Speaking this week at the Linux Foundation's Open-Source Summit, Linus Torvalds talked up the possibilities of Rust within the Linux kernel and that it could be landing quite soon -- possibly even for the next kernel cycle. From a report: Linus Torvalds and Dirk Hohndel had their usual Open-Source Summit keynote/chat where Linus commented on Rust programming language code within the kernel. Torvalds commented that real soon they expect to have the Rust infrastructure merged within the kernel, possibly even for the next release -- meaning Linux 5.20. There hasn't yet been any Rust for Linux pull request sent in or merged yet, but things have begun settling down in the initial Rust enablement code for the kernel with the basic infrastructure, a few basic sample drivers, etc. Last month saw the most recent Rust Linux kernel patches posted that got more functionality into shape and additional reviews completed. As noted plenty of times before, this Rust support within the Linux kernel will remain optional when building the kernel depending upon whether you want the support or any of the kernel features to be implemented just in Rust code.

ZDNet is warning that Linux users need to watch out for "a new peer-to-peer (P2P) botnet that spreads between networks using stolen SSH keys and runs its crypto-mining malware in a device's memory." The Panchan P2P botnet was discovered by researchers at Akamai in March and the company is now warning it could be taking advantage of collaboration between academic institutions to spread by causing previously stolen SSH authentication keys to be shared across networks.

But rather than stealing intellectual property from these educational institutions, the Panchan botnet is using their Linux servers to mine cryptocurrency, according to Akamai... "Instead of just using brute force or dictionary attacks on randomized IP addresses like most botnets do, the malware also reads the id_rsa and known_hosts files to harvest existing credentials and use them to move laterally across the network...." Akamai found 209 peers, but only 40 of them are currently active and they were mostly located in Asia.

And why is the education sector more impacted by Panchan? Akamai guesses this could be because of poor password hygiene, or that the malware moves across the network with stolen SSH keys.
Akamai writes that the malware "catches Linux termination signals (specifically SIGTERM — 0xF and SIGINT — 0x2) that are sent to it, and ignores them.

"This makes it harder to terminate the malware, but not impossible, since SIGKILL isn't handled (because it isn't possible, according to the POSIX standard, page 313)."

An anonymous reader shares a report: Embedded and internet of things (IoT) devices are a growing category of computing, and with that growth has come expanded needs for security and manageability. One way to help secure embedded and IoT deployments is with a secured operating system, such as Canonical's Ubuntu Core. The Ubuntu Core provides an optimized version of the open-source Ubuntu Linux operating system for smaller device footprints, using an approach that puts applications into containers. On June 15, Ubuntu Core 22 became generally available, providing users with new capabilities to help accelerate performance and lock down security.

Ubuntu Core 22 is based on the Ubuntu 22.04 Linux operating system, which is Canonical's flagship Linux distribution that's made available for cloud, server and desktop users. Rather than being a general purpose OS, Ubuntu Core makes use of the open-source Snap container technology that was originally developed by Canonical to run applications. With Snaps, an organization can configure which applications should run in a specific IoT or embedded device and lock down the applications for security. Snaps provide a cryptographically authenticated approach for application updates.

"Ubuntu developers have been working on bringing up and improving support for the Starfive VisionFive," writes Phoronix, calling the $179 device "one of the most promising 'low-cost' RISC-V single board computers to date... intended to run full-blown RISC-V Linux distributions." The board comes in two varieties with 4GB or 8GB of system memory, powered by a dual-core SiFive U74 RV64 SoC @ 1.0GHz, an NVDLA deep learning accelerator engine, a Tensilica-VP6 Vision DSP, and a neural network engine.... Considering the performance of the much more capable HiFive Unmatched development board (that is also multiple times more expensive) and even that sometimes being outpaced by the Raspberry Pi, don't get too excited for the dual-core 1.0GHz RISC-V 64-bit SoC for general purpose workloads. But this VisionFive board may be interesting for some machine learning and other use-cases thanks to its additional accelerators.

It's also one of the few RISC-V boards capable of running a full Linux distribution in the sub-$200 space.

