Tag: linux

Framework’s New Laptop Lets You Upgrade the Graphics Card

[ad_1]

It has been a big year for repairable-laptop maker Framework. After launching the Framework Laptop 12 and the Framework Desktop this summer, the company is now rolling out a big update to the Framework Laptop 16. The machine can be configured with (or upgraded to) an Nvidia RTX 5070 laptop graphics card. You can also upgrade to the new 2025 mainboard, which includes the next-gen AMD Ryzen AI 300 series chips.

Why is this a big deal? Well, Framework is a company we’ve grown to appreciate a lot over the past few years. The company has been pioneering a more sustainable (and fun!) approach to designing computers, making as many parts of the device as modular as possible. That has included things like the RAM and storage, naturally, but also the CPU, battery, Wi-Fi card, and much more.

The idea is to swap out components on the laptops when new modules come out (or if something breaks down), reducing the need to buy a new laptop every few years and sending fewer parts to the landfill. But upgrading discrete graphics on laptops has always been elusive. Companies like Alienware have tried modular discrete GPUs in portable PCs before, and they never lasted. But with the new RTX 5070 graphics module upgrade, Framework proves it can be done.

Courtesy of Framework

The original Framework Laptop 16 arrived at the beginning of 2024, launching as an AMD-exclusive system with the Ryzen 7 7840HS (or Ryzen 9) and the discrete Radeon RX 7700S for graphics. At the time of testing, GPU performance landed somewhere around a mobile RTX 4060. On paper, that makes the jump to an RTX 5070 not only a great demonstration of the Framework ethos—but also a big deal for performance. Framework says it’s a 30 to 40 percent increase in GPU performance over the RX 7700S.

More power doesn’t come free, so Framework is shipping a 240-watt USB-C charger that uses the USB Power Delivery 3.1 spec. That’ll make it one of the only laptops with an RTX 5070 that is powered solely by USB-C. Other 240-watt power adapters often use a proprietary power port (see almost every gaming laptop).

The Framework Laptop 16 was the follow-up to the original Framework Laptop 13 and added more than just the discrete graphics module. It also had a unique approach to customization, letting you arrange the keyboard and trackpad however, using modules and spacers to customize it. The new model also comes with a better webcam and a more rigid top cover (on the lid).

[ad_2]

Luke Larsen

Source link

August 26, 2025
Stealthy Malware Has Infected Thousands of Linux Systems for Years

[ad_1]

Other discussions include: Reddit, Stack Overflow (Spanish), forobeta (Spanish), brainycp (Russian), natnetwork (Indonesian), Proxmox (Deutsch), Camel2243 (Chinese), svrforum (Korean), exabytes, virtualmin, serverfault and many others.

After exploiting a vulnerability or misconfiguration, the exploit code downloads the main payload from a server, which, in most cases, has been hacked by the attacker and converted into a channel for distributing the malware anonymously. An attack that targeted the researchers’ honeypot named the payload httpd. Once executed, the file copies itself from memory to a new location in the /temp directory, runs it, and then terminates the original process and deletes the downloaded binary.

Once moved to the /tmp directory, the file executes under a different name, which mimics the name of a known Linux process. The file hosted on the honeypot was named sh. From there, the file establishes a local command-and-control process and attempts to gain root system rights by exploiting CVE-2021-4043, a privilege-escalation vulnerability that was patched in 2021 in Gpac, a widely used open source multimedia framework.

The malware goes on to copy itself from memory to a handful of other disk locations, once again using names that appear as routine system files. The malware then drops a rootkit, a host of popular Linux utilities that have been modified to serve as rootkits, and the miner. In some cases, the malware also installs software for “proxy-jacking,” the term for surreptitiously routing traffic through the infected machine so the true origin of the data isn’t revealed.

The researchers continued:

As part of its command-and-control operation, the malware opens a Unix socket, creates two directories under the /tmp directory, and stores data there that influences its operation. This data includes host events, locations of the copies of itself, process names, communication logs, tokens, and additional log information. Additionally, the malware uses environment variables to store data that further affects its execution and behavior.

