ZDNet reports there's more than just the one Microsoft-created Linux distribution for internal use only called CBL (Common Base Linux) Mariner.

"It turns out there's another Microsoft-developed Linux distribution that's also for internal use that's known as CBL-Delridge or CBL-D." I discovered the existence of CBL-D for the first time this week in a rather round-about way. I stumbled onto a February 2 blog post from Hayden Barnes. a Senior Engineering Manager at SuSE who led the Windows on Rancher engineering team, which traced his steps in discovering and building his own image of CBL-D. Barnes noted that Microsoft published CBL-Delridge in 2020, the same year that it also published CBL-Mariner. The main difference between the two: Delridge is a custom Debian derivative, while Mariner is a custom Linux From Scratch-style distribution.

CBL-D powers Azure's Cloud Shell. The Azure Cloud Shell provides a set of cloud-management tools packaged in a container. In a note on the GitHub repo for the Cloud Shell, officials noted that "the primary difference between Debian and CBL-D is that Microsoft compiles all the packages included in the CBL-D repository internally. This helps guard against supply chain attacks...."

CBL-Mariner and CBL-Delridge are just two of the Microsoft-developed Linux-related deliverables from the Linux Systems Group. Others include the Windows Subsystem for Linux version 2 (WSL2), which is part of Windows 10; an Azure-tuned Linux kernel which is designed for optimal performance as Hyper-V guests; and Integrity Policy Enforcement (IPE), a proposed Linux Security Module (LSM) from the Enterprise and Security team.

Red Hat's CEO/president Paul Cormier assessed the last two years in a speech at this week's Red Hat Summit. "Globally we saw nearly every industry go to 100% remote working overnight." Regardless of industry and size, organizations learned to operate virtually and on-demand. Companies needed to deliver goods and services to customers without a set brick-and-mortar footprint. We saw new tech hubs emerge in unlikely places because workers we no longer bound by needing to be based in specific cities. Newly-remote workers realized that they didn't have to be tied to a physical office, and organizations focused on hiring new talent based on skill and not location.

These are not insignificant achievements, and while this way of working was unfamiliar to those who were forced to adapt during the pandemic, to the open source world, it was just another day.

Every open source project is worked on remotely and has been since their inception. Just look at the Linux Foundation, which supports more than 2,300 projects. There were more than 28,000 active contributors to these projects in 2021, adding more than 29 million lines of code each week and with community participants coming from nearly every country around the globe. Most of these contributors will never meet face to face, but they are still able to drive the next generation of open technologies.

Whether we realized it or not, our accomplishments during the pandemic brought us closer to the open source model, and this is why open source innovation is now driving much of the software world. Through this new way of working, we saw new revenue streams, found new ways to become more efficient, and discovered new ways to engage with our customers. As we approach what, hopefully, is the tail end of an incredibly difficult few years, it's time to accelerate. It's time to take the lessons that we learned and applied as we transformed to digital-first and use them to improve our businesses, cultures and global communities.

The term "new normal" is now used like it's pre-determined and static. It isn't. You get to define your new normal. What do you want your business to look like? How do you want to embrace the next generation of IT?

"CIQ has landed $26 million in funding to support its plans to expand the use of Rocky Linux in the enterprise space," reports ZDNet. Last year, Red Hat decided to stop supporting CentOS 8 and shifted focus to CentOS Stream. CentOS had some huge enterprise users, among them Disney, GoDaddy, RackSpace, Toyota, and Verizon. In response, Greg Kurtzer, one of CentOS's founders, kicked off Rocky Linux in December 2020.... Kurtzer says Rocky Linux adoption has been "massive", with monthly downloads of OS images typically 250,000, reaching 750,000 in a bumper month. "Within two months we had 10,000 developer and contributors trying to be part of this project...."

