Michael:
[0:00] This week in Linux, we have a brand new version of the Linux kernel to talk about. Well, maybe. Technically, the 6.13 release is not until this Sunday, and I’m recording this before Sunday, so we’re just going to roll the dice, and hopefully it doesn’t get delayed. Also, we have some distro news this week to talk about with a new release from Linux Mint, MX Linux, and OpenSUSE. We also have some security news related to the rsync project, as well as a big flaw that was found in the Linux kernel. We’re gonna talk about all of this and so much more on This Week in Linux, your weekly news show that keeps you up to date with what’s going on in the Linux and Open Source world. Now let’s jump right into Your Source for Linux GNews.

Michael:
[0:47] This episode of TWIL is sponsored by Sandfly Security. More on them later. Just a quick bit of news before we get started with this week’s episode. If you hadn’t noticed, I’ve been releasing a lot of new videos recently. I’ve got two new videos out right now. So since the last episode of TWIL, I’ve actually got a lot new videos if you haven’t checked it out recently at all. So go check those out. And I plan to be making a lot more this year. So be sure to subscribe to the channel. And also check out my podcast, Destination Linux. We’ve been crushing it lately. And I’m not biased just because I’m one of the hosts, sure, but I’m not biased. We have been crushing it. So go check it out, destinationlinux.net. You can see the podcast with me, Ryan, a.k.a. DasGeek, Jill, a.k.a. Jill Linux Girl. And it’s just been really good. We actually hit our 400th episode recently. So there’s a lot to check out. Do that.

Michael:
[1:38] Also, you can check us out on Blue Sky. So this show is on Blue Sky as well as Tux Digital, the Destination Linux podcast. And I also have my own personal account. So you’ll find links in the show notes if you want to go follow us on Blue Sky. We’re also on everything else, too. Well, not everything. we’re on most things as well so links

Michael:
[1:56] in the show notes for that too the first topic of the week is the latest release of the linux kernel with linux 6.13 well technically i’m recording this before the actual release is out because that is supposed to be this sunday and since they usually don’t delay releases i’m going to take a shot and include it in this episode anyway, So the first thing we’re gonna talk about is the issue that was found at the last minute with the ROX pages. So this was found this week, and I also covered it in a video this week if you want more details, but basically there was some issues that caused potential security problems and issues with anti-malware technology.

Michael:
[2:31] If you want more details, check out that video. I’ll have it linked in the show notes. So let’s move on to the highlights. The first highlight is the lazy preemption.

Michael:
[2:39] So the Linux kernel supports four different preemption modes. There is a full preemption mode, but since preemption is usually at odds with performance, most Linux kernels default to using the voluntary preemption mode, which provides some preemption opportunities, but it’s not full preemption.

Michael:
[2:56] This release adds a lazy preemption mode that adds to kind of have the aim of being a bridge between the two voluntary and full preemption. It optimizes fair class preemption by delaying preemption requests to the tick boundary while working as full preemption for other classes like the RR, the FIFO, and the deadline classes. The next highlight is support for multi-grain file timestamps or fine-grained timestamps without performance overheads. So some applications, notably NFS, need higher resolution timestamps on files, but higher resolution timestamps on all files can increase the rate of which metadata needs to be written to the disk in this release linux adds support for fine-grained timestamps but only when processes do query that information for a file this allows for finer-grained timestamps without the performance overhead so that’s fantastic this release also adds support for atomic writes so there is some hardware that it supports atomic write operations by which we mean like writes to write data that is larger than the storage’s sector size in an atomic way. This release adds support for atomic writes in XFS, Extended Force Direct I.O., and some other kinds of RAID modes. Up next is the NAPI suspension for more efficient networking.

Michael:
[4:18] So interrupt mitigation in networking loads can be accomplished with busy polling and can be quite efficient, but it cannot effectively support both low and high load situations. This release adds a new packet delivery mode that properly alternates between busy polling and interrupt-based delivery, depending on busy and idle periods of the application. During a busy period, the system operates in a busy polling mode, which avoids interference. And during idle period, the system falls back to interrupt drift rule, but with a small timeout to avoid excessive latencies. So the last highlight we’re going to talk about, it’s not the only, it’s not the last highlight of the release, but it’s the last we’re going to talk about. There’s a lot more. We’ll have a link in the show notes for that. But the last we’re going to talk about is the new networking device API to configure TXHW shaping. So there’s a lot of different options for shaping related drivers API.