All the binaries are packed, stripped, and encrypted, indicating significant efforts to bypass defense mechanisms and hinder reverse engineering attempts. The malware also uses advanced evasion techniques, such as suspending its activity when it detects a new user in the btmp or utmp files and terminating any competing malware to maintain control over the infected system.

By extrapolating data such as the number of Linux servers connected to the internet across various services and applications, as tracked by services such as Shodan and Censys, the researchers estimate that the number of machines infected by Perfctl is measured in the thousands. They say that the pool of vulnerable machines—meaning those that have yet to install the patch for CVE-2023-33426 or contain a vulnerable misconfiguration—is in the millions. The researchers have yet to measure the amount of cryptocurrency the malicious miners have generated.

People who want to determine if their device has been targeted or infected by Perfctl should look for indicators of compromise included in Thursday’s post. They should also be on the lookout for unusual spikes in CPU usage or sudden system slowdowns, particularly if they occur during idle times. Thursday’s report also provides steps for preventing infections in the first place.

This story originally appeared on Ars Technica.

[ad_2]

Dan Goodin, Ars Technica

Source link

October 5, 2024
Everything You Can Do to Keep an Old Computer Running

[ad_1]

While Windows gives you the choice of keeping your personal files when you reset the OS, for the best results (on both macOS and Windows) you need a complete wipe. You’re going to need to take all your files and applications off the disk, then put them back on afterwards. With this in mind, make sure they’re somewhere safe while you’re doing the reset: The OneDrive and iCloud services built into Microsoft and macOS can be used for this, but you can choose whichever backup method you prefer.

On Windows, head to Settings from the Start menu, then choose Windows Update, Advanced Options, Recovery, and Reset this PC.

On macOS, open the Apple menu, then pick System Settings, General, Transfer or Reset, and Erase All Content and Settings.

Install Linux

ChromeOS Flex can give an old computer a new lease of life.

Courtesy of Google

Maybe you can move away from Windows and macOS entirely: Linux, for the uninitiated, is a free and open source desktop operating system that comes in a wide variety of flavors known as distros. While Linux lacks some of the polish and power of the platforms developed by Microsoft and Apple, it’s lightweight and straightforward to use.

In other words, certain Linux distros will run just fine on older computers that are making Windows and macOS slow to a crawl—and you’ve got a whole host of these distros to choose from. You’ll find plenty of lists and comparisons online, but the likes of Ubuntu, Linux Mint, and Zorin are all great for getting started.

Alternatively, turn your Windows or macOS computer into a Chromebook with ChromeOS Flex from Google (which is actually based on Linux too). It’s simple to download and install, and while you’ll only be able to use a browser and web apps on your newly refreshed device, nowadays that’s all that a lot of people actually need.

Repurpose Your Computer

Plex can serve up media content to all of your devices.

Courtesy of Plex

Your computer can still be useful—and be saved from the recycling center—even if it isn’t actually a computer anymore. You can repurpose a desktop or laptop to take on a different role that isn’t quite so demanding, so it’s able to enjoy something like a well-earned retirement.

One option is to use your computer as a server, which means it simply stores media files and serves them up to the other devices on your home network. The Plex software suite is just about the best option available for this—all of its core features are free to use, and it’s easy to configure. After setting up your computer as a Plex server, you can install the free Plex app on your phone, tablet, Roku, or Apple TV and stream your music and movies around your house.

You can also use an old computer as a security camera, if it has a webcam attached. iSpy is the program you need for this, and it’ll let you record footage to the old computer’s hard drive as well as log in to the feed from wherever you are.

Depending on where your computer is and what it’s connected to, it can also work as a basic media player. It doesn’t take much processing power to stream Netflix or Disney+, and perhaps you could use an HDMI cable to hook it up to an older television that doesn’t have smart apps already installed.

[ad_2]

David Nield

Source link

May 25, 2024
The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind

[ad_1]

Ultimately, Scott argues that those three years of code changes and polite emails were likely not spent sabotaging multiple software projects, but rather building up a history of credibility in preparation for the sabotage of XZ Utils specifically—and potentially other projects in the future. “He just never got to that step because we got lucky and found his stuff,” says Scott. “So that’s burned now, and he’s gonna have to go back to square one.”

