An anonymous reader quotes a report from ZDNet: Microsoft's Windows Subsystem for Linux (WSL) for running GNU/Linux environments on Windows 10 and Windows 11 has reached version 1.0.0 and is now generally available. Microsoft has been building WSL, including its own custom Linux kernel, for several years now. At first, WSL and WSL2 were an optional component within Windows, but last October Microsoft made the preview WSL available in the Microsoft Store as a separate app. The Store version could deliver users -- mostly developers and IT pros -- faster updates and features independently of updates to Windows.

As well as WSL shedding the "preview" label, Microsoft is making the WSL app from the Store the default for new users. As Microsoft noted last October at the release of Windows 11, the long term plan was to move WSL users to the Store version. However, Windows 11 still supported the "inbox version" of WSL while it continued developing the Store version. With this release, Microsoft is backporting WSL functionality to Windows 10 and 11 to make the Store version of WSL the default experience. The latest backport is available to "seekers" who click "Check for Updates" in Windows Settings, but in mid-December it will be pushed automatically to devices. The updates are available for Windows 10 version 21H1, 21H2, or 22H2, or on Windows 11 21H2 with all of the November updates applied.

Microsoft detailed a number of changes to commands now that the Store version of WSL is the default version, noting "wsl.exe --install will now automatically install the Store version of WSL, and will no longer enable the "Windows Subsystem for Linux" optional component, or install the WSL kernel or WSLg MSI packages as they are no longer needed." The virtual machine platform optional component will still be enabled, and by default Ubuntu will still be installed. One of the main new additions to WSL 1.0 is that users can opt in to support for systemd, the at-one-point maligned Linux system and service manager, which runs by default in several Linux distros, including Ubuntu and Debian. Also, Windows 10 users can use Linux GUI apps, a capability that was previously exclusive to Windows 11 users.

Fedora 37 is now officially released. From a report: Fedora 37 brings the GNOME 43 desktop to Fedora Workstation 37, updated toolchain components like Glibc 2.36 and LLVM 15 and Binutils 2.38, official support for the Raspberry Pi 4, retiring 32-bit ARMv7 support, Fedora CoreOS has been promoted to a Fedora Edition, Perl 5.36, Python 3.11, RPM 4.18, LXQt 1.1, and a wealth of other updated packages.

The Linux Foundation Europe (LF Europe) -- the recently launched European offshoot of the open source Linux Foundation -- today announced the launch of Project Sylva, which aims to create an open source telco cloud framework for European telcos and vendors. TechCrunch: This is the first project hosted by LF Europe and is a good example of what the organization is trying to achieve. The project aims to create a production-grade open source telco cloud stack and a common framework and reference implementation to "reduce fragmentation of the cloud infrastructure layer for telecommunication and edge services." Currently, five carriers (Telefonica, Telecom Italia, Orange, Vodafone and Deutsche Telekom) and two vendors (Ericsson and Nokia) are working on the project.

"There's a whole bunch of Linux Foundation networking projects already that have taken telecommunications into the open source era," Arpit Joshipura, the general manager for Networking, Edge and IoT at the Linux Foundation, told me. "All those projects are under what is called the [LF] Networking foundation. [â¦] So whatever that work is that is done by the telcos, Sylva is going to leverage and build on top of it with these European vendors to solve EU specific requirements. Those are security, energy, federated computing, edge and data trust." At the core of Sylva is a framework for a compute platform that can be agnostic to whether a workload is running on the telco access network, edge or in the core. The project aims to build a reference implementation, leveraging all of the work already being done by LF Networking, the Cloud Native Computing Foundation (the home of Kubernetes and other cloud-native infrastructure projects), LF Energy and others.

Thursday the Kudelski Group's cybersecurity division released "a tool for Linux that allows creation of multiple hidden volumes on a storage device in such a way that it is very difficult, even under forensic inspection, to prove the existence of such volumes."

"Each volume is encrypted with a different secret key, scrambled across the empty space of an underlying existing storage medium, and indistinguishable from random noise when not decrypted." Even if the presence of the Shufflecake software itself cannot be hidden — and hence the presence of secret volumes is suspected — the number of volumes is also hidden. This allows a user to create a hierarchy of plausible deniability, where "most hidden" secret volumes are buried under "less hidden" decoy volumes, whose passwords can be surrendered under pressure. In other words, a user can plausibly "lie" to a coercive adversary about the existence of hidden data, by providing a password that unlocks "decoy" data.

Every volume can be managed independently as a virtual block device, i.e. partitioned, formatted with any filesystem of choice, and mounted and dismounted like a normal disc. The whole system is very fast, with only a minor slowdown in I/O throughput compared to a bare LUKS-encrypted disk, and with negligible waste of memory and disc space.

