Debian

Debian Developer Demoted, Quits After Two Decades With Project (itwire.com) 218

Posted by BeauHD from the leaving-for-greener-pastures dept.
juul_advocate shares a report from iTWire: A developer who had more than two decades of service in the Debian GNU/Linux project was stripped of his status in December leading to him deciding to leave the project. Norbert Preining told iTWire in response to a query he decided that having been graded down to Debian maintainer was not something he wanted after all these years. He has now joined the Arch Linux project.

Preining said what basically happened was that the [Debian account manager (DAM) team] thought he was bullying members of the project. "I guess they are referring to my run-in with Martina Ferrari where she called me out in very strange and unfounded ways, which started a long lasting disagreement between her and me, and the blog post about Lars [Wirzenius, a project member] which was nothing more than a selection of quotes from Lars' own blogs," he added.

"Anyway, these were all old things, but DAM still prefers to paint me in the light of 'You have been bullying members of the project for years' (quote from Enrico Zini on the debian-private mailing list) and that I cannot communicate with the Community Team, which back then included Martina, and which has again hit me in the back by allowing other members in Debian (I refrain from naming them here, but will do in my blog post) to bully me, even in unrelated forums and on IRC. The bottom line is that Martina, Lars, and those others are close friends of DAM and CT [community team] and the 'leading circle' in Debian, and thus it seems that they are exempted from adhering to the same community standards." Preining said the situation that led to his demotion was "more or less" about political correctness, adding that he'll explain more about the events in a blog post later on.
Open Source

Arch Linux Turns 20 (neowin.net) 29

Posted by EditorDavid from the older-than-Android dept.
"Arch Linux, the rolling Linux distribution that powers Valve's Steam Deck is now 20 years old," reports Neowin.

Slashdot reader segaboy81 writes that "What's cool to see here is that everything changed behind the scenes, but on the surface, things are the same." From the article: Announced on March 11th, 2002, and codenamed Homer, version 0.1 was released to minor fanfare. The release notes were a far cry from today's, essentially announcing it had broken ground and the foundation was going in, as it were.

Homer's release notes:

I've finally got a bootable iso image on the ftp site. The bad news is that you don't get a pretty interactive installer. But if you wanted one of those, you would have gone with RedHat, right? ;)

I'll try to get the docs up for ABS (Arch Build System) which, IMHO, is one of the best advantages of Arch. With ABS, you can easily create new packages, and it's trivial to rebuild existing packages with your own customizations....

It shipped with Linux kernel 2.4.18 which many of the Linux old-timers (myself included) will remember was right before we started to get nice things like auto-mounting USB drives in kernel 2.6. XFree86 4.2.0 was also in stow, which is what we now call Xorg. If you wanted to build software, you had to use an absolutely ancient gcc toolchain (2.95.3). Web browsing was covered by the ghost of Netscape Navigator, Mozilla 0.9.9. Heady days, these were!
Red Hat Software

Red Hat Is Discontinuing Sales and Services In Russia and Belarus (newsobserver.com) 49

Posted by BeauHD from the brain-drain dept.
Red Hat, the Raleigh-based open-source software company, said Tuesday it is halting all sales and services to companies in Russia and Belarus -- a response to the Russian invasion of Ukraine that has put Red Hat employees in harm's way. Raleigh News & Observer reports: Paul Cormier, Red Hat's chief executive officer, announced the decision in an email to employees, saying: "As a company, we stand in unity with everyone affected by the violence and condemn the Russian military's invasion of Ukraine." Red Hat's announcement comes a day after its parent company, IBM, which also has a large presence in the Triangle, suspended all business operations in Russia.

"While relevant sanctions must guide many of our actions, we've taken additional measures as a company," Cormier wrote. "Effective immediately, Red Hat is discontinuing sales and services in Russia and Belarus (for both organizations located in or headquartered in Russia or Belarus)." Red Hat said it has approximately two dozen employees in Ukraine, which has become an important tech hub in Eastern Europe in recent years. It is home to tens of thousands of contractors and employees for U.S. firms. In his email, Cormier said that Red Hat has helped dozens of employees and family members in Ukraine relocate to safer locations. Many of them have gone to neighboring Poland, he noted. [...] However, Ukraine has barred men ages 18 to 60 from leaving the country, meaning many of Red Hat's employees can't be relocated from the country. We "continue to help those who remain in the country in any way possible," Cormier wrote.
Security

Linux Has Been Bitten By Its Most High-Severity Vulnerability in Years (arstechnica.com) 110

Posted by msmash from the security-woes dept.
Cognitive Dissident writes: Ars Technica is reporting a major new vulnerability in Linux. Named "Dirty Pipeline" it involves abuse of 'pipes' at the shell level as you might guess.