The project has gained the support of Greg Kroah-Hartman, the maintainer of the main-line stable Linux kernel, to meet community demands for Rocky Linux to run on a more modern, optimized kernel, Kurtzer said. Kroah-Hartman is leading Rocky Linux special interest group (SIG) for the kernel to create an optional enhanced kernel for Rocky Linux. "He's working closely with us to make sure the kernel we use is blessed by him. He's in the loop as bugs come up and help us manage that kernel in Rocky Linux," says Kurtzer.
"Moreover, today's news follows shortly after CIQ inked a major deal with Google to help support companies looking to deploy Rocky Linux on Google's cloud infrastructure," reports VentureBeat.

Kurtzer tells the site that Rocky Linux "has been a rocket ship in terms of uptake across the enterprise and cloud."

Nvidia is publishing their Linux GPU kernel modules as open-source and will be maintaining it moving forward. Phoronix's Michael Larabel reports: To much excitement and a sign of the times, the embargo has just expired on this super-exciting milestone that many of us have been hoping to see for many years. Over the past two decades NVIDIA has offered great Linux driver support with their proprietary driver stack, but with the success of AMD's open-source driver effort going on for more than a decade, many have been calling for NVIDIA to open up their drivers. Their user-space software is remaining closed-source but as of today they have formally opened up their Linux GPU kernel modules and will be maintaining it moving forward. [...] This isn't limited to just Tegra or so but spans not only their desktop graphics but is already production-ready for data center GPU usage.

"Developers of the Deno JavaScript and TypeScript runtime are exploring the possibility of JavaScript containers — and the JavaScript sandbox itself — as a higher-level alternative to Linux containers," reports InfoWorld, citing a blog post by Node.js and Deno creator Ryan Dahl: Dahl also noted that Docker popularized the use of Linux containers, with operating system-level virtualization for distributing server software. Each container image is a dependency-free, ready-to-run software package. But browser JavaScript offers a similar hermetic environment at a higher level of abstraction, he said.

Dahl said he expects JavaScript container technology to unfold over the next couple of years.
In the blog post Dahl says scripting languages are "all pretty much the same" — but that JavaScript is "by far more widely used and future proof." [A JavaScript sandbox container] isn't meant to address the same breadth of problems that Linux containers target. Its emergence is a result of its simplicity. It minimizes the boilerplate for web service business logic. It shares concepts with the browser and reduces the concepts that the programmer needs to know. (Example: when writing a web service, very likely any systemd configuration is just unnecessary boilerplate.)

Every web engineer already knows JavaScript browser APIs. Because the JavaScript container abstraction is built on the same browser APIs, the total amount of experience the engineer needs is reduced. The universality of Javascript reduces complexity.... In this emerging server abstraction layer, JavaScript takes the place of Shell. It is quite a bit better suited to scripting than Bash or Zsh. Instead of invoking Linux executables, like shell does, the JavaScript sandbox can invoke Wasm.... Maybe the majority of "web services" can be simplified by thinking in terms of JavaScript containers, rather than Linux containers.

At Deno we are exploring these ideas; we're trying to radically simplify the server abstraction. We're hiring if this sounds interesting to you.

The Register noted this week that two "unofficial" Ubuntu remixes "came out on the same day as the official flavors."

- Ubuntu Cinnamon (Linux Mint's flagship desktop environment)

- Ubuntu Unity, a revival of what used to be the official Ubuntu desktop by Ubuntu team member Rudra B. Saraswat (described the Register as "a 12-year-old wunderkind") Ubuntu Cinnamon is the older of the two and first appeared in 2019, while Ubuntu Unity came out in May 2020, soon after the release of Ubuntu 20.04.

Ubuntu Unity....has the macOS-like desktop that was Ubuntu's standard offering from 2011 until the company pensioned it off in 2017.... Ubuntu Unity is as free as Ubuntu itself, and the new remix continues to evolve. In 22.04, most of the GNOME-based accessory apps have been replaced with the MATE equivalents, such as the Pluma text editor and Atril document viewer. (A handful remain, such as the GNOME system monitor rather than the MATE one, but the differences are trivial.) The System Settings app is the original Unity one, and the Unity Tweaks app comes pre-installed.... The new "Jammy Jellyfish" version of Ubuntu Unity also adds support for Flatpak packages alongside Ubuntu's native Snap packages. To do this, it replaces Ubuntu's Software Store with version 41.5 of GNOME Software. Interestingly, this also supports Snap packages, so sometimes, when you search for a package, you might get multiple results: one for the OS-native DEB package, possibly one for a Flatpak, and maybe a Snap version too....

