Ken Vermette has done a write-up on his experience with the new KDE desktop encompassing Frameworks 5.3 and Plasma 2.1. For starters, some patience is still needed for apps to be ported to KF5, and most of them will be KF4-based for now. Many of the widgets you may have used don’t exist yet either, but the good news is that the Plasma goodies which do make an appearance are universally improved. The new search widget is shockingly fast and the notifications tray has been reworked. Visual outlook of desktop has been simplified and things don’t feel so tightly packed together anymore. The system settings application has been completely regrouped more by goal than underlying mechanics. Unfortunately the desktop stability leaves a lot to desire: there was several crashes and Plasma had at one point managed to forget colour and wallpaper settings. However the developers seem to be knowing what they are doing, and there’s a real feeling that this software will reach rock-solid stability very quickly given the state of it as it stands.
As you may have heard, the NSA has had some success in cracking Secure Shell (SSH) connections. To respond to these risks, a guide written by Stribika tries to help you make your shell as robust as possible. The two main concepts are to make the crypto harder and make stealing keys impossible. So prepare a cup of coffee and read the tutorial carefully to see what could be improved in your configuration. Stribika gives also some extra security tips: don’t install what you don’t need (as any code line can introduce a bug), use the kind of open source code that has actually been reviewed, keep your software up to date, and use exploit mitigation technologies.
The Linux Foundation’s UEFI secure boot pre-bootloader is still in the works, and has been modified substantially so that it allows any Linux version to boot through UEFI secure boot. The reason for modifying the pre-bootloader was that the current version of the loader wouldn’t work with Gummiboot, which was designed to boot kernels using BootServices->LoadImage(). Further, the original pre-bootloader had been written using ‘PE/Coff link loading to defeat the secure boot checks.’ As it stands, anything run by the original pre-bootloader must also be link-loaded to defeat secure boot, and Gummiboot, which is not a link-loader, didn’t work in this scenario. This is the reason a re-write of the pre-bootloader was required and now it supports booting of all versions of Linux.
Also in UEFI news: Linus Torvalds announced today that the flaw which was bricking some Samsung laptops if booted into Linux has been dealt with.