The name Dirty Pipe is meant to both signal similarities to Dirty Cow and provide clues about the new vulnerability's origins. "Pipe" refers to a pipeline, a Linux mechanism for one OS process to send data to another process. In essence, a pipeline is two or more processes that are chained together so that the output text of one process (stdout) is passed directly as input (stdin) to the next one. Tracked as CVE-2022-0847, the vulnerability came to light when a researcher for website builder CM4all was troubleshooting a series of corrupted files that kept appearing on a customer's Linux machine. After months of analysis, the researcher finally found that the customer's corrupted files were the result of a bug in the Linux kernel.


Linux

Bungie Rejects Steam Deck's Linux, Threatens To Ban Destiny 2 Players There (theverge.com) 61

Posted by BeauHD from the empty-explanations dept.
An anonymous reader quotes a report from The Verge: When will Bungie let Destiny 2 come to Valve's Steam Deck handheld gaming PC? It's looking like the answer is never -- because the soon-to-be Sony subsidiary has published a help page that not only says the game's unsupported, but outright threatens to ban prospective Steam Deck players (via Wario64). The help page has a new section titled "Steam Deck and Destiny 2," which reads: "Destiny 2 is not supported for play on the Steam Deck or on any system utilizing Steam Play's Proton unless Windows is installed and running. Players who attempt to launch Destiny 2 on the Steam Deck through SteamOS or Proton will be unable to enter the game and will be returned to their game library after a short time. Players who attempt to bypass Destiny 2 incompatibility will be met with a game ban."

To be fair, Bungie isn't the only one to reject the Steam Deck without necessarily providing a satisfying explanation -- Epic Games CEO Tim Sweeney explained to me why Fortnite won't get updated for the Steam Deck last month, even though Epic's own Easy Anti-Cheat (EAC) claims game developers can enable it with "just a few clicks." And while both Apex Legends and Elden Ring now fully work on Deck despite using anti-cheat, it's also true that many other top multiplayer games have yet to fully arrive.
Open Source

Linus Torvalds Prepares to Move the Linux Kernel to Modern C (zdnet.com) 114

Posted by EditorDavid from the C-voyages dept.
"We all know Linux is written in C," writes ZDNet. "What you may not know is that it's written in a long-outdated C dialect: The 1989 version of the C language standard, C89."

But that's about to change, explains long-time Slashdot reader UnknowingFool: Linus Torvalds has decided that Linux will move to the C11 standard starting with kernel 5.18.... Linux had planned to move to a newer standard eventually with C99 being the next version. However a recent patch to a security problem revealed that there could be problems with C99.

In order to patch a potential security problem with Linux's linked-list primitive speculative-execution functions, it was found that C99 would require the iterator must be declared outside the loop which would expose it to another security problem. Since C99 was not very popular, it was agreed to skip it and use C11. Backwards compatibility with most compilers like gcc should allow for an easily transition of most of the code.
ZDNet adds that "This isn't as big a transition as it may seem. C89 still has almost universal support. Because any C compiler is backward compatible with earlier versions, you won't have any trouble compiling or running a C89 program. So, a C11 compliant compiler won't have any trouble with any C89 legacy code."
Intel

Intel Ramps Up Linux Investment By Acquiring Linutronix (phoronix.com) 3

Posted by msmash from the moving-forward dept.
Intel has acquired Linutronix, the German-based Linux consulting firm that is focused on embedded Linux and real-time computing. From a report: Intel's acquisition of Linutronix appears to be primarily focused as an acqui-hire with getting Linutronix's very talented staff at Intel. Among the prominent Linutronix engineers is their CTO Thomas Gleixner as a longtime kernel maintainer and important contributor on the x86 side, including with Linux's CPU security mitigations and perhaps most notably for the real-time (PREEMPT_RT) work.
Linux