Since the upstream Linux 5.17 kernel there has been mainline support for the VisionFive v1 board. Ubuntu developers are working on enabling the StarFive VisionFive board for their RISC-V kernel build.

Ars Technica reports: Researchers have unearthed a discovery that doesn't occur all that often in the realm of malware: a mature, never-before-seen Linux backdoor that uses novel evasion techniques to conceal its presence on infected servers, in some cases even with a forensic investigation.

On Thursday, researchers and the BlackBerry Threat Research & Intelligence Team said that the previously undetected backdoor combines high levels of access with the ability to scrub any sign of infection from the file system, system processes, and network traffic. Dubbed Symbiote, it targets financial institutions in Brazil and was first detected in November.

Researchers for Intezer and BlackBerry wrote:

"What makes Symbiote different from other Linux malware that we usually come across, is that it needs to infect other running processes to inflict damage on infected machines. Instead of being a standalone executable file that is run to infect a machine, it is a shared object (SO) library that is loaded into all running processes using LD_PRELOAD (T1574.006), and parasitically infects the machine. Once it has infected all the running processes, it provides the threat actor with rootkit functionality, the ability to harvest credentials, and remote access capability...."

So far, there's no evidence of infections in the wild, only malware samples found online. It's unlikely this malware is widely active at the moment, but with stealth this robust, how can we be sure?
"When hooked functions are called, the malware first dynamically loads libc and calls the original function..." according to Blackberry's blog post. "If the calling application is trying to access a file or folder under /proc, the malware scrubs the output from process names that are on its list.... If the calling application is not trying to access something under /proc, the malware instead scrubs the result from a file list....

"Symbiote also has functionality to hide network activity on the infected machine."

An anonymous reader shares an excerpt from an opinion piece via The Register, written by longtime technology reporter and Linux enthusiast Steven J. Vaughan-Nichols: Recently, The Register's Liam Proven wrote tongue in cheek about the most annoying desktop Linux distros. He inspired me to do another take. Proven pointed out that Distrowatch currently lists 270 -- count 'em -- Linux distros. Of course, no one can look at all of those. But, having covered the Linux desktop since the big interface debate was between Bash and zsh rather than GNOME vs KDE, and being the editor-in-chief of a now-departed publication called Linux Desktop, I think I've used more of them than anyone else who also has a life beyond the PC. In short, I love the Linux desktop. Many Linux desktop distros are great. I've been a big Linux Mint fan for years now. I'm also fond, in no particular order, of Fedora, openSUSE, Ubuntu, and MX Linux. But you know what? That's a problem right there. We have many excellent Linux desktop distros, which means none of them can gain enough market share to make any real dent in the overall market.
[...]
Besides over 200 distros, there are 21 different desktop interfaces and over half-a-dozen different major ways to install software such as the Debian Package Management System (DPKG), Red Hat Package Manager (RPM), Pacman, Zypper, and all too many others. Then there are all the newer containerized ways to install programs including Flatpak, Snap, and AppImage. I can barely keep them all straight and that's part of my job! How can you expect ordinary users to make sense of it all? You can't. None of the major Linux distributors -- Canonical, Red Hat, and SUSE -- really care about the Linux desktop. Sure, they have them. They're also major desktop influencers. But their cash comes from servers, containers, the cloud, and the Internet of Things (IoT). The desktop? Please. We should just be glad they spend as many resources as they do on them.

Now, all this said, I don't want you to get the impression that I don't think the conventional Linux desktop is important. I do. In fact, I think it's critical. Microsoft, you see, is abandoning the traditional PC-based desktop. In its crystal ball, Microsoft sees Azure-based Desktop-as-a-Service (DaaS) as its future. [...] That means that the future of a true desktop operating system will lie in the hands of Apple with macOS and us with Linux. As someone who remembers the transition from centrally controlled mainframes and minicomputers to individually empowered PCs, I do not want to return to a world where all power belongs to Microsoft or any other company. "The Linux desktop will never be as big as Windows once was," writes Vaughan-Nichols in closing. "Between DaaS's rise and the fall of the desktop to smartphones, it can't be. But it may yet, by default, become the most popular true conventional desktop."