You can consider Shufflecake a "spiritual successor" of tools such as Truecrypt and Veracrypt, but vastly improved. First of all, it works natively on Linux, it supports any filesystem of choice, and can manage up to 15 nested volumes per device, so to make deniability of the existence of these partitions really plausible.
"The reason why this is important versus "simple" disc encryption is best illustrated in the famous XKCD comic 538," quips Slashdot reader Gaglia (in the original submission. But the big announcement from Kudelski Security Research calls it "a tool aimed at helping people whose freedom of expression is threatened by repressive authorities or dangerous criminal organizations, in particular: whistleblowers, investigative journalists, and activists for human rights in oppressive regimes.

"Shufflecake is FLOSS (Free/Libre, Open Source Software). Source code in C is available and released under the GNU General Public License v3.0 or superior.... The current release is still a non-production-ready prototype, so we advise against using it for really sensitive operations. However, we believe that future work will sensibly improve both security and performance, hopefully offering a really useful tool to people who live in constant danger of being interrogated with coercive methods to reveal sensitive information.

"An ugly hack within the Linux kernel that has been in mainline for over three years has been called out," writes Phoronix's Michael Larabel. "Due to a buggy X.Org Server / xf86-video-modesetting DDX, the Linux kernel has been imposing different behavior on whether a process starts with 'X' and in turn disable the atomic mode-setting support." Linux security researcher and WireGuard creator, Jason Donenfeld, discovered the 'ugly code' within the kernel and commented on it via the kernel mailing list.

"The commit to this kernel with the 'X' first character check was made back in September 2019," notes Larabel. "The 'good' news is that since then on user-space side back in 2019 the xf86-video-modesetting code went ahead and disabled atomic support by default. So technically if running an updated X.Org stack within the past three years, this kernel hack isn't necessary anymore since user-space is just then avoiding the atomic API."

Slashdot reader Soul_Predator writes: Vanilla OS is Ubuntu on stock GNOME, with on-demand immutability and package selection freedom. It is currently a beta project, with a stable release planned for the next month.
"The first-time setup process is a breeze to experience," writes It's FOSS News, applauding how it lets uses choose and enable Flatpak/Snap/AppImage.

Overall, a package manager that installs applications utilizing a container, getting the ability to choose your package managers, on-demand immutability, and vanilla GNOME make it seem like a good deal to keep an eye on... I'd say it is a project that I believe a lot of users will appreciate.

You can download the ISO by joining its Discord channel for now. The ISO is not yet publicly available to all. Take a look at its documentation if you are curious. However, as per the roadmap, they plan to have a release candidate soon enough.

Do you have a laptop that's either "pretty old" or "weird in some other way"? Did it ship without Windows from the factory, or did you flash its firmware with coreboot? You could help the Linux kernel move its backlight code forward without abandoning quirky gear like yours. ArsTechnica: Hans de Goede, a longtime Linux developer and principal engineer at Red Hat, writes on his Livejournal about the need to test "a special group of laptops" to prevent their backlight controls from disappearing in Linux kernel 6.1. Old laptop tests are needed because de Goede is initiating some major changes to user-space backlight controls, something he has been working on since 2014. As detailed at Linux blog Phoronix, there are multiple issues with how Linux tries to address the wide variety of backlight schemes in displays, which de Goede laid out at the recent Linux Plumbers Conference. There can be multiple backlight devices operating a single display, leaving high-level controls to "guess which one will work." Brightness control requires root permissions at the moment. And "0" passed along as a backlight value remains a conundrum, as the engineer pointed out in 2014: Is that entirely off, or as low as the display can be lit?

Lennart Poettering's latest blog post proposes moving the Linux boot process into a "Brave New Trusted Boot World" of cryptographically signed Unified Kernel Images. From a report: Agent Poettering offers a mechanism for tightening up the security of the system startup process on Linux machines, using TPM 2.0 hardware. In brief, what he sees as the problem is that on hardware with Secure Boot enabled, while the boot process up to and including the kernel is signed, the next step, loading the initrd, is not. That's what he wants to fix.

"Linus Torvalds has backed the idea of possibly removing Intel 486 (i486) processor support from the Linux kernel," reports Phoronix: After the Linux kernel dropped i386 support a decade ago, i486 has been the minimum x86 processor support for the mainline Linux kernel. This latest attempt to kill off i486 support ultimately arose from Linus Torvalds himself with expressing the idea of possibly requiring x86 32-bit CPUs with "cmpxchg8b" support, which would mean Pentium CPUs and later:

Maybe we should just bite the bullet, and say that we only support x86-32 with 'cmpxchg8b' (ie Pentium and later).