ReiserFS Proposed To Be Removed From Linux In 2022 (phoronix.com) 217

Posted by BeauHD from the what-to-expect dept.
UnknowingFool writes: Linux kernel developers have discussed on the kernel developers forum to remove ReiserFS from the kernel starting in 2022. ReiserFS was added as Linux's first journaling file system 21 years ago with SUSE using it as the default filesystem until 2006. However, since Hans Reiser was sent to jail 15 years ago for murder, there has not been much development or interest in it. Noting that there have been no user-spotted fixes since 2019, longtime kernel developer Matthew Wilcox also cited that ReiserFS was only block for some kernel changes he wished to implement. These days there are better alternatives like EXT4, Btrfs, XFS, and OpenZFS.
Bug

Linux Developers Patch Bugs Faster Than Microsoft, Apple, and Google, Study Shows (zdnet.com) 43

Posted by EditorDavid from the fast-fixes dept.
Linux programmers fixed bugs faster than anyone — in an average of just 25 days (improving from 32 days in 2019 to just 15 in 2021). That's the conclusion of Google's "Project Zero" security research team, which studied the speed of bug-fixing from January 2019 to December 2021.

ZDNet reports that Linux's competition "didn't do nearly as well." For instance, Apple, 69 days; Google, 44 days; and Mozilla, 46 days. Coming in at the bottom was Microsoft, 83 days, and Oracle, albeit with only a handful of security problems, with 109 days.

By Project Zero's count, others, which included primarily open-source organizations and companies such as Apache, Canonical, Github, and Kubernetes, came in with a respectable 44 days.

Generally, everyone's getting faster at fixing security bugs. In 2021, vendors took an average of 52 days to fix reported security vulnerabilities. Only three years ago the average was 80 days. In particular, the Project Zero crew noted that Microsoft, Apple, and Linux all significantly reduced their time to fix over the last two years.

As for mobile operating systems, Apple iOS with an average of 70 days is a nose better than Android with its 72 days. On the other hand, iOS had far more bugs, 72, than Android with its 10 problems.

Browsers problems are also being fixed at a faster pace. Chrome fixed its 40 problems with an average of just under 30 days. Mozilla Firefox, with a mere 8 security holes, patched them in an average of 37.8 days. Webkit, Apple's web browser engine, which is primarily used by Safari, has a much poorer track record. Webkit's programmers take an average of over 72 days to fix bugs.
Security

Linux Malware Attacks are Increasing, and Businesses Aren't Ready (zdnet.com) 63

Posted by EditorDavid from the ready-or-not dept.
ZDNet reports: Cyber criminals are increasingly targeting Linux servers and cloud infrastructure to launch ransomware campaigns, cryptojacking attacks and other illicit activity — and many organisations are leaving themselves open to attacks because Linux infrastructure is misconfigured or poorly managed. Analysis from cybersecurity researchers at VMware warns that malware targeting Linux-based systems is increasing in volume and complexity, while there's also a lack of focus on managing and detecting threats against them.

This comes after an increase in the use of enterprises relying on cloud-based services because of the rise of hybrid working, with Linux the most common operating system in these environments. That rise has opened new avenues that cyber criminals can exploit to compromise enterprise networks, as detailed by the research paper, including ransomware and cryptojacking attacks tailored to target Linux servers in environments that might not be as strictly monitored as those running Windows. These attacks are designed for maximum impact, as the cyber criminals look to compromise as much as the network as possible before triggering the encryption process and ultimately demanding a ransom for the decryption key.

The report warns that ransomware has evolved to target Linux host images used to spin up workloads in virtualised environments, enabling the attackers to simultaneously encrypt vast swathes of the network and make incident response more difficult. The attacks on cloud environments also result in attackers stealing information from servers, which they threaten to publish if they're not paid a ransom.... Cryptojacking and other malware attacks are also increasingly targeting Linux servers. Cryptojacking malware steals processing power from CPUs and servers in order to mine for cryptocurrency....