An anonymous reader quotes a report from Ars Technica: One of the few things that Intel Macs can do that Apple Silicon Macs can't is run operating systems written for Intel or AMD processors inside of virtual machines. Most notably, this has meant that there is currently no legal way to run Windows on an Apple Silicon Mac. Apple Silicon Macs can, however, run operating systems written for Arm processors inside of virtual machines, including other versions of macOS and Arm-compatible versions of Linux. And those Linux VMs are getting a new feature in macOS Ventura: the ability to run apps written for x86 processors using Rosetta, the same binary translation technology that allows Apple Silicon Macs to run apps written for Intel Macs.

Apple's documentation will walk you through the requirements for using Rosetta within a Linux guest operating system -- it requires creating a shared directory that both macOS and Linux can access and running some terminal commands in Linux to get it set up. But once you do those steps, you'll be able to enjoy the wider app compatibility that comes with being able to run x86 code as well as Arm code. Some developers, including Hector Martin of the Asahi Linux project and Twitter user @never_released, have already found that these steps can also enable Rosetta on non-Apple ARM CPUs as long as they're modern enough to support at least version 8.2 of the Arm instruction set. As Martin points out, this isn't strictly legal because of macOS's licensing restrictions, and there are some relatively minor Apple-specific hardware features needed to unlock Rosetta's full capabilities.

"Linux Mint is taking over development of Timeshift, a popular open-source backup tool," reports the blog OMG! Ubuntu: Anyone familiar with Mint will be familiar with this utility. Timeshift is, as the distro's own lead Clement Lefebvre says in the latest monthly update, a central plank in the system's backup and update 'strategy'.

Sadly, as happens, the creator of Timeshift is unable to keep working on it owing to other responsibilities. Not keen to see it stagnate, Mint says it 'got in touch' to see how they could help. Long story short: Linux Mint is assuming maintenance of the app henceforth.

And as part of the process Timeshift is becoming an official member of the XApp family (this is Mint's stable of home-grown software it designs and develops to be distro-agnostic for widest possible use).

The Register has unveiled their "cynic's guide to desktop Linux," which they ultimately concede is a snarky yet affectionate list of "the least bad distros."

For those who are "sick of Windows but can't afford a Mac," the article begins by addressing people who complain there's too many Linux distros to choose from. "We thought we'd simplify things for you by listing how and in which ways the different options suck." - The year of Linux on the desktop came and went, and nobody noticed — maybe because it doesn't say "Linux" on it. ChromeOS only runs on ChromeBooks and ChromeBoxes, but they outsold Macs for a while before the pandemic. "Flex" is the version for ordinary PCs... ChromeOS Flex works great, because it only does one thing: browse the web. You can't install apps, not even Android ones: only official kit does that. You can run Debian containers: if you know what that means, go run Debian. If you don't know what that means, trust us, you don't want to.

- Ubuntu is an ancient African word that means I can't configure Debian....

- Mint is an Ubuntu remix with knobs on. It was an also-ran for years, but when Ubuntu went all Mac-like it saw its chance and grabbed it — along with the number one spot in the charts. It dispenses with some of the questionable bits of recent Ubuntu, such as GNOME and Snaps, but replaces them with dodgy bits of its own, such as a confusing choice of not one, not two, but three Windows-like desktops, and overly cautious approaches to updates and upgrades.

- Debian is the daddy of free distros, and the one that invented the idea of a packaging tool that automatically installs dependencies. It's easier than it used to be, but mired in politics. It's sort of like Ubuntu, but more out of date, harder to install, and with fewer drivers. If that sounds just your sort of thing, go for it.
There's 10 snarky entries in all, zinging Fedora, openSUSE, Arch Linux, and Pop!_OS — as well as the various spinoffs of Red Hat Enterprise Linux. (The article calls Rocky Linux and AlmaLinux "RHEL with the serial numbers filed off.")

And there's also one final catch-call entry for "Tiny obscure distros. All of them."

Thanks to Slashdot reader AleRunner for sharing the link...

