.sel4.systems/Hardware/ https://docs.sel4.systems/projects/sel4/frequently-asked-questions.html https://microkerneldude.org/2021/05/31/trustworthy-systems-research-is-done-are-you-kidding-csiro/
35 • Congrats (by garcia on 2023-07-21 20:47:36 GMT from Puerto Rico)
... to both Mr. Lincoln from Brazil and Mr. Cubehead from Netherlands for an amicable "mano a mano" on exposing the pros and cons of inmutable systems and allowing readers like me to learn a lot in the process.
Number of Comments: 35
Display mode: DWW Only • Comments Only • Both DWW and Comments
| | |
TUXEDO |
TUXEDO Computers - Linux Hardware in a tailor made suite Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
|
Archives |
• Issue 1090 (2024-09-30): Rhino Linux 2024.2, commercial distros with alternative desktops, Valve seeks to improve Wayland performance, HardenedBSD parterns with Protectli, Tails merges with Tor Project, Quantum Leap partners with the FreeBSD Foundation |
• Issue 1089 (2024-09-23): Expirion 6.0, openKylin 2.0, managing configuration files, the future of Linux development, fixing bugs in Haiku, Slackware packages dracut |
• Issue 1088 (2024-09-16): PorteuX 1.6, migrating from Windows 10 to which Linux distro, making NetBSD immutable, AlmaLinux offers hardware certification, Mint updates old APT tools |
• Issue 1087 (2024-09-09): COSMIC desktop, running cron jobs at variable times, UBports highlights new apps, HardenedBSD offers work around for FreeBSD change, Debian considers how to cull old packages, systemd ported to musl |
• Issue 1086 (2024-09-02): Vanilla OS 2, command line tips for simple tasks, FreeBSD receives investment from STF, openSUSE Tumbleweed update can break network connections, Debian refreshes media |
• Issue 1085 (2024-08-26): Nobara 40, OpenMandriva 24.07 "ROME", distros which include source code, FreeBSD publishes quarterly report, Microsoft updates breaks Linux in dual-boot environments |
• Issue 1084 (2024-08-19): Liya 2.0, dual boot with encryption, Haiku introduces performance improvements, Gentoo dropping IA-64, Redcore merges major upgrade |
• Issue 1083 (2024-08-12): TrueNAS 24.04.2 "SCALE", Linux distros for smartphones, Redox OS introduces web server, PipeWire exposes battery drain on Linux, Canonical updates kernel version policy |
• Issue 1082 (2024-08-05): Linux Mint 22, taking snapshots of UFS on FreeBSD, openSUSE updates Tumbleweed and Aeon, Debian creates Tiny QA Tasks, Manjaro testing immutable images |
• Issue 1081 (2024-07-29): SysLinuxOS 12.4, OpenBSD gain hardware acceleration, Slackware changes kernel naming, Mint publishes upgrade instructions |
• Issue 1080 (2024-07-22): Running GNU/Linux on Android with Andronix, protecting network services, Solus dropping AppArmor and Snap, openSUSE Aeon Desktop gaining full disk encryption, SUSE asks openSUSE to change its branding |
• Issue 1079 (2024-07-15): Ubuntu Core 24, hiding files on Linux, Fedora dropping X11 packages on Workstation, Red Hat phasing out GRUB, new OpenSSH vulnerability, FreeBSD speeds up release cycle, UBports testing new first-run wizard |
• Issue 1078 (2024-07-08): Changing init software, server machines running desktop environments, OpenSSH vulnerability patched, Peppermint launches new edition, HardenedBSD updates ports |
• Issue 1077 (2024-07-01): The Unity and Lomiri interfaces, different distros for different tasks, Ubuntu plans to run Wayland on NVIDIA cards, openSUSE updates Leap Micro, Debian releases refreshed media, UBports gaining contact synchronisation, FreeDOS celebrates its 30th anniversary |
• Issue 1076 (2024-06-24): openSUSE 15.6, what makes Linux unique, SUSE Liberty Linux to support CentOS Linux 7, SLE receives 19 years of support, openSUSE testing Leap Micro edition |
• Issue 1075 (2024-06-17): Redox OS, X11 and Wayland on the BSDs, AlmaLinux releases Pi build, Canonical announces RISC-V laptop with Ubuntu, key changes in systemd |
• Issue 1074 (2024-06-10): Endless OS 6.0.0, distros with init diversity, Mint to filter unverified Flatpaks, Debian adds systemd-boot options, Redox adopts COSMIC desktop, OpenSSH gains new security features |