[I]f you dislike both the Unity and GNOME desktops and want something more Windows-like, but you don't mind GNOME's CSD windows, then Joshua Peisach's Ubuntu Cinnamon remix may appeal. Cinnamon is the default desktop of both Ubuntu-based Linux Mint and its Debian variant. Ubuntu Cinnamon combines the latest upstream version of Mint's Cinnamon desktop, 5.2.7, with the standard app selection of upstream Ubuntu. This means most of its apps lack menu bars, except for the Nemo file manager and LibreOffice. For these classic-style apps, the Ubuntu Cinnamon distro has tweaked the GNOME title-bar layout to be more Windows-like: minimize/maximize/close buttons at top right, and a window-management menu at top left....

Cinnamon's roots as a fork of GNOME 3 do offer a significant potential feature that MATE, Xfce and indeed Unity cannot do: fractional scaling. This is clearly labelled as an experimental feature, and in testing, we couldn't get it to work, so for now, this remains a theoretical advantage.... These caveats aside, though, Ubuntu Cinnamon is maturing nicely in the new version. While Ubuntu and Ubuntu Unity are now purple-toned, Ubuntu Cinnamon has switched to a restrained theme in shades of dark orange and brown, which reminded us of the tasteful earth-toned Ubuntu of the old GNOME 2 days...

Both these desktops are X.11-based, so there's not a trace of Wayland in either distro. Both also benefit from having working 3D acceleration.
Both remixes "are aiming for inclusion as official Ubuntu flavors," the article points out.

But then again, "There are dozens of Ubuntu remixes and flavors out there. The official Ubuntu Derivatives page links to 30, and DistroWatch has more than five times as many, including many which are no longer maintained."

Fedora project leader Matthew Miller spoke to TechRepublic's Jack Wallen this week, sharing some thoughts on the future of Linux — and on open source in general: Matthew Miller: I think it's a lost cause to try to "sell" our quirky technology interest to people who don't see it already. We need to take a different approach.... I think our message, at its root, has to be around open source.... [W]ith Linux, when you install an open-source distro, you're not just part of a fan community. You're part of a colossal, global effort that makes software more available to everyone, makes that software better and better, and makes the whole world better through sharing... Just by using it you're sharing in this amazing undertaking, part of a move away from scarcity to an economy based on abundance....

Jack Wallen: What's the biggest difference in Linux today vs. Linux of 10 years ago?

Matthew Miller: I think first we have to start with just the amazing ubiquity of it. Ten years ago, it was cute to find a TV that ran Linux. Now, not only is it definitely powering your TV, you've probably got Linux running on your lightbulbs! It's everywhere. And while Linux had pushed proprietary Unix from the server room, ten years ago Windows-based servers were pushing back. The cloud changed that — now, the cloud is Linux, almost completely. (Anything that isn't is a legacy app that it was too much trouble to port!) From tiny devices to the most powerful mainframes and supercomputers: Linux, Linux, Linux....

Jack Wallen: If Linux has an Achilles' heel, what is it?

Matthew Miller: Linux and the whole free and open-source software movement grew up with the rise of the internet as an open communication platform. We absolutely need that to continue in order to realize our vision, and I don't think we can take it for granted.

That's more general than an Achilles' heel, though, so right now let me highlight one thing that I think is troubling: Chrome becoming the dominant browser to the point where it's often the only way to make sites work. Chromium (the associated upstream project) is open source, but isn't really run as a community project, and, pointedly, very very few people run Chromium itself. I'd love to see that change, but I'd also like to see Firefox regain a meaningful presence.
Miller also said Fedora's next release is focused on simplicity. ("When the OS gets in the way, it drops from the conversation I want to have about big ideas to ... well, the boring technical details that people never want to deal with")

And he also shared his thoughts on what Linux needs most. "What I'd really like to see more of are more non-technical contributors. I mean, yes, we can always benefit from more packagers and coders and engineers, but I think what we really need desperately are writers, designers, artists, videographers, communicators, organizers and planners. I don't think big companies are likely to provide those things, at least, not for the parts of the Linux world which aren't their products."

