Orange Pi has released new versions of its single board computers, the Orange Pi 5, Orange Pi 5B, and Orange Pi 5 Plus, with 32GB of RAM. These boards are powered by the Rockchip RK3588S or RK3588 octa-core Cortex-A76/A55 SoC. The addition of 32GB RAM is the only change made to the boards. Pre-orders are currently available on Amazon, with shipping scheduled to start by October 31.

Source: CNX Software – Embedded Systems News.

openSUSE has announced the availability of Leap Micro 5.5, the latest version of its modern lightweight host operating system. Leap Micro 5.5 is essentially a rebranded version of SLE Micro, so all the documents and release notes from SLE Micro 5.5 are applicable to Leap Micro as well.

It’s important to note that with the release of Leap Micro 5.5, Leap Micro 5.3 has reached its End of Life (EOL). Users of Leap Micro 5.3 are strongly advised to upgrade to either the Leap Micro 5.4 or 5.5 release to ensure access to the latest features, security enhancements, and ongoing support.

One of the standout features of Leap Micro 5.5 is its enhanced support for SELinux. Security-Enhanced Linux (SELinux) now includes podman-docker and hyper-v support for AArch64, providing users with a more robust and secure computing experience. Leap Micro 5.5 also includes podman 4.4, which introduces podman quadlets. Users can check out the Nextcloud deployment using quadlets to explore this feature. Additionally, Leap Micro ships with podman-docker, a podman wrapper that can be used together with docker-compose.

The container management interface Cockpit has also received notable improvements in version 298. Users can now use Cockpit to manage all of their home workloads, providing a more convenient management solution.

For users new to the immutable OS space, which consists of systems with read-only /root, there is a transactional update guide available to help navigate the update process. Additionally, users can use the Toolbox tool to install additional software without the need for a reboot, making it particularly useful for debugging scenarios where a reboot is not feasible.

Flux CD, a tool for keeping Kubernetes clusters in sync with sources of configuration like Git, has released version 2.1.2. This patch release comes with various fixes and improvements to provide users with the best experience.

One of the key fixes in this release is the faster recovery of resources such as Kustomization and HelmRelease when the source-controller has restarted and is working on restoring storage. Additionally, the source-controller now prevents failing to reconcile OCIRepositories when artifacts contain symlinks.

Another important fix addresses an issue with the helm-controller miss-labeling Custom Resource Definitions. Flux now also detects immutable field errors in Google Cloud resources managed by Kustomizations, improving the overall stability and reliability of the system.

The CLI has also seen some updates. The error reporting for flux bootstrap has been enhanced when the owner doesn’t match the identity associated with the given token. Furthermore, the flux pull artifact command now allows fetching OCI artifacts produced by other tools.

Here are the components and CLI changes in Flux CD v2.1.2:

Components Changelog

• source-controller v1.1.2
• kustomize-controller v1.1.1
• helm-controller v0.36.2

CLI Changelog

• PR #4324 - @somtochiama - bootstrap: Fix error msg when the Git token doesn’t match the repo owner
• PR #4323 - @stefanprodan - e2e: Update Go dependencies
• PR #4313 - @fluxcdbot - Update toolkit components
• PR #4296 - @Skarlso - fix: only wait for changeset if the result is not empty
• PR #4285 - @matheuscscp - Add badge for SLSA Level 3
• PR #4284 - @errordeveloper - Make flux pull work for OCI artifacts produced by other tools

Flux CD users are highly encouraged to upgrade to version 2.1.2 to benefit from these fixes and improvements.

MakerWorld’s open beta has been live for 20 days, and in that time, it has gained significant support from creators and users. The platform has acquired numerous models and has been actively addressing bugs, receiving feedback, and resolving complaints. To showcase the platform’s growth, a set of charts has been provided.

One challenge MakerWorld has faced is the misunderstanding regarding the robot named Bean Overlord. Many users have reported that Bean has been farming points by uploading an excessive number of profiles. However, Bean is actually part of Bambu Lab’s test farm, and the profiles it uploads are the result of extensive testing of new hardware, firmware, slicer settings, and filaments. To address this issue, MakerWorld plans to introduce a feature that allows profile uploaders to donate their incentives to the model creators. Additionally, future updates will require profile uploaders to include a photo of the actual printed result to ensure quality.

Complaints have also arisen regarding model sharing on MakerWorld. While the platform has implemented a Creative Commons License option and requires users to provide source and author information when sharing models, there have been violations of this policy. Some users have copied images and descriptions that are not under the CC umbrella, and some model creators are uncomfortable with their CC models being shared freely. As a result, MakerWorld has decided to temporarily disable the Share function and will seek input from the community to develop better moderation policies before reintroducing the feature.

