To try everything Brilliant has to offer for free for a full 30 days, visit brilliant.org/thelinuxEXP/ . You'll also get 20% off an annual premium subscription.
13:00 - The Winamp situation is hilarious. The maintainer released Proprietary code, Dolby Code Lol, they had no right to release, among code from several other projects they had no right to release. They packaged git with a git repro. They packaged 2 versions of 7zip, one portable, and one in exe format as build tools, etc. The person " " Open Sourcing " " Winamp was a complete moron and in reality it's not open sourcing anything. It's just some moron who has no idea what he is doing and it's hilarious.
Nick, a video idea for you... Maybe we could have a live chat with you and the folks at Tuxedo so we can ask questions about their laptops? I'd love to buy one and use it but I'm not a Linux pro and still run into issues that I can't figure out. What kind of customer support (paid or not) do they offer to help you get things working like printing/scanning etc. or other issues someone might run into.
Valve has become the new Red Hat imo. What IBM did after buying Red Hat basically made it into a joke of a company, but Valve has been really cool. Windows 8 was the catalyst for Valve working on Linux support for Steam in the first place. Thank you Microsoft for screwing over Valve and helping Linux support pick up!
@Trident_Euclid Yes. It has been extremely smooth since I started using it in 2021, moving to it full-time later that year because of the horror that is Windows 11. Apart from the 2022 GRUB issue, which to be fair, EndeavourOS posted fixes for pretty damn quickly.
Linux being the only way to run games on arm would be pretty insane Windows gamers cannot complain anymore about linux having less support then windows lol
@@BigTyltthats wrong. desktop pc's will use arm chips in the future. the arm architecture scales performance wise better than 64bit architecures. its just a question of time. i think it also allready happened, but the software isn't there yet? i'm not sure about that. there is a reason why apple switched to the arm architecure with their own chip design.
Regarding the `cups` RCE: The arbitrary command is not executed as the current user, as stated in your comments. It is executed as the `lp` user, a generally useful thing that the Linux permission system strongly encourages. The `lp` user is one generated for you during the installation of `cups` and should have even more limited permissions than the current interactive user, considering it should have no shell (login shell is usually something like `/usr/bin/nobody`) and will not be the owner or group of anything on the system. RCE is very bad, but at least this one executes under an early version of permissions sandboxing. What it can have read access to, however, is vast. So much of your user data is `r-x`.
The RCE also shows the issues with grading agencies. It's a pretty bad vulnerability, but you need to print something with the created printer. 9.9 for that when the windows ipv6 got 9.8? Come on now
Winamp already removed the section about denying forks before you released this video, but this is the least of their problems as they left copyrighted code in the repo and are frantically trying to remove it, in the open so its still accessible.
They left copyrighted code that they don't have a license to distribute, or is GPL. But it's even worse - they left music files that they don't have a license to distribute, and playlist files that link to unlicensed music files hosted on the nullsoft website.
Isn't the CUPS vulnerability also an issue for Mac systems? I believe CUPS was "borrowed" as the core print server for OSX 10 versions, and possibly continued on to later 11-13 OS versions.
That ""9.9"" vulnerability is only relevant for computers with the port 631 exposed, so IPv6 devices or computers connected without a NAT or if the port 631 is forwarded for some reason, so it probably doesn't affect most desktop users. It also doesn't affect pretty much any DIY distro (Arch, Void, ...) since the CUPS daemon is just not installed by default. I dunno why every video talking about this vulnerability fails to mention this.
Maybe not a huge concern for Linux users on a home LAN, but could be a big concern for people who connect to public or semi-public networks such as at a university, a library, coffee shop, etc. CUPS is installed by default on lots of distros. I run Linux Mint, and it automatically detected and configured my network printer as soon as I connected it to my network, and even popped up a notification. This would be extremely easy to exploit in some cases, for example at a library or university. Just impersonate an existing printer, and wait for people to print to it to execute the command you implanted.