Michael:
[5:09] None of them are flexible enough to meet existing demand from the vendors. This release introduces new device APIs to configure in a flexible way the TXHW shaping. The new functionalities are exposed via a newly defined generic Netlink interface and include introspection capabilities. So like I said, there’s a lot more to this release. This is only five of the highlights. There’s so many more. And if you want more information, you’ll find links in the show notes to all sorts of different sources, because there’s an especially one that’s kernel newbies, such a good resource.

Michael:
[5:44] I use that for most of this topic. So check that out. Links in the show notes. So there’s a brand new version of the Linux Mint distribution with Linux Mint 22.1. And there is a lot to talk about. There’s a new theme, there’s new dialogue pop ups, there’s changes to different various features with having the new applications and also the nightlight thing returns, like so many things that are in this release so we’re not able to cover everything we’re going to cover as much as possible but there’s of course there’s going to be like the big question of is it worth upgrading to should you use it as a beginner and that sort of stuff we’re going to answer all those questions right now actually if you’re a beginner Linux main is a great option so feel free to check it out there’s a lot of other options as well for beginners if you want to check out this video I’ll have linked in the show notes I actually covered the like the best distributions to get started with Linux. So if you’re interested in that, check out that video. And also for upgrades, probably, yes. So the thing is, Linux Mint updates are sometimes really easy to do and sometimes not so easy.

Michael:
[6:51] So between the different point releases, so 22 to 22.1, and then point two and then point three, those updates are going to be relatively simple and painless. The release between 22 and 23 may or may not have issues depending on the setup and the hardware and that sort of stuff because that’s going from the LTS base of Ubuntu to a new LTS base of Ubuntu. So when 23 comes out.

Michael:
[7:18] That’s going to be based on 2604 so you go from 2404 to 2604 as the base there could be issues here and there but more than likely that it’ll still be fine with the update for 22 to 22.1 you’re totally fine to do an update there is no worry about it typically i can’t guarantee that because i personally have not updated today was the first time i had the option to do the upgrade because when they were when they announced the release the blog post said that the release the updates will be coming in a few days so i only had the ability to try the update system the upgrading process to try the new version well the day i recorded this show so i’m not going to do that that would not be very uh efficient to get the show done so let’s talk about what’s new and Linux meant 22.1.

Michael:
[8:11] It didn’t rhyme, but it sort of did. So they’ve made some changes to the app dependency system. So how they handle the various different tools, because they’ve made new applications to handle these sorts of things. So they’ve made apt kit to replace app daemon or providing, they say a streamlined library for package management operations. They’ve also made a new application to replace GW and basically apt URL. For those who don’t know, apt URL is a way to kind of automatically detect an application based on a link you get on a browser so it will open up usually typically gw but this is having the tool of captain being able to combine those two things which is cool and also i like the name captain because it has apt in it i just i appreciate that kind of thing they now have this new thing called foreign packages um downgrading so for those who don’t know.

Michael:
[9:05] A foreign package means that it’s not made by the Mint team. It’s not in the Mint repos. If you take a PPA, for example, or you download a dev and you install it through that, then it would be considered a foreign package. And this gives you the ability to downgrade from that package to one that’s in the repo. If you want to do that for some reason, typically it’s going to be an older version. And I’m not sure why you would want to do that other than the fact that it’s not a third-party tool it’s kind of a first-party package because it’s being made by mint in that case but for the most part i would say that the foreign package was i would you’re pretty much getting those for on purpose.

