openSUSE Drops Deepin Desktop Amid Ongoing Security Concerns
The decision follows the discovery of a critical privilege escalation flaw in the `dde-api-proxy` component, which acts as a D-Bus proxy between Deepin applications and system services. This vulnerability, assigned CVE-2025-23222, allows unprivileged local users to execute administrative operations without proper authentication. The flaw stems from the proxy's design, which forwards D-Bus messages from any user to backend services as if they originated from the root user, effectively bypassing standard security checks.
The SUSE Security Team reported the issue to Deepin's security contacts in December 2024. Initial attempts to communicate were met with silence, and although Deepin eventually acknowledged the problem and released a patch in January 2025, the fix was deemed inadequate. The patch introduced a new Polkit authorization check but relied on deprecated methods vulnerable to race conditions, leaving the system susceptible to similar exploits.
Further investigation revealed that the `deepin-feature-enable` package, introduced in April 2021, violated openSUSE's packaging policies by installing unverified components through a license agreement bypass. This discovery prompted a comprehensive review of DDE's integration with openSUSE, uncovering a pattern of persistent security issues dating back to 2017. Notable concerns included improper handling of D-Bus and Polkit features in components like `deepin-api`, `deepin-daemon`, and `deepin-file-manager`, leading to disabled functionalities and broken features within the desktop environment.
The openSUSE community had previously attempted to mitigate these issues by disabling D-Bus and Polkit features by default, resulting in limited functionality such as non-operational lock screens, inability to manage users and networks through the control center, and broken system sounds. Users who chose to enable these features were warned of potential security risks.
The removal of DDE from openSUSE highlights broader concerns about the security culture within the Deepin project. Past incidents, such as the inclusion of the CNZZ analytics tracker in the Deepin App Store in 2018, have raised questions about data privacy and the project's transparency. Although Deepin removed the tracker following public backlash, lingering doubts remain about the project's commitment to user security and privacy.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Khaleej Times
6 days ago
- Khaleej Times
Rethinking innovation to cross the ‘valley of death' in the tech sector
Innovation doesn't fail for lack of good ideas. It fails because good ideas are often stranded - too real for research, too early for procurement. In technology circles, we call this stretch the 'valley of death.' That's why specialist 'technology transfer' organizations exist - to bridge that gap. Their role is to take promising solutions and carry them from concept to deployment. Globally, the commitment to innovation is undeniable. In 2023, the top 2,000 corporate R&D investors spent €1.26 trillion (Dh5.4 trillion) - 85 percent of all business-funded research. Yet despite this enormous spend, returns are flattening. Analysts now speak of a 'diminishing return on R&D' as more organizations struggle to turn prototypes into products. One reason is that many firms still treat innovation as a procurement issue. They wait for technology to appear on the shelf and hope it fits the problem. But technology isn't furniture. It doesn't arrive pre-assembled and ready to use. A procurement mind-set may feel safe, but it often delivers average outcomes. That's fine - until the problem you're trying to solve involves emissions, patient safety, or food supply. At that point, average won't cut it. Technology transfer works when you work with industry partners to flip the equation. Instead of asking what's available, you ask: what's possible? Research is shaped around real problems. And success is measured by traction, not by novelty. Done well, this approach should follow a four-part model: 1. Anchor-client value. What's the upside of solving this problem - faster inspections, lower emissions, safer operations? If the impact isn't meaningful, question whether the project is necessary. 2. Global relevance. Can the solution scale beyond one client or country? If yes, it becomes not just a fix, but a potential export. 3. Three-legged execution. Teams blend commercial strategy, technical depth and stakeholder engagement. Dealmakers, analysts and engineers work as one. 4. Performance tracking. Both tangible and intangible outcomes – whether its cost savings, increased revenues, sustainability improvements, trust gains, safety and security enhancements - are measured and reported. This model is being applied in the UAE today. Take quantum sensing. What began as an exploration of emerging technology evolved into a deeply practical solution for the energy sector. Working closely with ADNOC, researchers at TII developed systems that dramatically improve the predictability of the lifespan of energy storage systems. In the quest for decarbonisation, this presents a paradigm shift in the electrification of assets that are run today on fossil fuels . Keeping product-market fit in our minds, even through the early stages of R&D has massive benefits. How will the end user use the technology and extract value from it? Consider drone-based emergency response. What started as a safety-driven request to improve response times in hazardous zones, evolved into a full-scale programme combining autonomy, communication infrastructure, and integration with live operations. These drones can now reach and assess dangerous environments before people ever need to, reducing exposure and speeding up critical decisions. And the technology is already finding broader applications - in industrial inspection, urban logistics and environmental monitoring. Dedicated air corridors, integrated safety protocols, and regulatory co-creation are all being fast-tracked to ensure the UAE is not just participating in advanced air mobility but setting the global pace, proving that regulation and innovation can travel together. These are real outcomes grounded in structured roadmaps, commercial logic and shared accountability. Each began not with a product pitch, but with a strategic question: what are the challenges of tomorrow that we need to be solving for today? The so-called valley of death isn't inevitable. It is one that can be overcome with the right coordination and partnerships. That's why institutions like ASPIRE matter. With a mandate to help convert strategic problems into co-developed solutions, linking researchers with engineers, regulators with innovators, and pilots with commercial off-take commitments based on assumed success; they shorten the distance between potential and progress. So, here's a suggestion for industry leaders: before launching your next RFP for a 'band aid' solution, ask a sharper question. What are you really trying to solve? What would solving it unlock - for your company, and for the wider market? The future isn't short on ideas. The real question is whether we have the courage - and the coordination - to carry them through.