Older iPads with the Apple A7- and A8-based chips may soon be able to run Linux. "Developer Konrad Dybcio and a Linux enthusiast going by "quaack723" have collaborated to get Linux kernel version 5.18 booting on an old iPad Air 2, a major feat for a device that was designed to never run any operating system other than Apple's," reports Ars Technica. From the report: The project appears to use an Alpine Linux-based distribution called "postmarketOS," a relatively small but actively developed distribution made primarily for Android devices. Dybcio used a "checkm8" hashtag in his initial tweet about the project, strongly implying that they used the "Checkm8" bootrom exploit published back in 2019 to access the hardware. For now, the developers only have Linux running on some older iPad hardware using A7 and A8-based chips -- this includes the iPad Air, iPad Air 2, and a few generations of iPad mini. But subsequent tweets imply that it will be possible to get Linux up and running on any device with an A7 or A8 in it, including the iPhone 5S and the original HomePod.

Development work on this latest Linux-on-iDevices effort is still in its early days. The photos that the developers shared both show a basic boot process that fails because it can't mount a filesystem, and Dybcio notes that basic things like USB and Bluetooth support aren't working. Getting networking, audio, and graphics acceleration all working properly will also be a tall order. But being able to boot Linux at all could draw the attention of other developers who want to help the project.

Compared to modern hardware with an Apple M1 chip, A7 and A8-powered devices wouldn't be great as general-purpose Linux machines. While impressive at the time, their CPUs and GPUs are considerably slower than modern Apple devices, and they all shipped with either 1GB or 2GB of RAM. But their performance still stacks up well next to the slow processors in devices like the Raspberry Pi 4, and most (though not all) A7 and A8 hardware has stopped getting new iOS and iPadOS updates from Apple at this point; Linux support could give some of these devices a second life as retro game consoles, simple home servers, or other things that low-power Arm hardware is good for. Further reading: Linux For M1 Macs? First Alpha Release Announced for Asahi Linux

An anonymous reader shares a report: Last month, the open source community was abuzz with excitement following a shocking announcement from System76 that HP was planning to release a laptop running the Pop!_OS operating system. This was significant for several reasons, but most importantly, it was a huge win for Linux users as yet another hardware option was becoming available. Best of all, HP employees have been trained by System76 to offer high-quality customer support. If you aren't aware, System76 support is legendary.

At the time of the announcement, details about the hardware were a bit scarce, but I am happy to report we now have full system specifications for the 14-inch HP Dev One laptop. Most interestingly, there is only one configuration to be had. The developer-focused computer is powered by an octa-core AMD Ryzen 7 PRO 5850U APU which features integrated Radeon graphics. The notebook comes with 16GB RAM and 1TB of NVMe storage, both of which can be user-upgraded later if you choose. The laptop is priced at $1,099.

Lotus-1-2-3, an ancient spreadsheet program from Lotus Software (and later IBM), has been ported to a new operating system. drewsup writes: As reported by The Register, a Lotus 1-2-3 enthusiast called Tavis Ormandy (who is also a bug-hunter for Google Project Zero), managed to successfully port the program onto Linux, which seems to be quite the feat of reverse engineering. It's important to stress that this isn't an emulated program, but rather the original 1990 Lotus 1-2 -- for x86 Unix running natively on modern x86 Linux.

"Researchers at Trend Micro have discovered some new Linux-based ransomware that's being used to attack VMware ESXi servers," reports CSO Online. (They describe the ESXi servers as "a bare-metal hypervisor for creating and running several virtual machines that share the same hard drive storage.") Called Cheerscrypt, the bad app is following in the footsteps of other ransomware programs — such as LockBit, Hive and RansomEXX — that have found ESXi an efficient way to infect many computers at once with malicious payloads.

Roger Grimes, a defense evangelist with security awareness training provider KnowBe4, explains that most of the world's organizations operate using VMware virtual machines. "It makes the job of ransomware attackers far easier because they can encrypt one server — the VMware server — and then encrypt every guest VM it contains. One compromise and encryption command can easily encrypt dozens to hundreds of other virtually run computers all at once."

"Most VM shops use some sort of VM backup product to back up all guest servers, so finding and deleting or corrupting one backup repository kills the backup image for all the hosted guest servers all at once," Grimes adds....