Many of the cyberattacks targeting Linux environments are still relatively unsophisticated when compared with equivalent attacks targeting Windows systems — that means that with the correct approach to monitoring and securing Linux-based systems, many of these attacks can be prevented. That includes cybersecurity hygiene procedures such as ensuring default passwords aren't in use and avoiding sharing one account across multiple users.
Intel

Intel Thread Director Is Headed to Linux for a Major Boost in Alder Lake Performance (hothardware.com) 38

Posted by EditorDavid from the in-the-chips dept.
The Linux 5.18 kernel is adding support this spring for the Intel Hardware Feedback Interface to make better decisions about where to place given work among available CPU cores/threads, reports Phoronix.

This is significant because Intel's Alder Lake CPUs "are the first x86-64 processors to embrace a hybrid paradigm with two separate CPU architectures on the same die," explains Hot Hardware: These two separate CPU architectures have different strengths and capabilities. The Golden Cove "performance cores" (or P-cores) feature Intel's latest high-performance desktop CPU architecture, and they are blisteringly fast. Meanwhile, the Gracemont "efficiency cores" (or E-cores) are so small that four of them, along with 2MB of shared L2 cache, can nearly fit in the same space as a single Golden Cove core. They're slower than the Golden Cove cores, but also much more efficient, at least in theory.

The idea is that background tasks and light workloads can be run on the E-cores, saving power, while latency-sensitive and compute-intensive tasks can be run on the faster P-cores. The benefits of this may not have been exactly as clear as Intel would have liked on Windows, but they were even less visible on Linux. That's because Linux isn't aware of the unusual configuration of Alder Lake CPUs.

Well, that's changing in Linux 5.18, slated for release this spring. Linux 5.18 is bringing support for the Intel Enhanced Hardware Feedback Interface, or EHFI...

This is essentially the crux of Intel's "Thread Director," which is an intelligent, low-latency hardware-assisted scheduler.
Linux

Valve's Steam Deck Will Run Linux-Based Steam OS - But Won't Have a Fortnite Port (liliputing.com) 56

Posted by EditorDavid from the world-domination dept.
Liliputing reports: When Valve's Steam Deck begins shipping to customers later this month, the handheld gaming PC will be running a Linux-based operating system called Steam OS. And that could give gaming on Linux a bit of a boost.

While Valve's game client has been able to run on Linux for years, as of last month just over 1% of Steam users were running Linux (and fewer than 3% were using macOS, with Windows holding a 96% share). It'll be interesting to see if that starts to change once the Steam Deck hits the streets. And if it does, maybe we'll see more game makers add support for Linux... but one of the most popular games around isn't going to add Linux support anytime soon: Epic CEO Tim Sweeney says the company has no plans to port Fortnite to Linux.

He says it's because Epic doesn't "have confidence that we'd be able to combat cheating at scale under a wide array of kernel configurations including custom ones," but it's an interesting take since Epic has already ported its anti-cheat software to support Mac and Linux devices including the Steam Deck.
Bitcoin

No, Linus Torvalds is not Bitcoin Creator Satoshi Nakamoto (zdnet.com) 54

Posted by EditorDavid from the mistaken-identities dept.
ZDNet reporter Steven Vaughan-Nichols has solved the mystery of whether Linus Torvalds is Bitcoin creator Satoshi Nakamoto: no.

But what's interesting is why the reporter had to ask in the first place: In a GitHub Linux kernel repository, it appeared Torvalds had changed a single line in the Linux Kernel. The change: 'Name = I am Satoshi....' Torvalds himself has been suspected of being Nakamoto several times over the years. But no one who knows him well, and I consider myself one of those, have ever thought he was the Bitcoin mastermind. It's just so, so not Linus.

So, while many people were discussing the "evidence," I decided just to ask Linus. Here's what he had to say.

"I'm afraid that is just a jokester taking advantage of how GitHub works — it shares git objects between different repositories, so you can use the SHA1 'name' of an object to specify something you did in your own tree, and then use my repository as the web name, and make it look like your object is in my tree...." Torvalds went on, "So the "torvalds/linux" part of that URL is basically just empty noise, designed to fool people into thinking it's in my tree. You could replace it with [another] GitHub repository name — the actual relevant part is just the SHA1 hash part...."