Technical Ticks and Time Zones

Despite Jia Tan’s persona as a single individual, their yearslong preparation is a hallmark of a well-organized state-sponsored hacker group, argues Raiu, the former Kaspersky lead researcher. So too are the technical hallmarks of the XZ Utils malicious code that Jia Tan added. Raiu notes that, at a glance, the code truly looks like a compression tool. “It’s written in a very subversive manner,” he says. It’s also a “passive” backdoor, Raiu says, so it wouldn’t reach out to a command-and-control server that might help identify the backdoor’s operator. Instead, it waits for the operator to connect to the target machine via SSH and authenticate with a private key—one generated with a particularly strong cryptographic function known as ED448.

The backdoor’s careful design could be the work of US hackers, Raiu notes, but he suggests that’s unlikely, since the US wouldn’t typically sabotage open source projects—and if it did, the National Security Agency would probably use a quantum-resistant cryptographic function, which ED448 is not. That leaves non-US groups with a history of supply chain attacks, Raiu suggests, like China’s APT41, North Korea’s Lazarus Group, and Russia’s APT29.

At a glance, Jia Tan certainly looks East Asian—or is meant to. The time zone of Jia Tan’s commits are UTC+8: That’s China’s time zone, and only an hour off from North Korea’s. However, an analysis by two researchers, Rhea Karty and Simon Henniger, suggests that Jia Tan may have simply changed the time zone of their computer to UTC+8 before every commit. In fact, several commits were made with a computer set to an Eastern European or Middle Eastern time zone instead, perhaps when Jia Tan forgot to make the change.

“Another indication that they are not from China is the fact that they worked on notable Chinese holidays,” say Karty and Henniger, students at Dartmouth College and the Technical University of Munich, respectively. They note that Jia Tan also didn’t submit new code on Christmas or New Year’s. Boehs, the developer, adds that much of the work starts at 9 am and ends at 5 pm for Eastern European or Middle Eastern time zones. “The time range of commits suggests this was not some project that they did outside of work,” Boehs says.

Though that leaves countries like Iran and Israel as possibilities, the majority of clues lead back to Russia, and specifically Russia’s APT29 hacking group, argues Dave Aitel, a former NSA hacker and founder of the cybersecurity firm Immunity. Aitel points out that APT29—widely believed to work for Russia’s foreign intelligence agency, known as the SVR—has a reputation for technical care of a kind that few other hacker groups show. APT29 also carried out the Solar Winds compromise, perhaps the most deftly coordinated and effective software supply chain attack in history. That operation matches the style of the XZ Utils backdoor far more than the cruder supply chain attacks of APT41 or Lazarus, by comparison.

“It could very well be someone else,” says Aitel. “But I mean, if you’re looking for the most sophisticated supply chain attacks on the planet, that’s going to be our dear friends at the SVR.”

Security researchers agree, at least, that it’s unlikely that Jia Tan is a real person, or even one person working alone. Instead, it seems clear that the persona was the online embodiment of a new tactic from a new, well-organized organization—a tactic that nearly worked. That means we should expect to see Jia Tan return by other names: seemingly polite and enthusiastic contributors to open source projects, hiding a government’s secret intentions in their code commits.

Updated 4/3/2024 at 12:30 pm ET to note the possibility of Israeli or Iranian involvement.

[ad_2]

Andy Greenberg, Matt Burgess

Source link

April 3, 2024
The XZ Backdoor: Everything You Need to Know

[ad_1]

On Friday, a lone Microsoft developer rocked the world when he revealed a backdoor had been intentionally planted in XZ Utils, an open source data compression utility available on almost all installations of Linux and other Unix-like operating systems. The person or people behind this project likely spent years on it. They were likely very close to seeing the backdoor update merged into Debian and Red Hat, the two biggest distributions of Linux, when an eagle-eyed software developer spotted something fishy.