• Issue 1073 (2024-06-03): LXQt 2.0.0, an overview of Linux desktop environments, Canonical partners with Milk-V, openSUSE introduces new features in Aeon Desktop, Fedora mirrors see rise in traffic, Wayland adds OpenBSD support |
• Issue 1072 (2024-05-27): Manjaro 24.0, comparing init software, OpenBSD ports Plasma 6, Arch community debates mirror requirements, ThinOS to upgrade its FreeBSD core |
• Issue 1071 (2024-05-20): Archcraft 2024.04.06, common command line mistakes, ReactOS imports WINE improvements, Haiku makes adjusting themes easier, NetBSD takes a stand against code generated by chatbots |
• Issue 1070 (2024-05-13): Damn Small Linux 2024, hiding kernel messages during boot, Red Hat offers AI edition, new web browser for UBports, Fedora Asahi Remix 40 released, Qubes extends support for version 4.1 |
• Issue 1069 (2024-05-06): Ubuntu 24.04, installing packages in alternative locations, systemd creates sudo alternative, Mint encourages XApps collaboration, FreeBSD publishes quarterly update |
• Issue 1068 (2024-04-29): Fedora 40, transforming one distro into another, Debian elects new Project Leader, Red Hat extends support cycle, Emmabuntus adds accessibility features, Canonical's new security features |
• Issue 1067 (2024-04-22): LocalSend for transferring files, detecting supported CPU architecure levels, new visual design for APT, Fedora and openSUSE working on reproducible builds, LXQt released, AlmaLinux re-adds hardware support |
• Issue 1066 (2024-04-15): Fun projects to do with the Raspberry Pi and PinePhone, installing new software on fixed-release distributions, improving GNOME Terminal performance, Mint testing new repository mirrors, Gentoo becomes a Software In the Public Interest project |
• Issue 1065 (2024-04-08): Dr.Parted Live 24.03, answering questions about the xz exploit, Linux Mint to ship HWE kernel, AlmaLinux patches flaw ahead of upstream Red Hat, Calculate changes release model |
• Issue 1064 (2024-04-01): NixOS 23.11, the status of Hurd, liblzma compromised upstream, FreeBSD Foundation focuses on improving wireless networking, Ubuntu Pro offers 12 years of support |
• Issue 1063 (2024-03-25): Redcore Linux 2401, how slowly can a rolling release update, Debian starts new Project Leader election, Red Hat creating new NVIDIA driver, Snap store hit with more malware |
• Issue 1062 (2024-03-18): KDE neon 20240304, changing file permissions, Canonical turns 20, Pop!_OS creates new software centre, openSUSE packages Plasma 6 |
• Issue 1061 (2024-03-11): Using a PinePhone as a workstation, restarting background services on a schedule, NixBSD ports Nix to FreeBSD, Fedora packaging COSMIC, postmarketOS to adopt systemd, Linux Mint replacing HexChat |
• Issue 1060 (2024-03-04): AV Linux MX-23.1, bootstrapping a network connection, key OpenBSD features, Qubes certifies new hardware, LXQt and Plasma migrate to Qt 6 |
• Issue 1059 (2024-02-26): Warp Terminal, navigating manual pages, malware found in the Snap store, Red Hat considering CPU requirement update, UBports organizes ongoing work |
• Issue 1058 (2024-02-19): Drauger OS 7.6, how much disk space to allocate, System76 prepares to launch COSMIC desktop, UBports changes its version scheme, TrueNAS to offer faster deduplication |
• Issue 1057 (2024-02-12): Adelie Linux 1.0 Beta, rolling release vs fixed for a smoother experience, Debian working on 2038 bug, elementary OS to split applications from base system updates, Fedora announces Atomic Desktops |
• Issue 1056 (2024-02-05): wattOS R13, the various write speeds of ISO writing tools, DSL returns, Mint faces Wayland challenges, HardenedBSD blocks foreign USB devices, Gentoo publishes new repository, Linux distros patch glibc flaw |
• Issue 1055 (2024-01-29): CNIX OS 231204, distributions patching packages the most, Gentoo team presents ongoing work, UBports introduces connectivity and battery improvements, interview with Haiku developer |
• Issue 1054 (2024-01-22): Solus 4.5, comparing dd and cp when writing ISO files, openSUSE plans new major Leap version, XeroLinux shutting down, HardenedBSD changes its build schedule |