"So no," Torvalds concluded, "I'm sadly not the owner of a huge stash of original bitcoins."

And, there you have it, folks. Nakamoto's real identity remains a secret.
Late last year Vaughan-Nichols also reported on what happened when Linux Foundation executive director Jim Zemlin suggested Torvalds sell an NFT of the 1991 email that first announced Linux to the world .

"An amused and appalled Torvalds replied, "I'm staying out of the whole craziness with crypto and NFTs. Those people are cuckoo!"
Operating Systems

System76-Scheduler Is a New Pop!_OS Rust Effort To Improve Desktop Responsiveness (phoronix.com) 43

Posted by BeauHD from the more-responsive-than-ever dept.
slack_justyb writes: "Quietly making its v1.0 debut yesterday was system76-scheduler as a Rust-written daemon aiming to improve Linux desktop responsiveness and catering to their Pop!_OS distribution," reports Phoronix.

The daemon will work with the kernel's CFS scheduler to give priority to components that System76 deems important for its distro. Out of the box, the scheduler will assign priority to the X.Org Server and desktop window managers/compositors, while pushing compilers and other background tasks lower. However, the scheduler will be configurable via Rusty Object Notation (RON) files found in /etc/system76-scheduler/assignments/ and /usr/share/system76-scheduler/assignments/.

Over on the GitHub page for the project, the team indicates that they are indeed making a trade-off from the default CFS to benefit Desktop configurations over the typical load a server might see.
Linux

Slackware, the Oldest Actively Maintained Linux Distro, Releases Version 15.0 117

Posted by BeauHD from the wait-is-finally-over dept.
Slashdot reader sombragris writes: Slackware, the oldest actively maintained Linux distribution, released version 15.0 yesterday after a long release cycle that goes all the way back to 2016 where the last version (14.2) was released. According to the release notes, the whole spirit of this release is: "Keep it familiar, but make it modern."

Among the news, this release offers kernel 5.15.19, PAM, PipeWire and PulseAudio, Wayland and X11 graphical systems, and Rust and Python 3. As graphical environments, both Xfce 4.16 and the latest Plasma 5 (Plasma 5.23.5, Frameworks 5.90, KDE apps 21.12 running under Qt 5.15.3) are available, with Cinnamon and Mate also available from third parties. The main compilers are gcc-11.2 and llvm 13.0. The default browser is Firefox 91.5esr, with Chromium available as a third-party repository. And... no systemd at all.

Slackware can be downloaded from a variety of mirrors. BitTorrent downloads are going to be available too. I've used Slackware for 20 years and it's always impressed me with its stability and speed. I encourage everyone interested to try it. Slashdot readers arfonrg and saxa also shared the news.
Security

Major Linux PolicyKit Security Vulnerability Uncovered: Pwnkit (zdnet.com) 179

Posted by BeauHD from the time-to-patch-your-machines dept.
An anonymous reader quotes a report from ZDNet: [S]ecurity company Qualys has uncovered a truly dangerous memory corruption vulnerability in polkit's pkexec, CVE-2021-4034. Polkit, formerly known as PolicyKit, is a systemd SUID-root program. It's installed by default in every major Linux distribution. This vulnerability is easy to exploit. And, with it, any ordinary user can gain full root privileges on a vulnerable computer by exploiting this vulnerability in its default configuration. As Qualsys wrote in its brief description of the problem: "This vulnerability is an attacker's dream come true." Why is it so bad? Let us count the ways:

- Pkexec is installed by default on all major Linux distributions.
- Qualsys has exploited Ubuntu, Debian, Fedora, and CentOS in their tests, and they're sure other distributions are also exploitable.
- Pkexec has been vulnerable since its creation in May 2009 (commit c8c3d83, "Add a pkexec(1) command").
- An unprivileged local user can exploit this vulnerability to get full root privileges.
- Although this vulnerability is technically a memory corruption, it is exploitable instantly and reliably in an architecture-independent way.
- And, last but not least, it's exploitable even if the polkit daemon itself is not running.