Get rid of all the "emulate 64-bit atomics with cli/sti, knowing that nobody has SMP on those CPU's anyway", and implement a generic x86-32 xchg() setup using that try_cmpxchg64 loop.

I think most (all?) distros already enable X86_PAE anyway, which makes that X86_CMPXCHG64 be part of the base requirement.

Not that I'm convinced most distros even do 32-bit development anyway these days.... We got rid of i386 support back in 2012. Maybe it's time to get rid of i486 support in 2022?
Towards the end of his post, Torvalds makes the following observation about i486 systems. "At some point, people have them as museum pieces. They might as well run museum kernels. "

Joey Sneddon, reporting at OMG! Ubuntu: In September I tweeted a screenshot of something unexpected that has started to show up in the terminal when I ran system updates. It didn't enrage me at the time (and it kinda still doesn't) but I did find it a little ... Off. Now, if you're suitably tuned-in to the Linux newswire and/or an avid attendee of social media you'll probably heard about the drama in question. If you haven't, then allow me to... Yes, the furore is over an "ad" for Ubuntu Pro, Canonical's revamped support offering that replaces/augments Ubuntu Advantage (which has been around for many years) that appears in the terminal when managing system updates.

Other people are calling it an "ad" (hence quote marks). I prefer the term plug (which, it turns out, some people aren't familiar with; it means to mention something in order to promote it). For although this sentence is technically advertising something, in this case Ubuntu Pro, the offering itself is free for regular users (on up-to five devices). Thus, it's not like this is an "ad" that generates Canonical revenue. It's more akin to a public service announcement to raise awareness.

Linux kernel boss Linus Torvalds has released the first release candidate for version 6.1 of the project and added an appeal for developers to make his life easier by adding code earlier in the development cycle. The Register reports: "Let me just say that after I got my machine sorted out and caught up with the merge window, I was somewhat frustrated with various late pull requests. I've mentioned this before, but it's _really_ quite annoying to get quite a few pull requests in the last few days of the merge window."

He then offered further guidance on how kernel devs can do it right. "Yes, the merge window is two weeks, but that's very much to allow me time to look things over, not 'two weeks to hurriedly put together a branch that you send Linus on Friday of the second week'," he wrote. "The whole 'do an all-nighter to get the paper in the day before the deadline' is something that should have gone out the window after high school. Not for kernel development." His next line was: "You know who you are."

"Anyway, it's not the first time I've said this, I doubt it will be the last. But maybe more people could take it to heart, ok?" he added, before concluding his post with a slightly non-traditional call for testers to visit Linux's git tree because "The merge window may not be the biggest ever, but it's certainly big enough that the shortlog is much too big to post, and below is just my usual merge log." "For all the gory details, please refer to the git tree."

Mike Bouma (Slashdot reader #85,252) writes: Hyperion Entertainment is pleased to announce the immediate availability of a very substantial and comprehensive update of the Software Development Kit (SDK) for AmigaOS 4.1 54.16.

Also Linux: Kernel 6.0 for AmigaOne X1000/X5000 has been released and the biggest Amiga event of the year will be held upcoming weekend in Mönchengladbach, Germany: the Amiga37 event.

When a kernel developer asked Linus Torvalds if he'd missed a Git pull, Torvalds "revealed the request was still in his queue as 'I'm doing merges (very slowly) on my laptop, while waiting for new ECC memory DIMMs to arrive,'" reports The Register: Torvalds needs the DIMMs because over the last few days he experienced what he described as "some instability on my main desktop... with random memory corruption in user space resulting in my allmodconfig builds randomly failing with internal compiler errors etc."

The Linux boss's first thought was that a new kernel bug had caused the problem — which isn't good but sometimes happens. His instinct was wrong. "It was literally a DIMM going bad in my machine randomly after 2.5 years of it being perfectly stable," he wrote. "Go figure. Verified first by booting an old kernel, and then with memtest86+ overnight."

Torvalds appears to have been tracking delivery of the new DIMMs as he reported replacement memory was "out for delivery" and predicted it should arrive later on Sunday evening....

His post also mentions that his main PC was set up for error correction code memory (ECC memory), but "during the early days of COVID when there wasn't any ECC memory available at any sane prices. And then I never got around to fixing it, until I had to detect errors the hard way."

"I absolutely *detest* the crazy industry politics and bad vendors that have made ECC memory so 'special'," he added.

