WebProNews

Tag: Debian

  • Proposed Patch Would Disable Linux CPU Security Mitigations at Compilation

    Proposed Patch Would Disable Linux CPU Security Mitigations at Compilation

    Debian developer Breno Leitao has proposed a Linux kernel patch that would allow developers to disable CPU security mitigations at compilation.

    CPU mitigations are an important cybersecurity measure, protecting users against Spectre, Meltdown, and other vulnerabilities. These protections come at a cost, however, and some users disable them to achieve maximum performance from their machines. Unfortunately, those users have no easy way to disable the mitigations at compile time, and have to rely on kernel parameters instead.

    Leitao, who also serves as a kernel engineer at Meta, proposed the change on the kernel mailing list:

    Right now it is not possible to disable CPU vulnerabilities mitigations at build time. Mitigation needs to be disabled passing kernel parameters, such as ‘mitigations=off’.

    This patch creates an easy way to disable mitigation during compilation time (CONFIG_DEFAULT_CPU_MITIGATIONS_OFF), so, insecure kernel users don’t need to deal with kernel parameters when booting insecure kernels.

    As Phoronix highlights, most users would do well to leave the CPU security mitigations in place. However, there may be cases where it is relatively safe to disable them, such as when a computer has no internet access.

  • OpenSnitch Application Firewall Coming to Debian

    OpenSnitch Application Firewall Coming to Debian

    Popular application firewall OpenSnitch is coming to Debian, one of the oldest and most popular Linux distributions (distros).

    OpenSnitch is an open source port of the popular macOS app Little Snitch. Little Snitch, and its open source counterpart, inform the user whenever an app tries to access the internet. It’s a useful feature to crack down on apps that try to ‘phone home.’

    Developer Petter Reinholdtsen posted a blog describing his efforts to work with the OpenSnitch developers to bring the app to Debian:

    It did not took long to find the OpenSnitch package, which has been in development since 2017, and now is in version 1.5.0. It has had a request for Debian packaging since 2018, but no-one completed the job so far. Just for fun, I decided to see if I could help, and I was very happy to discover that upstream want a Debian package too.

    After struggling a bit with getting the program to run, figuring out building Go programs (and a little failed detour to look at eBPF builds too – help needed), I am very happy to report that I am sponsoring upstream to maintain the package in Debian, and it has since this morning been waiting in NEW for the ftpmasters to have a look. Perhaps it can get into the archive in time for the Bookworm release?

    Given the well-deserved praise Little Snitch and OpenSnitch have earned over the years, its nice to see a version coming to Debian. Since Ubuntu is based on Debian, it will likely make its way there as well.

  • Debian May Change How It Handles Non-Free Firmware

    Debian May Change How It Handles Non-Free Firmware

    Debian is currently investigating the possibility of changing how it handles non-free firmware, moving the discussion to a general resolution process.

    Debian is one of the oldest Linux distributions (distros) and serves as the basis of many others, including Canonical’s Ubuntu. Unlike Ubuntu, and the countless distros based on it, Debian does not currently include non-free software. According to Phoronix, that could be about to change.

    The discussion regarding whether or not to include non-free firmware has moved to a general resolution phase. There are three options being considered:

    • Include non-free firmware as part of the official installation, loading it by default when needed while still giving users the option to use only free firmware.
    • Include non-free firmware options, but not make them the default.
    • Separate the two different options into individual downloads — one installation download with non-free firmware and one without.

    If Debian does move forward with one of the proposed options, it could significantly lower the barrier to entry for new users. Debian is often touted as one of the most stable and reliable Linux distros, but many new users are intimidated by the prospect of manually installing non-free firmware their computers may need to run efficiently. Non-free firmware can include improved security for some machines as well.

  • Microsoft Edge for Linux Getting Sign-In and Sync Support

    Microsoft Edge for Linux Getting Sign-In and Sync Support

    Microsoft is adding sign-in and sync support to the Linux version of its Edge web browser.

    Microsoft Edge is the company’s web browser that replaced its long-lived Internet Explorer. While Edge was originally powered by Microsoft’s own rendering engine, the company transitioned it to Chromium, the open source rendering engine that powers Google’s Chrome. Unlike Internet Explorer, Edge is available for several of the most popular Linux distributions, including Ubuntu, Fedora, Debian and openSUSE.

    In a post on the company’s Dev channel, Microsoft’s Josh Bodner announced that sign-in and sync are available in dev build 91.0.831.1.

    We’re also starting to roll out sign-in and sync for Linux users! Please note that this is only supported for personal Microsoft Accounts at the moment, and you may need to enable a flag in order to see this setting.

    The company does warn that there may be issues, given this is still a development feature.

    Users interested in more information can read the full release notes here.