slack_justyb writes: Richard Stallman revealed his diagnosis of lymphoma at the GNU Hacker's meeting in Biel, Switzerland yesterday. He did not share much about his health condition but did indicate that it is "manageable" and that he expects to be around for many more years ahead.

An anonymous reader shares a report: The Cloud Native Computing Foundation has returned to Shanghai for the city's first Kubecon since the pandemic. During a keynote that switched languages several times, demonstrating the challenges faced by both AI and human translators in keeping up, Jim Zemlin, executive director of the Linux Foundation, threw out several crowd-pleasing statistics while also highlighting some projects likely to make one or two companies squirm a little. On the statistics front, Zemlin joked that the Linux Foundation was likely the largest software company in the world, noting that if one took an average software developer's salary -- he put the worldwide mean as being $40,000 -- and multiplied it by the number of developers contributing to the foundation, the payroll would come to around $26 billion -- more than Microsoft's $24 billion R&D payroll.

The statistic was somewhat tongue in cheek as Zemlin pointed out that none of the developers working on Linux Foundation projects actually work for the Linux Foundation. However, the sheer quantity of engineers involved highlighted another issue noted by Zemlin: the "paradox of choice" when selecting the correct open source project for a given purpose when the number on offer reaches the hundreds, thousands, and beyond. Reflecting the increasing maturity of some elements of the open source world, he also emphasized the opportunities for companies to increase revenues and profits through the use of open source. WeChat, Alibaba, and Huawei all received nods -- unsurprising considering the location -- as Zemlin noted a virtuous circle whereby improvements go back into projects, meaning better profits, meaning more improvements, and so on. It all sounded very utopian, although darkening clouds were signaled by the addition of OpenTofu to the list of projects Zemlin was keen to boast about, including open source efforts around large language models.

An anonymous reader shared this report from Phoronix: One of the new features merged for the Linux 6.6 kernel was multi-grained timestamps for the VFS layer and wiring it up for the EXT4, Btrfs, XFS, and Tmpfs file-systems. This alternative though to coarse-grained timestamps ended up exposing some problems and this week ahead of Linux 6.6-rc3, the feature has been stripped entirely from the kernel.

Multi-grain timestamps were intended for addressing cases where the current coarse-grained timestamps can be ineffective for updating creation/modification times with a lot of I/O potentially happening within the once per jiffy timestamp... Multi-grained timestamps though were only to be selectively enabled to avoid the performance overhead.

Christian Brauner of Microsoft who originally submitted the feature for Linux 6.6 went ahead and submitted the pull request, which has already been honored, for dropping the short-lived kernel feature... "As there are multiple solutions discussed the honest thing to do here is not to fix this up or disable it but to cleanly revert. The general infrastructure will probably come back but there is no reason to keep this code in mainline."

An anonymous reader quotes a report from TechCrunch: When HashiCorp announced it was changing its Terraform license in August, it set off a firestorm in the open source community, and actually represented an existential threat to startups that were built on top of the popular open source project. The community went into action and within weeks they had written a manifesto, and soon after that launched an official fork called OpenTF. Today, that group went a step further when the Linux Foundation announced OpenTofu, the official name for the Terraform fork, which will live forever under the auspices of the foundation as an open source project. At the same time, the project announced it would be applying for entry into the Cloud Native Computing Foundation (CNCF).

"OpenTofu is an open and community-driven response to Terraform's recently announced license change from a Mozilla Public License v2.0 (MPLv2) to a Business Source License v1.1 providing everyone with a reliable, open source alternative under a neutral governance model," the foundation said in a statement. The name is deliberately playful says Yevgeniy (Jim) Brikman from the OpenTofu founding team, who is also co-founder of Gruntwork. "I'm glad your reaction was to laugh. That's a good thing. We're trying to keep things a little more humorous," Brikman told TechCrunch, but the group is dead serious when it comes to building an open fork. [...]

"The first thing was to get an alpha release out there. So you can go to the OpenTofu website and download OpenTofu and start using it and trying it out," he said. "Then the next thing is a stable release. That's coming in the very near future, but there's work to do. Once you have a stable release, people can start using it. Then we can start growing adoption, and once we start growing adoption, some of the big players will start stepping in when some of the big players start stepping in other big players will start stepping in as well."

At the Open Source Summit Europe in Bilbao, Spain, the Linux Foundation this week announced the launch of the Unified Acceleration (UXL) Foundation. The group's mission is to deliver "an open standard accelerator programming model that simplifies development of performant, cross-platform applications." From a report: The foundation's founding members include the likes of Arm, Fujitsu, Google Cloud, Imagination Technologies, Intel, Qualcomm and Samsung. The company most conspicuously missing from this list is Nvidia, which offers its own CUDA programming model for working with its GPUs. At its core, this new foundation is an evolution of the oneAPI initiative, which is also aimed to create a new programming model to make it easier for developers to support a wide range of accelerators, no matter whether they are GPUs, FPGAs or other specialized accelerators. Like with the oneAPI spec, the aim of the new foundation is to ensure that developers can make use of these technologies without having to delve deep into the specifics of the underlying accelerators and the infrastructure they run on.