The gang behind Cheerscrypt uses a "double extortion" technique to extract money from its targets, the researchers explain. "Security Alert!!!" the attackers' ransom message declares. "We hacked your company successfully. All files have been stolen and encrypted by us. If you want to restore your files or avoid file leaks, please contact us."

ZDNet writes that in late 2020 Red Hat decided "they'd no longer release CentOS Linux as a standalone distribution. Instead, CentOS Stream would work as a beta for RHEL."

So where are we now? The competition immediately sprang up to replace CentOS. The two most important of these are the AlmaLinux OS Foundation's AlmaLinux and Rocky Enterprise Software Foundation's Rocky Linux. [May 16th saw the release of Rocky Linux 8.6.] Now, mere weeks after the release of RHEL 9, AlmaLinux 9 has arrived.

Like RHEL itself, AlmaLinux 9 starts from CentOS Stream via RHEL. Indeed, AlmaLinux developers are CentOS Stream contributors. The bottom line is that CentOS 9 is an identical twin to RHEL 9 — except for the names and trademarks. It has all the same features, all the same advances, and, for better or worse, all the same bugs.
Besides the big server architectures, AlmaLinux is also ready to run on everything from cloud and Docker images to Microsoft's Windows Subsystem for Linux and Raspberry Pi, the article points out.

And Jack Aboutboul, AlmaLinux's Community Manager, tells ZDNet "We are building AlmaLinux with the specific goal of creating an independent CentOS successor that is truly community-centric and designed for everyone... We offer everyone a uniform platform that is safe, secure, easy to use, and dependable to build your tomorrow on."

"Let's popularize image-based OSes," writes Lennart Poettering, "with modernized security properties built around immutability, SecureBoot, TPM2, adaptability, auto-updating, factory reset, uniformity — built from traditional distribution packages, but deployed via images."

Or, as the Register puts it, the Systemd Linux init system "continues to grow and develop, as does Linux itself." They delve into the rationale for the new systemd-sysupdate and kernel-install features, noting "The former is still described as an experimental feature, so relax — for now." No, this does not mean that systemd is becoming a package manager. Like it or not, though, the nature of operating systems is changing. Modern ones are large, complex, and need regular updates, and as The Register has examined in depth recently, this means that the design of Linux distributions is changing radically....

ChromeOS doesn't have a package manager; neither do Fedora's Silverblue and Kinoite versions. You get a tested, known-good image of the OS. Updates are distributed as a complete image, like they are today with Android or iOS. ChromeOS has two root partitions: one live and one spare. The currently running OS updates the spare partition, then you reboot into that one. If everything works, it updates the now-idle second root partition. If it doesn't all work perfectly, then you still have the previous version available to use, and you can just reboot into that again. When a fixed image becomes available, the OS automatically tries again on the spare instance.

The idea is that you always have a known-good OS partition available, which sounds like a benefit to us. Presumably the users are happy too: Chromebook sales may be down, and they only have a fixed lifespan, but there are still well over a hundred million of them out there.

So, no, systemd is not going to become a package manager, because ordinary distros won't have a package manager at all, except maybe Flatpak, or Snap or something similar. The new functionality, including managing installed kernels, is to facilitate A/B type dual-live-system partitions.

For some insight into this vision, Lennart Poettering, lead architect of systemd, has described this in a blog post titled "Bringing Everything Together."
Other updates include "changes to systemd-networkd, such as systemd-resolved starting earlier in the boot sequence, and more cautious allocation of default routes," the article points out, adding that new releases of systemd "ppear roughly twice a year, so the chances are that this will appear in the fall releases of Ubuntu and Fedora...

"If you still prefer to avoid systemd, don't despair. There are still a selection of distros that eschew it altogether, including Devuan GNU+Linux, Alpine Linux, and Void Linux.

With the latest preview patch, Windows Server 2022 now supports WSL2 Linux distros, the Register reports: The move ends an odyssey that began with the arrival of the Windows Subsystem for Linux (WSL) 2 on Windows 10 several years ago and with users' calls for Windows Server to get the same treatment. The change is also somewhat of an about-face from Microsoft. In 2021, in response to pleas from users to backport the tech to Windows Server 2019, [Principal program manager for Windows Server Jeff] Woolsey described WSL in early 2021 as "fantastic for dev" and "perfect for Windows client" but warned: "If we put it in Windows Server, people will use it in production scenarios for which it isn't intended." The approved path was to spin up a full Linux VM. Quite a bit heftier than the lighter-weight WSL2.