"We need people who think the whole grand project I've been talking about is important, and who have the skills and interests to help make it real."

An anonymous reader quotes a report from Ars Technica: Vulnerabilities recently discovered by Microsoft make it easy for people with a toehold on many Linux desktop systems to quickly gain root system rights -- the latest elevation of privileges flaw to come to light in the open source OS. [...] Nimbuspwn, as Microsoft has named the EoP threat, is two vulnerabilities that reside in the networkd-dispatcher, a component in many Linux distributions that dispatch network status changes and can run various scripts to respond to a new status. When a machine boots, networkd-dispatcher runs as root. [...] A hacker with minimal access to a vulnerable desktop can chain together exploits for these vulnerabilities that give full root access. [The step-by-step exploit flow can be found in the article. The researcher also was able to gain persistent root access using the exploit flow to create a backdoor.]

The proof-of-concept exploit works only when it can use the "org.freedesktop.network1" bus name. The researcher found several environments where this happens, including Linux Mint, in which the systemd-networkd by default doesn't own the org.freedodesktop.network1 bus name at boot. The researcher also found several processes that run as the systemd-network user, which is permitted to use the bus name required to run arbitrary code from world-writable locations. The vulnerable processes include several gpgv plugins, which are launched when apt-get installs or upgrades, and the Erlang Port Mapper Daemon, which allows running arbitrary code under some scenarios. The vulnerability has been patched, although it's unclear which version of Linux the patch is in.

UnknowingFool writes: In 2020, Paragon Software announced they wanted to upstream their previously proprietary NTFS driver into Linux. After a year of review, the NTFS3 driver was added to the Linux 5.15 kernel. While Paragon pledged to maintain their driver, there have been no major updates to the driver despite a growing list of patches that have submitted. Developer Kari Argillander has raised his concerns on the mailing list that the driver is orphaned, and that the Paragon maintainer has not responded to any messages about fixes. An offer to co-maintain the driver has also been met with "radio silence".

"We have worked on Overgrowth for 14 years," begins their new announcement. Development first began in 2008, and the game runs on Windows, macOS and Linux platforms. Overgrowth's page on Wikipedia describes the realistic 3D third-person action game as "set in a pre-industrial world of anthropomorphic fighter rabbits, wolves, dogs, cats and rats."

And now, "Just like they did with some earlier games, Wolfire Games have now open sourced the game code for Overgrowth," reports GamingOnLinux. "[J]ump, kick, throw, and slash your way to victory.... The source code is available on GitHub. You can buy it on Humble Store and Steam."

The Overwatch site adds as a bonus that "we're also permanently reducing the game's price by a third worldwide" (so U.S. prices drop from $29.99 to $19.99).

"Only the code is getting open sourced," the announcement notes, "not the art assets or levels, the reason is that we don't want someone to build and sell Overgrowth as their own." Wolfire CEO Max Danielsson explains in a video that "you'll still have to own the game to play and mod it." "What it does mean, however, is that everyone will have full and free access to all our source code, including the engine, project files, scripts, and shaders.

"We'll be releasing it under the Apache 2.0 license, which allows you to do whatever you want with the code, including relicensing and selling it, with very few obligations. We tried to keep this easy...

"This isn't the next big engine. We don't intend to compete with any other great open source game engines like Godot, which is a great option if you're looking for a general-purpose game engine. But if you're interested in looking at what shipped game code can look like, want to look at specific code, like the procedural animation system, or if you're an Overgrowth modder who wants to make an involved total conversion mod, then this is for you.
"We have wanted to open source Overgrowth for a long time," says the announcement on Wolfire's site, "and we are incredibly grateful to our team and community for making this happen.

"We are excited to see what people do with this code and we look forward to the spirit of Overgrowth living on for another 14 years."