Michael:
[9:48] But this is now a feature if you want to downgrade, you can. Linux Mint 22.1 also introduces better power modes. So you can now choose between like a power saver mode and a balanced mode or even a performance mode, depending on basically your battery. So if you want to have longer lasting battery, you can have, you can use the power saver mode, which will use less and like less, it’ll be able to conserve energy more. So that’s really cool that they’ve added that. A lot of distributions have that now, and I think that all of them should have this sort of feature with the Power Profiles Daemon being a very robust setup. So I’m glad to see that Linux Mint is adding that. Linux Mint 22.1 also re-adds the nightlight feature back to the system. And this is for those who want to lower the brightness of their screen without technically lowering the brightness. So it’s mostly about the blue light filtering. So for those who don’t know, I’ve talked about this before, but most of the time in the comments, I get people talking about how blue light doesn’t really do anything. It’s a myth and that sort of stuff. To be clear, the color spectrum of the light doesn’t really matter. The reason why blue light is a problem is because blue is more intense of a light. So blue light is more about saying, you know, filtering out blue light is more like filtering out the intensity, that level of light. In order to get that level, you have to increase the intensity. So…

Michael:
[11:16] Like tungsten light or you know more orangish or red lights those are a lower part of the intensity of the spectrum so that’s the issue it’s not necessarily the color it’s the intensity of that light and that has been shown to be an issue so this is ability to like if you lower the brightness on your monitor you’re still going to have more intensity of the light so if you lower the brightness and then also remove the blue light it’s going to lower it even more so than your system can typically do on a monitor. So there’s many benefits depending on how late in the night you’re going to be using your computer. Linux Mint 22.1 is coming with a new version of the Cinnamon desktop with Cinnamon 6.4. If you’re interested in more details about what’s new in Cinnamon 6.4, you can check out the episode of TWIL where I covered exactly that with all the details.

Michael:
[12:06] And this has a new theme in the new version of Cinnamon, but Linux Mint is not using that. They’re using the modified version of the existing theme that you already had with 22. So if you wanted to use the 6.4 cinnamon theme, you can do so by changing the settings in the system settings, but not in by default. Our friends over at OMG Ubuntu have made a cool slider effect to show you the difference between the cinnamon theme and the mint Y dark theme that is coming with cinnamon or with mint 22.1 and the one on the left is the mint y dark and the one on the right is the new cinnamon default so you can see the difference as I move the slider so that’s a cool effect so good job omg ubuntu for adding this in your blog post I like that and yeah you can see the difference some people were going to like this some people are not because of the the menu connecting on the previous version and the new version not connecting some people don’t like the floating aspect and other people do so depending on which one you prefer uh then you got both options i think i prefer a combination of the two like there’s some good things about both of them.

Michael:
[13:23] But anyway, if you’d like to learn more about the new theme of Cinnamon, check out the link for the previous episode of TWIL where I covered it. Linux Mint 22.1 also gets some improvements for the Wayland compatibility. Now, it’s still experimental, but it is much better than the previous versions because of Cinnamon 6.4 introduced a lot of improvements for the Wayland support. So if you’re interested in trying out Wayland with Cinnamon, you can do so with 22.1 Mint.

Michael:
[13:50] But keep in mind, it is still experimental. So those are just the highlights of this release of Linux Mint 22.1. If you’d like to learn more, you can find links in the show notes.

Michael:
[13:58] The OpenSUSE team have announced that there is a new version of the Slow Roll distribution branch of OpenSUSE.

Michael:
[14:05] And this is very cool. For those who don’t know, Slow Roll is kind of like a middle between OpenSUSE Tumbleweed and OpenSUSE Leap. For those who don’t know what those mean, the OpenSUSE Tumbleweed project is a branch of OpenSUSE. It’s a distro that is constantly rolling. It has everything super fast, basically updates every day, and it’s a very cool project, but it rolls somewhat too fast for other people. So on the other side, there’s the OpenSUSE Leap version, which is a distribution that has stuff moving pretty slowly. Basically, once a year is a new version of Leap, and once every few years, I’m not sure exactly how many but a few years four or five or so there’s a big jump between the core base so every year the updates are pretty minimal like pretty minor stuff but the every couple of years every few years there’s a huge change of the base so that’s the difference between those two so that’s great for some people each one of those is great for some people but a lot of people are kind of left out because they don’t want to have as fast as tumbleweed, but they don’t want to have as slow as leap. And that’s where slow roll comes in because it’s basically a rolling distribution that goes slower.