Steven Vaughan-Nichols writes via ZDNet: BILBAO, Spain: At the Open Source Summit Europe, Jonathan Corbet, Linux kernel developer and executive editor of Linux Weekly News, caught everyone up with what's new in the Linux kernel and where it's going from here. Here's one major change coming down the road: Long-term support (LTS) for Linux kernels is being reduced from six to two years.

Currently, there are six LTS Linux kernels -- 6.1, 5.15, 5.10, 5.4, 4.19, and 4.14. Under the process to date, 4.14 would roll off in January 2024, and another kernel would be added. Going forward, though, when the 4.14 kernel and the next two drop off, they won't be replaced. Why? Simple, Corbet explained: "There's really no point to maintaining it for that long because people are not using them." I agree. While I'm sure someone out there is still running 4.14 in a production Linux system, there can't be many of them.

Another reason, and a far bigger problem than simply maintaining LTS, according to Corbet, is that Linux code maintainers are burning out. It's not that developers are a problem. The last few Linux releases have involved an average of more than 2,000 programmers -- including about 200 new developers coming on board -- working on each release. However, the maintainers -- the people who check the code to see if it fits and works properly -- are another matter.

Researchers have discovered a never-before-seen backdoor for Linux that's being used by a threat actor linked to the Chinese government. From a report: The new backdoor originates from a Windows backdoor named Trochilus, which was first seen in 2015 by researchers from Arbor Networks, now known as Netscout. They said that Trochilus executed and ran only in memory, and the final payload never appeared on disks in most cases. That made the malware difficult to detect. Researchers from NHS Digital in the UK have said Trochilus was developed by APT10, an advanced persistent threat group linked to the Chinese government that also goes by the names Stone Panda and MenuPass.

Other groups eventually used it, and its source code has been available on GitHub for more than six years. Trochilus has been seen being used in campaigns that used a separate piece of malware known as RedLeaves. In June, researchers from security firm Trend Micro found an encrypted binary file on a server known to be used by a group they had been tracking since 2021. By searching VirusTotal for the file name, ââlibmonitor.so.2, the researchers located an executable Linux file named "mkmon." This executable contained credentials that could be used to decrypt the libmonitor.so.2 file and recover its original payload, leading the researchers to conclude that "mkmon" is an installation file that delivered and decrypted libmonitor.so.2.

The Linux malware ported several functions found in Trochilus and combined them with a new Socket Secure (SOCKS) implementation. The Trend Micro researchers eventually named their discovery SprySOCKS, with "spry" denoting its swift behavior and the added SOCKS component. SprySOCKS implements the usual backdoor capabilities, including collecting system information, opening an interactive remote shell for controlling compromised systems, listing network connections, and creating a proxy based on the SOCKS protocol for uploading files and other data between the compromised system and the attacker-controlled command server.

Slashdot reader Leading Edge Boomer wants to help "a retired friend whose personal computing has always been with Windows."

But recently, they were gifted a laptop that's running "some version of Linux..." Probably he's not even aware that there are different distributions for different purposes. He seems open to learning about this different world. What recommendations might Slashdot readers have to bring him up to speed as a competent Linux user? I really don't want to hold his hand, and he's smart enough to learn on his own.
"Mint is the answer," argues long-time Slashdot reader denisbergeron. "First make him use Mint, because it's easy and there a lot of documentation and the community is very strong."

But long-time Slashdot reader spaceman375 thinks they can solve the problem with just three letters. "Show him the man command. When he feels confident, or breaks it pretty hard, then I'd agree — install mint and go from there. But start with man."

Is that it? Is it as simple as that? Share your own thoughts and opinions in the comments — along with your learning tools for beginners.

What's the best Linux resource for a retired Windows user?

This week saw the public beta-testing release of "Linux Mint Debian Edition". Besides listing download locations, its release notes also list out the project's three goals:

- Ensure Linux Mint would be able to continue to deliver the same user experience
- See how much work would be involved if Ubuntu was ever to disappear.
- Guarantee the software we develop is compatible outside of Ubuntu.

9to5Linux reports: Based on the Debian GNU/Linux 12 "Bookworm" operating system series, Linux Mint Debian Edition 6 is powered by the long-term supported Linux 6.1 LTS kernel series and features the latest Cinnamon 5.8 desktop environment that was introduced with the Linux Mint 21.2 "Victoria" release in July 2023⦠[T]his release comes with a new look and feel thanks to newly added folder icons with different color variants, improved consistency of tooltips to look the same across different apps and desktops, support for symbolic icons that adapt to their background, and full support for HEIF and AVIF

When Linus Torvalds announced Linux kernel 6.6's first release candidate, it included a newly-stable version of KSMBD, which is Samsung's in-kernel server for the SMB protocol (for sharing files/folders/printers over a network).