Dirk Hohndel gets frequently mentioned on Slashdot. He was a very early contributor to Linux (and for the last five years the chief open source officer and vice president at VMware). But he's also the guy who interviews Linus Torvalds in the keynote sessions of Open Source Summits.

Hohndel "has a well known track record with Linux going back to the 1990's," reports Phoronix, and was even a member of the Linux Foundation Board of Directors.

But they add that now Hohndel has "somewhat surprisingly has moved on to promoting a blockchain effort."

Dirk Hohndel was CTO at SUSE going back to the mid-90's before joining Intel for a fifteen year run that ended in 2016 where he was Intel's Chief Linux and Open-Source Technologist...

When Dirk left VMware unexpectedly at the beginning of the year, he wrote on LinkedIn that he felt he completed his job at the company in driving open-source transformation. He was leaving to go "look for the next opportunity, the next step in my career" and now it apparently is with blockchain. The surprising news today is that he's joined the Cardano Foundation. The Cardano Foundation is a Swiss-based foundation built around the Cardano public blockchain platform. Cardano is open-source and is the most notable proof-of-stake blockchain that was started by Ethereum co-founder Charles Hoskinson. Cardano has its own cryptocurrency, ADA....

Dirk will be serving as the Cardano Foundation's Chief Open-Source Officer.
Interestingly, Linus Torvalds appears to be less enthralled with blockchain technologies. Last year ZDNet reported on the reaction when Linux Foundation executive director Jim Zemlin suggested Torvalds sell an NFT of the 1991 email that first announced Linux to the world.

"An amused and appalled Torvalds replied, "I'm staying out of the whole craziness with crypto and NFTs. Those people are cuckoo!"

A headline at Hot Hardware calls it "a sexy Linux laptop with deep learning chops... being pitched as the world's most powerful laptop for machine learning workloads."

And here's how Ars Technica describes the Razer x Lambda Tensorbook (announced Tuesday): Made in collaboration with Lambda, the Linux-based clamshell focuses on deep-learning development. Lambda, which has been around since 2012, is a deep-learning infrastructure provider used by the US Department of Defense and "97 percent of the top research universities in the US," according to the company's announcement. Lambda's offerings include GPU clusters, servers, workstations, and cloud instances that train neural networks for various use cases, including self-driving cars, cancer detection, and drug discovery.

Dubbed "The Deep Learning Laptop," the Tensorbook has an Nvidia RTX 3080 Max-Q (16GB) and targets machine-learning engineers, especially those who lack a laptop with a discrete GPU and thus have to share a remote machine's resources, which negatively affects development.... "When you're stuck SSHing into a remote server, you don't have any of your local data or code and even have a hard time demoing your model to colleagues," Lambda co-founder and CEO Stephen Balaban said in a statement, noting that the laptop comes with PyTorch and TensorFlow for quickly training and demoing models from a local GUI interface without SSH. Lambda isn't a laptop maker, so it recruited Razer to build the machine....

While there are more powerful laptops available, the Tensorbook stands out because of its software package and Ubuntu Linux 20.04 LTS.
The Verge writes: While Razer currently offers faster CPU, GPU and screens in today's Blade lineup, it's not necessarily a bad deal if you love the design, considering how pricey Razer's laptops can be. But we've generally found that Razer's thin machines run quite hot in our reviews, and the Blade in question was no exception even with a quarter of the memory and a less powerful RTX 3060 GPU. Lambda's FAQ page does not address heat as of today.

Lambda is clearly aiming this one at prospective MacBook Pro buyers, and I don't just say that because of the silver tones. The primary hardware comparison the company touts is a 4x speedup over Apple's M1 Max in a 16-inch MacBook Pro when running TensorFlow.
Specifically, Lambda's web site claims the new laptop "delivers model training performance up to 4x faster than Apple's M1 Max, and up to 10x faster than Google Colab instances." And it credits this to the laptop's use of NVIDIA's GeForce RTX 3080 Max-Q 16GB GPU, adding that NVIDIA GPUs "are the industry standard for parallel processing, ensuring leading performance and compatibility with all machine learning frameworks and tools."