Michael:
[15:27] Slow roll so let’s talk about what’s latest or what’s available in the latest version of slow roll so the highlights of this release of slow roll is that this upgrade introduces advancements for the open susa reproducibility initiative which brings stuff from factory and also tumbleweed factory is like before tumbleweed basically and the the key improvements include enhanced tools for reproducible builds and fixes for dependency handling parallelism and race conditions in packages such as python and qt and others so there’s quite a few improvements for the overall development cycle aspects there’s also quite a few things in general because everything you look in slow roll you can see that it’s basically from tumbleweed and then just in a slower pace so if you look at what’s in tumbleweed you’ll see what’s coming with slow roll and And speaking of which, let’s talk about what is new with Tumbleweed and LX-Cute. You can now use LX-Cute on Wayland inside of OpenSUSE Tumbleweed. We talked about LX-Cute 2.1 introducing Wayland compatibility, but basically no distribution would have that yet because it takes some time to get, you know, once it goes from the release of the desktop, then for the distros to implement it.

Michael:
[16:43] And OpenSUSE Tumbleweed has the ability to use it if you would like to. So you can find out more information about the full details of the wellin support and lxq with the lxq 2.1 review or not review but coverage we did on TWIL so check that out in the links in the show notes but basically you have an option to use multiple different types of compositors for the lxq session so you can use hyperland you can use kwin labwc niri river sway and Wayfire.

Michael:
[17:18] And a lot of people are saying that there’s different, different compatibilities and different features between these, all these compositors and that the developers of LX cute are, are saying that the best overall experience for all the features would be K win because some features are only exclusively available with K win, but also lab WC is a solid option as well. So if you like more information about any of these things, you can check out the links in the show notes.

Michael:
[17:44] This week, we saw a new version of the very popular Rsync tool with Rsync 3.4. Unfortunately, this was not to introduce a bunch of new cool features, but rather this was to publish some very important fixes to some pretty severe security issues. Security researchers at Google uncovered six security issues with Rsync. Now, the first one is a heap buffer overflow in the checksum parsing. The second one is info leak via uninitialized stack contents, defeating ASLR, as well as the third one being server leaks arbitrary client files. The fourth one is server can make client write files outside of destination directory using symbolic links. There’s also the next one is the bypass to the safe links feature. And also the last one is symlink race condition. So these are pretty severe bugs. So yeah, there’s a lot as well, especially bad when some of them are possible to do remote code execution like the heat buffer overflow and the info leak stuff.

Michael:
[18:48] There’s not great. However, there is some great news with this, and that is all of these are fixed within the Rsync 3.4 release. So if you use Rsync, upgrade now. And also, even if you don’t use Rsync, you probably have it a lot of distro ship with it by default so just make sure you run updates soon and if it’s in there definitely run the update.

Michael:
[19:14] This episode of TWIL is sponsored by Sandfly. And thanks so much to Sandfly for sponsoring this episode. And you know, you chose Linux for its stability and security. But as threats grow more sophisticated, detecting them in time without putting your systems at risk is more critical than ever. Traditional endpoint agents can cause downtime and performance issues, leaving visibility gaps in your entire systems. So like, this has got to be a better thing, right? There’s got to be something better you can use. and that is SanFly Security. You guessed it. SanFly Security is the agentless Linux security platform. SanFly not only does endpoint detection and response, but also performs SSH key tracking, password auditing, and drift detection to find the widest range of threats. Whether your servers are in the cloud, on-premises, or even embedded devices, SanFly protects them all without the need for risky agent installations. The senior security engineer at the University of Massachusetts, Ken Kleiner, explains it best. He says that Sandfly is the first product I’ve seen that accurately and quickly detects thousands of signs of compromise on the Linux platform. Its unique method automates tasks, which would be manually impossible.

Michael:
[20:26] Automation is key with detection, and Sandfly completely fits this and other requirements. If your organization is using Linux, this should be part of your cybersecurity toolset. So get fast, non-invasive protection for your critical systems. No agents, no downtime, just smarter security. That works. Visit thisweekinlinux.com/sandfly to learn more. That’s thisweekinlinux.com/sandfly, S-A-N-D-F-L-Y, sandfly. So go there to let them know that you found out about them on This Week in Linux. So we get credit for, you know, you go in there.