“This might be the best-executed supply chain attack we’ve seen described in the open, and it’s a nightmare scenario: malicious, competent, authorized upstream in a widely used library,” software and cryptography engineer Filippo Valsorda said of the effort, which came frightfully close to succeeding.

Researchers have spent the weekend gathering clues. Here’s what we know so far.

What Is XZ Utils?

XZ Utils is nearly ubiquitous in Linux. It provides lossless data compression on virtually all Unix-like operating systems, including Linux. XZ Utils provides critical functions for compressing and decompressing data during all kinds of operations. XZ Utils also supports the legacy .lzma format, making this component even more crucial.

What Happened?

Andres Freund, a developer and engineer working on Microsoft’s PostgreSQL offerings, was recently troubleshooting performance problems a Debian system was experiencing with SSH, the most widely used protocol for remotely logging in to devices over the Internet. Specifically, SSH logins were consuming too many CPU cycles and were generating errors with valgrind, a utility for monitoring computer memory.

Through sheer luck and Freund’s careful eye, he eventually discovered the problems were the result of updates that had been made to XZ Utils. On Friday, Freund took to the Open Source Security List to disclose the updates were the result of someone intentionally planting a backdoor in the compression software.

What Does the Backdoor Do?

Malicious code added to XZ Utils versions 5.6.0 and 5.6.1 modified the way the software functions when performing operations related to .lzma compression or decompression. When these functions involved SSH, they allowed for malicious code to be executed with root privileges. This code allowed someone in possession of a predetermined encryption key to log in to the backdoored system over SSH. From then on, that person would have the same level of control as any authorized administrator.

How Did This Backdoor Come to Be?

It would appear that this backdoor was years in the making. In 2021, someone with the username JiaT75 made their first known commit to an open source project. In retrospect, the change to the libarchive project is suspicious, because it replaced the safe_fprint funcion with a variant that has long been recognized as less secure. No one noticed at the time.

The following year, JiaT75 submitted a patch over the XZ Utils mailing list, and, almost immediately, a never-before-seen participant named Jigar Kumar joined the discussion and argued that Lasse Collin, the longtime maintainer of XZ Utils, hadn’t been updating the software often or fast enough. Kumar, with the support of Dennis Ens and several other people who had never had a presence on the list, pressured Collin to bring on an additional developer to maintain the project.

In January 2023, JiaT75 made their first commit to XZ Utils. In the months following, JiaT75, who used the name Jia Tan, became increasingly involved in XZ Utils affairs. For instance, Tan replaced Collins’ contact information with their own on oss-fuzz, a project that scans open source software for vulnerabilities that can be exploited. Tan also requested that oss-fuzz disable the ifunc function during testing, a change that prevented it from detecting the malicious changes Tan would soon make to XZ Utils.

In February of this year, Tan issued commits for versions 5.6.0 and 5.6.1 of XZ Utils. The updates implemented the backdoor. In the following weeks, Tan or others appealed to developers of Ubuntu, Red Hat, and Debian to merge the updates into their OSes. Eventually, one of the two updates made its way into several releases, according to security firm Tenable. There’s more about Tan and the timeline here.

Can You Say More About What This Backdoor Does?

In a nutshell, it allows someone with the right private key to hijack sshd, the executable file responsible for making SSH connections, and from there to execute malicious commands. The backdoor is implemented through a five-stage loader that uses a series of simple but clever techniques to hide itself. It also provides the means for new payloads to be delivered without major changes being required.

Multiple people who have reverse-engineered the updates have much more to say about the backdoor. Developer Sam James provided an overview here.

[ad_2]

Dan Goodin, Ars Technica

Source link

April 2, 2024
PSA: You Shouldn’t Cook Your Steam Deck
[ad_1]
Photo: MisterColeman / Reddit
Slow news day? You betcha. But look, it’s Thanksgiving, and there’s a good chance people are cooking and eating just about anything they can find right now. Please, if we can save just one person from trying to cook their Steam Deck, then it will have been worth it.