"It looks like a fine package and machine, but pricing starts at $3,499," notes Hot Hardware, adding "There's a $500 up-charge to have it configured to dual-boot Windows 10."

The Verge speculates on what this might portend for the future. "Perhaps the recently renewed interest in Linux gaming, driven by the Steam Deck, will push Razer to consider Linux for its own core products as well."

The Fedora 37 development team is considering dropping support for non-UEFI BIOS. Linuxiac reports: The Unified Extensible Firmware Interface, or UEFI, is a modern method of handling the boot process. UEFI is similar to Legacy; however, the boot data is stored in a .efi file rather than the firmware. In the case of Fedora, while the change may take some time, the new Fedora x86_64 installations will no longer work on non-UEFI platforms. On x86_64 architectures, Fedora 37 will mark legacy BIOS installation as deprecated in favor of UEFI. While systems already using Legacy BIOS to boot will continue to be supported, new Legacy BIOS installations on these architectures will be impossible.

UnknowingFool writes: Google has proposed a change on how Linux kernel handles shutdowns specifically when NVMe drives are used. The issue that Google is finding is that the current NVMe drivers use synchronous APIs when shutting down and it can take 4.5 seconds for each NVMe drive. For a system with 16 NVMe drives that could take more than a minute longer. While this is a problem that only large enterprise systems face currently, more enterprises are replacing their mechanical disk RAID servers with SSD ones.

[...] The proposed patches from Google allow for an optional asynchronous shutdown interface at the bus level. The new interface maintains backwards compatibility with the synchronous implementation. As part of the patches, all PCI Express based devices are moved to use the async interface, implements the changes at the PCIe level, and then the changes to the NVMe driver to exploit the async shutdown interface.

"Rolling Rhino is a tool long ago created by Martin Wimpress, who until recently was part of the Canonical team," one Linux blog pointed out recently. "What it does is basically change the repositories of the DailyLive developers...."

Neowin sees it as a competitive advantage. After more than 17 years, there's a way to get a Ubuntu distro offering the same "rolling" release cycles that helped popularize Arch Linux: While there are many positive qualities that would draw a user into the world of Arch, its headlining feature would be the one that remains the most relevant in today's world of continuous integration and delivery and that's its rolling release strategy. While I don't think Judd Vinet could have predicted the proliferation of DevOps or the massive shift to cloud computing, it must be interesting to see that the entire industry is following the Arch strategy in all sorts of different places. One could even argue that Microsoft Windows has become a rolling release.

While many of Arch's contemporaries have joined the fray, one notable open-source giant has yet to make the leap.

Rolling Rhino looks to change that by converting Ubuntu into a rolling release.
Thanks to Slashdot reader segaboy81 for submitting the story...

An anonymous reader quotes a report from Ars Technica: For months, a small group of volunteers has worked to get this Arch Linux-based distribution up and running on Apple Silicon Macs, adapting existing drivers and (in the case of the GPU) painstakingly writing their own. And that work is paying off -- last week, the team released its first alpha installer to the general public, and as of yesterday, the software supports the new M1 Ultra in the Mac Studio. In the current alpha, an impressive list of hardware already works, including Wi-Fi, USB 2.0 over the Thunderbolt ports (USB 3.0 only works on Macs with USB-A ports, but USB 3.0 over Thunderbolt is "coming soon"), and the built-in display. But there are still big features missing, including DisplayPort and Thunderbolt, the webcam, Bluetooth, sleep mode, and GPU acceleration. That said, regarding GPU acceleration, the developers say that the M1 is fast enough that a software-rendered Linux desktop feels faster on the M1 than a GPU-accelerated desktop feels on many other ARM chips.

