Linux

AnberDeck: Popular Anbernic retro gaming handheld transformed into Linux terminal with DIY project  Notebookcheck.net

Linux 6.9-rc5 Released: The Diffstat "Looks A Bit Wonky" But Not Bad  Phoronix

How one Microsoft staffer saved humanity  Ynetnews

AMD Posts RDNA3+ Firmware Files For Linux Users  Phoronix

Acer Aspire One ARM Laptop To Have "Almost Full" Support With Linux 6.10  Phoronix

Linux 6.9-rc5 Picking Up Fixes For Intel FRED, BHI & GFNI/VAES Checks  Phoronix

SiliconANGLE reports that to help organizations detect vulnerabilities earlier, Red Hat has "announced updates to its Trusted Software Supply Chain that enable organizations to shift security 'left' in the software supply chain." Red Hat announced Trusted Software Supply Chain in May 2023, pitching it as a way to address the rising threat of software supply chain attacks. The service secures software pipelines by verifying software origins, automating security processes and providing a secure catalog of verified open-source software packages. [Thursday's updates] are aimed at advancing the ability for customers to embed security into the software development life cycle, thereby increasing software integrity earlier in the supply chain while also adhering to industry regulations and compliance standards. They start with a new tool called Red Hat Trust Artifact Signer. Based on the open-source Sigstore project [founded at Red Hat and now part of the Open Source Security Foundation], Trust Artifact Signer allows developers to sign and verify software artifacts cryptographically without managing centralized keys, to enhance trust in the software supply chain. The second new release, Red Hat Trusted Profile Analyzer, provides a central source for security documentation such as Software Bill of Materials and Vulnerability Exploitability Exchange. The tool simplifies vulnerability management by enabling proactive identification and minimization of security threats. The final new release, Red Hat Trusted Application Pipeline, combines the capabilities of the Trusted Profile Analyzer and Trusted Artifact Signer with Red Hat's internal developer platform to provide integrated security-focused development templates. The feature aims to standardize and accelerate the adoption of secure development practices within organizations. Specifically, Red Hat's announcement says organizations can use their new Trust Application Pipeline feature "to verify pipeline compliance and provide traceability and auditability in the CI/CD process with an automated chain of trust that validates artifact signatures, and offers provenance and attestations."

Read more of this story at Slashdot.

Forget Ubuntu 24.04 LTS, what you really want to download this month is Fedora Silverblue 40  Neowin

Install OpenProject with Linux and Docker  The New Stack

Lightweight LXQt 2.0.0 updates to same toolkit as KDE Plasma 6  The Register

Linux BHI Mitigation Being Tweaked Following 12% Database Performance Hit  Phoronix

Switcheroo: Convert Your Images With This Open-Source App for Linux!  It's FOSS News

Michael Larabel reports via Phoronix: While Fedora 41 in late 2024 is aiming to have more reproducible package builds, openSUSE Factory has already achieved a significant milestone in bit-by-bit reproducible builds. Since last month openSUSE Factory has been producing bit-by-bit reproducible builds sans the likes of embedded signatures. OpenSUSE Tumbleweed packages for that rolling-release distribution are being verified for bit-by-bit reproducible builds. SUSE/openSUSE is still verifying all packages are yielding reproducible builds but so far it's looking like 95% or more of packages are working out. You can learn more via the openSUSE blog.

Read more of this story at Slashdot.

BrianFagioli shares a report from BetaNews: Mozilla has announced Firefox Nightly for ARM64. This release will cater to the growing demand for support on ARM64 platforms, commonly referred to as AArch64. Feedback from the community has led Mozilla to expand the availability of Firefox Nightly. Users can now access the browser as both .tar archives and .deb packages, depending on their preference and requirements for installation. For those who favor traditional methods, the .tar.bz2 binaries are accessible through Mozilla's downloads page by selecting the option for Firefox Nightly for Linux ARM64/AArch64. Meanwhile, users looking to utilize updates and installation through Mozilla's APT repository can follow specific instructions to install the firefox-nightly package.

Read more of this story at Slashdot.

Linux Mint vs LMDE: Which Should You Choose?  WebProNews

Mozilla Seeks Feedback for Firefox Nightly ARM64 (AArch64) Binaries on Linux  9to5Linux

Mozilla Seeks Feedback for Firefox Nightly ARM64 (AArch64) Binaries on Linux  9to5Linux

Mozilla Seeks Feedback for Firefox Nightly ARM64 (AArch64) Binaries on Linux  9to5Linux

Mozilla Seeks Feedback for Firefox Nightly ARM64 (AArch64) Binaries on Linux  9to5Linux

Mozilla Seeks Feedback for Firefox Nightly ARM64 (AArch64) Binaries on Linux  9to5Linux