It's also not a issue on public facing servers as they don't have cups-browsed running which is what this vulnerability uses. The 9.9 rating is highly inflated, it was lowered afterwards
I use WinAmp 5.6. It's fast, small, simple, and easy to use. I use the MAD plug-in, which I doubt most people have even heard of. MAD automatically reduces MP3 output if the recording level is too high. I also listen to hour long podcasts. WinAmp only uses 12 MB RAM in Windows. Don't even ask me which Windows I use. ;^)
To mitigate the CUPS vulnerability run "sudo systemctl status cups-browsed" and if you see "Active: inactive (dead)" you're safe, otherwise run "sudo systemctl stop cups-browsed && sudo systemctl disable cups-browsed"
The Winamp situation is worse. The license is contradictory in at least two places, making me suspect that it's generated by ChatGPT without human interference/review afterwards at all.
@@guss77 Someone in GitHub issues suspected AI as well, not just me. You don't need to be a lawyer to spot the contradictions. 1. it says "free" and "copyleft" (or at least the first version did), while saying basically "all your copyright belong to us". 2. it says basically "all your copyright belong to us", while also saying something like "you grant us a license to use your work". The latter expression is used when the author (contributor) *retains the copyright*, while the company only receives permission to use the work, and not the copyright. If the company gets the copyright, the work no longer belongs to the author, and the author would not be able to grant any permission to anybody. In addition, a friend of mine pointed out that the repo contains third-party code that Winamp devs should have no say on how to license them.
I love Arch, but ever since they switched from their old bug tracker to gitlab, then disabled registration, the bug tracker has been absolutely useless. Nobody files bugs, nobody can file bugs, nothing ever gets fixed in the core repos, it's better to discuss issues with core packages in the aur's git version comments.
seems like they want to keep their OS Arch-based for the foreseeable future, then
9 часов назад
9:25 Is there a source that this is Valve and not just a developer that happens to work on Valve? So far this approach of adding yet another protocol extension repository has been critizied by other Wayland developers. From my point of view this nothing new the only danger to this that this is to compete with Freedesktop where as other do not compete with Freedesktop but simply have their own private extensions.
we've been getting linux native ports from some companies for the past 10 years, so hopefully nobody feels like it's an enormous risk to try steamOS before windows at this point
I don't mind the simpler setup. I usually don't focus to much on you or the background. I mostly listen and then look at the screen when you talk about something that I'm intrested to look at lika new app or something. So keep it simple 😀
An interesting bit is that in the datamining from SteamDB about the android proton version, there are several frog banners and resources. Maybe those wayland protocols are needed for the android proton emulation?
it might be convenient if you need an android app on the deck for whatever reason, but are there any worthwhile phone games that would impress someone who plays on pc?
The gacha crowd would gulp it all up. There are some worthwhile titles that you can't really play on PC unless you use an emulator. Regardless of how you look at gacha overall, games like FGO, Blue Archive etc. are pretty big titles a lot of players use emulators to play on PC. I do play FGO myself, and run waydroid to play it when there is new story to play through (I mainly play for story).
Looks like the latest Windows Updates are botched again from Bluetooth issues up to lag and BSODs and for whatever reason broken system time everything.....
I haven't had the need for a printer in years. Between documents being shared digitally at work, resumes being emailed or uploaded, signatures being accepted digitally... the need for printers nowadays seems about as necessary as a fax machine. At least in MY case. So while cups may be on my system, I haven't used or started it in years.
I (unfortunately) use an HP printer at home. Fortunately, my printer just works with only CUPS driverless protocols; it doesn't need HP's drivers. (I say unfortunately because HP's anti-consumer ink crap.)
@@dansanger5340 I hear ya. Which is why I said in MY case. But yeah, in a world of eBay shipping, business shipping, printing labels is the norm. So I get your point.
Me waiting for merge request 216 action binder protocol for what? 6 years now... Action binder is global shortcuta BTW. Basoc functionality missing such as using a hotkey is missing...
winamp's "issues" section is concerning. not sure why anyone is talking about the important stuff there like "i have genital warts" or "winamp made covid". seriously, those bugs need to be fixed
The nice thing about Linux and especially quickly updated distros like Fedora is that I don't have to care about apmost all critical vulnerabilities when I hear about it. It's probably fixed before or shortly after it's in the news.
The technical preview I watched the other day indicated the following: the vulnerability can be as simple as sending a UDP packet containing your code. It gets rights equal to the kernel, so no need for authorization, and from that point you can do anything you want to the persons system. And, as typical in Linux, it took something like 1 week to document the vulnerability but over a month to make the Linux groups listen because "Linux is secure and has no flaws".