"Starting with the Ubuntu 16.04 edition and including the later LTS versions, Canonical will offer expanded security coverage for critical, high, and medium Common Vulnerabilities and Exposures (CVEs) to all of Ubuntu's open-source applications and toolchains for ten years," reports ZDNet.

"Yes, you read that right, you get security patches not just for the operating system, but for all of Ubuntu's open-source applications for a decade." Most of these are server programs, such as Ansible, Apache Tomcat, Drupal, Nagios, Redis, and WordPress. But, it also includes such developer essentials as Docker, Node.js, phpMyAdmin, Python 2, and Rust. Altogether, Canonical is supporting more than 23,000 packages. Indeed, it's now offering security for, as Mark Shuttleworth, Canonical's CEO, said, "Security coverage to every single package in the Ubuntu distribution."

Canonical isn't doing this on its own. It's offering free, improved security in partnership with the security management company Tenable. Robert Huber, Tenable's Chief Security Officer, said, "Ubuntu Pro offers security patch assurance for a broad spectrum of open-source software. Together, we give customers a foundation for trustworthy open source."

Beyond ordinary security, Canonical is backporting security fixes from newer application versions. This enables Ubuntu Pro users to use the Ubuntu release of their choice for long-term security without forced upgrades. Happy to keep using Ubuntu 20.04? No problem. You can run it until April 2030. Knock yourself out....

Users can obtain a free personal Ubuntu Pro subscription at ubuntu.com/pro for up to five machines. This free tier is for personal and small-scale commercial use.
Mark Shuttleworth, CEO of Ubuntu's parent company company Canonical, explains in a new video that Ubuntu "is now the world's most widely used Linux..."

"What makes most proud, though, is that we have found a way to make this available free of charge to anybody for their personal and for small-scale commercial use.... full commercial use for you, and any business you own, on up to five machines."

Intel laptop users running Linux are being advised to avoid running the latest Linux 5.19.12 stable kernel point release as it can potentially damage the display. From a report: Intel Linux laptop users on Linux 5.19.12 have begun reporting "white flashing" display issues with one user describing it as "[the] laptop display starts to blink like lights in a 90's rave party." Intel Linux kernel engineer Ville Syrjal posted this week on the kernel mailing list: "After looking at some logs we do end up with potentially bogus panel power sequencing delays, which may harm the LCD panel."

"This Monday, the first set of patches to enable Rust support and tooling was merged for Linux 6.1," writes Slashdot reader sabian2008, sharing an update from longtime kernel developer Kees Cook: The tree has a recent base, but has fundamentally been in linux-next for a year and a half. It's been updated based on feedback from the Kernel Maintainer's Summit, and to gain recent Reviewed-by: tags. Miguel is the primary maintainer, with me helping where needed/wanted. Our plan is for the tree to switch to the standard non-rebasing practice once this initial infrastructure series lands. The contents are the absolute minimum to get Rust code building in the kernel, with many more interfaces[2] (and drivers -- NVMe[3], 9p[4], M1 GPU[5]) on the way.

The initial support of Rust-for-Linux comes in roughly 4 areas:
- Kernel internals (kallsyms expansion for Rust symbols, %pA format)
- Kbuild infrastructure (Rust build rules and support scripts)
- Rust crates and bindings for initial minimum viable build
- Rust kernel documentation and samples Further reading: Linux 6.0 Arrives With Support For Newer Chips, Core Fixes, and Oddities

An anonymous reader quotes a report from Ars Technica: A stable version of Linux 6.0 is out, with 15,000 non-merge commits and a notable version number for the kernel. And while major Linux releases only happen when the prior number's dot numbers start looking too big -- there is literally no other reason" -- there are a lot of notable things rolled into this release besides a marking in time. Most notable among them could be a patch that prevents a nearly two-decade slowdown for AMD chips, based on workaround code for power management in the early 2000s that hung around for far too long. [...]

Intel's new Arc GPUs are supported in their discrete laptop form in 6.0 (though still experimental). Linux blog Phoronix notes that Intel's ARC GPUs all seem to run on open source upstream drivers, so support should show up for future Intel cards and chipsets as they arrive on the market. Linux 6.0 includes several hardware drivers of note: fourth-generation Intel Xeon server chips, the not-quite-out 13th-generation Raptor Lake and Meteor Lake chips, AMD's RDNA 3 GPUs, Threadripper CPUs, EPYC systems, and audio drivers for a number of newer AMD systems. One small, quirky addition points to larger things happening inside Linux. Lenovo's ThinkPad X13s, based on an ARM-powered Qualcomm Snapdragon chip, get some early support in 6.0. ARM support is something Linux founder Linus Torvalds is eager to see [...].