Michael:
[21:01] Thisweekinlinux.com/sandfly. MX Linux 23.5 has been released, and this is the fifth refresh release of the MX 23 series. There is actually, it seems like it’s not that big of a release because it’s a 0.5 release, but there are a lot of differences and some big highlights with obviously the biggest one having XFCE 4.20 in the repos. So like I said, MX Linux 23.5 includes XFCE 4.20 in the XFCE ISOs and also the PyRespin. So this is based on Debian 12.9. And so at all the benefits that came with 12.9 update it has those as well although it is still kind of an older version because it is based on Debian that’s how that works but you can also get the AHS edition of MX Linux which is the hardware the advanced hardware support edition of MX Linux so you can get up-to-date packages on some things especially the hardware support which is really cool so as you can see by default it has the 6.1.123 kernel. And if you use the AHS version, you get the 6.12.8 licorix kernel.

Michael:
[22:14] Which is pretty interesting to have that one as the kernel that they’re using, and also having auto updates enabled. So MX Linux 23.5 also has a UI improvements and better display or packages with the MX package installer. They’ve also added extra warnings on live system. If persistence has been asked for on boot media, that is read only. So you get a notification if you’re trying to do that. And they’ve also made some tweaks to the default F stab file as set by the installer. And of course, they’ve made some bug fixes and overall just, you know, some nice polishing and some, you know, fixes here and there. If you’d like to learn more about the latest release of MX Linux 23.5, you’ll find links in the show notes.

Michael:
[22:53] Enlightenment 0.27 was released this week, and there are some new features and also some bug fixes and that sort of stuff. This, if you’re not familiar, Enlightenment is a very cool project because it is a desktop system. It’s not a desktop environment. It’s also not technically a window manager because it’s more than a window manager, but not as much as a desktop environment. So I like to refer to it as a window environment, kind of like a hybrid of the two, but also in the middle more like. So window environment is what I choose to call it. I don’t think they call it that at all. But if you would like to, feel free. You can use that if you want.

Michael:
[23:31] So the Enlightenment window environment is very cool. It’s super lightweight. it is uh it also is very customizable in the look and feel of it and in the most the most important thing is most people know about it is that it is very lightweight now that’s great a desktop environment or window environment that is lightweight is really good but your release notes your release notes should not be lightweight that’s not great for me or anybody covering the news because here’s here’s let me zoom in real quick so you can see what the release notes say, And I quote, in its entirety, this is the latest release of Enlightenment. This has a lot of fixes, mostly with some new features. End quote. There’s not a lot of information.

Michael:
[24:23] After a bit of digging with the Git logs and all that sort of stuff, here is what is actually new in this release. So they made improvements to the CPU freak or CPU frequency applet. R&R handling fixes on X11 R and the word R also known as Rander some people call it Rander fixes on X11 updated translations the battery applet is a bit more polished and they’ve actually made a change to reduce CPU usage when playing games through Proton and Steam which is very cool as well as various other improvements so as a quick request to the Enlightenment team I’d like to ask that you provide some better release notes for your next release. Because two sentences where one of them is really just rephrasing the headline of the post is not a great way of being able to express what’s different in a system. Just to, you know, food for thought. Also, another item for food for thought would be to, you know, increase the version number to maybe a 1.0. Maybe. Or, dare I say, just drop the zero and just call it 27 could just do that or 28 the next one because it’s been long enough for enlightenment for those who don’t know enlightenment was first started in 1997 so it’s been 28 years roughly for this you it’s fine you can just.

Michael:
[25:53] You can just call it 1.0 or 27 or whatever it’s you don’t need a zero point whatever anymore,

Michael:
[26:00] the flat pack team have announced the latest release of the flat pack format which is flat pack 1.16 we’re also going to talk about some flat hub news as well in a second but let’s talk about the highlights of what’s new in flat pack 1.16 after more than two years of development the latest version of flat pack introduces a lot of bug fixes and outsource of stuff as well as many new features. Two new features are included in Flatpak 1.16 related to USB and input devices. So the new input device permission has been added and also support for the USB listing. So you’re able to control the input device permissions of a Flatpak as well as being able to see USB devices through the listing support. So let’s first talk about the input device permission. And interestingly enough the developer george stavrakis i probably butchered that sorry says that while technically it’s still a sandbox hole that should be treated with caution it now allows some apps to replace a device dash all with device dash input or equals input which has a far smaller surface area this is interesting in particular for apps and games that use joysticks and controllers as these are usually exported by the kernel under the dev.