• Issue 1053 (2024-01-15): Linux AI voice assistants, some distributions running hotter than others, UBports talks about coming changes, Qubes certifies StarBook laptops, Asahi Linux improves energy savings |
• Issue 1052 (2024-01-08): OpenMandriva Lx 5.0, keeping shell commands running when theterminal closes, Mint upgrades Edge kernel, Vanilla OS plans big changes, Canonical working to make Snap more cross-platform |
• Issue 1051 (2024-01-01): Favourite distros of 2023, reloading shell settings, Asahi Linux releases Fedora remix, Gentoo offers binary packages, openSUSE provides full disk encryption |
• Issue 1050 (2023-12-18): rlxos 2023.11, renaming files and opening terminal windows in specific directories, TrueNAS publishes ZFS fixes, Debian publishes delayed install media, Haiku polishes desktop experience |
• Issue 1049 (2023-12-11): Lernstick 12, alternatives to WINE, openSUSE updates its branding, Mint unveils new features, Lubuntu team plans for 24.04 |
• Issue 1048 (2023-12-04): openSUSE MicroOS, the transition from X11 to Wayland, Red Hat phasing out X11 packages, UBports making mobile development easier |
• Issue 1047 (2023-11-27): GhostBSD 23.10.1, Why Linux uses swap when memory is free, Ubuntu Budgie may benefit from Wayland work in Xfce, early issues with FreeBSD 14.0 |
• Issue 1046 (2023-11-20): Slackel 7.7 "Openbox", restricting CPU usage, Haiku improves font handling and software centre performance, Canonical launches MicroCloud |
• Issue 1045 (2023-11-13): Fedora 39, how to trust software packages, ReactOS booting with UEFI, elementary OS plans to default to Wayland, Mir gaining ability to split work across video cards |
• Issue 1044 (2023-11-06): Porteus 5.01, disabling IPv6, applications unique to a Linux distro, Linux merges bcachefs, OpenELA makes source packages available |
• Issue 1043 (2023-10-30): Murena Two with privacy switches, where old files go when packages are updated, UBports on Volla phones, Mint testing Cinnamon on Wayland, Peppermint releases ARM build |
• Issue 1042 (2023-10-23): Ubuntu Cinnamon compared with Linux Mint, extending battery life on Linux, Debian resumes /usr merge, Canonical publishes fixed install media |
• Issue 1041 (2023-10-16): FydeOS 17.0, Dr.Parted 23.09, changing UIDs, Fedora partners with Slimbook, GNOME phasing out X11 sessions, Ubuntu revokes 23.10 install media |
• Issue 1040 (2023-10-09): CROWZ 5.0, changing the location of default directories, Linux Mint updates its Edge edition, Murena crowdfunding new privacy phone, Debian publishes new install media |
• Issue 1039 (2023-10-02): Zenwalk Current, finding the duration of media files, Peppermint OS tries out new edition, COSMIC gains new features, Canonical reports on security incident in Snap store |
• Issue 1038 (2023-09-25): Mageia 9, trouble-shooting launchers, running desktop Linux in the cloud, New documentation for Nix, Linux phasing out ReiserFS, GNU celebrates 40 years |
• Issue 1037 (2023-09-18): Bodhi Linux 7.0.0, finding specific distros and unified package managemnt, Zevenet replaced by two new forks, openSUSE introduces Slowroll branch, Fedora considering dropping Plasma X11 session |
• Issue 1036 (2023-09-11): SDesk 2023.08.12, hiding command line passwords, openSUSE shares contributor survery results, Ubuntu plans seamless disk encryption, GNOME 45 to break extension compatibility |
• Full list of all issues |
Star Labs |
Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.
|
Random Distribution |
VLOS
VLOS (Vidalinux Desktop OS) was a powerfull, stable and easy-to-use Linux distribution. The desktop components are based on the best projects of the open source community including the GNOME desktop environment, Firefox browser, Evolution mail and calendar client, Gentoo Linux system and portage package manager. VLOS includes additional multimedia and productivity applications for the home user including media players, browser plugins for Flash, RealPlayer, PDF viewer, media, graphics design and administration tools.
Status: Discontinued
|
TUXEDO |
TUXEDO Computers - Linux Hardware in a tailor made suite Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
|
Star Labs |
Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.
|
|