Asahi's developers don't think the software will be "done," with all basic M1-series hardware and functionality supported and working out of the box, "for another year, maybe two." By then, Apple will probably have introduced another generation or two of M-series chips. But the developers are optimistic that much of the work they're doing now will continue to work on future generations of Apple hardware with relatively minimal effort. [...] If you want to try Asahi Linux on an M1 Mac, the current installer is run from the command line and requires "at least 53GB of free space" for an install with a KDE Plasma desktop. Asahi only needs about 15GB, but the installer requires you to leave at least 38GB of free space to the macOS install so that macOS system updates don't break. From there, dual-booting should work similarly to the process on Intel Macs, with the alternate OS visible from within Startup Disk or the boot picker you can launch when your start your Mac. Future updates should be installable from within your new Asahi Linux installation and shouldn't require you to reinstall from scratch.

Slashdot reader mmanciop reminded us that Ubuntu released a new version of its "circle of friends" logo this week (which its designer says gives it "a more contemporary look and feel.")

From the Ubuntu blog: We proudly present to you the transformation of the Circle of Friends logo for Ubuntu. The new logo isn't a revolution; rather, it's an evolution of the Circle of Friends. As you can see at the top of the post, the classic white-on-orange colour scheme hasn't changed. But the new version sports sleek lines which bind the Circle of Friends even more closely together.

While it is important to have a respectful continuity with the previous Circle of Friends, the updated version is leaner, more focused, more sophisticated. It also makes a little more sense that the heads are now inside the circle, facing each other and connecting more directly. The rectangular orange tag is a break from the conventional square or circle, as it allows for the boldness of the orange to express itself and provides a recognisable colourful mark across media. Finally, the logo moves from a tiny superscript to a large, dynamic and leading presence.

Some might wonder why we had to touch the Ubuntu logo at all. As one can imagine, it is a daunting honour to work on something so many of us have such a strong connection to. But in the end, a logo should match what it represents. Similar to how Ubuntu continues to evolve and adapt to new uses in technology, its logo should follow suit to encapsulate and reflect such ongoing change.
For comparison, here's the original logo.

Share your reactions in the comments. (For example, how do you think it compares to other logos?) Do you like it more or less than, say, the logo for Raku?

An anonymous Slashdot reader summarizes some important news from the web page of Jason Donenfeld (creator of the open-source VPN protocol WireGuard): The Linux kernel's random number generator has seen its first set of major improvements in over a decade, improving everything from the cryptography to the interface used. Not only does it finally retire SHA-1 in favor of BLAKE2s [in Linux kernel 5.17], but it also at long last unites '/dev/random' and '/dev/urandom' [in the upcoming Linux kernel 5.18], finally ending years of Slashdot banter and debate:

The most significant outward-facing change is that /dev/random and /dev/urandom are now exactly the same thing, with no differences between them at all, thanks to their unification in random: block in /dev/urandom. This removes a significant age-old crypto footgun, already accomplished by other operating systems eons ago. [...] The upshot is that every Internet message board disagreement on /dev/random versus /dev/urandom has now been resolved by making everybody simultaneously right! Now, for the first time, these are both the right choice to make, in addition to getrandom(0); they all return the same bytes with the same semantics. There are only right choices.
Phoronix adds: One exciting change to also note is the getrandom() system call may be a hell of a lot faster with the new kernel. The getrandom() call for obtaining random bytes is yielding much faster performance with the latest code in development. Intel's kernel test robot is seeing an 8450% improvement with the stress-ng getrandom() benchmark. Yes, an 8450% improvement.

"Asahi Linux aims to bring you a polished Linux experience on Apple Silicon Macs," explains the project's web site.

And now that first Asahi Linux alpha release is out — ready for testing on M1, M1 Pro, and M1 Max machines (except Mac Studio): We're really excited to finally take this step and start bringing Linux on Apple Silicon to everyone. This is only the beginning, and things will move even more quickly going forward!

Keep in mind that this is still a very early, alpha release. It is intended for developers and power users; if you decide to install it, we hope you will be able to help us out by filing detailed bug reports and helping debug issues. That said, we welcome everyone to give it a try — just expect things to be a bit rough.... Asahi Linux is developed by a group of volunteers, and led by marcan as his primary job. You can support him directly via Patreon and GitHub Sponsors....

Can I dual-boot macOS and Linux?