In order to prevent exploitation of the platform’s rules, MakerWorld will be implementing a manual review process during the incentive redemption phase. Accounts that repeatedly violate the rules will face penalties, including the deduction of incentives and account deletion.

MakerWorld values feedback and opinions from its users and is committed to continuously improving the platform. The adjustments mentioned above have been made based on constructive feedback received through social media comments, platform reports, and emails. Users are encouraged to provide additional suggestions or concerns through the support system of MakerWorld.

Flexible resins are a group of materials with low shore hardness and various uses. However, they can be challenging to print, often made from dangerous chemicals, and require washing in toxic solvents. To address these issues, Prusa3D has developed their own flexible resin called Flex80. This resin is odorless, non-toxic, and suitable for hobby and professional use. It offers fast print speed, great detail, the ability to print large objects, and easy washing with IPA.

When compared to flexible filaments, flexible resins have different properties. They can have lower shore hardness, allowing for softer and smoother models. However, flexible resins may take longer to return to their original shape compared to filaments. They are also less resilient and may crack if bent too much.

Flex80 resin is a versatile material that is easy to print and offers high performance at a low price. It has flexible and energy-damping properties, low viscosity, and is washable in IPA. The resin is virtually odorless and has high safety standards for skin irritation. It has high resolution for printing fine structures and is reliable for printing larger objects with support. The resin is easy to post-process with the Original Prusa CW1S and offers overall high performance.

After 60 minutes of curing, Flex80 resin has a tensile modulus of 17 MPa, tensile strength of 9 MPa, tensile elongation of 60%, and shore hardness of 70-80A. It can be processed by all types of SLA 3D printers but is specifically developed for printers using the 405 nm wavelength.

Flex80 resin has low toxicity and is suitable for various applications. It can be used to print models and figures with high detail and durability. The resin is also great for printing clear translucent models with minimal discoloration. It can be used in the field of microfluidics, for prototyping tires, medical models, grips, watertight seals, and rugged housing for electronic devices.

Source: Prusa3D.

New security and maintenance updates are available for the only currently supported release of XCP-ng, version 8.2 LTS. This update includes fixes for several vulnerabilities in Xen and the Linux kernel in the controller domain. Additionally, maintenance updates that were ready and waiting for the next push are also included.

The fixed vulnerabilities in this security update are as follows:

• XSA-440: CVE-2023-34323 - “xenstored: A transaction conflict can crash C Xenstored”. This vulnerability could potentially lead to a denial of service (DoS) attack. However, it only affects users who deliberately switched to C Xenstored from the default ocaml version used by XCP-ng.
• XSA-441: CVE-2023-34324 - “Possible deadlock in Linux kernel event handling”. While this denial of service vulnerability is not exploitable in XCP-ng’s default configuration, a patched dom0 kernel is provided as an additional layer of defense.
• XSA-442: CVE-2023-34326 - “x86/AMD: missing IOMMU TLB flushing”. On certain AMD systems, an attacker could exploit a vulnerability in the handling of PCI passthrough to escalate privileges, cause a denial of service, or gain access to leaked information.
• XSA-443: CVE-2023-34325 - “Multiple vulnerabilities in libfsimage disk handling”. This privilege escalation vulnerability affects PV guests through flaws in the handling of libfsimage, particularly with XFS. While PV guests are deprecated and not security-supported on XCP-ng 8.2, a fix is provided for users who still have PV guests. It is strongly recommended to convert these VMs to HVM. The Xen Security Team plans to issue another update later this month to remove all uses of libfsimage wherever possible.
• XSA-444: CVE-2023-34327 and CVE-2023-34327 - “x86/AMD: Debug Mask handling”. This vulnerability affects AMD CPUs, specifically the Steamroller microarchitecture and later. It allows guests to crash other guests and can also result in a crash of the host if a buggy or malicious PV guest kernel is present.

In addition to the security updates, this release includes other improvements:

• The Storage Manager (sm) now has better handling of custom multipath configurations. Previously, modifying the /etc/multipath.conf file could lead to issues when the file was updated to add support for new hardware. The correct way to add custom multipath configuration is now through a file in the /etc/multipath/conf.d/ directory. XCP-ng 8.2 now includes a warning on top of the /etc/multipath.conf file, creates the /etc/multipath/conf.d/ directory by default, and provides a ready-to-modify /etc/multipath/conf.d/custom.conf file.
• Guest templates have been synced with Citrix Hypervisor’s recent hotfixes. The only new template added is for Ubuntu 22.04.
• A backport of Citrix Hypervisor’s hotfix (XS82ECU1048) for irqbalance has been included. This hotfix enables interrupt balancing for Fibre Channel (FC) PCI devices, improving performance on fast FC HBA SRs, especially when multipathing is used.

For more information and to download the October 2023 Security Update for XCP-ng 8.2, please visit the XCP-ng blog.