An announcement in 2021 had said that "For many cases the current userspace server choices were suboptimal either due to memory footprint, performance or difficulty integrating well with advanced Linux features."

LWN noted at the time that Linux has been using "the user-space Samba solution since shortly after the beginning." In a sense, ksmbd is not meant to compete with Samba; indeed, it has been developed in cooperation with the Samba project. It is, however, meant to be a more performant and focused solution than Samba is; at this point, Samba includes a great deal of functionality beyond simple file serving. Ksmbd claims significant performance improvements on a wide range of benchmarks...One other reason — which tends to be spoken rather more quietly — is that a new implementation can be licensed under GPLv2, while Samba is GPLv3.
The Register notes that when Samba switched to GPL 3, "one result was that Apple dropped Samba from Mac OS X and replaced it with its own, in-house server called SMBX." And they also remember that a month after its debut in 2021, "Linux sysadmins got to enjoy KSMBD's first security exploit." What's changed now is that it has faced considerable security testing and as a result it is no longer marked as experimental. It's been developed with the assistance of the Samba team, which itself documents how to use it. It's compatible with existing Samba configuration files. As the team says, "It is not meant to replace the existing Samba fileserver 'smbd', but rather be an extension and will integrate with Samba in the future...."

KSMBD is also important in that placing such core server functionality right inside the kernel represents a significant potential attack surface for crackers... The new bcachefs file system will not be going into kernel 6.6, and its developer is not happy.
"It's taken some time to get KSMBD to a state that was considered stable," points out Linux magazine. That time has come, and KSMBD is planned for Linux kernel 6.6.: But why is KSMBD important? First off, it promises considerable performance gains and better support for modern features such as Remote Direct Memory Access (RDMA)... KSMBD also adds enhanced security, considerably better performance for both single and multi-thread read/write, better stability, and higher compatibility. In the end, hopefully, this KSMBD will also mean easier share setups in Linux without having to jump through the same hoops one must with the traditional Samba setup.

An anonymous reader quotes a report from Ars Technica: A download site surreptitiously served Linux users malware that stole passwords and other sensitive information for more than three years until it finally went quiet, researchers said on Tuesday. The site, freedownloadmanager[.]org, offered a benign version of a Linux offering known as the Free Download Manager. Starting in 2020, the same domain at times redirected users to the domain deb.fdmpkg[.]org, which served a malicious version of the app. The version available on the malicious domain contained a script that downloaded two executable files to the /var/tmp/crond and /var/tmp/bs file paths. The script then used the cron job scheduler to cause the file at /var/tmp/crond to launch every 10 minutes. With that, devices that had installed the booby-trapped version of Free Download Manager were permanently backdoored.

After accessing an IP address for the malicious domain, the backdoor launched a reverse shell that allowed the attackers to remotely control the infected device. Researchers from Kaspersky, the security firm that discovered the malware, then ran the backdoor on a lab device to observe how it behaved. "This stealer collects data such as system information, browsing history, saved passwords, cryptocurrency wallet files, as well as credentials for cloud services (AWS, Google Cloud, Oracle Cloud Infrastructure, Azure)," the researchers wrote in a report on Tuesday. "After collecting information from the infected machine, the stealer downloads an uploader binary from the C2 server, saving it to /var/tmp/atd. It then uses this binary to upload stealer execution results to the attackers' infrastructure."

An anonymous reader quotes a report from 404 Media: Historically, video game preservation efforts usually cover two types of games. The most common are very old or "retro" games from the 16-bit era or earlier, which are trapped on cartridges until they're liberated via downloadable ROMs. The other are games that rely on a live service, like Enter the Matrix's now unplugged servers or whatever games you can only get by downloading them via Nintendo's Wii Shop Channel, which shut down in 2019. But time keeps marching on and a more recent era of games now needs to be attended to if we still want those games to be accessible: indies from the late aughts to mid twenty-teens. That's right. Fez, an icon of the era and indie games scene, is now more than a decade old. And while we don't think of this type of work until we need it, Fez, which most PC players booted on Windows 7 when it first came out, is not going to magically run on your Windows 11 machine today without some maintenance.