Signs of Microsoft listening to feedback showed up earlier this year, as Microsoft Program Manager Craig Loewen "clarified" that WSL2 distros would work on Windows Server version 2004 and 20H2, although the LTSC versions found in many data centers remained free of WSL2. Until this week, that is.
TechRadar provides some context: WSL 2, which was originally released in May 2019 (opens in new tab), uses virtualization technology to run an open source Linux kernel inside of a lightweight utility virtual machine (VM). This empowers Windows users to run popular Linux apps such as Docker. Microsoft claims that unlike a traditional VM experience — which it says can be slow to boot up, is isolated, consumes a lot of resources, and requires your time to manage it — WSL 2 does not have these attributes....

The KB5014021 update is currently optional, but will be automatically rolled out to users next month....

Windows Server updates have not been without issues in recent months, however, with Microsoft having to address various problems caused by the January 2021 Patch Tuesday updates. The company issued an emergency out-of-band update to address bugs that forced domain controllers to reboot endlessly, broke Hyper-V, and rendered ReFS volumes inaccessible while showing them as RAW file systems.

Mike Bouma writes: Despite being expensive and having been sold out for quite some time at the main Amiga Dealers, two days after Linus Torvalds' release of Linux 5.18, Christian "xeno74" Zigotzky made the latest PPC kernel available for the AmigaOne X1000/X5000. Here and here are some screenshots. Linux PPC performs well on AmigaOne computers. For example, here is a 5-year-old YouTube AmigaOne X5000 demonstration video.

UnknowingFool writes: The current Linux kernel in development, 5.19, added 495,793 new lines of code for graphic driver updates. David Airlie sent in the new lines as part of Direct Rendering Manager (DRM) subsystem of Linux. The majority of additions were for AMD's RDNA and CDNA platforms but Intel also submitted changes for their DG2 graphics as well. Updates also came from Qualcomm and MediaTek for their GPU offerings.

UnknowingFool writes: This weekend, Miguel Ojeda, added support for a set of additional Rust patches in the kernel and separately a new version of Uutils which is the Rust version of GNU CoreUtils. These changes will go towards more inclusion of Rust into Linux. The v7 patches adds in abstractions used by Rust and the Uutils update contained fixes and addresses compatibility issues.

"In the last six months, we observed a 254% increase in activity from a Linux trojan called XorDdos," writes the Microsoft 365 Defender Research Team. It's a trojan combining denial-of-service functionality with XOR-based encryption for communication.

Microsoft calls it part of "the trend of malware increasingly targeting Linux-based operating systems, which are commonly deployed on cloud infrastructures and Internet of Things devices." And ZDNet describes the trojan "one of the most active Linux-based malware families of 2021, according to Crowdstrike." XorDdos conducts automated password-guessing attacks across thousands of Linux servers to find matching admin credentials used on Secure Shell (SSH) servers... Once credentials are gained, the botnet uses root privileges to install itself on a Linux device and uses XOR-based encryption to communicate with the attacker's command and control infrastructure.

While DDoS attacks are a serious threat to system availability and are growing in size each year, Microsoft is worried about other capabilities of these botnets. "We found that devices first infected with XorDdos were later infected with additional malware such as the Tsunami backdoor, which further deploys the XMRig coin miner," Microsoft notes... Microsoft didn't see XorDdos directly installing and distributing the Tsunami backdoor, but its researchers think XorDdos is used as a vector for follow-on malicious activities...

XorDdoS can perform multiple DDoS attack techniques, including SYN flood attacks, DNS attacks, and ACK flood attacks.
Microsoft's team warns that the trojan's evasion capabilities "include obfuscating the malware's activities, evading rule-based detection mechanisms and hash-based malicious file lookup, as well as using anti-forensic techniques to break process tree-based analysis.

"We observed in recent campaigns that XorDdos hides malicious activities from analysis by overwriting sensitive files with a null byte. It also includes various persistence mechanisms to support different Linux distributions."