Aren't Apple products affected (and all Unix/BSD using cups)? CUPS is on iOS, Mac OS,.... I don't see a Linux bug here. Cups is used on most OS except MS Windows (and even then it am not sure, maybe in WSL) It is important to warn Linux users... But why not warn Apple, BSD, etc users?
I feel the same way about X11, seems the BSD folks not so much, even though FreeBSD already now has a wayland entry in their hanbook. I can't speak to NetBSD or OpenBSD though , especially OpenBSD has a soft fork called "Xenocara" , but yea I want X11 gone, even with my nvidia drivers and compositor for KDE , i still get screan tearing. X11 is indeed insecure, and I have no need to run a window over the network from another computer - the days of VAX and X11 sorcery is over. We have VNC for years and RDP , so the argument of X11's network capability is now moot, especially since it is technically insecure.
+1 for Arch I guess. I didn't even have CUPS installed. Also, Frog protocols is intended more for developers to quickly iterate rather than to provide bespoke implementations. It's intended to be a testing platform because no-one was using wayland staging for... well, staging.
No idea whether you ever got a kick-back on the deal, but I bought this current laptop from Tuxedo basically on the back of your recommendations, and it's wonderful.
5:20 It's interesting that this info comes as I'm currently searching for a way to play Roblox on Linux. Hopefully Proton will support the Android version!
Regarding frog-protocols, claiming misyl is a 'Valve dev' is not wrong per se, but it's a bit misleading: this initiative is coming from misyl herself with no involvement from Valve. Framing her as a Valve developer implies Valve had some involvement in it, which is not the case. Again, although it's not wrong, it feels like a disservice to her and the other people involved, and a misattribution of credit.
I don't understand the odd traction around the frog protocols of Valve. Kwin has it's own set of protocols it implement, Mutter has it's own set of protocols they implement, wlroots has its own wlr-protocols but when Valve does the exact same thing it's revolutionary?
After that CVE, I hurried to GRC/ShieldsUp to check my network for open ports (again). 😅 All good! Hopefully patches manifest soon (nothing for Garuda/Arch yet AFAICT) . 🤞🏻
Winamp is one of those names that have actually been dead for a good couple of decades now, but people still think of it because of nostalgia. And perhaps because people don't know that there is no one left of the team that made it a success in the first place. It has been an empty carcass being exploited by others for 20 years now. I don't know of anyone who used Winamp past the Nullsoft days... I personally have never used it past Winamp 3. After that, the software passed through a bunch of hands, and even dabbled with NFTs, so it's not really a surprise that they'd do a move like that, wanting to make the cake and eat it too. We're opening the code up so people can work for free for us. Yeah... if they are going to keep playing with a dead corpse like that, I'd rather forget it exists entirely.
Valve trying to make android games run in Proton would actually have a huge effect on Microsoft and Windows: say Valve manages to make it work, Windows games with Android versions and cross play features would incite their players to play on the Android versions through Proton; that would lead to Windows's market share to drop a few, and to retaliate Microsoft would have to provide a layer that simulates kernel level for kernel level anticheats and thus making Windows more invulnerable to stuff like crowdstrike.
The entire thing about the Valve proposal leading to fragmentation is ridiculous. Wayland already is fragmented, because not every compositor supports all the things others support. The reason for this is the exact thing the Valve person is seeking to fix. If you are worried your DE will not implement some thing in Wayland that is proposed by the Valve thing, switch DE's. Otherwise, you need to not count on compositors to implement all the features of Wayland. You can't have it both ways. Right now we simply sit without features while being told whose "fault" it is over and over by developers who don't want to take the blame. So I see good on Valve for taking the "blame" on themselves and attempting to do something to fix it, and screw everyone else who has something against that. You had something like 15 years to come up with an alternative.
with regards to the winamp source, i don't think we will ever see a port to Linux, but thats ok - maybe perhaps the devs of Audacious can look at the code for some , inspiration, and yea, the no forking thing is dumb, just like the dev of duckstation changing the source license to a non-gpl non open source friendly license , but one can already fork the last gpl release .
If valve wants faster wayland push, they should just name a set of protocols just like wlroots, use it, make devs expect it, set it as a solid platform, and then everyone will have do adopt it if is goos enough. I lost my faith on the wayland table.
Wayland dragging its feet is just how it is. They need to get their act together. The ball may be rolling, but it's doing it so slowly it's gathering moss.
