Feed aggregator

Don't install another Linux distro until you've tried an immutable one  XDA

A software engineer tried steering his robot vacuum with a videogame controller, reports Popular Science — but ended up with "a sneak peak into thousands of people's homes." While building his own remote-control app, Sammy Azdoufal reportedly used an AI coding assistant to help reverse-engineer how the robot communicated with DJI's remote cloud servers. But he soon discovered that the same credentials that allowed him to see and control his own device also provided access to live camera feeds, microphone audio, maps, and status data from nearly 7,000 other vacuums across 24 countries. The backend security bug effectively exposed an army of internet-connected robots that, in the wrong hands, could have turned into surveillance tools, all without their owners ever knowing. Luckily, Azdoufal chose not to exploit that. Instead, he shared his findings with The Verge, which quickly contacted DJI to report the flaw... He also claims he could compile 2D floor plans of the homes the robots were operating in. A quick look at the robots' IP addresses also revealed their approximate locations. DJI told Popular Science the issue was addressed "through two updates, with an initial patch deployed on February 8 and a follow-up update completed on February 10."

Read more of this story at Slashdot.

I install these 7 CLI tools on every Linux system  How-To Geek

Lockheed Martin's F-35 combat aircraft is a supersonic stealth "strike fighter." But this week the military news site TWZ reports that the fighter's "computer brain," including "its cloud-based components, could be cracked to accept third-party software updates, just like 'jailbreaking' a cellphone, according to the Dutch State Secretary for Defense." TWZ notes that the Dutch defense secretary made the remarks during an episode of BNR Nieuwsradio's "Boekestijn en de Wijk" podcast, according to a machine translation: Gijs Tuinman, who has been State Secretary for Defense in the Netherlands since 2024, does not appear to have offered any further details about what the jailbreaking process might entail. What, if any, cyber vulnerabilities this might indicate is also unclear. It is possible that he may have been speaking more notionally or figuratively about action that could be taken in the future, if necessary... The ALIS/ODIN network is designed to handle much more than just software updates and logistical data. It is also the port used to upload mission data packages containing highly sensitive planning information, including details about enemy air defenses and other intelligence, onto F-35s before missions and to download intelligence and other data after a sortie. To date, Israel is the only country known to have successfully negotiated a deal giving it the right to install domestically-developed software onto its F-35Is, as well as otherwise operate its jets outside of the ALIS/ODIN network. The comments "underscore larger issues surrounding the F-35 program, especially for foreign operators," the article points out. But at the same time F-35's have a sophisticated mission-planning data package. "So while jailbreaking F-35's onboard computers, as well as other aspects of the ALIS/ODIN network, may technically be feasible, there are immediate questions about the ability to independently recreate the critical mission planning and other support it provides. This is also just one aspect of what is necessary to keep the jets flying, let alone operationally relevant." "TWZ previously explored many of these same issues in detail last year, amid a flurry of reports about the possibility that F-35s have some type of discreet 'kill switch' built in that U.S. authorities could use to remotely disable the jets. Rumors of this capability are not new and remain completely unsubstantiated." At that time, we stressed that a 'kill switch' would not even be necessary to hobble F-35s in foreign service. At present, the jets are heavily dependent on U.S.-centric maintenance and logistics chains that are subject to American export controls and agreements with manufacturer Lockheed Martin. Just reliably sourcing spare parts has been a huge challenge for the U.S. military itself... F-35s would be quickly grounded without this sustainment support. [A cutoff in spare parts and support"would leave jailbroken jets quickly bricked on the ground," the article notes later.] Altogether, any kind of jailbreaking of the F-35's systems would come with a serious risk of legal action by Lockheed Martin and additional friction with the U.S. government. Thanks to long-time Slashdot reader Koreantoast for sharing the article.

Read more of this story at Slashdot.

4 Debian-based Linux distros that are better than Debian  How-To Geek

Why Linux is the best place to learn coding  How-To Geek

The "Windows vs. Linux" debate is a waste of time: Here’s a better approach  How-To Geek

Looking for the best Linux window manager? Here’s how I rank them  How-To Geek

After years of using GNOME, this is the desktop I switched to instead  MakeUseOf

Forget Linux Mint. These distros are the only way to switch  How-To Geek

AMD Zen 6 Performance Events & Metrics Merged For Linux 7.0  Phoronix

Linux 7.0 Further Prepares For Intel Diamond Rapids With NTB Driver Support  Phoronix

Microsoft Hyper-V Lands Some Useful Improvements In Linux 7.0  Phoronix

Linux 7.0 merges AMDGPU update for decade old Radeon GPUs  VideoCardz.com

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. The Emmabuntüs project has published an update for its DE5 branch. The new version improves volume handling, makes it easier to install WINE, and offers updated Italian language support. "The Emmabuntüs Collective is pleased to announce the release of Emmabuntüs Debian Edition 5 version 1.05, available in 32-bit....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. DietPi is a Debian-based Linux distribution, primarily developed for single-board computers such as Raspberry Pi, Orange Pi or Odroid. It also supplies builds for 64-bit x86 personal computers and virtual machines. The project's latest release, version 10.0, introduces some important changes and drops support for some old single-board....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. This week in DistroWatch Weekly:
Review: Setting up a home server
News: Malicious software finds a new way into the Snap store, postmarketOS automates more hardware tests, KDE's new login manager works with systemd only
Questions and answers: Why convergence has not become popular
Released last week: ELEGANCE 26.0.1, MX Linux....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. The CachyOS team has announced the release of an updated ISO image of CachyOS, a Arch-based Linux distribution with the latest KDE Plasma as the chosen desktop on the live image. The new version 260114 comes with a reworked system installer, new Plasma login manager, and Wayland as....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. Phil C has announced the release of Skywave Linux 5.10.0, a specialist live Linux distribution configured for connecting to internet-accessible software defined radio (SDR) receivers. It is based on Debian's "Unstable" branch and uses the dwm window manager. "Skywave Linux has been upgraded to version 5.10, bringing some....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. The Liya Linux distribution is an Arch-based project which runs the Cinnamon desktop and features the Pamac package manager. The project has published a new snapshot which introduces integrated AI chat and improved support for connecting with Windows file shares. "I am pleased to announce the release of....