Red Hat rates the PwnKit as having a Common Vulnerability Scoring System (CVSS) score of 7.8. This is high. [...] This vulnerability, which has been hiding in plain sight for 12+ years, is a problem with how pkexec reads environmental variables. The short version, according to Qualsys, is: "If our PATH is "PATH=name=.", and if the directory "name=." exists and contains an executable file named "value", then a pointer to the string "name=./value" is written out-of-bounds to envp[0]." While Qualsys won't be releasing a demonstration exploit, the company is sure it won't take long for exploits to be available. Frankly, it's not that hard to create a PwnKit attack. It's recommended that you obtain and apply a patch ASAP to protect yourself from this vulnerability.

"If no patches are available for your operating system, you can remove the SUID-bit from pkexec as a temporary mitigation," adds ZDNet. "For example, this root-powered shell command will stop attacks: # chmod 0755 /usr/bin/pkexec."
Education

Linux Foundation Launches Open Source Software Development, Linux, and Git Certification (zdnet.com) 13

Posted by BeauHD from the learn-something-new dept.
The Linux Foundation has released three new training courses on the edX platform: Open Source Software Development: Linux for Developers (LFD107x), Linux Tools for Software Development (LFD108x), and Git for Distributed Software Development (LFD109x). The three courses can be taken individually or combined to earn a Professional Certificate in Open Source Software Development, Linux, and Git. ZDNet reports: The first class, Open Source Software Development: Linux for Developers (LFD107x) explores the key concepts of developing open-source software and how to work productively in Linux. You don't need to know Linux before starting this class, as it's an introduction to Linux designed for developers. In it, you'll learn how to install Linux and programs, how to use desktop environments, text editors, important commands and utilities, command shells and scripts, filesystems, and compilers. For this class, the Foundation recommends you use a computer installed with a current Linux distribution. I'd go further and recommend you use one with one of the professional Linux distributions. In particular, you should focus on one of the three main enterprise Linux families: Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise Server (SLES), and Ubuntu. There are hundreds of other distros, but these are the ones that matter to companies looking for Linux developers.

The next course, Linux Tools for Software Development (LFD108x) examines the tools necessary to do everyday work in Linux development environments and beyond. It is designed for developers with experience working on any operating system who want to understand the basics of open-source development. Upon completion, participants will be familiar with essential shell tools, so they can work comfortably and productively in Linux environments. In addition, I recommend you come to this class with a working knowledge of the C programming language.

Finally, Git for Distributed Software Development (LFD109x) provides a thorough introduction to Git. Git is Linux Torvalds' other great accomplishment. This source control system was first used by the Linux kernel community to enable developers from around the world to operate efficiently. In addition, thanks to such sites as GitHub and GitLab, Git has become the lingua franca of all software development. Everyone uses Git today. With this class, you'll learn to use Git to create new repositories or clone existing ones, commit new changes, review revision histories, examine differences with older versions, work with different branches, merge repositories, and work with a distributed development team. Whether or not you end up programming in Linux, knowing how to use Git is essential for the modern programmer. As ZDNet's Steven Vaughan-Nichols notes, you can take the three courses through edX in audit mode for no cost. However, you'll need to earn the professional certificate so employers will know you're capable of open-source programming.

"To do this, you must enroll in the program, complete all three courses, and pay a verified certificate fee of $149 per course."
Linux

Analysts Weigh In: Will We Ever See the Year of the Linux Desktop? (windowscentral.com) 224

Posted by EditorDavid from the world-domination dept.
How popular is Linux? The Windows Central site admits Linux is starting to tempt them. "It made such an imprint on Windows Central that not all of us even bother much with Windows anymore."

"Heck, Germany (part of it, to be specific) is taking another stab at ditching Windows for Linux..."

But what are the odds really that Linux overtakes Windows' market share? "That is the tantalizing question at the kernelled core of the great Linux debate, and it's the one we reached out to analysts to hear their thoughts on...." Every year is a special year for Linux in some way, shape, or form, but in terms of eating Windows' lunch, that's probably not in the cards for a long time, if ever.

Forrester Senior Analyst Andrew Hewitt gave figures to further bolster the argument that Linux is a long ways off from toppling Windows. "Overall, just 1% of employees report usage of Linux on their primary laptop used for work," he said. "That's compared to 60% that still use Windows, and small numbers that use Chrome OS and macOS on a global basis. It is very unlikely that Linux will overtake Windows as the main operating system."