Zawya
07-08-2025
- Zawya
DEWA's R&D Centre secures CE product certification for OmniHub IoT terminal
Dubai, UAE: The Research and Development (R&D) Centre of Dubai Electricity and Water Authority (DEWA) has announced that its OmniHub IoT terminal has received the CE product certification for health, safety and environmental compliance. OmniHub successfully passed all testing requirements in a single development cycle covering concept, delivery and maintenance, exceeding industry benchmarks. The R&D Centre highlighted the terminal's advanced features, particularly its connectivity with the DEWASAT-1 nanosatellite, paving the way for field deployment. Omnihub was developed in line with the highest standards of reliability and efficiency under DEWA's Space-D programme to connect terrestrial sensors with satellites and ground-based networks. The terminal, including its 3D-printed encasing, was designed and manufactured at the R&D Centre. Multiple OmniHub terminals have been operational in the field for over six months, effectively meeting the operational needs of different DEWA business units. These installations showcase OmniHub's reliability, versatility and effectiveness in real-world applications. 'In line with the wise directives of His Highness Sheikh Mohammed bin Rashid Al Maktoum, Vice President and Prime Minister of the UAE and Ruler of Dubai, we are contributing to the development of the space sector and various related sectors, as well as the transition towards a diversified, knowledge-based economy. Thanks to its environment that stimulates innovation and excellence, DEWA's R&D Centre has become a key driver for achieving the National Space Strategy 2030 and supporting the space industry and its various activities, including government space activities, commercial activities and scientific activities,' said HE Saeed Mohammed Al Tayer, MD & CEO of DEWA. OmniHub has demonstrated full compatibility with DEWA's operational technology (OT) requirements. It supports multi-technology connectivity, boasts strong communication capabilities and complies with stringent OT and IT security standards. With its six-month battery life and low-power consumption, the terminal is designed for durability in harsh environments, including dusty and wet conditions, ensuring consistent performance across DEWA's various divisions and business areas. The terminal is compatible with international standards, ensuring robust security across connected devices. It supports Wi-Fi, Bluetooth Low Energy, Narrowband Internet of Things, LTE CAT-M and LoRa\LoRaWAN protocols to enable seamless communication with several satellites and various terrestrial networks. DEWA uses the digital IoT platform hosted by its data centre – operated by Moro Hub, a subsidiary of Digital DEWA – to support remote device management. -Ends- For more information, please contact: Shaikha Almheiri / Mohammad Almheiri / Ribal Dayekh Mariam Mikhail / Esraa Hamed Dubai Electricity and Water Authority Seen Media / / mariam@ / esraa@ For more information, please visit DEWA's website DEWA's social media accounts:
Zawya
04-08-2025
- Zawya
R&D centre of OIA-backed US tech venture planned in Oman
MUSCAT: US-based climate innovation tech venture Sense, known for its leadership in smart energy solutions, will establish a Research & Development (R&D) facility in Oman to support the deployment of its technology in the Sultanate of Oman. According to the Oman Investment Authority (OIA)—an investor in the Massachusetts-headquartered firm—the R&D facility is part of a broader initiative to localise Sense's technology for tracking energy consumption in the country. In August 2019, IDO Investments, the tech-focused arm of OIA, joined a group of leading international investors in a funding round for Sense. The US firm develops machine-learning-powered hardware and software that monitor household energy consumption and device usage in real time—helping users reduce energy waste. Commenting on its strategy to support the localisation of Sense's smart energy solutions, OIA stated: 'Sense conducted field trials in Oman to optimise the technology's performance and adapt it to local conditions. The company expanded its partnerships with local energy providers to enhance the national electricity grid's efficiency and strengthen its ability to meet growing energy demand. This partnership paves the way for establishing a research and development center in Oman, supporting the national economy and creating new job opportunities for Omani citizens.' A leader in climate-tech innovation, Sense's groundbreaking direct-to-consumer Home Energy Monitor initially reached over 100,000 homes in the US. The company has since expanded its reach by embedding its technology into smart meters—providing electricity providers with software that enhances grid management and customer engagement. Sense says its mission is to reduce global carbon emissions by transforming the relationship between people, homes, and the electric grid. To this end, it partners with meter manufacturers to offer utilities software that supports their electrification goals by making the grid more scalable and resilient. Its consumer app empowers users to make smarter energy decisions, lower electricity bills, and reduce their carbon footprint. In Oman, smart meters are playing a key role in helping rationalise electricity consumption by enabling modern digital infrastructure and giving consumers real-time access to their energy usage. Supplanting analog meters—prone to faults and billing errors—smart meters improve billing accuracy, collection efficiency, and customer satisfaction. With access to ongoing consumption trends, consumers can make informed decisions to reduce household electricity use. At the national level, utilities gain access to real-time data that enables better detection of losses, tampering, and power quality issues, while reducing operational costs and improving usage planning. Additionally, the underlying Advanced Metering Infrastructure (AMI) supports time-of-day pricing and demand-response programs, encouraging consumption outside of peak periods. The Authority for Public Services Regulation (APRS) is overseeing the National Smart Meter Programme, which targets the installation of approximately 1.2 million smart meters by the end of 2025.