The Top 10 Most-Played Games On Steam Deck: June 2023 Edition

As reported by Dexerto, one Redditor discovered that leaving Valve’s fantastic handheld PC on a hot stovetop has the unexpected result of making it get hot. Still with me? And being made of plastic, hot isn’t its favorite thing to be.

There’s something about that picture that gloriously tells the entire story. But if extra details were needed, MisterColeman wrote on the r/SteamDeck subreddit, “Don’t let your steam deck come into contact with a stove top.”

Looking closely, it doesn’t look like the insides have received too much of a baking, with the real damage—obviously aside from the case—being to those two rear-right bumpers. Although who knows which tiny wires (I no teknollegee) might have melted in the process.

Even better is that MisterColeman, unabashed, went to Steam Deck Support to ask if they could help. In an update he wrote, “Steam Deck Support said no help from them and that repair would cost more then buying a new Steam Deck. I think it’s just a new battery and backplate. Maybe not even a new battery. We’ll see.”

Come on Valve! What are you thinking, not recognising this as a design fault? How can this possibly invalidate the warrantee? While I’m sure there’s some small print about not overheating the device somewhere, I bet it doesn’t specifically say, “Do not broil.”

For the avoidance of doubt, here are some other things you shouldn’t do with your Steam Deck:

You shouldn’t steam your Steam Deck, no matter how much it might seem like it wants that.

You shouldn’t use your Steam Deck as decking, even though it seems heavily implied.

You shouldn’t compare your Steam Deck to a Nintendo Switch.
[ad_2]

John Walker

Source link
November 23, 2023
Tux Paint 0.9.27 Released for Windows, macOS, Android, and Linux

[ad_1]

Press Release
–

Nov 28, 2021

OLYMPIA, Wash., November 28, 2021 (Newswire.com)
–
The Tux Paint development team is proud to announce version 0.9.27 of Tux Paint, which adds many new features to the popular children’s drawing program.

Six new Magic tools have been added to Tux Paint. “Panels” shrinks and duplicates the drawing into a 2-by-2 grid, which is useful for making four-panel comics. “Opposite” produces complementary colors. “Lightning” interactively draws a lightning bolt. “Reflection” creates a lake-like reflection on the drawing. “Stretch” stretches and squashes the picture like a fun-house mirror. Lastly, “Smooth Rainbow” provides a more gradual variation of Tux Paint’s classic “Rainbow” tool.

A number of existing Magic tools have been updated, as well. Improvements were made to “Halftone,” which simulates photographs on newsprint; “Cartoon,” which makes an image look like a cartoon drawing; and “TV,” which simulates a television screen. Additionally, “Cartoon” and “Halftone,” along with “Blocks,” “Chalk,” and “Emboss,” now offer the ability to alter the entire image at once. Finally, Magic tools are now grouped into collections of similar effects — painting, distorts, color filters, picture warps, pattern painting, artistic, and picture decorations — making it easier to find the tool you need.

Tux Paint’s Paint and Line tools now support brushes that rotate based on the angle of the stroke. This new rotation feature, as well as the older directional and animated brush features, are now visually indicated by the brush shape selector. Additionally, the Fill tool now offers a freehand painting mode for interactively coloring within a confined area.

Tux Paint Config., the separate program that ships with Tux Paint to provide a user-friendly method of altering the program’s settings, has been updated to better support larger, high-resolution displays. Also, this version introduces support for the Recycle Bin on Windows — images deleted from Tux Paint’s “Open” dialog will now be placed in the Recycle Bin rather than deleted immediately.

The Tux Paint website now hosts a new gallery showcasing fantastic artwork created by Tux Paint artists of all ages. The gallery features over 200 drawings by artists from all around the world.

Tux Paint is available for download, free of charge, from the project’s website: http://www.tuxpaint.org. Version 0.9.27 is currently available for Microsoft Windows, Apple macOS, Android, Red Hat Linux, various other Linux distributions (via Flatpak), and as source code. Tux Paint is open source software and does not contain in-app advertising.

Source: Tux Paint

[ad_2]

Source link

November 28, 2021