With that said, Hewitt did foresee diversification and growth when it came to Linux, Chrome OS, and macOS, but nothing to a degree that would signal Windows is at risk of losing its dominant market share.

"We commonly see Linux used in Virtual Desktop Infrastructure (VDI) deployments," he stated, mentioning that he'd expect growth there since "VDI has grown 2% year over year according to our 'State Of VDI, 2021' report."
Gartner VP Analyst Steve Kleynhans also tells the site that the biggest challenge to Windows "on anything that looks like a PC is probably Chrome OS... Could Linux continue to grow? Yes. But it's not likely to grow as a direct competitor replacing Windows."
Cellphones

The PinePhone Pro Brings Upgraded Hardware To the Linux Phone (arstechnica.com) 23

Posted by BeauHD from the it's-what's-on-the-inside-that-matters dept.
An anonymous reader quotes a report from Ars Technica: Pine64 is launching a major hardware upgrade in its quest to build a Linux smartphone. After the launch of the original PinePhone in 2019, the organization is now taking preorders for the PinePhone Pro, a new smartphone it's calling "the fastest mainline Linux smartphone on the market." The phone was announced in October, and you can now secure a unit. The MSRP is $599, but it's up for preorder now at an introductory price of $399.

Since Pine64 wants to make an open source Linux smartphone, its choice of hardware components is limited. Most big chip companies like Qualcomm or Samsung don't want to share open drivers or schematics, and you saw that with the original PinePhone, which was based on a 40 nm Cortex A53 SoC made by Allwinner. The PinePhone Pro is upgrading things with a Rockchip RK3399 SoC. The chip sports two Cortex A72 CPUs and four Cortex A53 CPUs, and Pine64 says it worked with Rockchip to get the chip "binned and voltage locked for optimal performance with sustainable power and thermal limits." Pine64 doesn't cite a process node, but other companies list the RK3399 at 28 nm. If that's true and you're looking for something roughly comparable in Qualcomm's lineup, the Snapdragon 618/650 (a mid-range chip from 2016) would seem to fit the bill.

The phone has a 6-inch, 1440x720 LCD, 4GB of RAM, 128GB of eMMC storage, and a 3,000 mAh battery. There's a USB-C port with 15 W charging, a headphone jack, a 13MP main camera, and an 8MP front camera. The back cover pops off, and inside the phone, you'll find a removable battery (whoa!), a microSD slot, pogo pins, and a series of privacy DIP switches that let you kill the modem, Wi-Fi/Bluetooth, microphone, rear camera, front camera, and headphones. The pogo pins support a variety of attachable backs, which are compatible with both the original PinePhone and the PinePhone Pro. [...] As for the software you'll be running on this thing, that's up to you. This is a phone for the Linux enthusiast who is willing to deal with some rough edges. It ships with Manjaro Arm and the Plasma Mobile interface, which Pine64 calls "pre-beta."
Security

Linux Malware Sees 35% Growth During 2021 (bleepingcomputer.com) 71

Posted by BeauHD from the likely-to-continue dept.
The number of malware infections targeting Linux devices rose by 35% in 2021, most commonly to recruit IoT devices for DDoS (distributed denial of service) attacks. BleepingComputer reports: A Crowdstrike report looking into the attack data from 2021 summarizes the following:

- In 2021, there was a 35% rise in malware targeting Linux systems compared to 2020.
- XorDDoS, Mirai, and Mozi were the most prevalent families, accounting for 22% of all Linux-targeting malware attacks observed in 2021.
- Mozi, in particular, had explosive growth in its activity, with ten times more samples circulating in the wild the year that passed compared to the previous one.
- XorDDoS also had a notable year-over-year increase of 123%.
[...]
The Crowstrike findings aren't surprising as they confirm an ongoing trend that emerged in previous years. For example, an Intezer report analyzing 2020 stats found that Linux malware families increased by 40% in 2020 compared to the previous year. In the first six months of 2020, a steep rise of 500% in Golang malware was recorded, showing that malware authors were looking for ways to make their code run on multiple platforms. This programming, and by extension, targeting trend, has already been confirmed in early 2022 cases and is likely to continue unabated.

Slashdot Top Deals