Michael:
[27:18] So this gives the ability to improve the overall style of being able to package an app or a game inside of a flat pack and not have to give all access to all devices.

Michael:
[27:30] More specifically, you can say just input devices, which is very good. The next thing is what they say is likely the biggest feature in the new release is that it allows Flatpak apps to list which USB devices they intend to use. This is stored as static metadata in the app, which is then used by XDG Desktop Portal to notify the app about plugs and unplugs and eventually request the user for permission. Using the USB Portal, Flatpak apps are able to list the USB devices that they have permission to list and only them. Actually accessing these USB devices triggers a permission request where the user can now allow and deny or deny the app from having access to the device. And it is also possible to forcefully override these USB permissions locally with the dash dash USB and dash dash no USB command line arguments. Flatpak 1.16 also brings some big improvements and new features for the Wayland integration.

Michael:
[28:28] So Flatpak now creates a private Wayland socket with the Security Context V1 extension. This allows the Wayland compositor to properly identify connections from sandbox apps as belonging to the sandbox, which is very important. Also, they say that with this protocol, Flatpak is able to securely tell the Wayland compositor that the one, the app is a Flatpak sandboxed app, two.

Michael:
[28:54] An immutable app, and also three, the instance ID of the app. None of these bits of information can be modified by the apps themselves.

Michael:
[29:02] So this is very cool. Also, the immutable app ID is very important because it’s like an assigned to that particular Flatpak. And this is so much really so much cool stuff to see with the improvements of the Wayland support and also working on the security aspects of Flatpaks because some people have said that flat pack has is known for not having the greatest security but you know you’re trying to balance convenience and functionality and capabilities with security and i think flat packs are doing a very good job obviously there’s room for improvement always for anything including this show so uh at some point it’s going to get even better but i’m really happy to see these these the updates here so flat pack 1.16 also improves the accessibility aspects of the format now this is not something that is brand new. They’ve had accessibility supported on Flatpaks for a while, but what’s different now is that they have improved the accessibility aspects for various different types of Flatpaks. So most notably is like WebKit, web engines inside of Flatpaks would not have the ability to use the accessibility stack on web pages inside of the browser. So on some cases where the applications are directly connected, then it would work, but this is kind of using something inside of the Flatpak itself. So you wouldn’t be able to read stuff on Gnome Web or Newsflash, for example.

Michael:
[30:28] That’s a big bummer for those who want to use screen readers because they wouldn’t be able to see the actual content of the webpage. But now, fortunately, a lot of work has been put on this and now Flatpak has all the pieces of the puzzle addressed. So you can have screen readers working inside of WebKit, WebKit, WebEngine based applications, which is really good news. The latest version of Flatpak 1.16 also introduces some improvements for the progress reporting and so many more things. If you would like to check out all the details about everything that has happened

Michael:
[31:02] in the latest version of the Flatpak format, you’ll find links in the show notes. Thanks for watching this episode of This Week in Linux. If you’d like what I do here on this show and want to be kept up to date with what’s going on in the Linux and open source world, then be sure to subscribe. And of course, remember to like that smash button. If you’d like to support the show and the Tux Digital Network, then consider becoming a patron by going to tuxdigital.com/membership, where you get a bunch of cool perks like access to the patron-only sections of our Discord server, access to join me in the Skybox, as well as in the patron-only post show that happens every week after the live stream of This Week in Linux. That’s right. If you didn’t know, we are live streaming This Week in Linux now for the past couple of episodes, but we’re going to do it for the foreseeable future. So you can basically say that TWIL is live in 25.

Michael:
[31:52] You can also support the show by ordering the Linux and they wear a t-shirt or the This Week in Linux shirt at tuxdigital.com/store. Plus, while you’re there, check out all the other great stuff we have like hats, mugs, hoodies, and more tuxdigital.com/store. I’ll see you next time for another episode of Your Source for Linux Canoes. Thanks again for watching. I’m Michael Tunnell. I hope you’re doing swell. Be sure to ring that notification bell. And until next time, I bid you farewell.