nyan
Because distros from the Debian family are more popular, any random help article aimed at beginners is likely to assume one of those distros. (If you know how to map from apt
to rpm
, you’re probably not a beginner.) Plus, I don’t trust Red Hat, who have a strong influence on Fedora.
(Note that I don’t generally recommend my own distro—Gentoo—to newcomers either, unless they have specific needs best served by it.)
We’re talking about a kernel whose user-visible error messages have historically included things like “lp0 on fire” . . .
Not all distros need to appeal to the mainstream. Diversity is a good thing in and of itself. In biology, it makes ecologies more robust, and there’s no reason it shouldn’t do the same for a software ecology.
The day when there’s no longer a place in Linux for Slackware, Gentoo, LFS, Alpine, and other independent non-mainstream distros is the day I move to BSD.
Yup, called it: non-mandatory piece of software. Plus you have to have been dumb enough to deliberately forward the port at your router for the general-case attack, and you have to print something (which I do maybe twice a month) for any command injection to take place.
This does need to be patched, since there is some risk if you have CUPS running and another device on your LAN has already been compromised, but it’s definitely not the earthshattering kaboom the discoverer misrepresented it as.
Yet another, “well, yeah, technically it has security ramifications, but I’m not admin’ing any multiuser machines, so I’m not losing any sleep over it” bug.
“WM8650” seems to indicate a VIA WonderMedia WM8650 armv5te chipset, used by a lot of anemic Android laptops circa 2011 (sold under various brandnames, but apparently all made in the same factory). People have installed Linux on them in the past (there seems to have been a fad for Arch on these for a while, given the search results), but you might have trouble getting a device tree that will work with a modern kernel.
Honestly, though, it has less processor than a Raspberry Pi 3. Unless you’ve already thought of a specific use for this, I’d dump it back in the junk drawer.
The Gentoo news post is not about having /bin and /usr/bin as separate directories, which continues to work well to this day (I should know, since that’s the setup I have). That configuration is still supported.
The cited post is about having /bin and /usr on separate partitions without using an iniramfs, which is no longer guaranteed to work and had already been awfully iffy for a while before January. Basically, Gentoo is no longer jumping through hoops to make sure that certain files land outside /usr, because it was an awful lot of work to support a very rare configuration.
There’s an old joke from a couple of decades ago about what operating systems would be like if they were airlines:
Linux Airlines
Disgruntled employees of all the other OS airlines decide to start their own airline. They build the planes, ticket counters, and pave the runways themselves. They charge a small fee to cover the cost of printing the ticket, but you can also download and print the ticket yourself. When you board the plane, you are given a seat, four bolts, a wrench and a copy of the seat-HOWTO.html. Once settled, the fully adjustable seat is very comfortable, the plane leaves and arrives on time without a single problem, the in-flight meal is wonderful. You try to tell customers of the other airlines about the great trip, but all they can say is, “You had to do what with the seat?”
Gentoo is still very much a “You had to do what with the seat?” distro, while most others have retired that concept to varying degrees, at the cost of the seats being less easy to perform unusual adjustments on.
I consider bootloader attacks a very low-probability threat, and quite honestly I don’t trust the average board vendor to produce anything that’s actually secure anyway. If I were in the habit of carrying a laptop back and forth across international borders I might feel differently, but for a desktop stuck in a room in Canada that hardly anyone enters when I’m not present, Secure Boot is a major hassle in return for a small security gain. So I just don’t bother.
One detail about Rust in the kernel that often gets overlooked: the Linux kernel supports arches to which Rust has never been ported. Most of these are marginal (hppa, alpha, m68k—itanium was also on this list), but there are people out there who still use them and may be concerned about their future. As long as Rust remains in device drivers only this isn’t a major issue, but if it penetrates further into the kernel, these arches will have to be desupported.
(Gentoo has a special profile “feature” called “wd40” for these arches, which is how I was aware of their lack of Rust support. It’s interesting to look at the number and types of packages it masks. Lotta python there, and it looks like gnome is effectively a no-go.)