Among other changes you can find in Linux 6.0, as compiled by LWN.net (in part one and part two):
- ACPI and power management improvements for Sapphire Rapids CPUs
- Support for SMB3 file transfer inside Samba, while SMB1 is further deprecated
- More work on RISC-V, OpenRISC, and LoongArch technologies
- Intel Habana Labs Gaudi2 support, allowing hardware acceleration for machine-learning libraries
- A "guest vCPU stall detector" that can tell a host when a virtual client is frozen Ars' Kevin Purdy notes that in 2022, "there are patches in Linux 6.0 to help Atari's Falcon computers from the early 1990s (or their emulated descendants) better handle VGA modes, color, and other issues."

Not included in this release are Rust improvements, but they "are likely coming in the next point release, 6.1," writes Purdy.

Michael Larabel writes via Phoronix: Debian developers have been figuring out an updated stance to take on non-free firmware considering the increasing number of devices now having open-source Linux drivers but requiring closed-source firmware for any level of functionality. The voting on the non-free firmware matter has now concluded and the votes tallied... The debian votes option 5 as winning: "Change SC for non-free firmware in installer, one installer."

Basically the Debian Installer media will now be allowed to include non-free firmware and to automatically load/use it where necessary while informing the user of it, etc. Considering the state of the hardware ecosystem these days, it's reasonable and common sense since at least users will be able to easily make use of their graphics cards, network adapters, and more. Plus a number of modern CPU security mitigations also requiring the updated closed-source microcode. So all in, I am personally happy with this decision as it will allow for a more pleasant experience for Debian on modern systems and one akin to what is found with other Linux distributions. The solution is described in full via the Debian Wiki.

Developer Asahi Lina with the Asahi Linux project was successfully able to get GNOME running on the Apple M1, including "Firefox with YouTube video playback, the game Neverball, various KDE applications, and more," reports Phoronix. From the report: This is some great progress especially with the driver being written in Rust -- the first within the Direct Rendering Manager subsystem -- and lots of work there with the Rust infrastructure in early form. It won't be until at least Linux 6.2 before this driver could be mainlined while we'll see how quickly it tries to go mainline before it can commit to a stable user-space interface. At the moment there is also a significant driver "hack" involved but will hopefully be sorted out soon. Over in user-space, the AGX Gallium3D driver continues being worked on for OpenGL support with hopes of having OpenGL 2.1 completed by year's end. Obviously it will be longer before seeing the Apple graphics suitable for modern gaming with Vulkan, etc but progress is being made across the board in reverse-engineered, open-source Apple Silicon support under Linux. You can watch a video of the driver working here.

AMD engineer K Prateek Nayak recently uncovered that a 20 year old chipset workaround in the Linux kernel still being applied to modern AMD systems is responsible in some cases for hurting performance on modern Zen hardware. Fortunately, a fix is on the way for limiting that workaround to old systems and in turn helping with performance for modern systems. Phoronix reports: Last week was a patch posted for the ACPI processor idle code to avoid an old chipset workaround on modern AMD Zen systems. Since ACPI support was added to the Linux kernel in 2002, there has been a "dummy wait op" to deal with some chipsets where STPCLK# doesn't get asserted in time. The dummy I/O read delays further instruction processing until the CPU is fully stopped. This was a problem with at least some AMD Athlon era systems with a VIA chipset... But not a problem with newer chipsets of roughly the past two decades.

With this workaround still being applied to even modern AMD systems, K Prateek Nayak discovered: "Sampling certain workloads with IBS on AMD Zen3 system shows that a significant amount of time is spent in the dummy op, which incorrectly gets accounted as C-State residency. A large C-State residency value can prime the cpuidle governor to recommend a deeper C-State during the subsequent idle instances, starting a vicious cycle, leading to performance degradation on workloads that rapidly switch between busy and idle phases. One such workload is tbench where a massive performance degradation can be observed during certain runs."

At least for Tbench, this long-time, unconditional workaround in the Linux kernel has been hurting AMD Ryzen / Threadripper / EPYC performance in select workloads. This workaround hasn't affected modern Intel systems since those newer Intel platforms use the alternative MWAIT-based intel_idle driver code path instead. The AMD patch evolved into this patch by Intel Linux engineer Dave Hansen. That patch to limit the "dummy wait" workaround to old systems is already queued into TIP's x86/urgent branch. With it going the route of "x86/urgent" and for fixing a overzealous workaround that isn't needed on modern hardware, it's likely this patch will be submitted this week still for the Linux 6.0 kernel rather than needing to wait until the next (v6.1) merge window.