Yes! In fact, we expect you to do that, and the installer doesn't support replacing macOS at this point. This is because we have no mechanism for updating system firmware from Linux yet, and until we do it makes sense to keep a macOS install lying around for that. You can have as many macOS and Linux installs as you want, and they will all play nicely and show up in Apple's boot picker. Each Linux install acts as a self-contained OS and should not interfere with the others.

Note that keeping a macOS install around does mean you lose ~70GB of disk space (in order to allow for updates, since the macOS updater is quite inefficient). In the future we expect to have a mechanism for firmware updates from Linux and better integration, at which point we'll be comfortable recommending Linux-only setups....

Is this just Arch Linux ARM?

Pretty much! Most of our work is in the kernel and a few core support packages, and we rely on Linux's excellent existing ARM64 support. The Asahi Linux reference distro images are based off of Arch Linux ARM and simply add our own package repository, which only adds a few packages. You can freely convert between Arch Linux ARM and Asahi Linux by adding or removing this repository and the relevant packages, although vanilla Arch Linux ARM kernels will not boot on these machines at this time.
The project's home page adds that "All contributors are welcome, of any skill level!"

"Doing this requires a tremendous amount of work, as Apple Silicon is an entirely undocumented platform," the team explains. "In particular, we will be reverse engineering the Apple GPU architecture and developing an open-source driver for it." But they're already documenting the Apple Silicon platform on their GitHub wiki. We will eventually release a remix of Arch Linux ARM, packaged for installation by end-users, as a distribution of the same name. The majority of the work resides in hardware support, drivers, and tools, and it will be upstreamed to the relevant projects....

Apple allows booting unsigned/custom kernels on Apple Silicon Macs without a jailbreak! This isn't a hack or an omission, but an actual feature that Apple built into these devices. That means that, unlike iOS devices, Apple does not intend to lock down what OS you can use on Macs (though they probably won't help with the development). As long as no code is taken from macOS to build the Linux support, the result is completely legal to distribute and for end-users to use, as it would not be a derivative work of macOS.
An interesting observataion from Slashdot reader mrwireless: It once again seems Apple is informally supportive of these efforts, as the recent release of OS Monterey 12.3 makes the process even simpler. As Twitter user Matthew Garrett writes:

"People who hate UEFI should read https://github.com/AsahiLinux/... — Apple made deliberate design choices that allow third party OSes to run on M1 hardware without compromising security, and with much less closed code than on basically any modern x86."

Sophos threat researcher Nick Gregory discovered a hole in Linux's netfilter firewall program that's "exploitable to achieve kernel code execution (via ROP [return-oriented programming]), giving full local privilege escalation, container escape, whatever you want." ZDNet reports: Behind almost all Linux firewalls tools such as iptables; its newer version, nftables; firewalld; and ufw, is netfilter, which controls access to and from Linux's network stack. It's an essential Linux security program, so when a security hole is found in it, it's a big deal. [...] This problem exists because netfilter doesn't handle its hardware offload feature correctly. A local, unprivileged attacker can use this to cause a denial-of-service (DoS), execute arbitrary code, and cause general mayhem. Adding insult to injury, this works even if the hardware being attacked doesn't have offload functionality! That's because, as Gregory wrote to a security list, "Despite being in code dealing with hardware offload, this is reachable when targeting network devices that don't have offload functionality (e.g. lo) as the bug is triggered before the rule creation fails."

This vulnerability is present in the Linux kernel versions 5.4 through 5.6.10. It's listed as Common Vulnerabilities and Exposures (CVE-2022-25636), and with a Common Vulnerability Scoring System (CVSS) score of 7.8), this is a real badie. How bad? In its advisory, Red Hat said, "This flaw allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a privilege escalation threat." So, yes, this is bad. Worse still, it affects recent major distribution releases such as Red Hat Enterprise Linux (RHEL) 8.x; Debian Bullseye; Ubuntu Linux, and SUSE Linux Enterprise 15.3. While the Linux kernel netfilter patch has been made, the patch isn't available yet in all distribution releases.