The person doing that maintenance, as well as making sure that about 70 of the best known indie games from the same era keep running, is Ethan Lee. He's not as well known as Fez's developer Phil Fish, who was also the subject of the documentary Indie Game: The Movie, but this week Lee started publicly marketing the service he's been quietly providing for over 11 years: maintenance of older games. "The way that I've been pitching it is more of like, the boring infrastructure," he said. "Let's make sure the current build works, whereas a lot of times, people feel like the only way to bring a game into a new generation is to do a big remaster. That's cool, but wouldn't have been cool if Quake II just continued to work between 1997 and now without all the weird stuff in between? That's sort of why I've been very particular about the word maintenance, because it's a continuous process that starts pretty much from the moment that you ship it."

As he explains in his pitch to game developers: "the PC catalog alone has grown very large within the last 15 years, and even small independent studios now have an extensive back catalog of titles that players can technically still buy and play today! This does come at a cost, however: The longer a studio exists, the larger their catalog grows, and as a result, the maintenance burden also grows." Just a few of the other indie games Lee ported include Super Hexagon, Proteus, Rogue Legacy, Dust: An Elysian Tail, TowerFall Ascension, VVVVVV, Transistor, Wizorb, Mercenary Kings, Hacknet, Shenzhen I/O, and Bastion. [...] With the PC, people assume that once a game is on Windows, it can live on forever with future versions of Windows. "In reality, what makes a PC so weird is that there's this big stack of stuff. You have an x86 processor, the current-ish era of like modern graphics processors, and then you have the operating system running on top of that and its various drivers," Lee said. A change to any one of those layers can make a game run badly, or not at all.

The (Arch Linux-powered) Steam Deck was released in February of 2022 — and Phoronix reports that's helping Linux's market share on Steam. "While July was at 1.96% for Linux, the August numbers [from SteamPowered.com] show a 0.14% dip to 1.82%. Interestingly, macOS dipped by 0.27% to 1.57% while Windows rose by 0.4% to 96.61%. For those wondering why the Steam Linux numbers dropped while the Steam Deck continues to be very popular, it's possibly again another month impacted by large swings in Chinese traffic... SteamOS Holo that powers the Steam Deck gained another 2% marketshare to now commanding around 44% of the reported Linux gamers.

Among Linux gamers, AMD CPUs power around 71% of the systems. In part due to the Steam Deck being powered by an AMD APU. Meanwhile Steam on Windows has the AMD CPU marketshare at around 33%.

ZDNet's Steven Vaughan-Nichols shares what's new in the release of Linux 6.5: The biggest news for servers -- and cloud Linux users -- is AMD Ryzen processors' P-State support. This support should mean better performance and power use across CPU cores. Intel Alder Lake CPUs have also received improved load balancing in a related development. RISC-V architecture fans will be pleased to find Linux now has Advanced Configuration and Power Interface (ACPI) support. ACPI is used in Linux and other operating systems for power management. It's vital for laptops and other battery-powered systems.

For better security, people using virtual machines or sandboxes based on Usermode Linux for testing, or running multiple versions of Linux at once, now have Landlock support. Landock is a Linux Security Module that enables applications to sandbox themselves by selecting access rights to directories. It's designed to be used by unprivileged processes while following the system security policy. To make talking with the rest of the world easier, Linux 6.5 now supports USB 4v2. This new USB-C standard will support up to an eye-watering 120Gbps. And while we're still getting used to Wi-Fi 6E, the Wi-Fi Alliance is already working on bringing us Wi-Fi 7. When Wi-Fi 7 arrives, with its theoretical maximum speed of 46Gbps, Linux will be ready. As usual, the new Linux has many more built-in audio and graphics drivers. The Bcachefs filesystem didn't make it into Linux 6.5, notes Vaughan-Nichols. "While the Bcachefs filesystem looks good, there's been a lot of developers fighting about the development process. These personal arguments have led Torvalds to decide not to incorporate Bcachefs into Linux 6.5."

Linus Torvalds announced Linux 6.5's delivery in a brief post on August 27.

When Amazon Linux 2023 was released on March 15, it was supposed to be offered as a virtual machine image that organizations could run on their own servers. From a report: "When Amazon Linux 2023 becomes generally available, it will be provided as a virtual machine image for on-premises use, enabling you to easily develop, test, and certify applications from a local development environment," the web titan's FAQs stated at the time. "This option is not available during the preview." But that commitment has since vanished from the FAQ: it's not there right now nor in this capture of the page on June 2. And it's not clear whether Amazon intends to enable on-premises usage of its Linux distribution.

Those who use Linux in their businesses have been asking Amazon to clarify the situation for eighteen months, starting with a GitHub Issues feature request opened on March 15, 2022, and a similar inquiry posted a year later. In late June, Rotan Hanrahan, a technology consultant based in Dublin, Ireland, chided Amazon for failing to explain what's going on. "I see no evidence of any outreach to the community to explain this, nor any requests for technical assistance (assuming the issue is technical)," he wrote. "If the issue is bureaucratic in nature, we might never see the promised VM image. Some clarification from Amazon is overdue."